From cc598d0f3f5f9fac79eacfae00b1f3eef8ca8371 Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Mon, 6 Apr 2015 13:39:21 +0000
Subject: [PATCH] PFAHandler: - build_select_query(): add support for
 $search['_'] (searching if one   of the $this->searchfields contains the
 search text) - getList(): make sure '_' is kept in the search parameters

functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
  only error out if $additional_raw_where is also empty


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
---
 functions.inc.php    |  2 +-
 model/PFAHandler.php | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/functions.inc.php b/functions.inc.php
index 63c0a499..3b2e8e55 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -1628,7 +1628,7 @@ function db_where_clause($condition, $struct, $additional_raw_where = '', $searc
         die('db_where_cond: parameter $cond is not an array!');
     } elseif(!is_array($searchmode)) {
         die('db_where_cond: parameter $searchmode is not an array!');
-    } elseif (count($condition) == 0) {
+    } elseif (count($condition) == 0 && trim($additional_raw_where) == '') {
         die("db_where_cond: parameter is an empty array!"); # die() might sound harsh, but can prevent information leaks 
     } elseif(!is_array($struct)) {
         die('db_where_cond: parameter $struct is not an array!');
diff --git a/model/PFAHandler.php b/model/PFAHandler.php
index 3997ff9f..1ca81e22 100644
--- a/model/PFAHandler.php
+++ b/model/PFAHandler.php
@@ -609,6 +609,14 @@ abstract class PFAHandler {
         }
 
         if (is_array($condition)) {
+            if (isset($condition['_']) && count($this->searchfields) > 0) {
+                $simple_search = array();
+                foreach ($this->searchfields as $field) {
+                    $simple_search[] = "$field LIKE '%" . escape_string($condition['_']) . "%'";
+                }
+                $additional_where .= " AND ( " . join(" OR ", $simple_search) . " ) ";
+                unset($condition['_']);
+            }
             $where = db_where_clause($condition, $this->struct, $additional_where, $searchmode);
         } else {
             if ($condition == "") $condition = '1=1';
@@ -716,6 +724,8 @@ abstract class PFAHandler {
                 # allow only access to fields the user can access to avoid information leaks via search parameters
                 if (isset($this->struct[$key]) && ($this->struct[$key]['display_in_list'] || $this->struct[$key]['display_in_form']) ) {
                     $real_condition[$key] = $value;
+                } elseif (($key == '_') && count($this->searchfields)) {
+                    $real_condition[$key] = $value;
                 } else {
                     $this->errormsg[] = "Ignoring unknown search field $key";
                 }