banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PFAHandler:

Browse Source 
- build_select_query(): add support for $search['_'] (searching if one
  of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters

functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
  only error out if $additional_raw_where is also empty


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
pull/2/head
Christian Boltz 10 years ago
parent 31006928b4
commit cc598d0f3f
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
functions.inc.php
Unescape Escape View File

@ -1628,7 +1628,7 @@ function db_where_clause($condition, $struct, $additional_raw_where = '', $searc
die('db_where_cond: parameter $cond is not an array!'); die('db_where_cond: parameter $cond is not an array!');
} elseif(!is_array($searchmode)) { } elseif(!is_array($searchmode)) {
die('db_where_cond: parameter $searchmode is not an array!'); die('db_where_cond: parameter $searchmode is not an array!');
} elseif (count($condition) == 0) { } elseif (count($condition) == 0 && trim($additional_raw_where) == '') {
die("db_where_cond: parameter is an empty array!"); # die() might sound harsh, but can prevent information leaks die("db_where_cond: parameter is an empty array!"); # die() might sound harsh, but can prevent information leaks
} elseif(!is_array($struct)) { } elseif(!is_array($struct)) {
die('db_where_cond: parameter $struct is not an array!'); die('db_where_cond: parameter $struct is not an array!');

10
model/PFAHandler.php
Unescape Escape View File

@ -609,6 +609,14 @@ abstract class PFAHandler {
} }
if (is_array($condition)) { if (is_array($condition)) {
if (isset($condition['_']) && count($this->searchfields) > 0) {
$simple_search = array();
foreach ($this->searchfields as $field) {
$simple_search[] = "$field LIKE '%" . escape_string($condition['_']) . "%'";
}
$additional_where .= " AND ( " . join(" OR ", $simple_search) . " ) ";
unset($condition['_']);
}
$where = db_where_clause($condition, $this->struct, $additional_where, $searchmode); $where = db_where_clause($condition, $this->struct, $additional_where, $searchmode);
} else { } else {
if ($condition == "") $condition = '1=1'; if ($condition == "") $condition = '1=1';
@ -716,6 +724,8 @@ abstract class PFAHandler {
# allow only access to fields the user can access to avoid information leaks via search parameters # allow only access to fields the user can access to avoid information leaks via search parameters
if (isset($this->struct[$key]) && ($this->struct[$key]['display_in_list'] || $this->struct[$key]['display_in_form']) ) { if (isset($this->struct[$key]) && ($this->struct[$key]['display_in_list'] || $this->struct[$key]['display_in_form']) ) {
$real_condition[$key] = $value; $real_condition[$key] = $value;
} elseif (($key == '_') && count($this->searchfields)) {
$real_condition[$key] = $value;
} else { } else {
$this->errormsg[] = "Ignoring unknown search field $key"; $this->errormsg[] = "Ignoring unknown search field $key";
} }

Write Preview
Loading…
Cancel
Save