allow api _plainsql special parameter only for internal calls, not needed anywhere else

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2022-12-14 18:42:06 +01:00
parent e5b6492804
commit c19b7d02ab
3 changed files with 10 additions and 3 deletions
--- a/lib/Froxlor/Ajax/GlobalSearch.php
+++ b/lib/Froxlor/Ajax/GlobalSearch.php
@@ -309,6 +309,7 @@ class GlobalSearch

 				foreach ($toSearch as $entity => $edata) {
 					$collection = (new Collection($edata['class'], $userinfo))
+						->setInternal(true)
 						->addParam([
 							'sql_search' => [
 								'_plainsql' => self::searchStringSql($edata['searchfields'], $searchtext)
--- a/lib/Froxlor/Api/ApiCommand.php
+++ b/lib/Froxlor/Api/ApiCommand.php
@@ -276,7 +276,7 @@ abstract class ApiCommand extends ApiParameter
 			];
 			$first = true;
 			foreach ($search as $field => $valoper) {
-				if ($field == '_plainsql') {
+				if ($field == '_plainsql' && $this->internal_call) {
 					if (isset($valoper['sql']) && isset($valoper['values']) && is_array($valoper['values'])) {
 						if (preg_match('/^([a-z0-9\-\.,=\+_`\(\)\:\'\"\!\<\>\ ]+)$/i', $valoper['sql']) == false) {
 							// skip
--- a/lib/Froxlor/UI/Collection.php
+++ b/lib/Froxlor/UI/Collection.php
@@ -34,6 +34,7 @@ class Collection
 	private array $params;
 	private array $userinfo;
 	private ?Pagination $pagination = null;
+	private bool $internal = false;

 	public function __construct(string $class, array $userInfo, array $params = [])
 	{
@@ -81,7 +82,7 @@ class Collection

 	private function getListing($class, $params): array
 	{
-		return json_decode($class::getLocal($this->userinfo, $params)->listing(), true);
+		return json_decode($class::getLocal($this->userinfo, $params, $this->internal)->listing(), true);
 	}

 	public function getJson(): string
@@ -130,11 +131,16 @@ class Collection

 	public function count(): int
 	{
-		return json_decode($this->class::getLocal($this->userinfo, $this->params)->listingCount(), true)['data'];
+		return json_decode($this->class::getLocal($this->userinfo, $this->params, $this->internal)->listingCount(), true)['data'];
 	}

 	public function getPagination(): ?Pagination
 	{
 		return $this->pagination;
 	}
+
+	public function setInternal(bool $internal): Collection {
+		$this->internal = $internal;
+		return $this;
+	}
 }