maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

allow api _plainsql special parameter only for internal calls, not needed anywhere else

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-12-14 18:42:06 +01:00
parent e5b6492804
commit c19b7d02ab
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/Froxlor/Ajax/GlobalSearch.php
View File

@@ -309,6 +309,7 @@ class GlobalSearch
foreach ($toSearch as $entity => $edata) { foreach ($toSearch as $entity => $edata) {
$collection = (new Collection($edata['class'], $userinfo)) $collection = (new Collection($edata['class'], $userinfo))
->setInternal(true)
->addParam([ ->addParam([
'sql_search' => [ 'sql_search' => [
'_plainsql' => self::searchStringSql($edata['searchfields'], $searchtext) '_plainsql' => self::searchStringSql($edata['searchfields'], $searchtext)

2
lib/Froxlor/Api/ApiCommand.php
View File

@@ -276,7 +276,7 @@ abstract class ApiCommand extends ApiParameter
]; ];
$first = true; $first = true;
foreach ($search as $field => $valoper) { foreach ($search as $field => $valoper) {
if ($field == '_plainsql') { if ($field == '_plainsql' && $this->internal_call) {
if (isset($valoper['sql']) && isset($valoper['values']) && is_array($valoper['values'])) { if (isset($valoper['sql']) && isset($valoper['values']) && is_array($valoper['values'])) {
if (preg_match('/^([a-z0-9\-\.,=\+_`\(\)\:\'\"\!\<\>\ ]+)$/i', $valoper['sql']) == false) { if (preg_match('/^([a-z0-9\-\.,=\+_`\(\)\:\'\"\!\<\>\ ]+)$/i', $valoper['sql']) == false) {
// skip // skip

10
lib/Froxlor/UI/Collection.php
View File

@@ -34,6 +34,7 @@ class Collection
private array $params; private array $params;
private array $userinfo; private array $userinfo;
private ?Pagination $pagination = null; private ?Pagination $pagination = null;
private bool $internal = false;
public function __construct(string $class, array $userInfo, array $params = []) public function __construct(string $class, array $userInfo, array $params = [])
{ {
@@ -81,7 +82,7 @@ class Collection
private function getListing($class, $params): array private function getListing($class, $params): array
{ {
return json_decode($class::getLocal($this->userinfo, $params)->listing(), true); return json_decode($class::getLocal($this->userinfo, $params, $this->internal)->listing(), true);
} }
public function getJson(): string public function getJson(): string
@@ -130,11 +131,16 @@ class Collection
public function count(): int public function count(): int
{ {
return json_decode($this->class::getLocal($this->userinfo, $this->params)->listingCount(), true)['data']; return json_decode($this->class::getLocal($this->userinfo, $this->params, $this->internal)->listingCount(), true)['data'];
} }
public function getPagination(): ?Pagination public function getPagination(): ?Pagination
{ {
return $this->pagination; return $this->pagination;
} }
public function setInternal(bool $internal): Collection {
$this->internal = $internal;
return $this;
}
} }