webapp/postfixadmin
1
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2025-08-09 05:02:44 +03:00
Code Activity

PFAHandler:

Browse Source 
- build_select_query(): add support for $search['_'] (searching if one
  of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters

functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
  only error out if $additional_raw_where is also empty


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1772 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
Christian Boltz
2015-04-06 13:39:21 +00:00
parent 31006928b4
commit cc598d0f3f
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
functions.inc.php
View File

@@ -1628,7 +1628,7 @@ function db_where_clause($condition, $struct, $additional_raw_where = '', $searc
die('db_where_cond: parameter $cond is not an array!');
} elseif(!is_array($searchmode)) {
die('db_where_cond: parameter $searchmode is not an array!');
} elseif (count($condition) == 0) {
} elseif (count($condition) == 0 && trim($additional_raw_where) == '') {
die("db_where_cond: parameter is an empty array!"); # die() might sound harsh, but can prevent information leaks
} elseif(!is_array($struct)) {
die('db_where_cond: parameter $struct is not an array!');

10
model/PFAHandler.php
View File

@@ -609,6 +609,14 @@ abstract class PFAHandler {
}
if (is_array($condition)) {
if (isset($condition['_']) && count($this->searchfields) > 0) {
$simple_search = array();
foreach ($this->searchfields as $field) {
$simple_search[] = "$field LIKE '%" . escape_string($condition['_']) . "%'";
}
$additional_where .= " AND ( " . join(" OR ", $simple_search) . " ) ";
unset($condition['_']);
}
$where = db_where_clause($condition, $this->struct, $additional_where, $searchmode);
} else {
if ($condition == "") $condition = '1=1';
@@ -716,6 +724,8 @@ abstract class PFAHandler {
# allow only access to fields the user can access to avoid information leaks via search parameters
if (isset($this->struct[$key]) && ($this->struct[$key]['display_in_list'] || $this->struct[$key]['display_in_form']) ) {
$real_condition[$key] = $value;
} elseif (($key == '_') && count($this->searchfields)) {
$real_condition[$key] = $value;
} else {
$this->errormsg[] = "Ignoring unknown search field $key";
}