Context Navigation

loadsearch.php

Revision 728, 11.4 kB (checked in by brieb, 7 months ago)
Fixed possible security loopholes in search screen (SQL Manipulation)
Property svn:keywords set to `LastChangedBy LastChangedDate LastChangedRevision`

Line
1	<?php
2	/*
3	$Rev$ \| $LastChangedBy$
4	$LastChangedDate$
5	+-------------------------------------------------------------------------+
6	\| Copyright (c) 2004 - 2010, Kreotek LLC \|
7	\| All rights reserved. \|
8	+-------------------------------------------------------------------------+
9	\| \|
10	\| Redistribution and use in source and binary forms, with or without \|
11	\| modification, are permitted provided that the following conditions are \|
12	\| met: \|
13	\| \|
14	\| - Redistributions of source code must retain the above copyright \|
15	\| notice, this list of conditions and the following disclaimer. \|
16	\| \|
17	\| - Redistributions in binary form must reproduce the above copyright \|
18	\| notice, this list of conditions and the following disclaimer in the \|
19	\| documentation and/or other materials provided with the distribution. \|
20	\| \|
21	\| - Neither the name of Kreotek LLC nor the names of its contributore may \|
22	\| be used to endorse or promote products derived from this software \|
23	\| without specific prior written permission. \|
24	\| \|
25	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \|
26	\| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \|
27	\| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \|
28	\| PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \|
29	\| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \|
30	\| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \|
31	\| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \|
32	\| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \|
33	\| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \|
34	\| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \|
35	\| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \|
36	\| \|
37	+-------------------------------------------------------------------------+
38	*/
39
40	class savedSearch{
41
42	var $db;
43
44	function savedSearch($db){
45
46	$this->db=$db;
47
48	}//end function init
49
50
51	function delete($id){
52
53	$querystatement="DELETE FROM usersearches
54	WHERE id=".((int) $id);
55	$queryresult = $this->db->query($querystatement);
56
57	echo "success";
58
59	}//end function delete
60
61
62	/**
63	* saves current search
64	*
65	* @param string $name name to save search as
66	* @param integer $tabledefid table definition's id
67	* @param string $userid uuid of user
68	*/
69	function save($name,$tabledefid,$userid){
70
71	$uuid = getUuid($this->db, "tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3", $tabledefid);
72
73	$querystatement = "
74	SELECT
75	`prefix`
76	FROM
77	`tabledefs`
78	WHERE
79	`uuid` = '".$uuid."'";
80
81	$queryresult = $this->db->query($querystatement);
82
83	$therecord = $this->db->fetchArray($queryresult);
84	$prefix = $therecord["prefix"];
85
86	$insertstatement = "
87	INSERT INTO
88	usersearches
89	(
90	userid,
91	tabledefid,
92	name,
93	`type`,
94	sqlclause,
95	`uuid`
96	) VALUES (
97	'".mysql_real_escape_string($userid)."',
98	'".mysql_real_escape_string($uuid)."',
99	'".mysql_real_escape_string($name)."',
100	'SCH',
101	'".addslashes($_SESSION["tableparams"][$tabledefid]["querywhereclause"])."',
102	'".uuid($prefix.":")."'
103	)";
104
105	$this->db->query($insertstatement);
106
107	echo "search saved";
108
109	}//endfunction save
110
111
112	/**
113	* displays sql clause for saved search
114	*
115	* @param integer $id savedsearch id
116	*/
117	function get($id){
118
119	$querystatement="
120	SELECT
121	sqlclause
122	FROM
123	usersearches
124	WHERE id=".((int) $id);
125
126	$queryresult = $this->db->query($querystatement);
127
128	$therecord = $this->db->fetchArray($queryresult);
129
130	echo $therecord["sqlclause"];
131
132	}//end function
133
134
135	/**
136	* generates the select input of saved searches
137	*
138	* @param mysql query result $queryresult
139	*/
140	function showSavedSearchList($queryresult){
141
142	$numrows = $this->db->numRows($queryresult);
143
144	?>
145	<select id="LSList" name="LSList" <?php if ($numrows<1) echo "disabled" ?> size="10" style="width:170px;height:160px;" onchange="LSsearchSelect(this,'<?php echo APP_PATH ?>')">
146	<?php if($numrows<1) {?>
147
148	<option value="NA">No Saved Searches</option>
149
150	<?php
151	} else {
152
153	$numglobal=0;
154
155	while($therecord=$this->db->fetchArray($queryresult))
156	if($therecord["userid"]<1) $numglobal++;
157
158	$this->db->seek($queryresult,0);
159
160	if($numglobal>0){ ?>
161	<option value="NA" style="font-style:italic;font-weight:bold"> -- global searches ---------</option>
162	<?php
163	}//end if
164
165	$userqueryline = true;
166
167	while($therecord=$this->db->fetchArray($queryresult)){
168
169	if ($therecord["userid"] != '' and $userqueryline) {
170
171	$userqueryline = false;
172
173	?><option value="NA" style="font-style:italic;font-weight:bold"> -- user searches ---------</option><?php
174
175	}//endif
176
177	?><option value="<?php echo $therecord["id"]?>"><?php echo $therecord["name"]?></option><?php
178
179	}// end while
180
181	}//end if
182	?>
183	</select>
184	<?php
185
186	}//end function showSavedSearchList
187
188
189	/**
190	* displays the load box for saved searches
191	*
192	* @param integer $tabledefid id of tabledef
193	* @param string $userid uuid of user
194	* @param string $securitywhere additional security based where clause to pass
195	*/
196	function showLoad($tabledefid,$userid,$securitywhere){
197
198	$uuid = getUuid($this->db, "tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3", $tabledefid);
199
200	$querystatement = "
201	SELECT
202	id,
203	name,
204	userid
205	FROM
206	usersearches
207	WHERE
208	tabledefid = '".$uuid."'
209	AND type='SCH'
210	AND (
211	(userid = '' ".$securitywhere.")
212	OR userid = '".$userid."')
213	ORDER BY
214	userid,
215	name";
216
217	$queryresult = $this->db->query($querystatement);
218
219	if(!$queryresult)
220	$error = new appError(500,"Cannot retrieve saved search information");
221
222	$querystatement="
223	SELECT
224	advsearchroleid
225	FROM
226	tabledefs
227	WHERE id= '".$tabledefid."'";
228
229	$tabledefresult = $this->db->query($querystatement);
230
231	if(!$tabledefresult)
232	$error = new appError(500,"Cannot retrieve table definition information.");
233
234	$tableinfo=$this->db->fetchArray($tabledefresult);
235
236	?>
237	<table border="0" cellpadding="0" cellspacing="0">
238	<tr>
239	<td valign="top">
240	<p>
241	<label for="LSList">saved searches</label><br />
242	<?php $this->showSavedSearchList($queryresult)?>
243	</p>
244	</td>
245	<td valign="top" width="100%">
246	<p>
247	<label for="LSSelectedSearch">name</label><br />
248	<input type="text" id="LSSelectedSearch" size="10" readonly="readonly" class="uneditable" />
249	</p>
250	<p>
251	<textarea id="LSSQL" name="LSSQL" rows="8" cols="10" <?php if(!hasRights($tableinfo["advsearchroleid"])) echo ' readonly="readonly"'?>></textarea>
252	</p>
253	</td>
254	<td valign="top">
255	<p><br/><input id="LSLoad" type="submit" name="command" class="Buttons" disabled="disabled" value="run search"/></p>
256	<p><input id="LSDelete" type="button" onclick="LSDeleteSearch('<?php echo APP_PATH ?>')" class="Buttons" disabled="disabled" value="delete"/></p>
257	<div id="LSResults"> </div>
258	</td>
259	</tr>
260	</table>
261	<?php
262
263	}//end function showLoad
264
265	}//end class
266
267
268
269
270	if(isset($_GET["cmd"])){
271
272	require_once("include/session.php");
273
274	$thesearch = new savedSearch($db);
275
276	switch($_GET["cmd"]){
277
278	case "show":
279
280	$securitywhere = "";
281
282	if ($_SESSION["userinfo"]["admin"]!=1 && count($_SESSION["userinfo"]["roles"])>0){
283
284	$securitywhere = "";
285
286	foreach($_SESSION["userinfo"]["roles"] as $role)
287	$securitywhere .= ", '".$role."'";
288
289	$securitywhere = " AND (`roleid` IN (''".$securitywhere.") OR `roleid` IS NULL)";
290
291	}//endif
292
293	if(!isset($_GET["tid"]))
294	$error = new appError(200, "passed parameters not set");
295
296	$thesearch->showLoad($_GET["tid"], $_SESSION["userinfo"]["uuid"], $securitywhere);
297	break;
298
299	case "getsearch":
300
301	if(!isset($_GET["id"]))
302	$error = new appError(200, "passed parameters not set");
303
304	$thesearch->get($_GET["id"]);
305	break;
306
307	case "savesearch":
308
309	if(!isset($_GET["tid"]) \|\| !isset($_GET["name"]))
310	$error = new appError(200, "passed parameters not set");
311
312	$thesearch->save($_GET["name"] ,$_GET["tid"], $_SESSION["userinfo"]["uuid"]);
313	break;
314
315	case "deletesearch":
316
317	if(!isset($_GET["id"]))
318	$error = new appError(200, "passed parameters not set");
319
320	$thesearch->delete($_GET["id"]);
321	break;
322
323	}//end switch
324
325	}//endif
326	?>

Note: See TracBrowser for help on using the browser.

phpBMS

Context Navigation

root/trunk/phpbms/loadsearch.php

Download in other formats: