fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in bugfix/HOR-3834 (pull request #6114)

Browse Source 
HOR-3834

Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
This commit is contained in:
Paula Quispe
2017-10-19 18:53:40 +00:00
committed by Julio Cesar Laura Avendaño
parent 5f3ea6ade1 8b2e2147d9
commit 4eb81fd01e
2 changed files with 393 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
gulliver/methods/genericAjax.php
View File

@@ -6,6 +6,7 @@ $_REQUEST = $filter->xssFilterHard($_REQUEST,"url");
$_SESSION = $filter->xssFilterHard($_SESSION, "url");
$request = isset($_POST['request']) ? $_POST['request'] : null;
if (!isset($request)) {
$request = isset($_GET['request']) ? $_GET['request'] : null;
}
@@ -43,12 +44,48 @@ if( isset($request) ){
case 'suggest':
try {
if (isset($_GET["inputEnconde64"])) {
$_GET['input'] = base64_decode($_GET['input']);
}
$sData = base64_decode(str_rot13($_GET['hash']));
list($SQL, $DB_UID) = explode('@|', $sData);
// Remplace values for dependent fields
if (!isset($_GET['form']) || !isset($_GET['variable'])) {
throw new Exception('Please contact the system administrator.');
}
$gridName = isset($_GET['grid']) ? $_GET['grid'] : '';
//When is a grid the form parameter include the name of grid
$xmlFile = str_replace($gridName, '', $_GET['form']);
//We will to get the form and variable and the query related
$xmlFile = G::getUIDName(urlDecode($xmlFile));
$gridName = isset($_GET['grid']) ? $_GET['grid'] : '';
$xmlFile = str_replace($gridName, '', $xmlFile);
$myForm = new Form($xmlFile, PATH_DYNAFORM);
$myForm->id = urlDecode($_GET['form']);
$bdUid = 'workflow';
if (isset($_GET['type']) && $_GET['type']==='form' && isset($myForm->fields[$_GET['variable']]->sql)) {
$sqlQuery = $myForm->fields[$_GET['variable']]->sql;
if (isset($myForm->fields[$_GET['variable']]->sqlConnection) && !empty($myForm->fields[$_GET['variable']]->sqlConnection)) {
$bdUid = $myForm->fields[$_GET['variable']]->sqlConnection;
}
} elseif (isset($_GET['type']) && $_GET['type']==='grid' && isset($myForm->fields[$_GET['grid']])) {
foreach ($myForm->fields[$_GET['grid']] as $index => $value) {
if (is_array($value) && isset($value[$_GET['variable']])) {
$newObj = $value[$_GET['variable']];
$sqlQuery = $newObj->sql;
if (isset($newObj->sqlConnection) && !empty($newObj->sqlConnection)) {
$bdUid = $newObj->sqlConnection;
}
}
}
} else {
throw new Exception('The variable with ' . $_GET['variable'] . ' does not defined in the form.');
}
// Replace values for dependent fields
$aDependentFieldsKeys = explode("|", base64_decode(str_rot13($_GET['dependentFieldsKeys'])));
$aDependentFieldsValue = explode("|", $_GET['dependentFieldsValue']);
if ($aDependentFieldsKeys) {
@@ -57,23 +94,22 @@ if( isset($request) ){
$sKeyDepFields = substr($sFieldVar, 2);
$aDependentFields[$sKeyDepFields] = $aDependentFieldsValue[$nKey];
}
$SQL = G::replaceDataField($SQL, $aDependentFields);
$sqlQuery = G::replaceDataField($sqlQuery, $aDependentFields);
}
// Parsed SQL Structure
$parser = new PHPSQLParser($SQL);
$parser = new PHPSQLParser($sqlQuery);
$searchType = $_GET["searchType"];
// Verif parsed array
// print_r($parser->parsed);
$SQL = queryModified($parser->parsed, $_GET['input'], $searchType);
// Verify parsed array
$sqlQuery = queryModified($parser->parsed, $_GET['input'], $searchType);
$aRows = Array();
try {
$con = Propel::getConnection($DB_UID);
$con = Propel::getConnection($bdUid);
$con->begin();
$rs = $con->executeQuery($SQL);
$rs = $con->executeQuery($sqlQuery);
$con->commit();
while ($rs->next()) {
@@ -121,7 +157,11 @@ if( isset($request) ){
// not necessary if the results are coming from mysql
//
$count++;
$aResults[] = array( "id"=>$id ,"value"=>htmlspecialchars($value), "info"=>htmlspecialchars($info) );
$aResults[] = array(
"id" => $id,
"value" => htmlspecialchars($value),
"info" => htmlspecialchars($info)
);
}
}
@@ -138,8 +178,7 @@ if( isset($request) ){
header("Content-Type: text/xml");
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?><results>";
for ($i=0;$i<count($aResults);$i++)
{
for ($i = 0; $i < count($aResults); $i++) {
echo "<rs id=\"" . $aResults[$i]['id'] . "\" info=\"" . $aResults[$i]['info'] . "\">" . $aResults[$i]['value'] . "</rs>";
}
echo "</results>";
@@ -147,7 +186,6 @@ if( isset($request) ){
} catch (Exception $e) {
$err = $e->getMessage();
//$err = eregi_replace("[\n|\r|\n\r]", ' ', $err);
$err = preg_replace("[\n|\r|\n\r]", ' ', $err);//Made compatible to PHP 5.3
echo '{"status":1, "message":"' . $err . '"}';
}
@@ -188,7 +226,6 @@ if( isset($request) ){
echo "{status: 1, message: \"success\"}";
} catch (Exception $e) {
$err = $e->getMessage();
//$err = eregi_replace("[\n|\r|\n\r]", ' ', $err);
$err = preg_replace("[\n|\r|\n\r]", " ", $err); //Made compatible to PHP 5.3
echo "{status: 0, message: \"" . $err . "\"}";
}
@@ -222,6 +259,7 @@ function sortByChar($aRows, $charSel)
array_push($aRest, $aRow);
}
}
return array_merge($aIniChar, $aRest);
}
@@ -235,36 +273,46 @@ function sortByChar($aRows, $charSel)
function queryModified($sqlParsed, $inputSel = "", $searchType)
{
if (!empty($sqlParsed['SELECT'])) {
$sqlSelectOptions = (isset($sqlParsed["OPTIONS"]) && count($sqlParsed["OPTIONS"]) > 0)? implode(" ", $sqlParsed["OPTIONS"]) : null;
$sqlSelectOptions = (isset($sqlParsed["OPTIONS"]) && count($sqlParsed["OPTIONS"]) > 0) ? implode(" ",
$sqlParsed["OPTIONS"]) : null;
$sqlSelect = "SELECT $sqlSelectOptions ";
$aSelect = $sqlParsed["SELECT"];
$sFieldSel = (count($aSelect) > 1) ? $aSelect[1]['base_expr'] : $aSelect[0]['base_expr'];
foreach ($aSelect as $key => $value) {
if($key != 0)
if ($key != 0) {
$sqlSelect .= ", ";
}
$sAlias = str_replace("`", "", $aSelect[$key]['alias']);
$sBaseExpr = $aSelect[$key]['base_expr'];
switch ($aSelect[$key]['expr_type']) {
case 'colref' : if($sAlias === $sBaseExpr)
case 'colref' :
if ($sAlias === $sBaseExpr) {
$sqlSelect .= $sAlias;
else
} else {
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
}
break;
case 'expression' : if($sAlias === $sBaseExpr)
case 'expression' :
if ($sAlias === $sBaseExpr) {
$sqlSelect .= $sBaseExpr;
else
} else {
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
}
break;
case 'subquery' : if(strpos($sAlias, $sBaseExpr,0) != 0)
case 'subquery' :
if (strpos($sAlias, $sBaseExpr, 0) != 0) {
$sqlSelect .= $sAlias;
else
} else {
$sqlSelect .= $sBaseExpr . " AS " . $sAlias;
}
break;
case 'operator' : $sqlSelect .= $sBaseExpr;
case 'operator' :
$sqlSelect .= $sBaseExpr;
break;
default : $sqlSelect .= $sBaseExpr;
default :
$sqlSelect .= $sBaseExpr;
break;
}
}
@@ -303,8 +351,7 @@ function queryModified($sqlParsed, $inputSel = "", $searchType)
$sqlWhere .= $value['base_expr'] . " ";
}
$sqlWhere .= " AND " . $sFieldSel . " " . $sqlConditionLike;
}
else {
} else {
$sqlWhere = " WHERE " . $sFieldSel . " " . $sqlConditionLike;
}
@@ -313,14 +360,16 @@ function queryModified($sqlParsed, $inputSel = "", $searchType)
$sqlGroupBy = "GROUP BY ";
$aGroup = $sqlParsed['GROUP'];
foreach ($aGroup as $key => $value) {
if($key != 0)
if ($key != 0) {
$sqlGroupBy .= ", ";
if($value['direction'] == 'ASC' )
}
if ($value['direction'] == 'ASC') {
$sqlGroupBy .= $value['base_expr'];
else
} else {
$sqlGroupBy .= $value['base_expr'] . " " . $value['direction'];
}
}
}
$sqlHaving = "";
if (!empty($sqlParsed['HAVING'])) {
@@ -336,13 +385,15 @@ function queryModified($sqlParsed, $inputSel = "", $searchType)
$sqlOrderBy = "ORDER BY ";
$aOrder = $sqlParsed['ORDER'];
foreach ($aOrder as $key => $value) {
if($key != 0)
if ($key != 0) {
$sqlOrderBy .= ", ";
if($value['direction'] == 'ASC' )
}
if ($value['direction'] == 'ASC') {
$sqlOrderBy .= $value['base_expr'];
else
} else {
$sqlOrderBy .= $value['base_expr'] . " " . $value['direction'];
}
}
} else {
$sqlOrderBy = " ORDER BY " . $sFieldSel;
}
@@ -360,6 +411,7 @@ function queryModified($sqlParsed, $inputSel = "", $searchType)
foreach ($aCall as $key => $value) {
$sCall .= $value . " ";
}
return $sCall;
}
if (!empty($sqlParsed['EXECUTE'])) {
@@ -368,6 +420,7 @@ function queryModified($sqlParsed, $inputSel = "", $searchType)
foreach ($aCall as $key => $value) {
$sCall .= $value . " ";
}
return $sCall;
}
if (!empty($sqlParsed[''])) {
@@ -376,6 +429,7 @@ function queryModified($sqlParsed, $inputSel = "", $searchType)
foreach ($aCall as $key => $value) {
$sCall .= $value . " ";
}
return $sCall;
}
}

10
gulliver/system/class.xmlform.php
View File

@@ -1355,7 +1355,6 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText
$sCallBack = '';
}
$hash = str_rot13( base64_encode( $this->sql . '@|' . $this->sqlConnection ) );
$sSQL = $this->sql;
$nCount = preg_match_all( '/\@(?:([\@\%\#\!Qq])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*?)*)\))/', $sSQL, $match, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE );
@@ -1405,8 +1404,8 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText
$sOptions = 'script: function (input) { ';
$sOptions .= ' var inputValue = base64_encode(getField(\'' . $this->name . '_label\').value); ';
$sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&json=true&limit=' . $this->maxresults;
$sOptions .= '&hash=' . $hash . '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="';
$sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&type=form&form=' . $owner->id . '&variable=' . $this->name . '&json=true&limit=' . $this->maxresults;
$sOptions .= '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="';
$sOptions .= $depValues . '"&input="+inputValue+"&inputEnconde64=enable&searchType=' . $this->searchType . '";';
@@ -1561,7 +1560,6 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText
$sCallBack = '';
}
$hash = str_rot13( base64_encode( $this->sql . '@|' . $this->sqlConnection ) );
$sSQL = $this->sql;
$nCount = preg_match_all( '/\@(?:([\@\%\#\!Qq])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*?)*)\))/', $sSQL, $match, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE );
@@ -1602,8 +1600,8 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText
$sOptions .= ' var inputValue = base64_encode(getField(\'' . $rowIdField . '[' . $this->name . '_label\').value); ';
$sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&json=true&limit=' . $this->maxresults;
$sOptions .= '&hash=' . $hash . '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="';
$sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&type=grid&form=' . $owner->id . '&grid=' . $owner->name . '&variable=' . $this->name . '&json=true&limit=' . $this->maxresults;
$sOptions .= '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="';
$sOptions .= $depValues . '"&input="+inputValue+"&inputEnconde64=enable&searchType=' . $this->searchType . '";';
$sOptions .= '},';