fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-3834

Browse Source
This commit is contained in:
Paula Quispe
2017-10-12 08:24:22 -04:00
parent dc16c88124
commit 8b2e2147d9
2 changed files with 393 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

716
gulliver/methods/genericAjax.php
View File

@@ -1,228 +1,266 @@
<?php <?php
$filter = new InputFilter(); $filter = new InputFilter();
$_GET = $filter->xssFilterHard($_GET,"url"); $_GET = $filter->xssFilterHard($_GET, "url");
$_POST = $filter->xssFilterHard($_POST,"url"); $_POST = $filter->xssFilterHard($_POST, "url");
$_REQUEST = $filter->xssFilterHard($_REQUEST,"url"); $_REQUEST = $filter->xssFilterHard($_REQUEST, "url");
$_SESSION = $filter->xssFilterHard($_SESSION,"url"); $_SESSION = $filter->xssFilterHard($_SESSION, "url");
$request = isset($_POST['request'])? $_POST['request']: null; $request = isset($_POST['request']) ? $_POST['request'] : null;
if( !isset($request) ){
$request = isset($_GET['request'])? $_GET['request']: null; if (!isset($request)) {
$request = isset($_GET['request']) ? $_GET['request'] : null;
} }
if( isset($request) ){ if (isset($request)) {
switch($request){ switch ($request) {
case 'deleteGridRowOnDynaform': case 'deleteGridRowOnDynaform':
//This code is to update the SESSION variable for dependent fields in grids //This code is to update the SESSION variable for dependent fields in grids
if (!defined("XMLFORM_AJAX_PATH")) { if (!defined("XMLFORM_AJAX_PATH")) {
define("XMLFORM_AJAX_PATH", PATH_XMLFORM); define("XMLFORM_AJAX_PATH", PATH_XMLFORM);
}
if (is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) {
if (!is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) {
$_SESSION[$_POST["formID"]][$_POST["gridname"]] = (array)$_SESSION[$_POST["formID"]][$_POST["gridname"]];
}
ksort($_SESSION[$_POST["formID"]][$_POST["gridname"]]);
$oFields = array();
$initialKey = 1;
foreach ($_SESSION[$_POST["formID"]][$_POST["gridname"]] as $key => $value) {
if ($key != $_POST["rowpos"]) {
$oFields[$initialKey] = $value;
$initialKey++;
}
}
unset($_SESSION[$_POST["formID"]][$_POST["gridname"]]);
$_SESSION[$_POST["formID"]][$_POST["gridname"]] = $oFields;
}
break;
/** widgets **/
case 'suggest':
try {
if(isset($_GET["inputEnconde64"])) {
$_GET['input'] = base64_decode($_GET['input']);
}
$sData = base64_decode(str_rot13($_GET['hash']));
list($SQL, $DB_UID) = explode('@|', $sData);
// Remplace values for dependent fields
$aDependentFieldsKeys = explode("|", base64_decode(str_rot13($_GET['dependentFieldsKeys'])));
$aDependentFieldsValue = explode("|", $_GET['dependentFieldsValue']);
if ($aDependentFieldsKeys) {
$aDependentFields = array();
foreach ($aDependentFieldsKeys as $nKey => $sFieldVar ) {
$sKeyDepFields = substr($sFieldVar, 2);
$aDependentFields[$sKeyDepFields] = $aDependentFieldsValue[$nKey];
}
$SQL = G::replaceDataField($SQL, $aDependentFields);
}
// Parsed SQL Structure
$parser = new PHPSQLParser($SQL);
$searchType = $_GET["searchType"];
// Verif parsed array
// print_r($parser->parsed);
$SQL = queryModified($parser->parsed, $_GET['input'], $searchType);
$aRows = Array();
try {
$con = Propel::getConnection($DB_UID);
$con->begin();
$rs = $con->executeQuery($SQL);
$con->commit();
while ( $rs->next() ) {
array_push($aRows, $rs->getRow());
}
} catch (SQLException $sqle) {
$con->rollback();
}
$input = strtolower( $_GET['input'] );
$len = strlen($input);
$limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 0;
$aResults = array();
$count = 0;
$aRows = sortByChar($aRows, $input);
if ($len){
for ($i=0;$i<count($aRows);$i++){
$aRow = $aRows[$i];
$nCols = sizeof($aRow);
$aRow = array_values($aRow);
switch( $nCols ){
case 1:
$id = $aRow[0];
$value = $aRow[0];
$info = '';
break;
case 2:
$id = $aRow[0];
$value = $aRow[1];
$info = '';
break;
case $nCols >= 3:
$id = $aRow[0];
$value = $aRow[1];
$info = $aRow[2];
break;
} }
if (is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) {
if (!is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) {
$_SESSION[$_POST["formID"]][$_POST["gridname"]] = (array)$_SESSION[$_POST["formID"]][$_POST["gridname"]];
}
ksort($_SESSION[$_POST["formID"]][$_POST["gridname"]]);
$oFields = array();
$initialKey = 1;
// had to use utf_decode, here foreach ($_SESSION[$_POST["formID"]][$_POST["gridname"]] as $key => $value) {
// not necessary if the results are coming from mysql if ($key != $_POST["rowpos"]) {
// $oFields[$initialKey] = $value;
$count++; $initialKey++;
$aResults[] = array( "id"=>$id ,"value"=>htmlspecialchars($value), "info"=>htmlspecialchars($info) ); }
}
} unset($_SESSION[$_POST["formID"]][$_POST["gridname"]]);
}
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past $_SESSION[$_POST["formID"]][$_POST["gridname"]] = $oFields;
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified }
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache"); // HTTP/1.0
if (isset($_REQUEST['json'])) {
header("Content-Type: application/json");
echo Bootstrap::json_encode(array("status" => 0, "results" => $aResults));
} else {
header("Content-Type: text/xml");
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?><results>";
for ($i=0;$i<count($aResults);$i++)
{
echo "<rs id=\"".$aResults[$i]['id']."\" info=\"".$aResults[$i]['info']."\">".$aResults[$i]['value']."</rs>";
}
echo "</results>";
}
} catch(Exception $e){
$err = $e->getMessage();
//$err = eregi_replace("[\n|\r|\n\r]", ' ', $err);
$err = preg_replace("[\n|\r|\n\r]", ' ', $err);//Made compatible to PHP 5.3
echo '{"status":1, "message":"'.$err.'"}';
}
break;
case 'storeInTmp':
if(!isset($_SESSION['USER_LOGGED'])) {
echo "{status: 1, message: \"success\"}";
break; break;
} /** widgets **/
try { case 'suggest':
$con = Propel::getConnection($_GET['cnn']);
if($_GET['pkt'] == 'int'){
$primaryKeyField = Propel::getDB($_GET['cnn'])->quoteIdentifier($_GET['pk']); try {
$tableName = Propel::getDB($_GET['cnn'])->quoteIdentifier($_GET['table']);
$rs = $con->executeQuery("SELECT MAX($primaryKeyField) as lastId FROM $tableName");
$rs->next();
$row = $rs->getRow();
$gKey = (int)$row['lastId'] + 1;
} else { if (isset($_GET["inputEnconde64"])) {
$gKey = G::encryptOld(date('Y-m-d H:i:s').'@'.rand()); $_GET['input'] = base64_decode($_GET['input']);
} }
// See above. Gross, but it works. if (!isset($_GET['form']) || !isset($_GET['variable'])) {
$field = mysql_real_escape_string($_GET['fld']); throw new Exception('Please contact the system administrator.');
$field = str_replace("`", "", $field); }
$query = "INSERT INTO $tableName ($primaryKeyField, $field) VALUES (?, ?)"; // '$gKey', '{$_GET['value']}')"; $gridName = isset($_GET['grid']) ? $_GET['grid'] : '';
//When is a grid the form parameter include the name of grid
$xmlFile = str_replace($gridName, '', $_GET['form']);
//We will to get the form and variable and the query related
$xmlFile = G::getUIDName(urlDecode($xmlFile));
$gridName = isset($_GET['grid']) ? $_GET['grid'] : '';
$xmlFile = str_replace($gridName, '', $xmlFile);
$rs = $con->prepareStatement($query); $myForm = new Form($xmlFile, PATH_DYNAFORM);
$rs->set(1, $gKey); $myForm->id = urlDecode($_GET['form']);
$rs->set(2, $_GET['value']);
$rs->executeQuery();
echo "{status: 1, message: \"success\"}";
} catch (Exception $e) { $bdUid = 'workflow';
$err = $e->getMessage(); if (isset($_GET['type']) && $_GET['type']==='form' && isset($myForm->fields[$_GET['variable']]->sql)) {
//$err = eregi_replace("[\n|\r|\n\r]", ' ', $err); $sqlQuery = $myForm->fields[$_GET['variable']]->sql;
$err = preg_replace("[\n|\r|\n\r]", " ", $err); //Made compatible to PHP 5.3 if (isset($myForm->fields[$_GET['variable']]->sqlConnection) && !empty($myForm->fields[$_GET['variable']]->sqlConnection)) {
echo "{status: 0, message: \"" . $err . "\"}"; $bdUid = $myForm->fields[$_GET['variable']]->sqlConnection;
} }
break; } elseif (isset($_GET['type']) && $_GET['type']==='grid' && isset($myForm->fields[$_GET['grid']])) {
} foreach ($myForm->fields[$_GET['grid']] as $index => $value) {
if (is_array($value) && isset($value[$_GET['variable']])) {
$newObj = $value[$_GET['variable']];
$sqlQuery = $newObj->sql;
if (isset($newObj->sqlConnection) && !empty($newObj->sqlConnection)) {
$bdUid = $newObj->sqlConnection;
}
}
}
} else {
throw new Exception('The variable with ' . $_GET['variable'] . ' does not defined in the form.');
}
// Replace values for dependent fields
$aDependentFieldsKeys = explode("|", base64_decode(str_rot13($_GET['dependentFieldsKeys'])));
$aDependentFieldsValue = explode("|", $_GET['dependentFieldsValue']);
if ($aDependentFieldsKeys) {
$aDependentFields = array();
foreach ($aDependentFieldsKeys as $nKey => $sFieldVar) {
$sKeyDepFields = substr($sFieldVar, 2);
$aDependentFields[$sKeyDepFields] = $aDependentFieldsValue[$nKey];
}
$sqlQuery = G::replaceDataField($sqlQuery, $aDependentFields);
}
// Parsed SQL Structure
$parser = new PHPSQLParser($sqlQuery);
$searchType = $_GET["searchType"];
// Verify parsed array
$sqlQuery = queryModified($parser->parsed, $_GET['input'], $searchType);
$aRows = Array();
try {
$con = Propel::getConnection($bdUid);
$con->begin();
$rs = $con->executeQuery($sqlQuery);
$con->commit();
while ($rs->next()) {
array_push($aRows, $rs->getRow());
}
} catch (SQLException $sqle) {
$con->rollback();
}
$input = strtolower($_GET['input']);
$len = strlen($input);
$limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 0;
$aResults = array();
$count = 0;
$aRows = sortByChar($aRows, $input);
if ($len) {
for ($i = 0; $i < count($aRows); $i++) {
$aRow = $aRows[$i];
$nCols = sizeof($aRow);
$aRow = array_values($aRow);
switch ($nCols) {
case 1:
$id = $aRow[0];
$value = $aRow[0];
$info = '';
break;
case 2:
$id = $aRow[0];
$value = $aRow[1];
$info = '';
break;
case $nCols >= 3:
$id = $aRow[0];
$value = $aRow[1];
$info = $aRow[2];
break;
}
// had to use utf_decode, here
// not necessary if the results are coming from mysql
//
$count++;
$aResults[] = array(
"id" => $id,
"value" => htmlspecialchars($value),
"info" => htmlspecialchars($info)
);
}
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Pragma: no-cache"); // HTTP/1.0
if (isset($_REQUEST['json'])) {
header("Content-Type: application/json");
echo Bootstrap::json_encode(array("status" => 0, "results" => $aResults));
} else {
header("Content-Type: text/xml");
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?><results>";
for ($i = 0; $i < count($aResults); $i++) {
echo "<rs id=\"" . $aResults[$i]['id'] . "\" info=\"" . $aResults[$i]['info'] . "\">" . $aResults[$i]['value'] . "</rs>";
}
echo "</results>";
}
} catch (Exception $e) {
$err = $e->getMessage();
$err = preg_replace("[\n|\r|\n\r]", ' ', $err);//Made compatible to PHP 5.3
echo '{"status":1, "message":"' . $err . '"}';
}
break;
case 'storeInTmp':
if (!isset($_SESSION['USER_LOGGED'])) {
echo "{status: 1, message: \"success\"}";
break;
}
try {
$con = Propel::getConnection($_GET['cnn']);
if ($_GET['pkt'] == 'int') {
$primaryKeyField = Propel::getDB($_GET['cnn'])->quoteIdentifier($_GET['pk']);
$tableName = Propel::getDB($_GET['cnn'])->quoteIdentifier($_GET['table']);
$rs = $con->executeQuery("SELECT MAX($primaryKeyField) as lastId FROM $tableName");
$rs->next();
$row = $rs->getRow();
$gKey = (int)$row['lastId'] + 1;
} else {
$gKey = G::encryptOld(date('Y-m-d H:i:s') . '@' . rand());
}
// See above. Gross, but it works.
$field = mysql_real_escape_string($_GET['fld']);
$field = str_replace("`", "", $field);
$query = "INSERT INTO $tableName ($primaryKeyField, $field) VALUES (?, ?)"; // '$gKey', '{$_GET['value']}')";
$rs = $con->prepareStatement($query);
$rs->set(1, $gKey);
$rs->set(2, $_GET['value']);
$rs->executeQuery();
echo "{status: 1, message: \"success\"}";
} catch (Exception $e) {
$err = $e->getMessage();
$err = preg_replace("[\n|\r|\n\r]", " ", $err); //Made compatible to PHP 5.3
echo "{status: 0, message: \"" . $err . "\"}";
}
break;
}
} }
function sortByChar($aRows, $charSel) function sortByChar($aRows, $charSel)
{ {
$aIniChar = array(); $aIniChar = array();
$aRest = array(); $aRest = array();
for($i=0; $i<count($aRows) ;$i++){ for ($i = 0; $i < count($aRows); $i++) {
$aRow = $aRows[$i]; $aRow = $aRows[$i];
$nCols = sizeof($aRow); $nCols = sizeof($aRow);
$aRowOrder = array_values($aRow); $aRowOrder = array_values($aRow);
switch( $nCols ){ switch ($nCols) {
case 1: case 1:
$value = $aRowOrder[0]; $value = $aRowOrder[0];
break; break;
case 2: case 2:
$value = $aRowOrder[1]; $value = $aRowOrder[1];
break; break;
case $nCols >= 3: case $nCols >= 3:
$value = $aRowOrder[1]; $value = $aRowOrder[1];
break; break;
}
if (substr(strtolower($value), 0, 1) == substr(strtolower($charSel), 0, 1)) {
array_push($aIniChar, $aRow);
} else {
array_push($aRest, $aRow);
}
} }
if(substr(strtolower($value), 0, 1) == substr( strtolower($charSel), 0, 1)){ return array_merge($aIniChar, $aRest);
array_push($aIniChar, $aRow);
} else {
array_push($aRest, $aRow);
}
}
return array_merge($aIniChar, $aRest);
} }
@@ -234,148 +272,164 @@ function sortByChar($aRows, $charSel)
*/ */
function queryModified($sqlParsed, $inputSel = "", $searchType) function queryModified($sqlParsed, $inputSel = "", $searchType)
{ {
if(!empty($sqlParsed['SELECT'])) { if (!empty($sqlParsed['SELECT'])) {
$sqlSelectOptions = (isset($sqlParsed["OPTIONS"]) && count($sqlParsed["OPTIONS"]) > 0)? implode(" ", $sqlParsed["OPTIONS"]) : null; $sqlSelectOptions = (isset($sqlParsed["OPTIONS"]) && count($sqlParsed["OPTIONS"]) > 0) ? implode(" ",
$sqlParsed["OPTIONS"]) : null;
$sqlSelect = "SELECT $sqlSelectOptions "; $sqlSelect = "SELECT $sqlSelectOptions ";
$aSelect = $sqlParsed["SELECT"]; $aSelect = $sqlParsed["SELECT"];
$sFieldSel = (count($aSelect)>1 ) ? $aSelect[1]['base_expr'] : $aSelect[0]['base_expr'];
foreach($aSelect as $key => $value ) {
if($key != 0)
$sqlSelect .= ", ";
$sAlias = str_replace("`","", $aSelect[$key]['alias']);
$sBaseExpr = $aSelect[$key]['base_expr'];
switch($aSelect[$key]['expr_type']){
case 'colref' : if($sAlias === $sBaseExpr)
$sqlSelect .= $sAlias;
else
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
break;
case 'expression' : if($sAlias === $sBaseExpr)
$sqlSelect .= $sBaseExpr;
else
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
break;
case 'subquery' : if(strpos($sAlias, $sBaseExpr,0) != 0)
$sqlSelect .= $sAlias;
else
$sqlSelect .= $sBaseExpr . " AS " . $sAlias;
break;
case 'operator' : $sqlSelect .= $sBaseExpr;
break;
default : $sqlSelect .= $sBaseExpr;
break;
}
}
$sqlFrom = " FROM ";
if(!empty($sqlParsed['FROM'])){
$aFrom = $sqlParsed['FROM'];
if(count($aFrom) > 0){
foreach($aFrom as $key => $value ){
if($key == 0) {
$sqlFrom .= $aFrom[$key]['table'] . (($aFrom[$key]['table'] == $aFrom[$key]['alias'])?"" : " " . $aFrom[$key]['alias']);
} else {
$sqlFrom .= " " . (($aFrom[$key]['join_type']=='JOIN')?"INNER": $aFrom[$key]['join_type']) . " JOIN " . $aFrom[$key]['table']
. (($aFrom[$key]['table'] == $aFrom[$key]['alias'])?"" : " " . $aFrom[$key]['alias']) . " " . $aFrom[$key]['ref_type'] . " " . $aFrom[$key]['ref_clause'] ;
}
$sFieldSel = (count($aSelect) > 1) ? $aSelect[1]['base_expr'] : $aSelect[0]['base_expr'];
foreach ($aSelect as $key => $value) {
if ($key != 0) {
$sqlSelect .= ", ";
}
$sAlias = str_replace("`", "", $aSelect[$key]['alias']);
$sBaseExpr = $aSelect[$key]['base_expr'];
switch ($aSelect[$key]['expr_type']) {
case 'colref' :
if ($sAlias === $sBaseExpr) {
$sqlSelect .= $sAlias;
} else {
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
}
break;
case 'expression' :
if ($sAlias === $sBaseExpr) {
$sqlSelect .= $sBaseExpr;
} else {
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
}
break;
case 'subquery' :
if (strpos($sAlias, $sBaseExpr, 0) != 0) {
$sqlSelect .= $sAlias;
} else {
$sqlSelect .= $sBaseExpr . " AS " . $sAlias;
}
break;
case 'operator' :
$sqlSelect .= $sBaseExpr;
break;
default :
$sqlSelect .= $sBaseExpr;
break;
}
} }
}
}
$sqlConditionLike = "LIKE '%" . $inputSel . "%'"; $sqlFrom = " FROM ";
if (!empty($sqlParsed['FROM'])) {
$aFrom = $sqlParsed['FROM'];
if (count($aFrom) > 0) {
foreach ($aFrom as $key => $value) {
if ($key == 0) {
$sqlFrom .= $aFrom[$key]['table'] . (($aFrom[$key]['table'] == $aFrom[$key]['alias']) ? "" : " " . $aFrom[$key]['alias']);
} else {
$sqlFrom .= " " . (($aFrom[$key]['join_type'] == 'JOIN') ? "INNER" : $aFrom[$key]['join_type']) . " JOIN " . $aFrom[$key]['table']
. (($aFrom[$key]['table'] == $aFrom[$key]['alias']) ? "" : " " . $aFrom[$key]['alias']) . " " . $aFrom[$key]['ref_type'] . " " . $aFrom[$key]['ref_clause'];
}
switch ($searchType) { }
case "searchtype*": }
$sqlConditionLike = "LIKE '" . $inputSel . "%'"; }
break;
case "*searchtype":
$sqlConditionLike = "LIKE '%" . $inputSel . "'";
break;
}
if(!empty($sqlParsed['WHERE'])){ $sqlConditionLike = "LIKE '%" . $inputSel . "%'";
$sqlWhere = " WHERE ";
$aWhere = $sqlParsed['WHERE'];
foreach($aWhere as $key => $value ){
$sqlWhere .= $value['base_expr'] . " ";
}
$sqlWhere .= " AND " . $sFieldSel . " " . $sqlConditionLike;
}
else {
$sqlWhere = " WHERE " . $sFieldSel . " " . $sqlConditionLike;
}
$sqlGroupBy = ""; switch ($searchType) {
if(!empty($sqlParsed['GROUP'])){ case "searchtype*":
$sqlGroupBy = "GROUP BY "; $sqlConditionLike = "LIKE '" . $inputSel . "%'";
$aGroup = $sqlParsed['GROUP']; break;
foreach($aGroup as $key => $value ){ case "*searchtype":
if($key != 0) $sqlConditionLike = "LIKE '%" . $inputSel . "'";
$sqlGroupBy .= ", "; break;
if($value['direction'] == 'ASC' ) }
$sqlGroupBy .= $value['base_expr'];
else
$sqlGroupBy .= $value['base_expr'] . " " . $value['direction'];
}
}
$sqlHaving = ""; if (!empty($sqlParsed['WHERE'])) {
if(!empty($sqlParsed['HAVING'])){ $sqlWhere = " WHERE ";
$sqlHaving = "HAVING "; $aWhere = $sqlParsed['WHERE'];
$aHaving = $sqlParsed['HAVING']; foreach ($aWhere as $key => $value) {
foreach($aHaving as $key => $value ){ $sqlWhere .= $value['base_expr'] . " ";
$sqlHaving .= $value['base_expr'] . " "; }
} $sqlWhere .= " AND " . $sFieldSel . " " . $sqlConditionLike;
} } else {
$sqlWhere = " WHERE " . $sFieldSel . " " . $sqlConditionLike;
}
$sqlOrderBy = ""; $sqlGroupBy = "";
if(!empty($sqlParsed['ORDER'])){ if (!empty($sqlParsed['GROUP'])) {
$sqlOrderBy = "ORDER BY "; $sqlGroupBy = "GROUP BY ";
$aOrder = $sqlParsed['ORDER']; $aGroup = $sqlParsed['GROUP'];
foreach($aOrder as $key => $value ){ foreach ($aGroup as $key => $value) {
if($key != 0) if ($key != 0) {
$sqlOrderBy .= ", "; $sqlGroupBy .= ", ";
if($value['direction'] == 'ASC' ) }
$sqlOrderBy .= $value['base_expr']; if ($value['direction'] == 'ASC') {
else $sqlGroupBy .= $value['base_expr'];
$sqlOrderBy .= $value['base_expr'] . " " . $value['direction']; } else {
} $sqlGroupBy .= $value['base_expr'] . " " . $value['direction'];
} else { }
$sqlOrderBy = " ORDER BY " . $sFieldSel; }
} }
$sqlLimit = ""; $sqlHaving = "";
if(!empty($sqlParsed['LIMIT'])){ if (!empty($sqlParsed['HAVING'])) {
$sqlLimit = "LIMIT ". $sqlParsed['LIMIT']['start'] . ", " . $sqlParsed['LIMIT']['end']; $sqlHaving = "HAVING ";
} $aHaving = $sqlParsed['HAVING'];
foreach ($aHaving as $key => $value) {
$sqlHaving .= $value['base_expr'] . " ";
}
}
return $sqlSelect . $sqlFrom . $sqlWhere . $sqlGroupBy . $sqlHaving . $sqlOrderBy . $sqlLimit; $sqlOrderBy = "";
} if (!empty($sqlParsed['ORDER'])) {
if(!empty($sqlParsed['CALL'])){ $sqlOrderBy = "ORDER BY ";
$sCall = "CALL "; $aOrder = $sqlParsed['ORDER'];
$aCall = $sqlParsed['CALL']; foreach ($aOrder as $key => $value) {
foreach($aCall as $key => $value ){ if ($key != 0) {
$sCall .= $value . " "; $sqlOrderBy .= ", ";
}
if ($value['direction'] == 'ASC') {
$sqlOrderBy .= $value['base_expr'];
} else {
$sqlOrderBy .= $value['base_expr'] . " " . $value['direction'];
}
}
} else {
$sqlOrderBy = " ORDER BY " . $sFieldSel;
}
$sqlLimit = "";
if (!empty($sqlParsed['LIMIT'])) {
$sqlLimit = "LIMIT " . $sqlParsed['LIMIT']['start'] . ", " . $sqlParsed['LIMIT']['end'];
}
return $sqlSelect . $sqlFrom . $sqlWhere . $sqlGroupBy . $sqlHaving . $sqlOrderBy . $sqlLimit;
} }
return $sCall; if (!empty($sqlParsed['CALL'])) {
} $sCall = "CALL ";
if(!empty($sqlParsed['EXECUTE'])){ $aCall = $sqlParsed['CALL'];
$sCall = "EXECUTE "; foreach ($aCall as $key => $value) {
$aCall = $sqlParsed['EXECUTE']; $sCall .= $value . " ";
foreach($aCall as $key => $value ){ }
$sCall .= $value . " ";
return $sCall;
} }
return $sCall; if (!empty($sqlParsed['EXECUTE'])) {
} $sCall = "EXECUTE ";
if(!empty($sqlParsed[''])){ $aCall = $sqlParsed['EXECUTE'];
$sCall = ""; foreach ($aCall as $key => $value) {
$aCall = $sqlParsed['']; $sCall .= $value . " ";
foreach($aCall as $key => $value ){ }
$sCall .= $value . " ";
return $sCall;
}
if (!empty($sqlParsed[''])) {
$sCall = "";
$aCall = $sqlParsed[''];
foreach ($aCall as $key => $value) {
$sCall .= $value . " ";
}
return $sCall;
} }
return $sCall;
}
} }

10
gulliver/system/class.xmlform.php
View File

@@ -1355,7 +1355,6 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText
$sCallBack = ''; $sCallBack = '';
} }
$hash = str_rot13( base64_encode( $this->sql . '@|' . $this->sqlConnection ) );
$sSQL = $this->sql; $sSQL = $this->sql;
$nCount = preg_match_all( '/\@(?:([\@\%\#\!Qq])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*?)*)\))/', $sSQL, $match, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE ); $nCount = preg_match_all( '/\@(?:([\@\%\#\!Qq])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*?)*)\))/', $sSQL, $match, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE );
@@ -1405,8 +1404,8 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText
$sOptions = 'script: function (input) { '; $sOptions = 'script: function (input) { ';
$sOptions .= ' var inputValue = base64_encode(getField(\'' . $this->name . '_label\').value); '; $sOptions .= ' var inputValue = base64_encode(getField(\'' . $this->name . '_label\').value); ';
$sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&json=true&limit=' . $this->maxresults; $sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&type=form&form=' . $owner->id . '&variable=' . $this->name . '&json=true&limit=' . $this->maxresults;
$sOptions .= '&hash=' . $hash . '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="'; $sOptions .= '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="';
$sOptions .= $depValues . '"&input="+inputValue+"&inputEnconde64=enable&searchType=' . $this->searchType . '";'; $sOptions .= $depValues . '"&input="+inputValue+"&inputEnconde64=enable&searchType=' . $this->searchType . '";';
@@ -1561,7 +1560,6 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText
$sCallBack = ''; $sCallBack = '';
} }
$hash = str_rot13( base64_encode( $this->sql . '@|' . $this->sqlConnection ) );
$sSQL = $this->sql; $sSQL = $this->sql;
$nCount = preg_match_all( '/\@(?:([\@\%\#\!Qq])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*?)*)\))/', $sSQL, $match, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE ); $nCount = preg_match_all( '/\@(?:([\@\%\#\!Qq])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*?)*)\))/', $sSQL, $match, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE );
@@ -1602,8 +1600,8 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText
$sOptions .= ' var inputValue = base64_encode(getField(\'' . $rowIdField . '[' . $this->name . '_label\').value); '; $sOptions .= ' var inputValue = base64_encode(getField(\'' . $rowIdField . '[' . $this->name . '_label\').value); ';
$sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&json=true&limit=' . $this->maxresults; $sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&type=grid&form=' . $owner->id . '&grid=' . $owner->name . '&variable=' . $this->name . '&json=true&limit=' . $this->maxresults;
$sOptions .= '&hash=' . $hash . '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="'; $sOptions .= '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="';
$sOptions .= $depValues . '"&input="+inputValue+"&inputEnconde64=enable&searchType=' . $this->searchType . '";'; $sOptions .= $depValues . '"&input="+inputValue+"&inputEnconde64=enable&searchType=' . $this->searchType . '";';
$sOptions .= '},'; $sOptions .= '},';