fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removing 'eval' from getAllData

Browse Source
This commit is contained in:
IsaiDiaz
2025-06-16 14:44:35 -04:00
parent 627c080bc5
commit 91f47831a0
1 changed files with 65 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
workflow/engine/classes/model/AdditionalTables.php
View File

@@ -443,109 +443,122 @@ class AdditionalTables extends BaseAdditionalTables
if ($keyOrderUppercase) {
foreach ($aData['FIELDS'] as $aField) {
$field = '$oCriteria->addSelectColumn(' . $sClassPeerName . '::' . $aField['FLD_NAME'] . ');';
$columnConstant = constant($sClassPeerName . '::' . $aField['FLD_NAME']);
if (in_array($aField['FLD_TYPE'], $types)) {
$round = '';
if ($aField['FLD_TYPE'] == 'DECIMAL' || $aField['FLD_TYPE'] == 'REAL') {
$round = '", "" . ' . $sClassPeerName . '::' . $aField['FLD_NAME'] . ' . "");';
$oCriteria->addAsColumn($aField['FLD_NAME'], $columnConstant);
} else {
$double = self::validateParameter($conf['report_table_double_number'], 1, 8, 4);
$float = self::validateParameter($conf['report_table_floating_number'], 1, 5, 4);
$round = '", "round(" . ' . $sClassPeerName . '::' . $aField['FLD_NAME'] . ' . ", ' . ($aField['FLD_TYPE'] == 'DOUBLE' ? $double : $float) . ')");';
$precision = ($aField['FLD_TYPE'] == 'DOUBLE' ? $double : $float);
$oCriteria->addAsColumn($aField['FLD_NAME'], "ROUND({$columnConstant}, {$precision})");
}
$field = '$oCriteria->addAsColumn("' . $aField['FLD_NAME'] . $round;
} else {
$oCriteria->addSelectColumn($columnConstant);
}
eval($field);
}
}
$oCriteriaCount = clone $oCriteria;
eval('$count = ' . $sClassPeerName . '::doCount($oCriteria);');
$count = call_user_func([$sClassPeerName, 'doCount'], $oCriteriaCount);
if ($filter != '' && is_string($filter)) {
$stringOr = '';
$closure = '';
$firstCriterion = null;
$types = ['INTEGER', 'BIGINT', 'SMALLINT', 'TINYINT', 'DECIMAL', 'DOUBLE', 'FLOAT', 'REAL', 'BOOLEAN'];
foreach ($aData['FIELDS'] as $aField) {
if (($appUid == false && $aField['FLD_NAME'] != 'APP_UID') || ($appUid == true)) {
$columnConstant = constant($sClassPeerName . '::' . $aField['FLD_NAME']);
if (in_array($aField['FLD_TYPE'], $types)) {
if (is_numeric($filter)) {
$stringOr = $stringOr . '$a = $oCriteria->getNewCriterion(' . $sClassPeerName . '::' . $aField['FLD_NAME'] . ', "' . $filter . '", Criteria::EQUAL)' . $closure . ';';
$closure = '->addOr($a)';
$criterion = $oCriteria->getNewCriterion($columnConstant, $filter, Criteria::EQUAL);
}
} else {
$stringOr = $stringOr . '$a = $oCriteria->getNewCriterion(' . $sClassPeerName . '::' . $aField['FLD_NAME'] . ', "%' . $filter . '%", Criteria::LIKE)' . $closure . ';';
$closure = '->addOr($a)';
$criterion = $oCriteria->getNewCriterion($columnConstant, "%" . $filter . "%", Criteria::LIKE);
}
if (isset($criterion)) {
if ($firstCriterion === null) {
$firstCriterion = $criterion;
} else {
$firstCriterion->addOr($criterion);
}
}
}
}
$stringOr = $stringOr . '$oCriteria->add($a);';
eval($stringOr);
if ($firstCriterion !== null) {
$oCriteria->add($firstCriterion);
}
}
if ($search !== '' && is_string($search)) {
try {
$object = G::json_decode($search);
if (isset($object->where)) {
$stringAnd = "";
$closure = "";
$mainCriterion = null;
$fields = $object->where;
foreach ($fields as $key => $value) {
$columnName = G::toUpper($key);
$columnConstantName = $sClassPeerName . '::' . $columnName;
if (is_string($value)) {
$stringAnd = $stringAnd . '$a = $oCriteria->getNewCriterion(' . $sClassPeerName . '::' . G::toUpper($key) . ', "' . $value . '", Criteria::EQUAL)' . $closure . ';';
$closure = '->addAnd($a)';
}
if (is_object($value)) {
$defined = defined("Base" . $sClassPeerName . "::" . G::toUpper($key));
if ($defined === false) {
$criterion = $oCriteria->getNewCriterion(constant($columnConstantName), $value, Criteria::EQUAL);
} elseif (is_object($value)) {
if (!defined("Base" . $sClassPeerName . "::" . $columnName) && !defined($columnConstantName)) {
throw new Exception(G::loadTranslation("ID_FIELD_NOT_FOUND") . ": " . $key . "");
}
if (isset($value->neq) && $defined) {
$stringAnd = $stringAnd . '$a = $oCriteria->getNewCriterion(' . $sClassPeerName . '::' . G::toUpper($key) . ', "' . $value->neq . '", Criteria::NOT_EQUAL)' . $closure . ';';
$closure = '->addAnd($a)';
if (isset($value->neq)) {
$criterion = $oCriteria->getNewCriterion(constant($columnConstantName), $value->neq, Criteria::NOT_EQUAL);
} elseif (isset($value->like)) {
$criterion = $oCriteria->getNewCriterion(constant($columnConstantName), $value->like, Criteria::LIKE);
} elseif (isset($value->nlike)) {
$criterion = $oCriteria->getNewCriterion(constant($columnConstantName), $value->nlike, Criteria::NOT_LIKE);
}
if (isset($value->like) && $defined) {
$stringAnd = $stringAnd . '$a = $oCriteria->getNewCriterion(' . $sClassPeerName . '::' . G::toUpper($key) . ', "' . $value->like . '", Criteria::LIKE)' . $closure . ';';
$closure = '->addAnd($a)';
}
if (isset($value->nlike) && $defined) {
$stringAnd = $stringAnd . '$a = $oCriteria->getNewCriterion(' . $sClassPeerName . '::' . G::toUpper($key) . ', "' . $value->nlike . '", Criteria::NOT_LIKE)' . $closure . ';';
$closure = '->addAnd($a)';
}
if (isset($criterion)) {
if ($mainCriterion === null) {
$mainCriterion = $criterion;
} else {
$mainCriterion->addAnd($criterion);
}
}
}
if (!empty($stringAnd)) {
$stringAnd = $stringAnd . '$oCriteria->add($a);';
eval($stringAnd);
if ($mainCriterion !== null) {
$oCriteria->add($mainCriterion);
}
}
} catch (Exception $oError) {
throw($oError);
}
}
if ($filter != '' && is_string($filter) || $search !== '' && is_string($search)) {
$oCriteriaCount = clone $oCriteria;
eval('$count = ' . $sClassPeerName . '::doCount($oCriteria);');
$count = call_user_func([$sClassPeerName, 'doCount'], $oCriteria);
}
$filter = new InputFilter();
$sClassPeerName = $filter->validateInput($sClassPeerName);
if (isset($_POST['sort'])) {
$_POST['sort'] = $filter->validateInput($_POST['sort']);
$_POST['dir'] = $filter->validateInput($_POST['dir']);
$_POST['sort'] = $inputFilter->validateInput($_POST['sort']);
$_POST['dir'] = $inputFilter->validateInput($_POST['dir']);
$sortColumn = $_POST['sort'];
$orderByColumn = $keyOrderUppercase ? $sortColumn : constant($sClassPeerName . '::' . $sortColumn);
if ($_POST['dir'] == 'ASC') {
if ($keyOrderUppercase) {
eval('$oCriteria->addAscendingOrderByColumn("' . $_POST['sort'] . '");');
} else {
eval('$oCriteria->addAscendingOrderByColumn(' . $sClassPeerName . '::' . $_POST['sort'] . ');');
}
$oCriteria->addAscendingOrderByColumn($orderByColumn);
} else {
if ($keyOrderUppercase) {
eval('$oCriteria->addDescendingOrderByColumn("' . $_POST['sort'] . '");');
} else {
eval('$oCriteria->addDescendingOrderByColumn(' . $sClassPeerName . '::' . $_POST['sort'] . ');');
}
$oCriteria->addDescendingOrderByColumn($orderByColumn);
}
}
@@ -555,7 +568,7 @@ class AdditionalTables extends BaseAdditionalTables
if (isset($start)) {
$oCriteria->setOffset($start);
}
eval('$rs = ' . $sClassPeerName . '::doSelectRS($oCriteria);');
$rs = call_user_func([$sClassPeerName, 'doSelectRS'], $oCriteria);
$rs->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$rows = array();