SF.net SVN: postfixadmin:[1772] trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Revision: 1772
          http://sourceforge.net/p/postfixadmin/code/1772
Author:   christian_boltz
Date:     2015-04-06 13:39:21 +0000 (Mon, 06 Apr 2015)
Log Message:
-----------
PFAHandler:
- build_select_query(): add support for $search['_'] (searching if one
  of the $this->searchfields contains the search text)
- getList(): make sure '_' is kept in the search parameters

functions.inc.php:
- db_where_clause(): slightly relax checks - if $condition is empty,
  only error out if $additional_raw_where is also empty

Modified Paths:
--------------
    trunk/functions.inc.php
    trunk/model/PFAHandler.php

Modified: trunk/functions.inc.php
===================================================================

--- trunk/functions.inc.php	2015-04-06 13:29:28 UTC (rev 1771)
+++ trunk/functions.inc.php	2015-04-06 13:39:21 UTC (rev 1772)
@@ -1628,7 +1628,7 @@
         die('db_where_cond: parameter $cond is not an array!');
     } elseif(!is_array($searchmode)) {
         die('db_where_cond: parameter $searchmode is not an array!');
-    } elseif (count($condition) == 0) {
+    } elseif (count($condition) == 0 && trim($additional_raw_where) == '') {
         die("db_where_cond: parameter is an empty array!"); # die() might sound harsh, but can prevent information leaks 
     } elseif(!is_array($struct)) {
         die('db_where_cond: parameter $struct is not an array!');

Modified: trunk/model/PFAHandler.php
===================================================================
--- trunk/model/PFAHandler.php	2015-04-06 13:29:28 UTC (rev 1771)
+++ trunk/model/PFAHandler.php	2015-04-06 13:39:21 UTC (rev 1772)
@@ -609,6 +609,14 @@
         }
 
         if (is_array($condition)) {
+            if (isset($condition['_']) && count($this->searchfields) > 0) {
+                $simple_search = array();
+                foreach ($this->searchfields as $field) {
+                    $simple_search[] = "$field LIKE '%" . escape_string($condition['_']) . "%'";
+                }
+                $additional_where .= " AND ( " . join(" OR ", $simple_search) . " ) ";
+                unset($condition['_']);
+            }
             $where = db_where_clause($condition, $this->struct, $additional_where, $searchmode);
         } else {
             if ($condition == "") $condition = '1=1';
@@ -716,6 +724,8 @@
                 # allow only access to fields the user can access to avoid information leaks via search parameters
                 if (isset($this->struct[$key]) && ($this->struct[$key]['display_in_list'] || $this->struct[$key]['display_in_form']) ) {
                     $real_condition[$key] = $value;
+                } elseif (($key == '_') && count($this->searchfields)) {
+                    $real_condition[$key] = $value;
                 } else {
                     $this->errormsg[] = "Ignoring unknown search field $key";
                 }

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



