From 3fc28c0142bf8ab4e2cfae44931e2a51aadc4d51 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 25 Feb 2013 13:51:37 -0500
Subject: [PATCH] - Added: remoting queries with a lot of results (e.g. email addresses or alias domains or dns rr) lead to non-functioning soap requests - added '#OFFSET#' AND '#LIMIT#' handling to the query - added automatic 'WHERE 1' if an empty array was given as query example: $result = $api->sites_web_domain_get('type' => 'vhost', '#OFFSET#' => 25, '#LIMIT#' => 50); to get the websites 26 to 75
---
interface/lib/classes/tform.inc.php | 154 ++++++++++++++++++++++++++++++++++----------------
1 files changed, 104 insertions(+), 50 deletions(-)
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index cfb04b4..8e36fb2 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -276,6 +276,17 @@
$this->errorMessage .= "Custom datasource class or function is empty<br />\r\n";
}
}
+
+ if(isset($field['filters']) && is_array($field['filters'])) {
+ $new_values = array();
+ foreach($values as $index => $value) {
+ $new_index = $this->filterField($index, $index, $field['filters'], 'SHOW');
+ $new_values[$new_index] = $this->filterField($index, (isset($values[$index]))?$values[$index]:'', $field['filters'], 'SHOW');
+ }
+ $values = $new_values;
+ unset($new_values);
+ unset($new_index);
+ }
return $values;
@@ -629,7 +640,6 @@
if(isset($field['filters']) && is_array($field['filters'])) {
$record[$key] = $this->filterField($key, (isset($record[$key]))?$record[$key]:'', $field['filters'], 'SAVE');
}
-
//* Validate record value
if(isset($field['validators']) && is_array($field['validators'])) {
$this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
@@ -677,7 +687,7 @@
}
break;
case 'INTEGER':
- $new_record[$key] = (isset($record[$key]))?$app->functions->intval($record[$key]):0;
+ $new_record[$key] = (isset($record[$key]))?$app->functions->intval($record[$key]):0;
//if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default'];
//if($key == 'refresh') die($record[$key]);
break;
@@ -738,24 +748,16 @@
if($filter['event'] == $filter_event) {
switch ($filter['type']) {
case 'TOLOWER':
- $returnval = strtolower($field_value);
+ $returnval = strtolower($returnval);
break;
case 'TOUPPER':
- $returnval = strtoupper($field_value);
+ $returnval = strtoupper($returnval);
break;
case 'IDNTOASCII':
- if(function_exists('idn_to_ascii')) {
- $returnval = idn_to_ascii($field_value);
- } else {
- $returnval = $field_value;
- }
+ $returnval = $app->functions->idn_encode($returnval);
break;
case 'IDNTOUTF8':
- if(function_exists('idn_to_utf8')) {
- $returnval = idn_to_utf8($field_value);
- } else {
- $returnval = $field_value;
- }
+ $returnval = $app->functions->idn_decode($returnval);
break;
default:
$this->errorMessage .= "Unknown Filter: ".$filter['type'];
@@ -763,8 +765,7 @@
}
}
}
-
- return $returnval;
+ return $returnval;
}
/**
@@ -798,7 +799,9 @@
}
break;
case 'UNIQUE':
- if($this->action == 'NEW') {
+ if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
+ if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){
+ if($this->action == 'NEW') {
$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
@@ -808,7 +811,7 @@
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
- } else {
+ } else {
$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
@@ -818,7 +821,8 @@
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
- }
+ }
+ }
break;
case 'NOTEMPTY':
if(empty($field_value)) {
@@ -852,7 +856,7 @@
}
break;
case 'ISINT':
- if(function_exists('filter_var')) {
+ if(function_exists('filter_var') && $field_value < 2147483647) {
if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
@@ -880,12 +884,45 @@
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
- }
- }
- break;
- case 'ISIPV4':
- $vip=1;
- if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ }
+ }
+ break;
+ /*
+ case 'ISV6PREFIX':
+ $v6_prefix_ok = 0;
+ $explode_field_value = explode(':',$field_value);
+ if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){
+ if ( count($explode_field_value) <= 9 ) {
+ if(filter_var(substr($field_value,0,strlen($field_value)-2),FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).'::0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).':0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ) {
+ $v6_prefix_ok = 1;
+ }
+ }
+ } else {
+ $v6_prefix_ok = 2;
+ }
+ // check subnet against defined server-ipv6
+ $sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' LIMIT 0,1");
+ $sql_v6_explode=explode(':',$sql_v6['ip_address']);
+ if ( count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address']) ) {
+ $v6_prefix_ok = 3;
+ }
+ if($v6_prefix_ok == 0) {
+ $errmsg = $validator['errmsg'];
+ }
+ if($v6_prefix_ok == 2) {
+ $errmsg = 'IPv6 Prefix must end with ::';
+ }
+ if($v6_prefix_ok == 3) {
+ $errmsg = 'IPv6 Prefix too long (according to Server IP Addresses)';
+ }
+ if($v6_prefix_ok <> 1){
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ break;
+ */
+ case 'ISIPV4':
+ $vip=1;
+ if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
$groups=explode(".",$field_value);
foreach($groups as $group){
if($group<0 OR $group>255)
@@ -902,31 +939,44 @@
}
break;
case 'ISIP':
- //* Check if its a IPv4 or IPv6 address
- if(function_exists('filter_var')) {
- if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
- $errmsg = $validator['errmsg'];
- if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
- } else {
- $this->errorMessage .= $errmsg."<br />\r\n";
- }
- }
+ if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
+ if($validator['allowempty'] == 'y' && $field_value == '') {
+ //* Do nothing
} else {
- //* Check content with regex, if we use php < 5.2
- $ip_ok = 0;
- if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
- $ip_ok = 1;
+ //* Check if its a IPv4 or IPv6 address
+ if(isset($validator['separator']) && $validator['separator'] != '') {
+ //* When the field may contain several IP addresses, split them by the char defined as separator
+ $field_value_array = explode($validator['separator'],$field_value);
+ } else {
+ $field_value_array[] = $field_value;
}
- if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
- $ip_ok = 1;
- }
- if($ip_ok == 0) {
- $errmsg = $validator['errmsg'];
- if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ foreach($field_value_array as $field_value) {
+ if(function_exists('filter_var')) {
+ if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
} else {
- $this->errorMessage .= $errmsg."<br />\r\n";
+ //* Check content with regex, if we use php < 5.2
+ $ip_ok = 0;
+ if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
+ $ip_ok = 1;
+ }
+ if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ $ip_ok = 1;
+ }
+ if($ip_ok == 0) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
}
}
}
@@ -1022,7 +1072,9 @@
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'MYSQL') {
- $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $record[$key] = $tmp['crypted'];
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'CLEARTEXT') {
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
@@ -1049,7 +1101,9 @@
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
- $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $record[$key] = $tmp['crypted'];
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
--
Gitblit v1.9.1