From c8f1051193fd20b3b8c7464307be39f7dd4ac9c1 Mon Sep 17 00:00:00 2001 From: Patrick Valsecchi Date: Tue, 19 Dec 2017 12:19:12 +0100 Subject: [PATCH] Better settings validation --- ajax/settings.php | 24 ++++++++++++++++++++++-- lib/helper.php | 2 +- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/ajax/settings.php b/ajax/settings.php index a25fbfa..eabdfd3 100644 --- a/ajax/settings.php +++ b/ajax/settings.php @@ -75,20 +75,40 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS 'data' => array('message' => $l -> t('The selected SQL table '.$_POST['sql_table'].' does not exist!')))); break; } + if(!empty($_POST['sql_group_table']) && !$helper->verifyTable($parameters, $_POST['sql_driver'], $_POST['sql_group_table'])) + { + $response->setData(array('status' => 'error', + 'data' => array('message' => $l -> t('The selected SQL table '.$_POST['sql_group_table'].' does not exist!')))); + break; + } // Retrieve all column settings $columns = array(); + $group_columns = array(); foreach($params as $param) { - if(strpos($param, 'col_') === 0 && strpos($param, 'col_group_') !== 0) + if(strpos($param, 'col_') === 0) { if(isset($_POST[$param]) && $_POST[$param] !== '') - $columns[] = $_POST[$param]; + { + if(strpos($param, 'col_group_') === 0) + { + $group_columns[] = $_POST[$param]; + } + else + { + $columns[] = $_POST[$param]; + } + } } } // Check if the columns exist $status = $helper->verifyColumns($parameters, $_POST['sql_driver'], $_POST['sql_table'], $columns); + if(!empty($_POST['sql_group_table']) && $status === true) + { + $status = $helper->verifyColumns($parameters, $_POST['sql_driver'], $_POST['sql_group_table'], $group_columns); + } if($status !== true) { $response->setData(array('status' => 'error', diff --git a/lib/helper.php b/lib/helper.php index 9d9c80a..18177a3 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -280,7 +280,7 @@ class Helper { if(!in_array($col, $columns, true)) { $res = false; - $err .= $col.' '; + $err .= $table.'.'.$col.' '; } } if($res)