spacefreak/user_sql
1
0
Fork 0
Code Pull Requests Activity

Better settings validation

Browse Source
This commit is contained in:
Patrick Valsecchi
2017-12-19 12:19:12 +01:00
parent 9c4cebd6eb
commit c8f1051193
2 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
ajax/settings.php
View File

@@ -75,20 +75,40 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS
'data' => array('message' => $l -> t('The selected SQL table '.$_POST['sql_table'].' does not exist!')))); 'data' => array('message' => $l -> t('The selected SQL table '.$_POST['sql_table'].' does not exist!'))));
break; break;
} }
if(!empty($_POST['sql_group_table']) && !$helper->verifyTable($parameters, $_POST['sql_driver'], $_POST['sql_group_table']))
{
$response->setData(array('status' => 'error',
'data' => array('message' => $l -> t('The selected SQL table '.$_POST['sql_group_table'].' does not exist!'))));
break;
}
// Retrieve all column settings // Retrieve all column settings
$columns = array(); $columns = array();
$group_columns = array();
foreach($params as $param) foreach($params as $param)
{ {
if(strpos($param, 'col_') === 0 && strpos($param, 'col_group_') !== 0) if(strpos($param, 'col_') === 0)
{ {
if(isset($_POST[$param]) && $_POST[$param] !== '') if(isset($_POST[$param]) && $_POST[$param] !== '')
$columns[] = $_POST[$param]; {
if(strpos($param, 'col_group_') === 0)
{
$group_columns[] = $_POST[$param];
}
else
{
$columns[] = $_POST[$param];
}
}
} }
} }
// Check if the columns exist // Check if the columns exist
$status = $helper->verifyColumns($parameters, $_POST['sql_driver'], $_POST['sql_table'], $columns); $status = $helper->verifyColumns($parameters, $_POST['sql_driver'], $_POST['sql_table'], $columns);
if(!empty($_POST['sql_group_table']) && $status === true)
{
$status = $helper->verifyColumns($parameters, $_POST['sql_driver'], $_POST['sql_group_table'], $group_columns);
}
if($status !== true) if($status !== true)
{ {
$response->setData(array('status' => 'error', $response->setData(array('status' => 'error',

2
lib/helper.php
View File

@@ -280,7 +280,7 @@ class Helper {
if(!in_array($col, $columns, true)) if(!in_array($col, $columns, true))
{ {
$res = false; $res = false;
$err .= $col.' '; $err .= $table.'.'.$col.' ';
} }
} }
if($res) if($res)