function search()
{
$this->layout = 'ajax';
if (!$this->RequestHandler->isAjax()) {
$this->redirect(array('plugin' => false, 'controller' => 'dashboards', 'action' => 'index'));
} else {
$this->disableCache();
if (!empty($this->params['url']['query'])) {
// Add default scope condition
$this->paginate['SearchIndex']['conditions'] = array('SearchIndex.active' => 1);
// Add published condition NULL or < NOW()
$this->paginate['SearchIndex']['conditions']['OR'] = array(array('SearchIndex.published' => null), array('SearchIndex.published <= ' => date('Y-m-d H:i:s')));
// Add term condition, and sorting
$this->data['SearchIndex']['term'] = $this->params['url']['query'];
$term = $this->params['url']['query'];
App::import('Core', 'Sanitize');
$term = Sanitize::escape($term);
$this->paginate['SearchIndex']['conditions'][] = "MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE)";
$this->paginate['SearchIndex']['fields'] = "*, MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE) AS score";
$this->paginate['SearchIndex']['order'] = "score DESC";
$results = $this->paginate();
$this->set(compact('results'));
}
}
}
function view($id = null)
{
if (!$id) {
$this->redirect(array('action' => 'index'));
}
// Make sure the user is allowed to see the account.
$id = Sanitize::escape($id);
if (!$this->isAuthorized($id)) {
$this->Session->setFlash(__('Invalid account', true));
$this->redirect(array('action' => 'index'));
}
$this->Account->id = $id;
$account = Sanitize::html($this->Account->field('name'));
$this->set('page_header', __('%s - Overview', $account));
// Set the idata needed for nav menu.
$type = $this->NavMenu->checkType($this->Account->getType($id));
$this->set('navMenu', $this->NavMenu->menu($type));
$this->set('selectedTab', 'overview');
$this->set('accountId', $id);
$this->set('overview', '');
// If the request is ajax, use ajax component.
if ($this->request->isAjax()) {
$this->render('/Elements/ajax', 'ajax');
}
}
/**
* Check if user`s login/password matches our records
*
* @param string $login
* @param string $password
* @return array
*/
function authenticate($login, $password)
{
$login = Sanitize::escape($login);
$password = sha1($password);
$this->recursive = -1;
return $this->findByLoginAndPassword($login, $password);
}
public function editUsers($id)
{
$this->set('role', $this->UserRole->findById($id));
if (isset($this->request->data['addlist'])) {
foreach ($this->request->data['addlist'] as $user_id => $val) {
if ($val == 0) {
continue;
}
$data = array();
$data['role_id'] = $id;
$data['user_id'] = $user_id;
$this->UserRoleAccess->clear();
$this->UserRoleAccess->save($data, false);
}
}
if (isset($this->request->data['deletelist'])) {
foreach ($this->request->data['deletelist'] as $user_id => $val) {
if ($val == 0) {
continue;
}
$data = array();
$data['UserRoleAccess.role_id'] = $id;
$data['UserRoleAccess.user_id'] = $user_id;
$this->UserRoleAccess->clear();
$this->UserRoleAccess->deleteAll($data);
}
}
$this->set('listUsers', $this->UserModel->find('all', array('order' => array('UserModel.id'), 'conditions' => array('UserModel.id NOT IN (SELECT user_id FROM user_role_access WHERE role_id = ' . Sanitize::escape($id) . ')'))));
$this->set('selectedUsers', $this->UserRoleAccess->findAllByRoleId($id, null, array('UserRoleAccess.user_id')));
}
public function index()
{
$selectedLang = empty($this->params['pass'][0]) ? 'ara' : $this->params['pass'][0];
$this->Session->write('Translation.selectedLang', $selectedLang);
$this->Navigation->addCrumb('List of Translations');
$header = __('List of Translations');
$searchKey = $this->Session->read('Translation.SearchField');
$languageOptions = $this->languageOptions;
if ($this->request->is('post', 'put')) {
if (isset($this->request->data['Translation']['SearchField'])) {
$searchKey = $this->request->data['Translation']['SearchField'];
$this->Session->delete('Translation.SearchField');
$this->Session->write('Translation.SearchField', $searchKey);
}
}
if (!empty($searchKey)) {
$searchField = Sanitize::escape(trim($searchKey));
$options['conditions']['Translation.eng LIKE'] = '%' . $searchField . '%';
}
$options['order'] = array('Translation.eng' => 'asc');
//$conditions = array('order' => array('Translation.eng' => 'asc'), 'conditions' => array('Translation.eng LIKE' => '%home%'));
$this->Paginator->settings = array_merge(array('limit' => 30, 'maxLimit' => 100), $options);
$data = $this->Paginator->paginate('Translation');
if (empty($data)) {
$this->Message->alert('general.search.noResult');
}
if (empty($data)) {
$this->Message->alert('general.view.noRecords');
}
$this->set(compact('header', 'data', 'languageOptions', 'selectedLang', 'searchKey'));
}
function testClean()
{
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" 'other' ;.$ symbol.another line';
$result = Sanitize::clean($string);
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & ' . Sanitize::escape('"quote"') . ' ' . Sanitize::escape('\'other\'') . ' ;.$ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ $ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false));
$this->assertEqual($result, $expected);
$array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'));
$expected = array(array('test & "quote" 'other' ;.$ symbol.another line'));
$result = Sanitize::clean($array);
$this->assertEqual($result, $expected);
$array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'));
$expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line'));
$result = Sanitize::clean($array, array('encode' => false, 'escape' => false));
$this->assertEqual($result, $expected);
}
static function generate($view, $entity = 'Invoice')
{
$User = ClassRegistry::init('Lil.User');
$Area = ClassRegistry::init('Lil.Area');
$users = $User->find('list');
$projects = $Area->findForUser(null, 'list');
$task = array('fs_tasks_start' => '<fieldset>', 'fs_tasks_legend' => sprintf('<legend>%s</legend>', sprintf('<label for="task-toggle">%1$s %2$s</label>', $view->LilForm->input('Task.exists', array('checked' => (bool) $view->Form->value('Task.exists') || (bool) $view->Form->value('Task.id'), 'id' => 'task-toggle', 'label' => false, 'div' => false)), __d('lil_tasks', 'Task'))), 'fs_tasks_div_start' => '<div id="task">', 'task_id' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.id', 'options' => array('type' => 'hidden'))), 'task_foreign_id' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.foreign_id', 'options' => array('type' => 'hidden'))), 'task_model' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.model', 'options' => array('type' => 'hidden', 'default' => $entity))), 'task_title' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.title', 'options' => array('label' => __d('lil_tasks', 'Title') . ':', 'required' => false))), 'task_descript' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.descript', 'options' => array('type' => 'textarea', 'label' => __d('lil_tasks', 'Descript') . ':'))), 'task_deadline' => array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.deadline', 'options' => array('type' => 'date', 'label' => __d('lil_tasks', 'Deadline') . ':', 'default' => ''))), 'task_user_id' => $view->Lil->currentUser->role('admin') && sizeof($users) > 1 ? array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.user_id', 'options' => array('type' => 'select', 'options' => $users, 'label' => __d('lil_tasks', 'User') . ':', 'default' => $view->Lil->currentUser->get('id')))) : array('class' => $view->LilForm, 'method' => 'input', 'parameters' => array('field' => 'Task.user_id', 'options' => array('type' => 'hidden', 'default' => $view->Lil->currentUser->get('id')))), 'fs_tasks_div_end' => '</div>', 'fs_tasks_end' => '</fieldset>');
App::uses('Sanitize', 'Utility');
$toggle_confirm = Sanitize::escape(__d('lil_tasks', 'Are you sure you want to clear task data?', true));
$d = <<<EOT
\t\t\t\$('#task-toggle').click(function() {
\t\t\t\tvar doToggle = true;
\t\t\t\tif (!\$(this).attr('checked') && (
\t\t\t\t\t(\$('#TaskTitle').val().trim() !== '') ||
\t\t\t\t\t(\$('#TaskDeadline').val().trim() !== '') ||
\t\t\t\t\t(\$('#TaskDescript').val().trim() !== '')
\t\t\t\t)) doToggle = confirm('{$toggle_confirm}');
\t\t\t\tif (doToggle) {
\t\t\t\t\t\$('#task').toggle(\$(this).attr('checked'));
\t\t\t\t\tif (!\$(this).attr('checked') && !\$('#TaskId').val()) {
\t\t\t\t\t\t\$('#TaskTitle').val('');
\t\t\t\t\t\t\$('#TaskDescript').val('');
\t\t\t\t\t\t\$('#TaskDeadline').val('');
\t\t\t\t\t}
\t\t\t\t} else {
\t\t\t\t\t\$(this).attr('checked', 'checked');
\t\t\t\t}
\t\t\t});
EOT;
$task['javascript'][] = $d;
// default hide task
$task['javascript'][] = '$("#task-toggle").attr("checked") ? $("#task").show() : $("#task").hide();';
return $task;
}
function paginate($term = null, $paginateOptions = array())
{
$this->_controller->paginate = array('SearchIndex' => array_merge_recursive(array('conditions' => array(array('SearchIndex.active' => 1), 'or' => array(array('SearchIndex.published' => null), array('SearchIndex.published <= ' => date('Y-m-d H:i:s'))))), $paginateOptions));
if (isset($this->_controller->request->params['named']['type']) && $this->_controller->request->params['named']['type'] != 'All') {
$this->_controller->request->data['SearchIndex']['type'] = Sanitize::escape($this->_controller->request->params['named']['type']);
$this->_controller->paginate['SearchIndex']['conditions']['model'] = $this->_controller->data['SearchIndex']['type'];
}
// Add term condition, and sorting
if (!$term && isset($this->_controller->request->params['named']['term'])) {
$term = $this->_controller->request->params['named']['term'];
}
if ($term) {
$term = Sanitize::escape($term);
$this->_controller->request->data['SearchIndex']['term'] = $term;
$term = implode(' ', array_map(array($this, 'replace'), preg_split('/[\\s_]/', $term))) . '*';
if ($this->like) {
$this->_controller->paginate['SearchIndex']['conditions'][] = array('or' => array("MATCH(data) AGAINST('{$term}')", 'SearchIndex.data LIKE' => "%{$this->_controller->data['SearchIndex']['term']}%"));
} else {
$this->_controller->paginate['SearchIndex']['conditions'][] = "MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE)";
}
$this->_controller->paginate['SearchIndex']['fields'] = "*, MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE) AS score";
if (empty($this->_controller->paginate['SearchIndex']['order'])) {
$this->_controller->paginate['SearchIndex']['order'] = "score DESC";
}
}
return $this->_controller->paginate('SearchIndex');
}
function index()
{
Configure::write('debug', '0');
$this->layout = '2col_layout';
$san = new Sanitize();
$filter = "";
$limit = 10;
$offset = 0;
$url = $this->webroot . "torrents/";
if (!empty($this->params['url']['name'])) {
$filter = "t.name like '%" . $san->escape($this->params['url']['name']) . "%'";
$url .= "?name=" . $this->params['url']['name'];
}
if (!empty($this->params['url']['c'])) {
$filter .= !empty($filter) ? " AND " : "";
$filter .= "cg.id = " . $san->escape($this->params['url']['c']);
$url .= strpos($url, "?") === false ? "?" : "&";
$url .= 'c=' . $this->params['url']['c'];
}
if (!empty($this->params['url']['t'])) {
$filter .= !empty($filter) ? " AND " : "";
$filter .= "t.free_type = " . $san->escape($this->params['url']['t']);
$url .= strpos($url, "?") === false ? "?" : "&";
$url .= 't=' . $this->params['url']['t'];
}
if (!empty($this->params['url']['offset']) && is_numeric($this->params['url']['offset'])) {
$offset = $this->params['url']['offset'];
}
$filter .= !empty($filter) ? " AND " : "";
$filter .= "t.free_type != 2 AND deleted != 1";
if (!$this->isAuthorized($this->ZTAuth->user('username'), $this->name, "hidden")) {
$filter .= ' AND t.free_type != 5';
}
if (empty($filter)) {
$filter = "1";
}
$sql = "SELECT t.id, t.name, t.image1, t.size, t.times_completed, t.seeders, t.leechers, t.added, c.flagpic, t.free_type, " . "u.username, u.id, g.status_style, SUM(r.rating) as total, COUNT(r.id) as votes, cg.name, cg.id " . "FROM torrents t JOIN users u ON t.owner = u.id " . "LEFT JOIN groups g ON u.group_id = g.id " . "JOIN countries c ON u.country = c.id " . "LEFT JOIN categories cg ON t.category = cg.id " . "LEFT JOIN ratings r ON r.torrent = t.id WHERE {$filter} GROUP BY t.id ORDER BY t.added DESC LIMIT {$limit} OFFSET {$offset}";
$tsql = "SELECT count(t.id) as total from torrents t LEFT JOIN categories cg ON t.category = cg.id WHERE {$filter}";
$total = $this->Torrent->query($tsql);
$torrents = $this->Torrent->query($sql);
$this->set('torrents', $torrents);
$this->set('total', $total[0][0]['total']);
$this->set('offset', $offset);
$this->set('request_url', $url);
$this->set('pageTitle', 'Список раздач');
}
public function index()
{
$this->pageTitle = __('ALUMNI_INDEX_TITLE', true);
$conditions = array();
//
// vyhladavanie
if (isset($_POST['name'])) {
//
// osetrenie
uses('sanitize');
$sanit = new Sanitize();
//
// podmienka pre vystup
$conditions = array('or' => array('User.username ILIKE' => '%' . $sanit->escape($_POST['name']) . '%', 'User.first_name ILIKE' => '%' . $sanit->escape($_POST['name']) . '%', 'User.middle_name ILIKE' => '%' . $sanit->escape($_POST['name']) . '%', 'User.last_name ILIKE' => '%' . $sanit->escape($_POST['name']) . '%'));
//
// ak bol zadany aj odbor, tak ho zakomponuj do podmienky
if (@$_POST['specialization_id'] != '') {
$conditions = array('and' => array('Graduate.specialization_id' => $_POST['specialization_id'], $conditions));
}
$_SESSION['search_cond'] = $conditions;
$_SESSION['search_name'] = $sanit->html($_POST['name']);
$_SESSION['search_specialization_id'] = $_POST['specialization_id'];
} else {
if (isset($_SESSION['search_cond'])) {
//
// ak listujem medzi strankami
$conditions = $_SESSION['search_cond'];
}
}
$this->Graduate->recursion = 2;
$graduates = $this->paginate('Graduate', $conditions);
//print_r($graduates);
$this->set('graduates', $graduates);
// kym nefunguje rekurzivne tahanie typu studia
$study_type_names = array();
$study_type_names['sk'] = $this->StudyType->find("list", array('fields' => array('StudyType.id', 'StudyType.name_sk')));
$study_type_names['en'] = $this->StudyType->find("list", array('fields' => array('StudyType.id', 'StudyType.name_en')));
//
// najdi vsetky typy podla priority
$this->set('study_types', $this->StudyType->findAll(null, null, array('StudyType.priority')));
$this->set('study_type_names', $study_type_names);
$this->set('lang', $this->Session->read('Config.language'));
$this->set('total_graduate_count', $this->Graduate->findCount());
}
/**
* refundTotal method
*
* @param int $transaction_id A transaction ID
* @return boolean|float Returns the total of all refunds for the given
* transaction, false if the transaction is invalid
*/
public function refundTotal($transaction_id)
{
if (!$this->validForeignKey($transaction_id, 'Transaction')) {
return false;
}
$this->virtualFields['total_amount'] = 0;
$query = sprintf("\n\t\t\tSELECT SUM(R.amount) AS Refund__total_amount \n\t\t\tFROM transactions T \n\t\t\tLEFT JOIN refunds R ON T.id = R.transaction_id \n\t\t\tWHERE T.id='%s'", Sanitize::escape($transaction_id));
$refund = $this->query($query, false);
return $refund[0]['Refund']['total_amount'];
}
function isAuthorized($account)
{
$accountId = Sanitize::escape($account);
$this->loadModel('Account');
$this->Account->id = $accountId;
if ($this->Account->field('user_id') == $this->Auth->user('id')) {
return true;
}
return false;
}
function admin_index($class)
{
$conditions = array('Term.class' => $class);
if (isset($this->data['Xpagin']['search']) && !empty($this->data['Xpagin']['search'])) {
$conditions = array('Term.nombre LIKE' => '%' . Sanitize::escape($this->data['Xpagin']['search']) . '%');
}
$this->set("recordset", $this->paginate("Term", $conditions));
if ($class == "Category") {
$this->set("parents", $this->Term->generatetreelist(array('Term.class' => 'Category'), null, null, '-- '));
}
}
function search()
{
$this->Line->recursive = 1;
$conditions = array();
if (isset($this->passedArgs)) {
$input = $_GET["q"];
$q = Sanitize::escape($input);
$conditions = array("Post.title LIKE '%{$q}%' OR Post.content LIKE '%{$q}%'");
}
$this->set('posts', $this->paginate('Post', $conditions));
}
function index()
{
App::import('Sanitize');
if (isset($this->params['url']['q'])) {
$q = '%' . Sanitize::escape($this->params['url']['q']) . '%';
} else {
$q = '%%';
}
$classrooms = $this->paginate('Classroom', array("OR" => array('Classroom.name LIKE' => $q, 'Classroom.type LIKE' => $q)));
$this->set('classrooms', $classrooms);
$this->set('q', isset($this->params['url']['q']) ? $this->params['url']['q'] : '');
}
function index_2($accountId, $yearMonth = null)
{
// Allow for JSON requests using the callback parameter.
if ($this->request->query('callback') || $this->response->type() == 'application/json') {
$this->viewClass = 'Json';
}
$this->set('_jsonp', true);
if (!$accountId || !is_numeric($accountId)) {
$this->redirect(array('controller' => 'accounts', 'action' => 'index'));
}
// Make sure the user is allowed to see the account.
$accountId = Sanitize::escape($accountId);
if (!$this->isAuthorized($accountId)) {
$this->Session->setFlash(__('Invalid account', true));
$this->redirect(array('controller' => 'accounts', 'action' => 'overview'));
}
// If a year and month are specified, check if they are valid.
if ($yearMonth != null && !is_numeric($yearMonth)) {
$yearMonth = null;
} else {
if ($yearMonth != null) {
$yearMonth = Sanitize::escape($yearMonth);
}
}
// If no month is given or the given one is invalid, use current month.
if ($yearMonth == null) {
$yearMonth = date('Ym');
}
// Prepare the start and end date.
$startDate = substr($yearMonth, 0, 4) . '-' . substr($yearMonth, 4, 2);
$endDate = $startDate . '-31';
$startDate .= '-01';
// Get the list of transactions.
$transactions = $this->Transaction->listTransactions($accountId, $startDate, $endDate);
$this->set('_serialize', 'transactions');
$this->set(compact('transactions'));
// Set the data needed for nav menu.
$type = $this->NavMenu->checkType($this->Account->getType($accountId));
$this->set('navMenu', $this->NavMenu->menu($type));
$this->set('selectedTab', 'transactions');
$this->set('accountId', $accountId);
// Set account name.
$this->Account->id = $accountId;
//$this->set('account',$this->Account->field('name'));
$this->set('page_header', __('%s - Transactions', $this->Account->field('name')));
// Set month and year.
$this->set('month', substr($yearMonth, 4, 2));
$this->set('year', substr($yearMonth, 0, 4));
// If this is an AJAX request, render it appropriately.
if ($this->request->isAjax()) {
$this->render('/Elements/ajax', 'ajax');
}
}
public function search($action = 'index')
{
if (!empty($this->data)) {
$data = array_pop($this->data);
if (!empty($data['word']) && !empty($data['field'])) {
$word = trim(str_replace(";", "", Sanitize::escape($data['word'])));
$field = trim(str_replace(";", "", Sanitize::escape($data['field'])));
$query = "w={$word};f={$field}";
$this->redirect(array('controller' => $this->name, 'action' => $action, $query));
}
}
$this->redirect(array('controller' => $this->name, 'action' => 'index'));
}
function options(&$model, $keywords, $search_fields, $options = array(), $search_settings = array())
{
// @todo remove
App::import('sanitize');
//replace zenkaku space with hankaku space, remove trailing spaces
$keywords = str_replace(" ", " ", $keywords);
$keywords = preg_replace('/\\s+$/', '', $keywords);
$conditions = "(";
// $modelName = $model->name;
$keywords = split(' ', $keywords);
$search_fields = split(' ', $search_fields);
$this->inject($this->search_settings, $search_settings);
$this->inject($this->options, $options);
foreach ($keywords as $ck => $keyword) {
foreach ($search_fields as $cf => $field) {
$keyword = Sanitize::escape($keyword);
if ($cf != 0) {
$conditions .= " OR ";
}
switch ($this->search_settings['match_type']) {
case self::MATCH_EXACTLY:
$conditions .= "{$field} = '{$keyword}'";
break;
case self::MATCH_STARTS_WITH:
$conditions .= "{$field} LIKE '%{$keyword}'";
break;
case self::MATCH_ENDS_WITH:
$conditions .= "{$field} LIKE '{$keyword}%'";
break;
case self::MATCH_ANYWHERE:
$conditions .= "{$field} LIKE '%{$keyword}%'";
break;
}
}
if ($ck < count($keywords) - 1) {
switch ($this->search_settings['multiple_keywords']) {
case self::MK_MAY_HAVE:
$conditions .= ") OR (";
break;
case self::MK_MUST_HAVE:
$conditions .= ") AND (";
break;
}
} else {
$conditions .= ')';
}
}
$options['conditions'] = $conditions;
return $options;
}
/**
* Lock a job so that other workers do not try to take it.
*
* @param string $id
*/
public function lock($id, $locked_by)
{
$locked_by = Sanitize::escape($locked_by);
$id = Sanitize::escape($id);
# Try to lock it.
$this->query(sprintf("\n UPDATE jobs \n SET locked_at = '%s', locked_by = '%s'\n WHERE \n id = '%s' AND \n (locked_at IS NULL OR locked_by = '%s') AND\n failed_at IS NULL\n ", date('Y-m-d H:i:s'), $locked_by, $id, $locked_by));
# Did we get it? (This seems necessary because the `query` method's
# return is inconsistent across DBs. Maybe there's a better way?)
$maybe_locked = $this->findById($id);
if ($maybe_locked['locked_by'] == $locked_by) {
return true;
}
return false;
}
function getTournamentGames($event_id)
{
$event_id = Sanitize::escape($event_id);
$query = "SELECT * " . "FROM games " . "WHERE event_id = '{$event_id}'";
$games_info_raw = $this->query($query);
//Parse and reformat
$games_info = array();
foreach ($games_info_raw as $game_info) {
$game_info = $game_info['games'];
$losing_team_id = $game_info['team1_id'] == $game_info['winningteam_id'] ? $game_info['team2_id'] : $game_info['team1_id'];
$games_info[] = array('id' => $game_info['id'], 'game_type' => $game_info['bracketname'], 'game_number' => $game_info['gamenumber'], 'round_number' => $game_info['round'], 'table_number' => $game_info['table'], 'team1_id' => $game_info['team1_id'], 'team2_id' => $game_info['team2_id'], 'picks_side_team_id' => $game_info['team2_id'], 'shoots_first_team_id' => $game_info['team1_id'], 'is_forfeit' => $game_info['isforfeit'], 'winning_team_id' => $game_info['winningteam_id'], 'losing_team_id' => $losing_team_id, 'cup_diff' => $game_info['cupdif']);
}
return $games_info;
}
/**
* Public search @TODO
*
*/
function search()
{
$query = Sanitize::escape($_GET['q']);
$postResults = $this->Post->search($query);
$pageResults = $this->Page->search($query);
if (!is_array($postResults)) {
$postResults = array();
}
if (!is_array($pageResults)) {
$pageResults = array();
}
$results = array_merge($postResults, $pageResults);
$this->set('results', $results);
if ($this->RequestHandler->isAjax()) {
$this->render('/elements/search_results');
}
}
function index($term = null)
{
// Redirect with search data in the URL in pretty format
if (!empty($this->data)) {
$redirect = array();
$redirect['plugin'] = 'searchable';
$redirect['controller'] = 'search_indexes';
$redirect['action'] = 'index';
$redirect['type'] = 'All';
if (isset($this->data['SearchIndex']['type']) && !empty($this->data['SearchIndex']['type'])) {
$redirect['type'] = $this->data['SearchIndex']['type'];
} elseif (isset($this->params['type']) && $this->params['type'] != 'All') {
$redirect['type'] = $this->params['type'];
}
if (isset($this->data['SearchIndex']['term'])) {
$redirect['term'] = $this->data['SearchIndex']['term'];
}
$this->redirect($redirect);
}
$term = !$term && isset($this->params['term']) ? $this->params['term'] : $term;
// Add default scope condition
// Add published condition NULL or < NOW()
$this->paginate = array('SearchIndex' => array('conditions' => array('SearchIndex.active' => 1, 'OR' => array(array('SearchIndex.published' => null), array('SearchIndex.published <= ' => date('Y-m-d H:i:s'))))));
// Add type condition if not All
if (isset($this->params['type']) && $this->params['type'] != 'All') {
$this->data['SearchIndex']['type'] = $this->params['type'];
$this->paginate['SearchIndex']['conditions']['model'] = $this->params['type'];
}
// Add term condition, and sorting
if (isset($term) && $term != 'null') {
$this->data['SearchIndex']['term'] = $term;
App::import('Core', 'Sanitize');
$term = Sanitize::escape($term);
$this->paginate['SearchIndex']['conditions'][] = array('OR' => array("MATCH(SearchIndex.data) AGAINST('{$term}' IN BOOLEAN MODE)", 'SearchIndex.data LIKE' => "%{$term}%"));
$this->paginate['SearchIndex']['fields'] = "*, MATCH(SearchIndex.data) AGAINST('{$term}' IN BOOLEAN MODE) AS score";
$this->paginate['SearchIndex']['order'] = "score DESC";
}
$results = $this->paginate();
if (count($results) == 1) {
$this->redirect(json_decode($results['0']['SearchIndex']['url'], true));
}
// Get types for select drop down
$types = $this->SearchIndex->getTypes();
$this->set(compact('results', 'term', 'types'));
$this->pageTitle = 'Search';
}
function index()
{
// Redirect with search data in the URL in pretty format
if (!empty($this->data)) {
$redirect = array();
if (isset($this->data['SearchIndex']['term']) && !empty($this->data['SearchIndex']['term'])) {
$redirect['term'] = urlencode(urlencode($this->data['SearchIndex']['term']));
} else {
$redirect['term'] = 'null';
}
if (isset($this->data['SearchIndex']['type']) && !empty($this->data['SearchIndex']['type'])) {
$redirect['type'] = $this->data['SearchIndex']['type'];
} else {
$redirect['type'] = 'All';
}
$this->redirect($redirect);
}
// Add default scope condition
$this->paginate['SearchIndex']['conditions'] = array('SearchIndex.active' => 1);
// Add published condition NULL or < NOW()
$this->paginate['SearchIndex']['conditions']['OR'] = array(array('SearchIndex.published' => null), array('SearchIndex.published <= ' => date('Y-m-d H:i:s')));
// Add type condition if not All
if (isset($this->params['type']) && $this->params['type'] != 'All') {
$this->data['SearchIndex']['type'] = $this->params['type'];
$this->paginate['SearchIndex']['conditions']['model'] = $this->params['type'];
}
// Add term condition, and sorting
if (isset($this->params['term']) && $this->params['term'] != 'null') {
$this->data['SearchIndex']['term'] = $this->params['term'];
$term = $this->params['term'];
App::import('Core', 'Sanitize');
$term = Sanitize::escape($term);
$this->paginate['SearchIndex']['conditions'][] = "MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE)";
$this->paginate['SearchIndex']['fields'] = "*, MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE) AS score";
$this->paginate['SearchIndex']['order'] = "score DESC";
}
$results = $this->paginate();
// Get types for select drop down
$types = $this->SearchIndex->getTypes();
$this->set(compact('results', 'types'));
$this->pageTitle = 'Search';
}
/**
* SQLをエスケープする
*
* @access private
* @author kozo
* @param param エレメントに渡すパラメータ(キー:変数名、値:value)
*/
private function _escapeSQL(&$model, $param)
{
// エスケープする
App::import('Sanitize');
$escapeParam = array();
foreach ($param as $key => $value) {
if (is_object($value) || empty($value)) {
// オブジェクトか空の場合は何も処理しない
$escapeParam[$key] = $value;
continue;
}
if (is_array($value)) {
// 配列の場合は再帰
$escapeParam[$key] = $this->_escapeSQL($model, $value);
continue;
}
// 通常はエスケープ
$escapeParam[$key] = Sanitize::escape($value, $model->useDbConfig);
}
return $escapeParam;
}
function testClean()
{
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" 'other' ;.$ symbol.another line';
$result = Sanitize::clean($string, array('connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & ' . Sanitize::escape('"quote"', 'test_suite') . ' ' . Sanitize::escape('\'other\'', 'test_suite') . ' ;.$ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ $ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'));
$expected = array(array('test & "quote" 'other' ;.$ symbol.another line'));
$result = Sanitize::clean($array, array('connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'));
$expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line'));
$result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$array = array(array('test odd ' . chr(0xca) . ' spaces' . chr(0xca)));
$expected = array(array('test odd ' . chr(0xca) . ' spaces' . chr(0xca)));
$result = Sanitize::clean($array, array('odd_spaces' => false, 'escape' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$array = array(array('\\$', array('key' => 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line')));
$expected = array(array('$', array('key' => 'test & "quote" \'other\' ;.$ $ symbol.another line')));
$result = Sanitize::clean($array, array('encode' => false, 'escape' => false));
$this->assertEqual($result, $expected);
}
public function setData($data, $id, $dataset)
{
$conditions = array('ObjectPage.dataset' => $dataset, 'ObjectPage.object_id' => (int) $id);
$object = $this->find('first', array('conditions' => $conditions));
$db = ConnectionManager::getDataSource('default');
if (isset($data['areas']) && is_array($data['areas'])) {
$db->query("DELETE FROM organizacja_obszar WHERE object_id = " . (int) $id);
foreach ($data['areas'] as $area_id) {
$db->query("INSERT INTO organizacja_obszar VALUES (" . (int) $id . ", " . (int) $area_id . ")");
}
}
$fields = array('description', 'phone', 'email', 'www', 'facebook', 'twitter', 'instagram', 'youtube', 'vine');
if ($object) {
$d = array();
foreach ($fields as $i => $field) {
if (isset($data[$field])) {
$d[$field] = "'" . Sanitize::escape($data[$field]) . "'";
}
}
$success = $this->updateAll($d, $conditions);
} else {
$d = array();
foreach ($fields as $i => $field) {
if (isset($data[$field])) {
$d[$field] = $data[$field];
}
}
$success = $this->save(array('ObjectPage' => array_merge(array('dataset' => $dataset, 'object_id' => (int) $id, 'moderated' => '1'), $d)));
$row = $this->query('SELECT id FROM objects WHERE dataset = ? AND object_id = ?', array($dataset, $id));
$this->query('UPDATE `objects-pages` SET id = ? WHERE dataset = ? AND object_id = ?', array($row[0]['objects']['id'], $dataset, $id));
}
$row = $this->query('SELECT id FROM objects WHERE dataset = ? AND object_id = ?', array($dataset, $id));
$id = $row[0]['objects']['id'];
if ($id) {
$this->syncById($id);
}
return (bool) $success;
}
function implodeCond($conditions = array(), $join = 'AND')
{
$output = '';
if (empty($conditions)) {
return $output;
}
$j = "AND";
/*FIRST ALWAYS should be AND*/
foreach ($conditions as $key => $value) {
//$output .= ' '.$join.' '.$key.ife(strpos($key, 'LIKE') !== false, '', ' = ').ife(is_int($value), $value, ' "'.Sanitize::escape($value).'"');
$output .= ' ' . $join . ' ';
if (empty(strpos($key, 'LIKE') !== false)) {
$output .= $key . ' = ';
}
if (!empty(is_int($value))) {
$output .= $value;
} else {
$output .= ' "' . Sanitize::escape($value) . '"';
}
$j = $join;
}
return $output;
}
/**
* testClean method
*
* @return void
*/
public function testClean()
{
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" 'other' ;.$ symbol.another line';
$result = Sanitize::clean($string, array('connection' => 'test'));
$this->assertEquals($expected, $result);
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & ' . Sanitize::escape('"quote"', 'test') . ' ' . Sanitize::escape('\'other\'', 'test') . ' ;.$ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test'));
$this->assertEquals($expected, $result);
$string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ $ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'connection' => 'test'));
$this->assertEquals($expected, $result);
$string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false, 'connection' => 'test'));
$this->assertEquals($expected, $result);
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false, 'connection' => 'test'));
$this->assertEquals($expected, $result);
$array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'));
$expected = array(array('test & "quote" 'other' ;.$ symbol.another line'));
$result = Sanitize::clean($array, array('connection' => 'test'));
$this->assertEquals($expected, $result);
$array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'));
$expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line'));
$result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test'));
$this->assertEquals($expected, $result);
$array = array(array('test odd Ä spacesé'));
$expected = array(array('test odd Ä spacesé'));
$result = Sanitize::clean($array, array('odd_spaces' => false, 'escape' => false, 'connection' => 'test'));
$this->assertEquals($expected, $result);
$array = array(array('\\$', array('key' => 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line')));
$expected = array(array('$', array('key' => 'test & "quote" \'other\' ;.$ $ symbol.another line')));
$result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test'));
$this->assertEquals($expected, $result);
$string = '';
$expected = '';
$result = Sanitize::clean($string, array('connection' => 'test'));
$this->assertEquals($string, $expected);
$data = array('Grant' => array('title' => '2 o clock grant', 'grant_peer_review_id' => 3, 'institution_id' => 5, 'created_by' => 1, 'modified_by' => 1, 'created' => '2010-07-15 14:11:00', 'modified' => '2010-07-19 10:45:41'), 'GrantsMember' => array(0 => array('id' => 68, 'grant_id' => 120, 'member_id' => 16, 'program_id' => 29, 'pi_percent_commitment' => 1)));
$result = Sanitize::clean($data, array('connection' => 'test'));
$this->assertEquals($result, $data);
}
/**
* Update tag
* @uses node_subject CloggyNodeSubject
* @param int $id
* @param string $tagName
*/
public function updateTag($id, $tagName)
{
$this->get('node_subject')->updateAll(array('CloggyNodeSubject.subject' => '"' . Sanitize::escape($tagName) . '"'), array('CloggyNodeSubject.node_id' => $id));
}
/**
* Search title and content fields
*
* @TODO Create a Search behavior
*
* @param string $query
* @return array
*/
function search($query)
{
$query = Sanitize::escape($query);
$fields = null;
$titleResults = $this->findAll("{$this->name}.title LIKE '%{$query}%'", $fields, null, null, 1);
$contentResults = array();
if (empty($titleResults)) {
$titleResults = array();
$contentResults = $this->findAll("MATCH ({$this->name}.content) AGAINST ('{$query}')", $fields, null, null, 1);
} else {
$alredyFoundIds = join(', ', Set::extract($titleResults, '{n}.' . $this->name . '.id'));
$notInQueryPart = '';
if (!empty($alredyFoundIds)) {
$notInQueryPart = " AND {$this->name}.id NOT IN ({$alredyFoundIds})";
}
$contentResults = $this->findAll("MATCH ({$this->name}.content) AGAINST ('{$query}'){$notInQueryPart}", $fields, null, null, 1);
}
if (!is_array($contentResults)) {
$contentResults = array();
}
$results = array_merge($titleResults, $contentResults);
return $results;
}
