function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'userid': $condition = secure_sql_in($condition); $this->_query->add_where('(u.userid IN (' . $condition . '))'); break; case 'first_name': $this->_query->add_where('(u.first_name = \'' . $condition . '\')'); break; case 'last_name': $this->_query->add_where('(u.last_name = \'' . $condition . '\')'); break; case 'name': $condition = str_replace('%', '\\%', $condition); $this->_query->add_where('(u.last_name LIKE \'%' . $condition . '%\') OR (u.first_name LIKE \'%' . $condition . '%\') OR (u.username LIKE \'%' . $condition . '%\')'); break; case 'email_address': $this->_query->add_where('(u.email_address = \'' . $condition . '\')'); break; case 'username': $this->_query->add_where('(u.username = \'' . $condition . '\')'); break; case 'password': $this->_query->add_where('(u.password = \'' . $condition . '\')'); break; case 'session_id': $this->_query->add_where("u.session_id = '{$condition}'"); break; case 'user_hash': $this->_query->add_where("MD5(u.session_id) = '{$condition}'"); break; case 'activated': $this->_query->add_where('(u.activated = \'' . $condition . '\')'); break; case 'group': $condition = secure_sql_in($condition); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = u.userid ', 'gu'); $this->_query->add_where('(gu.group_id IN (' . $condition . '))'); $this->_query->add_group_by('u.userid'); break; case 'concat_first_last': $this->_query->add_where('CONCAT(u.first_name, "-", u.last_name ) = \'' . $condition . '\''); break; case 'created_before': $this->_query->add_where('(u.created < (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))'); break; case 'created_after': $this->_query->add_where('(u.created > (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))'); break; case 'md5': $this->_query->add_where("md5(concat( u.`email_address` , u.`username` , u.`created` ) ) = '{$condition}'"); break; case 'forgot': $this->_query->add_where("md5( concat( u.`username` , u.`email_address`, u.`password` ) ) = '{$condition}'"); break; } }
function _autocomplete_tags() { $sm = vivvo_lite_site::get_instance(); $um = $sm->get_url_manager(); $output = ''; if ($um->isset_param('name')) { $name = escape_sql_like(secure_sql($um->get_param('name'))); $res = $sm->get_db()->query('SELECT name FROM ' . VIVVO_DB_PREFIX . "tags WHERE name LIKE '{$name}%'"); if (!PEAR::isError($res)) { $attributes[] = ENT_QUOTES; $attributes[] = 'UTF-8'; $tags = array_map('html_entity_decode', $res->fetchCol(), $attributes); $res->free(); $output = '<ul><li>' . implode('</li><li>', $tags) . '</li></ul>'; } } echo $output; exit; }
/** * Autocomplete box feed */ public function _autocomplete_links() { $sm = vivvo_lite_site::get_instance(); $template = $sm->get_template(); $um = $sm->get_url_manager(); $pm = $sm->get_plugin_manager(); $content_template = new template(null, $template); $content_template->set_template_file($this->_template_root . 'autocomplete_links.xml'); $hrefs = array(); $db = $sm->get_db(); $name = secure_sql($um->get_param('name')); $sql = "(SELECT id, category_name AS title, sefriendly, '' AS category_id, 'Categories' AS type FROM " . VIVVO_DB_PREFIX . "categories WHERE category_name LIKE '{$name}%')\n\t\t\t\t\t UNION\n\t\t\t\t (SELECT id, title, sefriendly, category_id, 'Articles' AS type FROM " . VIVVO_DB_PREFIX . "articles WHERE title LIKE '{$name}%')"; if ($pm->is_installed('pages')) { $sql .= "UNION (SELECT id, title, sefriendly, '' AS category_id, 'Pages' AS type FROM " . VIVVO_DB_PREFIX . "pages WHERE title LIKE '{$name}%')"; } $sql .= "UNION (SELECT t.id, CONCAT(tg.name,': ',t.name) AS title, t.sefriendly AS sefriendly, tg.url AS category_id, 'Tags' AS type FROM " . VIVVO_DB_PREFIX . "tags AS t INNER JOIN " . VIVVO_DB_PREFIX . "tags_to_tags_groups AS ttg ON ttg.tag_id = t.id INNER JOIN " . VIVVO_DB_PREFIX . "tags_groups AS tg ON ttg.tags_group_id = tg.id WHERE t.name LIKE '{$name}%' GROUP BY t.id, tg.id) " . "UNION (SELECT id, name AS title, url AS sefriendly, '' AS category_id, 'Topics' AS type FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE name LIKE '{$name}%')"; $res = $db->query($sql); if (!PEAR::isError($res)) { $i = 0; while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) { $hrefs[$i] = array(); $hrefs[$i]['title'] = $row['title']; $hrefs[$i]['id'] = $row['id']; $hrefs[$i]['type'] = $row['type']; switch ($row['type']) { case 'Articles': if (!$article) { require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/Articles.class.php'; $article = new Articles(); } $article->id = $row['id']; $article->title = $row['title']; $article->sefriendly = $row['sefriendly']; $article->category_id = $row['category_id']; $hrefs[$i]['href'] = $article->get_href(); break; case 'Categories': if (!$cat) { $cat = $sm->get_categories(); } $hrefs[$i]['href'] = $cat->list[$row['id']]->get_href(); break; case 'Pages': if (!$page) { require_once VIVVO_FS_PLUGIN_ROOT . 'plugins/pages/Pages.class.php'; $page = new Pages(); } $page->id = $row['id']; $page->title = $row['title']; $page->sefriendly = $row['sefriendly']; $hrefs[$i]['href'] = $page->get_href(); break; case 'Tags': if (!$tag) { require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/Tags.class.php'; $tag = new Tags(); } $tag->id = $row['id']; $tag->name = $row['title']; $tag->sefriendly = $row['sefriendly']; $tag->group_url = $row['category_id'] . '/'; $hrefs[$i]['href'] = $tag->get_href(); break; case 'Topics': if (!$topic) { require_once VIVVO_FS_INSTALL_ROOT . 'lib/vivvo/core/TagsGroups.class.php'; $topic = new TagsGroups(); } $topic->id = $row['id']; $topic->name = $row['title']; $topic->url = $row['sefriendly']; $hrefs[$i]['href'] = rtrim($topic->get_href(), '/'); break; } $i++; } } $content_template->assign('link_list', $hrefs); return $content_template; }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'id': case 'name': case 'sefriendly': $this->_query->add_where("t.{$type} = '{$condition}'"); break; case 'name_like': $condition = str_replace(array('%', '_'), array('\\%', '\\_'), $condition); $this->_query->add_where("t.name LIKE '%{$condition}%'"); break; case 'article_id': $condition = secure_sql_in($condition); $this->_query->add_fields('at.tags_group_id AS topic_id'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at'); $this->_query->add_where("at.article_id IN ({$condition})"); break; case 'tags_group_id': case 'topic_id': $condition = secure_sql_in($condition); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg ON ttg.tag_id = t.id ', 'ttg'); $this->_query->add_where("ttg.tags_group_id IN ({$condition})"); break; case 'not_tags_group_id': case 'not_topic_id': $condition = secure_sql_in($condition); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg ON ttg.tag_id = t.id ', 'ttg'); $this->_query->add_where("ttg.tags_group_id NOT IN ({$condition})"); break; case 'user_tag_id': $condition = secure_sql_in($condition); $this->_query->add_fields('at.tags_group_id AS topic_id'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at'); $this->_query->add_where("at.tags_group_id IN ({$condition})"); break; case 'not_user_tag_id': $condition = secure_sql_in($condition); $this->_query->add_fields('at.tags_group_id AS topic_id'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at'); $this->_query->add_where("at.tags_group_id NOT IN ({$condition})"); break; case 'id_in': $condition = secure_sql_in($condition); $this->_query->add_where("t.id IN ({$condition})"); break; case 'name_array': case 'sefriendly_array': foreach ($condition as &$item) { $item = "'{$item}'"; } unset($item); $condition = implode(',', $condition); $type = str_replace('_array', '', $type); $this->_query->add_where("t.{$type} IN ({$condition})"); break; case 'search_starting_with': $condition = str_replace('%', '\\%', $condition); $this->_query->add_fields('at.tags_group_id AS topic_id'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at'); $this->_query->add_where("t.name LIKE '%{$condition}%'"); break; case 'search_label_starting_with': $condition = str_replace('%', '\\%', $condition); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS tg ON tg.tag_id = t.id ', 'tg'); $this->_query->add_where("t.name LIKE '%{$condition}%'"); break; case 'user_group_id': $condition = secure_sql_in(explode(',', $condition)); $this->_query->add_fields('at.tags_group_id AS topic_id'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = at.user_id', 'gu'); $this->_query->add_where("gu.group_id IN ({$condition})"); break; case 'not_user_group_id': $condition = secure_sql_in(explode(',', $condition)); $this->_query->add_fields('at.tags_group_id AS topic_id'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'group_user AS gu ON gu.user_id = at.user_id', 'gu'); $this->_query->add_where("gu.group_id NOT IN ({$condition})"); break; case 'article_status': $condition = secure_sql_in($condition); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tag_id = t.id ', 'at'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles AS a ON at.article_id = a.id ', 'a'); $this->_query->add_where("a.status IN ({$condition})"); break; default: } }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'id': $this->_query->add_where('(id = \'' . $condition . '\')'); break; case '!id': $this->_query->add_where('(id != \'' . $condition . '\')'); break; case 'category_name': $this->_query->add_where('(category_name = \'' . $condition . '\')'); break; case 'parent_cat': $this->_query->add_where('(parent_cat = \'' . $condition . '\')'); break; case 'order_num': $this->_query->add_where('(order_num = \'' . $condition . '\')'); break; case 'article_num': $this->_query->add_where('(article_num = \'' . $condition . '\')'); break; case 'template': $this->_query->add_where('(template = \'' . $condition . '\')'); break; case 'css': $this->_query->add_where('(css = \'' . $condition . '\')'); break; case 'view_subcat': $this->_query->add_where('(view_subcat = \'' . $condition . '\')'); break; case 'image': $this->_query->add_where('(image = \'' . $condition . '\')'); break; case 'sefriendly': $this->_query->add_where('(sefriendly = \'' . $condition . '\')'); break; } }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'id': $this->_query->add_where('(id = \'' . $condition . '\')'); break; case 'user_id': $this->_query->add_where('(user_id = \'' . $condition . '\')'); break; case 'query': $this->_query->add_where('(query = \'' . $condition . '\')'); break; case 'section': $this->_query->add_where('(section = \'' . $condition . '\')'); break; case 'name': $this->_query->add_where('(name = \'' . $condition . '\')'); break; case 'html_tag_id': $this->_query->add_where('(html_tag_id = \'' . $condition . '\')'); break; } }
function display_search() { $md5 = ""; $signature = ""; $score_k = ""; $score_u = ""; $time_start = ""; $time_end = ""; $meta_field = ""; $meta_value = ""; $metadata = ""; $source = ""; $score_op_k = ""; $score_op_u = ""; $score_op_k_msg = ""; $score_op_u_msg = ""; $results = ""; if (isset($_POST["SEARCH"])) { $sql_request_select = "SELECT t.task_id,t.md5"; $sql_request_from = " FROM task t"; $sql_request_where = ""; $analysis_table = False; $signature_table = False; $submition_table = False; $metadata_table = False; if (isset($_POST["md5"]) && !empty($_POST["md5"])) { $md5 = secure_display($_POST["md5"]); $sql_request_where .= "AND t.md5 LIKE '" . secure_sql($_POST['md5']) . "' "; } if (isset($_POST["score_op_u"]) && !empty($_POST["score_op_u"]) && isset($_POST["score_u"]) && !empty($_POST["score_u"])) { $score_op_u = secure_display($_POST["score_op_u"]); if ($score_op_u == "less_or_equal") { $op = "<="; } elseif ($score_op_u == "higher_or_equal") { $op = ">="; } else { $op = "="; } $analysis_table = True; $signature_table = True; $sql_request_where .= "AND s.score " . $op . " '" . secure_sql($_POST["score_u"]) . "' AND a.kernel_analysis = '0' "; } if (isset($_POST["score_op_k"]) && !empty($_POST["score_op_k"]) && isset($_POST["score_k"]) && !empty($_POST["score_k"])) { $score_op_k = secure_display($_POST["score_op_k"]); if ($score_op_k == "less_or_equal") { $op = "<="; } elseif ($score_op_k == "higher_or_equal") { $op = ">="; } else { $op = "="; } $analysis_table = True; $signature_table = True; $sql_request_where .= "AND s.score " . $op . " '" . secure_sql($_POST["score_k"]) . "' AND a.kernel_analysis = '1' "; } if (isset($_POST["score_op_u"]) && !empty($_POST["source_op_u"])) { $score_op_u = secure_display($_POST["score_op_u"]); } if (isset($_POST["signature"]) && !empty($_POST["signature"])) { $analysis_table = True; $signature_table = True; $signature = secure_display($_POST["signature"]); $sql_request_where .= "AND s.title LIKE '" . secure_sql($_POST["signature"]) . "' "; } if (isset($_POST["score_k"]) && !empty($_POST["score_k"])) { $score_k = secure_display($_POST["score_k"]); } if (isset($_POST["score_u"]) && !empty($_POST["score_u"])) { $analysis_table = True; $score_u = secure_display($_POST["score_u"]); $sql_request_where .= "AND s.score = '" . secure_sql($_POST["score_u"]) . "' AND a.kernel_analysis = '0' "; } if (isset($_POST["time_start"]) && !empty($_POST["time_start"])) { $time_start = secure_display($_POST["time_start"]); } if (isset($_POST["time_end"]) && !empty($_POST["time_end"])) { $time_end = secure_display($_POST["time_end"]); } if (isset($_POST["meta_field"]) && !empty($_POST["meta_field"]) && isset($_POST["meta_value"]) && !empty($_POST["meta_value"])) { $metadata_table = True; $meta_field = secure_display($_POST["meta_field"]); $meta_value = secure_display($_POST["meta_value"]); $sql_request_where .= "AND m.name = '" . secure_sql($_POST["meta_field"]) . "' AND m.value LIKE '" . secure_sql($_POST["meta_value"]) . "' "; } if (isset($_POST["source"]) && !empty($_POST["source"])) { $submition_table = True; $source = secure_display($_POST["source"]); $sql_request_where .= "AND z.source_type LIKE '" . secure_sql($_POST["source"]) . "' "; } if (substr($sql_request_where, 0, 4) == "AND ") { $sql_request_where = substr($sql_request_where, 3, -1); } if ($metadata_table == True) { $submition_table = True; $sql_request_where = "z.submition_id = m.submition_id AND " . $sql_request_where; $sql_request_from .= ",metadata m"; } if ($submition_table == True) { $sql_request_where = "z.task_id = z.task_id AND " . $sql_request_where; $sql_request_from .= ",submition z"; } if ($analysis_table == True) { $sql_request_where = "t.task_id = a.task_id AND " . $sql_request_where; $sql_request_from .= ",analysis a"; } if ($signature_table == True) { $sql_request_where = "s.analysis_id = a.analysis_id AND " . $sql_request_where; $sql_request_from .= ",signature s"; } $sql_request_end = " GROUP BY t.task_id ORDER BY t.task_id ASC LIMIT 0,10"; if (trim($sql_request_where) != "") { $sql_request_where = ' WHERE ' . $sql_request_where; } $sql_request_full = $sql_request_select . $sql_request_from . $sql_request_where . $sql_request_end; $data = query_db($sql_request_full); $results .= '<h2>RESULTS</h2> <table class="std"> <tr><th class="std">ID</th><th class="std">MD5</th></tr>'; while ($res = $data->fetchArray()) { $results .= ' <tr><td>' . secure_display($res['task_id']) . '</td><td>' . secure_display($res["md5"]) . '</td></tr>'; } $results .= ' </table>'; } $meta_fields_list = ''; $meta_fields = get_metadata_names(); if ($meta_field != '') { $meta_fields_list = '<option value="' . $meta_field . '">' . $meta_field . '</option>"'; } while ($field = $meta_fields->fetchArray()) { $meta_fields_list .= '<option value="' . $field['name'] . '">' . secure_display($field['name']) . '</option>'; } echo '<h1>SEARCH FOR TASKS</h1> NB: input data is in LIKE SQL statements, use "%" as wildcards.<br /> <form action="' . $_SERVER['PHP_SELF'] . '?search" method="POST">' . gen_csrf() . ' <table> <tr><td colspan="2"><input type="submit" name="SEARCH" value="SEARCH" /></td></tr> <tr><th class="std">MD5</td><td class="std"><input type="TEXT" name="md5" value="' . $md5 . '" /></td></tr> <tr><th class="std">SIGNATURE</td><td class="std"><input type="TEXT" name="signature" value="' . $signature . '" /></td></tr> <tr><th class="std">KERNELMODE SIGN SCORE</td><td class="std"> <select name="score_op_k">' . $score_op_k_msg . ' <option value="higher_or_equal">>=</option> <option value="less_or_equal"><=</option> <option value="equal">=</option> </select> <input type="TEXT" name="score_k" value="' . $score_k . '" /></td></tr> <tr><th class="std">USERMODE SIGN SCORE</td><td class="std">' . $score_op_u_msg . ' <select name="score_op_u"> <option value="higher_or_equal">>=</option> <option value="less_or_equal"><=</option> <option value="equal">=</option> </select> <input type="TEXT" name="score_u" value="' . $score_u . '" /></td></tr> <tr><th class="std">TIME</td><td class="std">From <input type="TEXT" name="time_start" value="' . $time_start . '" /> to <input type="TEXT" name="time_end" value="' . $time_end . '" /> (dd/mm/yyyy)</td></tr> <tr><th class="std">CUSTOM METADATA</td><td class="std"><select name="meta_field">' . $meta_fields_list . '</select> equals <input type="TEXT" name="meta_value" value="' . $meta_value . '" /></td></tr> <tr><th class="std">SOURCE</td><td class="std"><input type="TEXT" name="source" value="' . $source . '" /></td></tr> <tr><th colspan="2"><input type="submit" name="SEARCH" value="SEARCH" /></th></tr> </table> </form>' . $results; }
/** * Makes $value secure for usage in SQL expressions * * @param mixed $value * @return string */ function secure_sql($value) { if (is_array($value)) { foreach ($value as $key => $val) { $value[$k] = secure_sql($val); } } else { $value = str_replace(array('&', '"', ''', '<', '>'), array('&', '"', "'", '<', '>'), $value); if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (function_exists('mysql_real_escape_string')) { $value = mysql_real_escape_string($value); } else { $value = addslashes($value); } } return $value; }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'id': $this->_query->add_where('(id = \'' . $condition . '\')'); break; case 'lastrun': $this->_query->add_where('(lastrun = \'' . $condition . '\')'); break; case 'nextrun': $this->_query->add_where('(nextrun = \'' . $condition . '\')'); break; case 'scheduled': $this->_query->add_where('(nextrun < ' . intval($condition) . ' OR nextrun IS NULL)'); break; case 'time_mask': $this->_query->add_where('(time_mask = \'' . $condition . '\')'); break; case 'file': $this->_query->add_where('(file = \'' . $condition . '\')'); break; case 'method': $this->_query->add_where('(method = \'' . $condition . '\')'); break; case 'arguments': $this->_query->add_where('(arguments = \'' . $condition . '\')'); break; case 'hash': $this->_query->add_where('(hash = \'' . $condition . '\')'); break; } }
/** * Tags feed view (autocomplete items) */ public function _tags_feed() { $results = array('total' => 0, 'items' => array()); $sm = vivvo_lite_site::get_instance(); $um = $sm->get_url_manager(); if ($um->isset_param('q')) { $name = strtr(secure_sql($um->get_param('q')), array('%' => '\\%', '_' => '\\_')); if ($um->isset_param('restrict')) { $topic_id = ' AND topic_id = ' . (int) $um->get_param('restrict'); } else { $topic_id = ''; } if ($um->isset_param('offset')) { $offset = (int) $um->get_param('offset'); } else { $offset = 0; } if ($um->isset_param('limit')) { $limit = (int) $um->get_param('limit'); } else { $limit = 30; } $res = $sm->get_db()->query("SELECT CONCAT_WS(':', ttg.tags_group_id, ttg.tag_id) AS value, t.name AS caption, tg.name AS category\n\t\t\t\t\t FROM " . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg LEFT JOIN ' . VIVVO_DB_PREFIX . 'tags AS t ON ttg.tag_id = t.id LEFT JOIN ' . VIVVO_DB_PREFIX . "tags_groups AS tg ON ttg.tags_group_id = tg.id\n\t\t\t\t\t WHERE t.name LIKE '%{$name}%'{$topic_id}\n\t\t\t\t\t LIMIT {$offset},{$limit}"); if (!PEAR::isError($res)) { $results['items'] = $res->fetchAll(MDB2_FETCHMODE_ASSOC); $res->free(); $results['total'] = count($results['items']); } } header('Content-Type: application/json'); echo json_encode($results); exit; }
function add_filter($type, $cond = '') { $condition = secure_sql($cond); switch ($type) { case 'id': $condition = secure_sql_in($condition); $this->_query->add_where('(t.id IN (' . $condition . '))'); break; case 'notid': $condition = secure_sql_in($condition); $this->_query->add_where('(t.id NOT IN (' . $condition . '))'); break; case 'type': $this->_query->add_where("(t.type='{$condition}')"); break; case 'ext': $this->_query->add_where("(t.extensions LIKE '%{$condition}%')"); break; } }
function generic_add_filter($params, $prefix = '') { if (is_array($params) && !empty($params)) { $keys = array_keys($params); foreach ($keys as $k) { if (preg_match('/^search_field_(.*)_(lt|gt|eq|neq|in|notin|between|notnull|isnull)$/', $k, $arr)) { $condition = secure_sql($params[$k]); switch ($arr[2]) { case 'lt': $this->_query->add_where('(' . $prefix . $arr[1] . ' < \'' . $condition . '\')'); break; case 'gt': $this->_query->add_where('(' . $prefix . $arr[1] . ' > \'' . $condition . '\')'); break; case 'eq': $this->_query->add_where('(' . $prefix . $arr[1] . ' = \'' . $condition . '\')'); break; case 'neq': $this->_query->add_where('(' . $prefix . $arr[1] . ' != \'' . $condition . '\')'); break; case 'in': $condition = secure_sql_in($condition); $this->_query->add_where('(' . $prefix . $arr[1] . ' IN ' . $condition . ')'); break; case 'notin': $condition = secure_sql_in($condition); $this->_query->add_where('(' . $prefix . $arr[1] . ' NOT IN ' . $condition . ')'); break; case 'notnull': $this->_query->add_where('(' . $prefix . $arr[1] . ' IS NOT NULL )'); break; case 'isnull': $this->_query->add_where('(' . $prefix . $arr[1] . ' IS NULL )'); break; case 'between': $between = explode(',', $condition); if (is_array($between) && count($between) == 2) { $this->_query->add_where('(' . $prefix . $arr[1] . ' BETWEEN \'' . $between[0] . '\' AND \'' . $between[1] . '\')'); } break; } } } } }
/** * Edit category * * @param integer $category_id * @param array $data * @return boolean true on success or false on fail */ function edit_category($category_id, $data) { if (!$this->check_token()) { return false; } if (!vivvo_hooks_manager::call('category_edit', array(&$category_id, &$data))) { return vivvo_hooks_manager::get_status(); } $sm = vivvo_lite_site::get_instance(); if ($sm->user) { if ($sm->user->is_admin()) { $category_id = (int) $category_id; if (isset($data['category_name'])) { $data['category_name'] = trim($data['category_name']); } if (empty($data['sefriendly'])) { if (isset($data['category_name']) && !empty($data['category_name'])) { $data['sefriendly'] = make_sefriendly($data['category_name']); } } else { $data['sefriendly'] = make_sefriendly($data['sefriendly']); } if (isset($data['sefriendly'])) { $sefriendly = secure_sql($data['sefriendly']); $sql = 'SELECT id FROM ' . VIVVO_DB_PREFIX . "categories WHERE sefriendly = '{$sefriendly}' AND id <> {$category_id} LIMIT 1 UNION\n\t\t\t\t\t\t\t\tSELECT id FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE url = '{$sefriendly}' LIMIT 1"; if (($res = $sm->get_db()->query($sql)) && $res->numRows() > 0) { $this->set_error_code(2101); return false; } } $category_list = $sm->get_categories(); $category = $category_list->list[$category_id]; $redirect = $in_category['redirect']; array_walk($in_category, 'array_htmlspecialchars'); $in_category['redirect'] = $redirect; if (!empty($data['form']) and $data['form'] == 'link' and empty($data['redirect'])) { $this->set_error_code(12, vivvo_lang::get_instance()->get_value('LNG_DB_categories_redirect')); return false; } if (isset($category)) { if (!$category->populate($data, true)) { $this->set_error_info($category->get_error_info()); return false; } $this->_post_master->set_data_object($category); if ($this->_post_master->sql_update()) { $fm = $sm->get_file_manager(); if ($fm->is_uploaded('CATEGORY_abstact_image')) { $abstract_image = $fm->upload('CATEGORY_abstact_image'); if ($abstract_image != false) { $category->set_image($abstract_image); $this->_post_master->set_data_object($category); $this->_post_master->sql_update(); } } admin_log($sm->user->get_username(), 'Edited category #' . $category_id); return true; } else { $this->set_error_code(2110); return false; } } else { $this->set_error_code(2111); return false; } } else { $this->set_error_code(2112); return false; } } else { $this->set_error_code(2113); return false; } }
/** * Adds filter to the WHERE clause of the query * * @param string $type * @param mixed $condition */ function add_filter($type, $condition = '') { $condition = secure_sql($condition); $flag = false; switch ($type) { case 'not_id': case 'not_article_id': case 'not_version': case 'not_creator_id': case 'not_type': $flag = true; $type = substr($type, 4); case 'id': case 'article_id': case 'version': case 'creator_id': case 'type': $condition = secure_sql_in($condition); $operator = ($flag ? 'NOT ' : '') . 'IN'; $this->_query->add_where("ar.{$type} {$operator} ({$condition})"); break; case 'title_matches': $this->_query->add_where("ar.title LIKE '%{$condition}%'"); break; case 'title': $this->_query->add_where("ar.title = '{$condition}'"); break; case 'not_created_time': $flag = true; case 'created_time': $condition = (int) $condition; $operator = $flag ? '!=' : '='; $this->_query->add_where("ar.created_time {$operator} {$condition}"); break; case 'created_time_lte': case 'created_time_gte': $flag = true; case 'created_time_lt': case 'created_time_gt': $condition = (int) $condition; $operator = ($type[13] == 'g' ? '>' : '<') . ($flag ? '=' : ''); $this->_query->add_where("ar.created_time {$operator} {$condition}"); break; default: // ignore } }
function get_assets_quick_search($keyword) { $keyword = secure_sql($keyword); $dir = VIVVO_ASSETS_DIRTYPE_ID; $sql = "(SELECT * FROM " . VIVVO_DB_PREFIX . "asset_files WHERE name LIKE '{$keyword}%' AND filetype_id != {$dir})\n\t\t\t\t\tUNION ALL\n\t\t\t\t\t(SELECT f.* FROM " . VIVVO_DB_PREFIX . "asset_files as f, " . VIVVO_DB_PREFIX . "asset_keywords as k\n\t\t\t\t\t\tWHERE f.id=k.asset_id AND k.keyword LIKE '{$keyword}%')\n\t\t\t\t\tUNION ALL\n\t\t\t\t\t(SELECT * FROM " . VIVVO_DB_PREFIX . "asset_files\n\t\t\t\t\t\tWHERE MATCH (info) AGAINST ('\"{$keyword}\"' IN BOOLEAN MODE) AND filetype_id != {$dir})\n\t\t\t\t\tORDER BY path ASC\n\t\t\t\t\t"; $sm = vivvo_lite_site::get_instance(); $res = $sm->get_db()->query($sql); $this->list = array(); if (!is_a($res, 'mdb2_error')) { $class = $this->post_object_type; while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) { if ($sm->_object_cache_manager->is_cached($class, $row[$this->id_key])) { $this->list[$row[$this->id_key]] = $sm->_object_cache_manager->retrive($class, $row[$this->id_key]); $this->list[$row[$this->id_key]]->populate($row); } else { $object = new $class(null, $row); $sm->_object_cache_manager->add($class, $row[$this->id_key], $object); $this->list[$row[$this->id_key]] = $object; } } $res->free(); } else { $sm->debug_push("sql:", $query, 1); $sm->debug_push("sql:", $res->getMessage(), 1); } return empty($this->list) ? false : $this->list; }
/** * Enter description here... * * @param unknown_type $value * @return unknown */ function secure_sql($value) { return secure_sql($value); }
function &get_by_not_in_tag_article_user($not_in_tags, $article_id, $user_id) { $not_in_tags = secure_sql($not_in_tags); $article_id = (int) $article_id; $user_id = (int) $user_id; $this->_default_query(); $this->add_filter('not_in_tags', $not_in_tags); $this->add_filter('article_id', $article_id); $this->add_filter('user_id', $user_id); $this->set_list(); if (!empty($this->list)) { return $this->list; } else { return false; } }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'id': $this->_query->add_where('(id = \'' . $condition . '\')'); break; case 'article_id': $this->_query->add_where('(article_id = \'' . $condition . '\')'); break; case 'real_path': $this->_query->add_where('(real_path = \'' . $condition . '\')'); break; case 'title': $this->_query->add_where('(title = \'' . $condition . '\')'); break; case 'order_number': $this->_query->add_where('(order_number = \'' . $condition . '\')'); break; } }
function &get_preference_by_all_variable($variable_name, $variable_property, $variable_value, $module, $domain_id = '', $all = 0) { $this->_default_query(); if ($variable_name != '') { $variable_name = secure_sql($variable_name); $this->_query->add_where("(variable_name = '" . $variable_name . "')"); } if ($variable_property != '') { $this->_query->add_where("(variable_property = '" . $variable_property . "')"); } if ($variable_value != '') { $this->_query->add_where("(variable_value = '" . $variable_value . "')"); } if ($module != '') { $this->_query->add_where("(module = '" . $module . "')"); } else { $this->_query->add_where("(module = '' OR ISNULL(module))"); } if ($domain_id != '') { $this->_query->add_where("(domain_id = '" . $domain_id . "')"); } $this->set_list(); if (!empty($this->list)) { if ($all) { return $this->list; } else { return current($this->list); } } else { return false; } }
function rm_dir($dir) { if (!$this->check_token()) { return false; } if (!vivvo_hooks_manager::call('asset_delete_dir', array(&$dir))) { return vivvo_hooks_manager::get_status(); } $sm = vivvo_lite_site::get_instance(); if ($sm->user) { if ($sm->user->is('ASSET_MANAGER') or $sm->user->can('MANAGE_FILES')) { $fulldir = VIVVO_FS_ROOT . $dir; if (substr($fulldir, -1) != '/') { $fulldir .= '/'; } if (file_exists($fulldir) and is_dir($fulldir) and $files = @scandir($fulldir)) { //quick check if not empty if (count($files) > 3) { $this->set_error_code(2832); return false; } foreach ($files as $f) { //check if any files inthere if ($f != '.' and $f != '..' and $f != '.htstampdir') { $this->set_error_code(2832); return false; } } //remove flagfile, if any @unlink($fulldir . '.htstampdir'); // try to delete if (@rmdir($fulldir)) { admin_log($sm->user->get_username(), 'Removed directory ' . $fulldir); $parts = explode('/', $dir); $name = secure_sql(end($parts)); array_pop($parts); $path = md5(implode('/', $parts) . '/'); $sm->get_db()->exec('DELETE FROM ' . VIVVO_DB_PREFIX . "asset_files WHERE path_md5 = '{$path}' AND name = '{$name}'"); return true; } else { $this->set_error_code(2831); return false; } } else { $this->set_error_code(2836); return false; } } else { $this->set_error_code(2826); return false; } } else { $this->set_error_code(2827); return false; } }
/** * Edit tag group * * @param int $id * @param string $name * @param string $url * @param string $template * @param array $metadata */ public function edit_tag_group($id, $name, $url, $template, $tag_template, $metadata, $new_tags = '') { if (!vivvo_hooks_manager::call('tag_editGroup', array(&$id, &$name, &$url, &$template, &$tag_template, &$metadata))) { return vivvo_hooks_manager::get_status(); } $sm = vivvo_lite_site::get_instance(); $user = $sm->user; if ($user && $user->can('MANAGE_TAGS')) { if (empty($url)) { $url = make_sefriendly($name); } else { $url = make_sefriendly($url); } $tag_group_list = new TagsGroups_list(); $existing_group = $tag_group_list->get_group_by_name($name); $tag_group = $tag_group_list->get_group_by_id($id = (int) $id); if (is_object($existing_group) && $tag_group->id != $existing_group->id) { $this->set_error_code(2422); return false; } if ($tag_group) { $sefriendly = secure_sql($url); $sql = 'SELECT id FROM ' . VIVVO_DB_PREFIX . "categories WHERE sefriendly = '{$sefriendly}' LIMIT 1 UNION\n\t\t\t\t\t\t\tSELECT id FROM " . VIVVO_DB_PREFIX . "tags_groups WHERE url = '{$sefriendly}' AND id <> {$id} LIMIT 1"; if (($res = $sm->get_db()->query($sql)) && $res->numRows() > 0) { $this->set_error_code(2418); return false; } $old_url = $tag_group->get_url(); $tag_group->set_name(htmlspecialchars($name, ENT_QUOTES, 'UTF-8')); $tag_group->set_url($url); $tag_group->set_template($template); $tag_group->set_tag_template($tag_template); $tag_group->set_metadata(array_merge($tag_group->get_meta(), $metadata)); $this->_post_master->set_data_object($tag_group); if (!$this->_post_master->sql_update()) { $this->set_error_code(2413); return false; } if ($old_url != $url) { $um = $sm->get_url_manager(); $um->unregister_url(urlencode($old_url)); $um->register_url(urlencode($url), 'lib/vivvo/url_handlers/topic.php', 'topic_url_handler', 'topic_content_handler'); } if ($new_tags) { $this->add_tag_names_to_topic($new_tags, $id); } admin_log($user->get_username(), 'Edited topic #' . $tag_group->id); return true; } } $this->set_error_code(2410); return false; }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'id': $condition = secure_sql_in($condition); $this->_query->add_where('(id IN (' . $condition . '))'); break; case 'notid': $condition = secure_sql_in($condition); $this->_query->add_where('(id NOT IN (' . $condition . '))'); break; case 'title': $this->_query->add_where('(title = \'' . $condition . '\')'); break; case 'body': $this->_query->add_where('(body = \'' . $condition . '\')'); break; case 'hide': $this->_query->add_where('(hide = \'' . $condition . '\')'); break; case 'sefriendly': $this->_query->add_where('(sefriendly = \'' . $condition . '\')'); break; case 'template': $this->_query->add_where('(template = \'' . $condition . '\')'); break; case 'order_number': $this->_query->add_where('(order_number = \'' . $condition . '\')'); break; } }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'name': case 'url': case 'template': case 'tag_template': $this->_query->add_where("(tg.{$type} = '{$condition}')"); break; case 'not_id': $condition = secure_sql_in($condition); $this->_query->add_where("(tg.id NOT IN ({$condition}))"); break; case 'starting_with': $condition = str_replace('%', '\\%', $condition); $this->_query->add_where("(tg.name LIKE '{$condition}%')"); break; case 'tag_id': $condition = secure_sql_in($condition); $this->_query->set_from(VIVVO_DB_PREFIX . $this->_sql_table . ' AS tg, ' . VIVVO_DB_PREFIX . 'tags_to_tags_groups AS ttg'); $this->_query->add_where("ttg.tag_id IN ({$condition}) AND ttg.tags_group_id = tg.id"); break; case 'category_id': $condition = secure_sql_in($condition); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tags_group_id = tg.id ', 'at'); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles AS a ON a.id = at.article_id ', 'a'); $this->_query->add_where("a.category_id IN ({$condition})"); break; case 'article_id': $condition = secure_sql_in($condition); $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_tags AS at ON at.tags_group_id = tg.id ', 'at'); $this->_query->add_where("at.article_id IN ({$condition})"); break; case 'id': default: $condition = secure_sql_in($condition); $this->_query->add_where("tg.id IN ({$condition})"); break; } }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'id': $this->_query->add_where('(id = \'' . $condition . '\')'); break; case 'subject': $this->_query->add_where('(subject = \'' . $condition . '\')'); break; case 'body': $this->_query->add_where('(body = \'' . $condition . '\')'); break; case 'groups': $this->_query->add_where('(groups = \'' . $condition . '\')'); break; case 'vte_template': $this->_query->add_where('(vte_template = \'' . $condition . '\')'); break; case 'test': $this->_query->add_where('(test = \'' . $condition . '\')'); break; case 'test_email': $this->_query->add_where('(test_email = \'' . $condition . '\')'); break; } }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'cm.id': $condition = secure_sql_in($condition); $this->_query->add_where('(cm.id IN (' . $condition . '))'); break; case 'cm.article_id': $this->_query->add_where('(cm.article_id = \'' . $condition . '\')'); break; case 'cm.user_id': $condition = secure_sql_in($condition); $this->_query->add_where('cm.user_id IN (' . $condition . ')'); break; case 'cm.description': $condition = str_replace('%', '\\%', $condition); $this->_query->add_where('(cm.description LIKE \'%' . $condition . '%\')'); break; case 'cm.create_dt': $this->_query->add_where('(cm.create_dt = \'' . $condition . '\')'); break; case 'cm.author': $condition = str_replace('%', '\\%', $condition); $this->_query->add_where('(cm.author LIKE \'%' . $condition . '%\')'); break; case 'cm.author_name': $this->_query->add_where("cm.author = '{$condition}'"); break; case 'cm.email': $condition = str_replace('%', '\\%', $condition); $condition = str_replace('*', '%', $condition); $condition = str_replace('?', '_', $condition); $this->_query->add_where('(cm.email LIKE \'' . $condition . '\')'); break; case 'cm.email_exact': $this->_query->add_where('(cm.email = \'' . $condition . '\')'); break; case 'cm.ip': $condition = str_replace('%', '\\%', $condition); $condition = str_replace('*', '%', $condition); $condition = str_replace('?', '_', $condition); $this->_query->add_where('(cm.ip LIKE \'' . $condition . '\')'); break; case 'cm.status': $this->_query->add_where('(cm.status = \'' . $condition . '\')'); break; case 'cm.created_before': $this->_query->add_where('(cm.create_dt < (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))'); break; case 'cm.created_after': $this->_query->add_where('(cm.create_dt > (DATE_SUB(NOW(), INTERVAL ' . $condition . ' DAY)))'); break; case 'cm.vote': $this->_query->add_where('(cm.vote = \'' . $condition . '\')'); break; case 'cm.reply_to': if ($condition == 0) { $this->_query->add_where('cm.reply_to IS NULL'); } else { $condition = secure_sql_in($condition); $this->_query->add_where("cm.reply_to IN ({$condition})"); } break; case 'cm.not_reply_to': $condition = secure_sql_in($condition); $this->_query->add_where("cm.reply_to NOT IN ({$condition})"); break; case 'cm.root_comment': $condition = secure_sql_in($condition); $this->_query->add_where("cm.root_comment IN ({$condition})"); break; } }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'userid': break; case 'first_name': break; case 'last_name': break; case 'name': break; case 'email_address': break; case 'username': break; case 'activated': break; case 'group': break; case 'concat_first_last': break; case 'created_before': break; case 'created_after': break; case 'md5': break; case 'forgot': break; } }
/** * Advaced search list generator * * @param array $params Search parameters * @param string $order Order parameters * @param integer $limit Limit * @param integer $offset Offset * @return array Array of articles */ function search($params, $order = '', $direction = 'ascending', $limit = 0, $offset = 0, $set_list = true) { //search_created_filter if (!empty($params['search_created_filter']) and intval($params['search_created_filter']) !== 0) { $this->add_filter('a.created_filter', 1); } //search_query if (isset($params['search_id'])) { if (is_array($params['search_id'])) { if (!in_array(0, $params['search_id'])) { $params['search_id'] = implode(',', $params['search_id']); $this->add_filter('a.id', $params['search_id']); } } else { if ($params['search_id'] != 0) { $this->add_filter('a.id', $params['search_id']); } } } if (isset($params['search_exclude_id'])) { if (is_array($params['search_exclude_id'])) { if (!empty($params['search_exclude_id'])) { $params['search_exclude_id'] = implode(',', $params['search_exclude_id']); $this->add_filter('!a.id', $params['search_exclude_id']); } } else { if ($params['search_exclude_id'] != 0) { $this->add_filter('!a.id', $params['search_exclude_id']); } } } if (isset($params['search_user_id'])) { if (is_array($params['search_user_id'])) { if (!in_array(0, $params['search_user_id'])) { $params['search_user_id'] = implode(',', $params['search_user_id']); $this->add_filter('a.user_id', $params['search_user_id']); } } else { if ($params['search_user_id'] != 0) { $this->add_filter('a.user_id', $params['search_user_id']); } } } if (isset($params['search_cid'])) { if (is_array($params['search_cid'])) { if (!in_array(0, $params['search_cid'])) { $params['search_cid'] = implode(',', $params['search_cid']); $this->add_filter('a.category_id', $params['search_cid']); } } else { if ($params['search_cid'] != 0) { $this->add_filter('a.category_id', $params['search_cid']); } } } if (isset($params['search_exclude_cid'])) { $this->add_filter('!a.category_id', $params['search_exclude_cid']); } if (isset($params['search_author'])) { if (isset($params['search_author_exact_name']) && $params['search_author_exact_name']) { $this->add_filter('a.author_exact_name', $params['search_author']); } else { $this->add_filter('a.author', $params['search_author']); } } if (isset($params['search_query'])) { if ($params['search_title_only']) { $this->add_filter('a.title', $params['search_query']); } else { $this->add_filter('a.body', $params['search_query']); $this->_query->add_fields("(MATCH (body,title,abstract) AGAINST ('" . secure_sql($params['search_query']) . "' IN BOOLEAN MODE)) as relevance"); } } //search_search_date if (isset($params['search_search_date']) && intval($params['search_search_date']) !== 0) { $this->add_filter($params['search_before_after'] === '1' ? 'a.created_after' : 'a.created_before', $params['search_search_date']); } if (isset($params['search_by_date']) && intval($params['search_by_date']) !== 0) { $date = strtotime($params['search_date']); $this->add_filter('a.created_year', date('Y', $date)); $this->add_filter('a.created_month', date('m', $date)); $this->add_filter('a.created_day', date('d', $date)); } if (isset($params['search_by_year']) && intval($params['search_by_year']) !== 0) { $this->add_filter('a.created_year', $params['search_by_year']); } if (isset($params['search_by_month']) && intval($params['search_by_month']) !== 0) { $this->add_filter('a.created_month', $params['search_by_month']); } if (isset($params['search_by_day']) && intval($params['search_by_day']) !== 0) { $this->add_filter('a.created_day', $params['search_by_day']); } if (isset($params['search_image'])) { $this->add_filter('a.image', $params['search_image']); } if (isset($params['search_body'])) { $this->add_filter('a.body', $params['search_body']); } if (isset($params['search_last_read'])) { $this->add_filter('a.last_read', $params['search_last_read']); } if (isset($params['search_times_read'])) { $this->add_filter('a.times_read', $params['search_times_read']); } if (isset($params['search_today_read'])) { $this->add_filter('a.today_read', $params['search_today_read']); } if (isset($params['search_status']) && $params['search_status'] !== '') { $this->add_filter('a.status', $params['search_status']); } elseif (!isset($params['search_id']) and !isset($params['search_status_limit'])) { $this->add_filter('a.not_status', -2); // exclude soft-deleted } if (isset($params['search_status_limit']) && $params['search_status_limit'] == 1) { $this->add_filter('a.status_limit', $params['search_status_limit']); } if (isset($params['search_sefriendly'])) { $this->add_filter('a.sefriendly', $params['search_sefriendly']); } if (isset($params['search_type'])) { $this->add_filter('a.type', $params['search_type']); } if (isset($params['search_order_num'])) { $this->add_filter('a.order_num', $params['search_order_num']); } if (isset($params['search_show_poll'])) { $this->add_filter('a.show_poll', $params['search_show_poll']); } if (isset($params['search_show_comment'])) { $this->add_filter('a.show_comment', $params['search_show_comment']); } if (isset($params['search_rss_feed'])) { $this->add_filter('a.rss_feed', $params['search_rss_feed']); } if (isset($params['search_keywords'])) { $this->add_filter('a.keywords', $params['search_keywords']); } if (isset($params['search_description'])) { $this->add_filter('a.description', $params['search_description']); } if (isset($params['search_emailed'])) { $this->add_filter('a.emailed', $params['search_emailed']); } if (isset($params['search_vote_num'])) { $this->add_filter('a.vote_num', $params['search_vote_num']); } if (isset($params['search_vote_sum'])) { $this->add_filter('a.vote_sum', $params['search_vote_sum']); } if (isset($params['search_abstract'])) { $this->add_filter('a.abstract', $params['search_abstract']); } if (isset($params['search_tag'])) { $this->add_filter('tag', $params['search_tag']); } if (isset($params['search_tag_name']) and defined('VIVVO_ADMIN_MODE')) { $this->add_filter('tag_matches', $params['search_tag_name']); } if (isset($params['search_tag_id'])) { $this->add_filter('tag_id', $params['search_tag_id']); } if (isset($params['search_all_tag_ids'])) { $this->add_filter('all_tag_ids', $params['search_all_tag_ids']); } if (isset($params['search_tags_group_id'])) { $this->add_filter('tags_group_id', $params['search_tags_group_id']); } if (isset($params['search_topic_id'])) { $this->add_filter('tags_group_id', $params['search_topic_id']); } if (isset($params['search_related'])) { $this->add_filter('related', $params['search_related']); } if (isset($params['search_topic'])) { $this->add_filter('tags_group_name', $params['search_topic']); } if (isset($params['search_user_group_id'])) { $this->add_filter('user_group_id', $params['search_user_group_id']); } if (isset($params['search_not_user_group_id'])) { $this->add_filter('not_user_group_id', $params['search_not_user_group_id']); } if (defined('VIVVO_FORCE_CATEGORY_RESTRICTION') && VIVVO_FORCE_CATEGORY_RESTRICTION != '') { $this->add_filter('a.category_id', VIVVO_FORCE_CATEGORY_RESTRICTION); } if (isset($params['search_schedule_id'])) { $this->add_filter('sc.id', $params['search_schedule_id']); } if (isset($params['search_schedule_duration'])) { $this->add_filter('sc.duration', $params['search_schedule_duration']); } if (isset($params['search_schedule_year'])) { $this->add_filter('sc.year', $params['search_schedule_year']); } if (isset($params['search_schedule_id_in'])) { $this->add_filter('sc.id_in', $params['search_schedule_id_in']); } if (isset($params['search_schedule_duration_in'])) { $this->add_filter('sc.duration_in', $params['search_schedule_duration_in']); } if (isset($params['search_schedule_year_in'])) { $this->add_filter('sc.year_in', $params['search_schedule_year_in']); } if (isset($params['search_schedule_id_not_in'])) { $this->add_filter('sc.id_not_in', $params['search_schedule_id_not_in']); } if (isset($params['search_schedule_duration_not_in'])) { $this->add_filter('sc.duration_not_in', $params['search_schedule_duration_not_in']); } if (isset($params['search_schedule_year_not_in'])) { $this->add_filter('sc.year_not_in', $params['search_schedule_year_not_in']); } if (isset($params['search_schedule_duration_lt'])) { $this->add_filter('sc.duration_lt', $params['search_schedule_duration_lt']); } if (isset($params['search_schedule_year_lt'])) { $this->add_filter('sc.year_lt', $params['search_schedule_year_lt']); } if (isset($params['search_schedule_duration_lte'])) { $this->add_filter('sc.duration_lte', $params['search_schedule_duration_lte']); } if (isset($params['search_schedule_year_lte'])) { $this->add_filter('sc.year_lte', $params['search_schedule_year_lte']); } if (isset($params['search_schedule_duration_gt'])) { $this->add_filter('sc.duration_gt', $params['search_schedule_duration_gt']); } if (isset($params['search_schedule_year_gt'])) { $this->add_filter('sc.year_gt', $params['search_schedule_year_gt']); } if (isset($params['search_schedule_duration_gte'])) { $this->add_filter('sc.duration_gte', $params['search_schedule_duration_gte']); } if (isset($params['search_schedule_year_gte'])) { $this->add_filter('sc.year_gte', $params['search_schedule_year_gte']); } if (isset($params['search_schedule_minute'])) { $this->add_filter('sc.minute', $params['search_schedule_minute']); } if (isset($params['search_schedule_hour'])) { $this->add_filter('sc.hour', $params['search_schedule_hour']); } if (isset($params['search_schedule_dom'])) { $this->add_filter('sc.dom', $params['search_schedule_dom']); } if (isset($params['search_schedule_month'])) { $this->add_filter('sc.month', $params['search_schedule_month']); } if (isset($params['search_schedule_dow'])) { $this->add_filter('sc.dow', $params['search_schedule_dow']); } if (isset($params['search_schedule_date'])) { $this->add_filter('sc.date', $params['search_schedule_date']); } if (defined('VIVVO_CUSTOM_FIELD_SEARCH') && VIVVO_CUSTOM_FIELD_SEARCH == 1) { if (isset($params['generic_search']) && $params['generic_search'] !== false) { $this->generic_add_filter($params['generic_search'], 'a.'); } } // search order // $search_direction = $direction === 'descending' ? ' DESC' : ' ASC'; switch ($order) { case 'most_popular': if (VIVVO_MODULES_MOST_POPULAR_COUNTER == 0) { $this->_query->add_order('a.today_read' . $search_direction); } else { $this->_query->add_order('a.times_read' . $search_direction); } break; case 'most_commented': $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'comments as c ON c.article_id = a.id ', 'c'); $this->_query->add_fields(' COUNT(DISTINCT c.id) AS number_of_comments'); defined('VIVVO_ADMIN_MODE') or $this->_query->add_where("c.status = '1'"); $this->_query->add_order('number_of_comments' . $search_direction); $this->_query->add_group_by('a.id'); break; case 'most_emailed': $this->_query->add_order('a.emailed' . $search_direction); break; case 'id': $this->_query->add_order('a.id' . $search_direction); break; case 'category_id': $this->_query->add_order('a.category_id' . $search_direction); break; case 'user_id': $this->_query->add_order('a.user_id' . $search_direction); break; case 'author': if (VIVVO_USE_COLLATE) { $this->_query->add_order('a.author COLLATE ' . VIVVO_DB_COLLATION . ' ' . $search_direction); } else { $this->_query->add_order('a.author ' . $search_direction); } break; case 'title': if (VIVVO_USE_COLLATE) { $this->_query->add_order('a.title COLLATE ' . VIVVO_DB_COLLATION . ' ' . $search_direction); } else { $this->_query->add_order('a.title ' . $search_direction); } break; case 'image': $this->_query->add_order('a.image' . $search_direction); break; case 'created': $this->_query->add_order('a.created' . $search_direction); break; case 'last_edited': $this->_query->add_order('a.last_edited' . $search_direction); break; case 'body': $this->_query->add_order('a.body' . $search_direction); break; case 'last_read': $this->_query->add_order('a.last_read' . $search_direction); break; case 'times_read': $this->_query->add_order('a.times_read' . $search_direction); break; case 'today_read': $this->_query->add_order('a.today_read' . $search_direction); break; case 'status': $this->_query->add_order('a.status' . $search_direction); break; case 'sefriendly': $this->_query->add_order('a.sefriendly' . $search_direction); break; case 'link': $this->_query->add_order('a.link' . $search_direction); break; case 'order_num': $this->_query->add_order('a.order_num' . $search_direction); break; case 'document': $this->_query->add_order('a.document' . $search_direction); break; case 'show_poll': $this->_query->add_order('a.show_poll' . $search_direction); break; case 'show_comment': $this->_query->add_order('a.show_comment' . $search_direction); break; case 'rss_feed': $this->_query->add_order('a.rss_feed' . $search_direction); break; case 'keywords': $this->_query->add_order('a.keywords' . $search_direction); break; case 'description': $this->_query->add_order('a.description' . $search_direction); break; case 'emailed': $this->_query->add_order('a.emailed' . $search_direction); break; case 'vote_num': $this->_query->add_order('a.vote_num' . $search_direction); break; case 'vote_sum': $this->_query->add_order('a.vote_sum' . $search_direction); break; case 'vote_avg': $this->_query->add_order('(a.vote_sum / a.vote_num) DESC'); break; case 'random': $this->_query->add_order('rand( )' . $search_direction); break; case 'abstract': $this->_query->add_order('a.abstract' . $search_direction); break; case 'relevance': if (isset($params['search_query']) && $params['search_title_only'] == 1) { $this->_query->add_order('relevance' . $search_direction); } else { $this->_query->add_order('a.order_num' . $search_direction); } break; case 'schedule_duration': $this->_query->add_join(' LEFT JOIN ' . VIVVO_DB_PREFIX . 'articles_schedule AS sc ON sc.article_id = a.id ', 'sc'); $this->_query->add_order("sc.duration {$search_direction}"); break; break; default: if ($order != '' && defined('VIVVO_CUSTOM_FIELD_SORT') && VIVVO_CUSTOM_FIELD_SORT == 1) { if (!$this->generic_sort('a.', $order, $search_direction)) { $order = 'a.id'; $this->_query->add_order('a.id' . ' DESC'); } } else { $order = 'a.id'; $this->_query->add_order('a.id' . ' DESC'); } break; } $limit = (int) $limit; $this->_query->set_limit($limit); $offset = (int) $offset; $this->_query->set_offset($offset); $this->_default_query(true); if ($set_list) { $this->set_list(); return $this->list; } }
function get_task_analyses($task_id) { global $db_handler; $task_id_s = secure_sql($task_id); if (!is_numeric($task_id)) { error("[get_task_analyses] Task ID not int: " . $task_id_s, "SECURITY"); return NULL; } $results = query_db("SELECT a.analysis_id,kernel_analysis,SUM(s.score) AS 'total_score',state FROM analysis a,(SELECT signature_id,analysis_id,score FROM signature UNION SELECT 0,analysis_id,0 FROM analysis) s WHERE task_id = '" . $task_id_s . "' AND s.analysis_id = a.analysis_id GROUP BY a.analysis_id ORDER BY a.analysis_id ASC"); return $results; }
/** * Secure filter for SELECT query * * @param string $type * @param string $condition */ function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'id': $this->_query->add_where("id = {$condition}"); break; case 'poll_id': $this->_query->add_where("poll_id = {$condition}"); break; } }
function add_filter($type, $condition = '') { $condition = secure_sql($condition); switch ($type) { case 'id': case 'tag_id': case 'tags_group_id': $condition = secure_sql_in($condition); $this->_query->add_where("({$type} IN ({$condition}))"); break; case 'not_id': $this->_query->add_where("(id<>'{$condition}')"); break; default: $condition = secure_sql_in($condition); $this->_query->add_where("(id IN ({$condition}))"); break; } }