/** * Add an ordering to the browser widget. * * The ordering can be overridden by GET parameters which will be * rendered into the column headers so that a user can click on * the column headers to control the actual order. * * @param string $field The name of the field to be ordered by. * @param string $direction A for Ascending, otherwise it will be descending order. * @param string $browser_array_key Use this to distinguish between multiple * browser widgets on the same page. Leave it empty if you only * have a single browser instance. * @param string $secondary Use this to indicate a default secondary order * which shouldn't interfere with the default primary order. */ function AddOrder($field, $direction, $browser_array_key = 0, $secondary = 0) { $field = check_by_regex($field, '/^[^\'"!\\\\()\\[\\]|*\\/{}&%@~;:?<>]+$/'); if (!isset($this->FieldNames[$field])) { return; } if (!isset($this->Order) || $this->Order == "") { $this->Order = "ORDER BY "; } else { $this->Order .= ", "; } if ($secondary == 0) { $this->OrderField = $field; $this->OrderBrowserKey = $browser_array_key; } $this->Order .= $field; if (preg_match('/^A/i', $direction)) { $this->Order .= " ASC"; if ($secondary == 0) { $this->OrderDirection = 'A'; } } else { $this->Order .= " DESC"; if ($secondary == 0) { $this->OrderDirection = 'D'; } } }
function ticket_row_editor() { global $c, $id, $editor, $can_write_principal, $privilege_names; $ticketrow = new Editor("Tickets", "access_ticket"); $ticketrow->SetSubmitName('ticketrow'); if ($can_write_principal && $ticketrow->IsSubmit()) { $username = $editor->Value('username'); $ugly_path = $_POST['target']; if ($ugly_path == '/' . $username || $ugly_path == '/' . $username . '/') { $target_collection = $id; } else { $username_len = strlen($username) + 2; $sql = "SELECT collection_id FROM collection WHERE dav_name = :exact_name"; $sql .= " AND substring(dav_name FROM 1 FOR {$username_len}) = '/{$username}/'"; $params = array(':exact_name' => $ugly_path); if (!preg_match('#/$#', $ugly_path)) { $sql .= " OR dav_name = :truncated_name OR dav_name = :trailing_slash_name"; $params[':truncated_name'] = preg_replace('#[^/]*$#', '', $ugly_path); $params[':trailing_slash_name'] = $ugly_path . "/"; } $sql .= " ORDER BY LENGTH(dav_name) DESC LIMIT 1"; $qry = new AwlQuery($sql, $params); if ($qry->Exec() && $qry->rows() > 0) { $row = $qry->Fetch(); $target_collection = $row->collection_id; } else { $c->messages[] = translate('Can only add tickets for existing collection paths which you own'); return $ticketrow; } } $_POST['dav_owner_id'] = $id; $_POST['target_collection_id'] = $target_collection; $ticket_id = check_by_regex($_POST['ticket_id'], '/[A-Za-z0-9]+/'); $ticketrow->SetWhere('dav_owner_id=' . $id . ' AND ticket_id=' . AwlQuery::quote($ticket_id)); if (isset($_POST['ticket_privileges'])) { $privilege_bitpos = array_flip($privilege_names); $priv_names = array_keys($_POST['ticket_privileges']); $privs_dec = privilege_to_bits($priv_names); $_POST['privileges'] = sprintf('%024s', decbin($privs_dec)); $ticketrow->Assign('privileges', $privs_dec); } $c->messages[] = translate('Creating new ticket granting privileges to this Principal'); $ticketrow->Write(); } return $ticketrow; }
/** * Convert a parameter to a global. We first look in _POST and then in _GET, * and if they passed in a bunch of valid characters, we will make sure the * incoming is cleaned to only match that set. * * @param string $varname The name of the global variable to put the answer in * @param string $match_regex The part of the parameter matching this regex will be returned * @param string $alias1 An alias for the name that we should look for first. * @param " ... More aliases, in the order which they should be examined. $varname will be appended to the end. */ function param_to_global() { $args = func_get_args(); $varname = array_shift($args); $GLOBALS[$varname] = null; $match_regex = null; $argc = func_num_args(); if ($argc > 1) { $match_regex = array_shift($args); } $args[] = $varname; foreach ($args as $k => $name) { if (isset($_POST[$name])) { $result = $_POST[$name]; break; } else { if (isset($_GET[$name])) { $result = $_GET[$name]; break; } } } if (!isset($result)) { return null; } if (isset($match_regex)) { $result = check_by_regex($result, $match_regex); } $GLOBALS[$varname] = $result; return $result; }