Overview
SHA1:5eca57ed8c8b203684c8f6e70e5c5c511016817b
Date: 2015-01-18 04:52:28
User: bohwaz
Comment:Implémentation du critère {age} dans les squelettes (fix [6938d30404]). Utilisation de bindValue de SQLite plutôt que escapeString dans les squelettes, c'est mieux.
Timelines: family | ancestors | descendants | both | trunk
Downloads: Tarball | ZIP archive
Other Links: files | file ages | folders | manifest
References
2015-01-18
04:52 • Fixed ticket [6938d30404]: Implémenter le critère {age} de SPIP dans les boucles plus 5 other changes (user: bohwaz) [details]
Tags And Properties
Context
2015-01-18
04:59
[8ddd48cc48] Correction enregistrement de la date (user: bohwaz, tags: trunk)
04:52
[5eca57ed8c] Implémentation du critère {age} dans les squelettes (fix [6938d30404]). Utilisation de bindValue de SQLite plutôt que escapeString dans les squelettes, c'est mieux. (user: bohwaz, tags: trunk)
04:50
[52c1b4a5fe] filtre euros (user: bohwaz, tags: trunk)
Changes

Modified src/include/lib/Garradin/Squelette.php from [b6c3807dbf] to [3636f0a074].

313
314
315
316
317
318
319

320
321
322
323
324
325
326


327
328
329
330
331
332
333
334
...
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
...
371
372
373
374
375
376
377





378
379
380
381
382
383
384
...
390
391
392
393
394
395
396
397

398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415


416
417
418
419
420
421
422
...
457
458
459
460
461
462
463





464
465
466
467
468
469
470
...
472
473
474
475
476
477
478






479
480
481
482
483
484
485

        return $out;
    }

    protected function processLoop($loopName, $loopType, $loopCriterias, $loopContent, $preContent, $postContent, $altContent)
    {
        $query = $loopStart = '';


        // Types de boucles natifs
        if ($loopType == 'articles' || $loopType == 'rubriques' || $loopType == 'pages')
        {
            $where = $order = '';
            $limit = $begin = 0;



            $query = 'SELECT w.*, strftime(\\\'%s\\\', w.date_creation) AS date_creation, strftime(\\\'%s\\\', w.date_modification) AS date_modification';

            if (trim($loopContent))
            {
                $query .= ', r.contenu AS texte FROM wiki_pages AS w LEFT JOIN wiki_revisions AS r ON (w.id = r.id_page AND w.revision = r.revision) ';
            }
            else
            {
................................................................................
            }
            elseif ($loopType == 'rubriques')
            {
                $where .= 'AND (SELECT COUNT(id) FROM wiki_pages WHERE parent = w.id) > 0 ';
            }

            $allowed_fields = ['id', 'uri', 'titre', 'date', 'date_creation', 'date_modification',
                'parent', 'rubrique', 'revision', 'points', 'recherche', 'texte'];
            $search = $search_rank = false;

            foreach ($loopCriterias as $criteria)
            {
                if (isset($criteria['field']))
                {
                    if (!in_array($criteria['field'], $allowed_fields))
                    {
                        throw new \KD2\MiniSkelMarkupException("Critère '".$criteria['field']."' invalide pour la boucle '$loopName' de type '$loopType'.");
                    }
................................................................................
                        if ($criteria['action'] != \KD2\MiniSkel::ACTION_ORDER_BY)
                        {
                            throw new \KD2\MiniSkelMarkupException("Le critère 'points' n\'est pas valide dans ce contexte.");
                        }

                        $search_rank = true;
                    }





                }

                switch ($criteria['action'])
                {
                    case \KD2\MiniSkel::ACTION_ORDER_BY:
                        if (!$order)
                            $order = 'ORDER BY '.$criteria['field'].'';
................................................................................
                            $order .= ' DESC';
                        break;
                    case \KD2\MiniSkel::ACTION_LIMIT:
                        $begin = $criteria['begin'];
                        $limit = $criteria['number'];
                        break;
                    case \KD2\MiniSkel::ACTION_MATCH_FIELD_BY_VALUE:
                        $where .= ' AND '.$criteria['field'].' '.$criteria['comparison'].' \\\'\'.$db->escapeString(\''.$criteria['value'].'\').\'\\\'';

                        break;
                    case \KD2\MiniSkel::ACTION_MATCH_FIELD:
                    {
                        if ($criteria['field'] == 'recherche')
                        {
                            $query = 'SELECT w.*, r.contenu AS texte, rank(matchinfo(wiki_recherche), 0, 1.0, 1.0) AS points FROM wiki_pages AS w INNER JOIN wiki_recherche AS r ON (w.id = r.id) ';
                            $where .= ' AND wiki_recherche MATCH \\\'\'.$db->escapeString($this->getVariable(\''.$criteria['field'].'\')).\'\\\'';
                            $search = true;
                        }
                        else
                        {
                            if ($criteria['field'] == 'parent')
                                $field = 'id';
                            else
                                $field = $criteria['field'];

                            $where .= ' AND '.$criteria['field'].' = \\\'\'.$db->escapeString($this->getVariable(\''.$field.'\')).\'\\\'';
                        }


                        break;
                    }
                    default:
                        break;
                }
            }

................................................................................
                // Ici le plugin peut soit peupler $query et $loopStart lui-même, soit faire un return
                include $plugin->path() . '/skel_loop.php';
            }
            else
            {
                throw new \KD2\MiniSkelMarkupException("Le type de boucle '".$loopType."' est inconnu.");
            }





        }

        $hash = sha1(uniqid(mt_rand(), true));
        $out = new Squelette_Snippet();
        $out->append(1, '$parent_hash = $this->current[\'_self_hash\'];');
        $out->append(1, '$this->parent =& $parent_hash ? $this->_vars[$parent_hash] : null;');

................................................................................
        {
            $out->append(1, 'if (trim($this->getVariable(\'recherche\'))) { ');
        }

        $out->append(1, '$statement = $db->prepare(\''.$query.'\'); ');
        // Sécurité anti injection
        $out->append(1, 'if (!$statement->readOnly()) { throw new \\MiniSkelMarkupException("Requête en écriture illégale: '.$query.'"); } ');






        $out->append(1, '$result_'.$hash.' = $statement->execute(); ');
        $out->append(1, '$nb_rows = $db->countRows($result_'.$hash.'); ');

        if (!empty($search))
        {
            $out->append(1, '} else { $result_'.$hash.' = false; $nb_rows = 0; }');
        }







>







>
>
|







 







|


|







 







>
>
>
>
>







 







|
>






|









|

>
>







 







>
>
>
>
>







 







>
>
>
>
>
>







313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
...
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
...
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
...
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
...
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
...
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507

        return $out;
    }

    protected function processLoop($loopName, $loopType, $loopCriterias, $loopContent, $preContent, $postContent, $altContent)
    {
        $query = $loopStart = '';
        $query_args = [];

        // Types de boucles natifs
        if ($loopType == 'articles' || $loopType == 'rubriques' || $loopType == 'pages')
        {
            $where = $order = '';
            $limit = $begin = 0;

            $query = 'SELECT w.*, ';
            $query.= 'strftime(\\\'%s\\\', w.date_creation) AS date_creation, ';
            $query.= 'strftime(\\\'%s\\\', w.date_modification) AS date_modification';

            if (trim($loopContent))
            {
                $query .= ', r.contenu AS texte FROM wiki_pages AS w LEFT JOIN wiki_revisions AS r ON (w.id = r.id_page AND w.revision = r.revision) ';
            }
            else
            {
................................................................................
            }
            elseif ($loopType == 'rubriques')
            {
                $where .= 'AND (SELECT COUNT(id) FROM wiki_pages WHERE parent = w.id) > 0 ';
            }

            $allowed_fields = ['id', 'uri', 'titre', 'date', 'date_creation', 'date_modification',
                'parent', 'rubrique', 'revision', 'points', 'recherche', 'texte', 'age'];
            $search = $search_rank = false;

            foreach ($loopCriterias as $criteria_id => $criteria)
            {
                if (isset($criteria['field']))
                {
                    if (!in_array($criteria['field'], $allowed_fields))
                    {
                        throw new \KD2\MiniSkelMarkupException("Critère '".$criteria['field']."' invalide pour la boucle '$loopName' de type '$loopType'.");
                    }
................................................................................
                        if ($criteria['action'] != \KD2\MiniSkel::ACTION_ORDER_BY)
                        {
                            throw new \KD2\MiniSkelMarkupException("Le critère 'points' n\'est pas valide dans ce contexte.");
                        }

                        $search_rank = true;
                    }
                    elseif ($criteria['field'] == 'age')
                    {
                        $criteria['field'] = 'julianday() - julianday(date_creation)';
                        $criteria['value'] = (int)$criteria['value'];
                    }
                }

                switch ($criteria['action'])
                {
                    case \KD2\MiniSkel::ACTION_ORDER_BY:
                        if (!$order)
                            $order = 'ORDER BY '.$criteria['field'].'';
................................................................................
                            $order .= ' DESC';
                        break;
                    case \KD2\MiniSkel::ACTION_LIMIT:
                        $begin = $criteria['begin'];
                        $limit = $criteria['number'];
                        break;
                    case \KD2\MiniSkel::ACTION_MATCH_FIELD_BY_VALUE:
                        $where .= ' AND '.$criteria['field'].' '.$criteria['comparison'].' ?';
                        $query_args[] = $criteria['value'];
                        break;
                    case \KD2\MiniSkel::ACTION_MATCH_FIELD:
                    {
                        if ($criteria['field'] == 'recherche')
                        {
                            $query = 'SELECT w.*, r.contenu AS texte, rank(matchinfo(wiki_recherche), 0, 1.0, 1.0) AS points FROM wiki_pages AS w INNER JOIN wiki_recherche AS r ON (w.id = r.id) ';
                            $where .= ' AND wiki_recherche MATCH ?';
                            $search = true;
                        }
                        else
                        {
                            if ($criteria['field'] == 'parent')
                                $field = 'id';
                            else
                                $field = $criteria['field'];

                            $where .= ' AND '.$criteria['field'].' = ?';
                        }
                        
                        $query_args[] = ['$this->getVariable(\'' . $criteria['field'] . '\')'];
                        break;
                    }
                    default:
                        break;
                }
            }

................................................................................
                // Ici le plugin peut soit peupler $query et $loopStart lui-même, soit faire un return
                include $plugin->path() . '/skel_loop.php';
            }
            else
            {
                throw new \KD2\MiniSkelMarkupException("Le type de boucle '".$loopType."' est inconnu.");
            }

            if (empty($query))
            {
                $query = 'SELECT 0 LIMIT 0;';
            }
        }

        $hash = sha1(uniqid(mt_rand(), true));
        $out = new Squelette_Snippet();
        $out->append(1, '$parent_hash = $this->current[\'_self_hash\'];');
        $out->append(1, '$this->parent =& $parent_hash ? $this->_vars[$parent_hash] : null;');

................................................................................
        {
            $out->append(1, 'if (trim($this->getVariable(\'recherche\'))) { ');
        }

        $out->append(1, '$statement = $db->prepare(\''.$query.'\'); ');
        // Sécurité anti injection
        $out->append(1, 'if (!$statement->readOnly()) { throw new \\MiniSkelMarkupException("Requête en écriture illégale: '.$query.'"); } ');

        foreach ($query_args as $k=>$arg)
        {
            $out->append(1, '$statement->bindValue(' . ($k+1) . ', ' . (is_array($arg) ? $arg[0] : var_export($arg, true)) . ');');
        }

        $out->append(1, '$result_'.$hash.' = $statement->execute(); ');
        $out->append(1, '$nb_rows = $db->countRows($result_'.$hash.'); ');

        if (!empty($search))
        {
            $out->append(1, '} else { $result_'.$hash.' = false; $nb_rows = 0; }');
        }