Overview
Comment:Implémentation du critère {age} dans les squelettes (fix [6938d30404]). Utilisation de bindValue de SQLite plutôt que escapeString dans les squelettes, c'est mieux.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 5eca57ed8c8b203684c8f6e70e5c5c511016817b
User & Date: bohwaz on 2015-01-18 04:52:28
Other Links: manifest | tags
Context
2015-01-18
04:59
Correction enregistrement de la date check-in: 8ddd48cc48 user: bohwaz tags: trunk
04:52
Implémentation du critère {age} dans les squelettes (fix [6938d30404]). Utilisation de bindValue de SQLite plutôt que escapeString dans les squelettes, c'est mieux. check-in: 5eca57ed8c user: bohwaz tags: trunk
04:50
filtre euros check-in: 52c1b4a5fe user: bohwaz tags: trunk
Changes

Modified src/include/lib/Garradin/Squelette.php from [b6c3807dbf] to [3636f0a074].

313
314
315
316
317
318
319

320
321
322
323
324
325
326


327
328
329
330
331
332
333
334

        return $out;
    }

    protected function processLoop($loopName, $loopType, $loopCriterias, $loopContent, $preContent, $postContent, $altContent)
    {
        $query = $loopStart = '';


        // Types de boucles natifs
        if ($loopType == 'articles' || $loopType == 'rubriques' || $loopType == 'pages')
        {
            $where = $order = '';
            $limit = $begin = 0;



            $query = 'SELECT w.*, strftime(\\\'%s\\\', w.date_creation) AS date_creation, strftime(\\\'%s\\\', w.date_modification) AS date_modification';

            if (trim($loopContent))
            {
                $query .= ', r.contenu AS texte FROM wiki_pages AS w LEFT JOIN wiki_revisions AS r ON (w.id = r.id_page AND w.revision = r.revision) ';
            }
            else
            {







>







>
>
|







313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337

        return $out;
    }

    protected function processLoop($loopName, $loopType, $loopCriterias, $loopContent, $preContent, $postContent, $altContent)
    {
        $query = $loopStart = '';
        $query_args = [];

        // Types de boucles natifs
        if ($loopType == 'articles' || $loopType == 'rubriques' || $loopType == 'pages')
        {
            $where = $order = '';
            $limit = $begin = 0;

            $query = 'SELECT w.*, ';
            $query.= 'strftime(\\\'%s\\\', w.date_creation) AS date_creation, ';
            $query.= 'strftime(\\\'%s\\\', w.date_modification) AS date_modification';

            if (trim($loopContent))
            {
                $query .= ', r.contenu AS texte FROM wiki_pages AS w LEFT JOIN wiki_revisions AS r ON (w.id = r.id_page AND w.revision = r.revision) ';
            }
            else
            {
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
            }
            elseif ($loopType == 'rubriques')
            {
                $where .= 'AND (SELECT COUNT(id) FROM wiki_pages WHERE parent = w.id) > 0 ';
            }

            $allowed_fields = ['id', 'uri', 'titre', 'date', 'date_creation', 'date_modification',
                'parent', 'rubrique', 'revision', 'points', 'recherche', 'texte'];
            $search = $search_rank = false;

            foreach ($loopCriterias as $criteria)
            {
                if (isset($criteria['field']))
                {
                    if (!in_array($criteria['field'], $allowed_fields))
                    {
                        throw new \KD2\MiniSkelMarkupException("Critère '".$criteria['field']."' invalide pour la boucle '$loopName' de type '$loopType'.");
                    }







|


|







346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
            }
            elseif ($loopType == 'rubriques')
            {
                $where .= 'AND (SELECT COUNT(id) FROM wiki_pages WHERE parent = w.id) > 0 ';
            }

            $allowed_fields = ['id', 'uri', 'titre', 'date', 'date_creation', 'date_modification',
                'parent', 'rubrique', 'revision', 'points', 'recherche', 'texte', 'age'];
            $search = $search_rank = false;

            foreach ($loopCriterias as $criteria_id => $criteria)
            {
                if (isset($criteria['field']))
                {
                    if (!in_array($criteria['field'], $allowed_fields))
                    {
                        throw new \KD2\MiniSkelMarkupException("Critère '".$criteria['field']."' invalide pour la boucle '$loopName' de type '$loopType'.");
                    }
371
372
373
374
375
376
377





378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397

398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415


416
417
418
419
420
421
422
                        if ($criteria['action'] != \KD2\MiniSkel::ACTION_ORDER_BY)
                        {
                            throw new \KD2\MiniSkelMarkupException("Le critère 'points' n\'est pas valide dans ce contexte.");
                        }

                        $search_rank = true;
                    }





                }

                switch ($criteria['action'])
                {
                    case \KD2\MiniSkel::ACTION_ORDER_BY:
                        if (!$order)
                            $order = 'ORDER BY '.$criteria['field'].'';
                        else
                            $order .= ', '.$criteria['field'].'';
                        break;
                    case \KD2\MiniSkel::ACTION_ORDER_DESC:
                        if ($order)
                            $order .= ' DESC';
                        break;
                    case \KD2\MiniSkel::ACTION_LIMIT:
                        $begin = $criteria['begin'];
                        $limit = $criteria['number'];
                        break;
                    case \KD2\MiniSkel::ACTION_MATCH_FIELD_BY_VALUE:
                        $where .= ' AND '.$criteria['field'].' '.$criteria['comparison'].' \\\'\'.$db->escapeString(\''.$criteria['value'].'\').\'\\\'';

                        break;
                    case \KD2\MiniSkel::ACTION_MATCH_FIELD:
                    {
                        if ($criteria['field'] == 'recherche')
                        {
                            $query = 'SELECT w.*, r.contenu AS texte, rank(matchinfo(wiki_recherche), 0, 1.0, 1.0) AS points FROM wiki_pages AS w INNER JOIN wiki_recherche AS r ON (w.id = r.id) ';
                            $where .= ' AND wiki_recherche MATCH \\\'\'.$db->escapeString($this->getVariable(\''.$criteria['field'].'\')).\'\\\'';
                            $search = true;
                        }
                        else
                        {
                            if ($criteria['field'] == 'parent')
                                $field = 'id';
                            else
                                $field = $criteria['field'];

                            $where .= ' AND '.$criteria['field'].' = \\\'\'.$db->escapeString($this->getVariable(\''.$field.'\')).\'\\\'';
                        }


                        break;
                    }
                    default:
                        break;
                }
            }








>
>
>
>
>



















|
>






|









|

>
>







374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
                        if ($criteria['action'] != \KD2\MiniSkel::ACTION_ORDER_BY)
                        {
                            throw new \KD2\MiniSkelMarkupException("Le critère 'points' n\'est pas valide dans ce contexte.");
                        }

                        $search_rank = true;
                    }
                    elseif ($criteria['field'] == 'age')
                    {
                        $criteria['field'] = 'julianday() - julianday(date_creation)';
                        $criteria['value'] = (int)$criteria['value'];
                    }
                }

                switch ($criteria['action'])
                {
                    case \KD2\MiniSkel::ACTION_ORDER_BY:
                        if (!$order)
                            $order = 'ORDER BY '.$criteria['field'].'';
                        else
                            $order .= ', '.$criteria['field'].'';
                        break;
                    case \KD2\MiniSkel::ACTION_ORDER_DESC:
                        if ($order)
                            $order .= ' DESC';
                        break;
                    case \KD2\MiniSkel::ACTION_LIMIT:
                        $begin = $criteria['begin'];
                        $limit = $criteria['number'];
                        break;
                    case \KD2\MiniSkel::ACTION_MATCH_FIELD_BY_VALUE:
                        $where .= ' AND '.$criteria['field'].' '.$criteria['comparison'].' ?';
                        $query_args[] = $criteria['value'];
                        break;
                    case \KD2\MiniSkel::ACTION_MATCH_FIELD:
                    {
                        if ($criteria['field'] == 'recherche')
                        {
                            $query = 'SELECT w.*, r.contenu AS texte, rank(matchinfo(wiki_recherche), 0, 1.0, 1.0) AS points FROM wiki_pages AS w INNER JOIN wiki_recherche AS r ON (w.id = r.id) ';
                            $where .= ' AND wiki_recherche MATCH ?';
                            $search = true;
                        }
                        else
                        {
                            if ($criteria['field'] == 'parent')
                                $field = 'id';
                            else
                                $field = $criteria['field'];

                            $where .= ' AND '.$criteria['field'].' = ?';
                        }
                        
                        $query_args[] = ['$this->getVariable(\'' . $criteria['field'] . '\')'];
                        break;
                    }
                    default:
                        break;
                }
            }

457
458
459
460
461
462
463





464
465
466
467
468
469
470
471
472
473
474
475
476
477
478






479
480
481
482
483
484
485
                // Ici le plugin peut soit peupler $query et $loopStart lui-même, soit faire un return
                include $plugin->path() . '/skel_loop.php';
            }
            else
            {
                throw new \KD2\MiniSkelMarkupException("Le type de boucle '".$loopType."' est inconnu.");
            }





        }

        $hash = sha1(uniqid(mt_rand(), true));
        $out = new Squelette_Snippet();
        $out->append(1, '$parent_hash = $this->current[\'_self_hash\'];');
        $out->append(1, '$this->parent =& $parent_hash ? $this->_vars[$parent_hash] : null;');

        if (!empty($search))
        {
            $out->append(1, 'if (trim($this->getVariable(\'recherche\'))) { ');
        }

        $out->append(1, '$statement = $db->prepare(\''.$query.'\'); ');
        // Sécurité anti injection
        $out->append(1, 'if (!$statement->readOnly()) { throw new \\MiniSkelMarkupException("Requête en écriture illégale: '.$query.'"); } ');






        $out->append(1, '$result_'.$hash.' = $statement->execute(); ');
        $out->append(1, '$nb_rows = $db->countRows($result_'.$hash.'); ');

        if (!empty($search))
        {
            $out->append(1, '} else { $result_'.$hash.' = false; $nb_rows = 0; }');
        }







>
>
>
>
>















>
>
>
>
>
>







468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
                // Ici le plugin peut soit peupler $query et $loopStart lui-même, soit faire un return
                include $plugin->path() . '/skel_loop.php';
            }
            else
            {
                throw new \KD2\MiniSkelMarkupException("Le type de boucle '".$loopType."' est inconnu.");
            }

            if (empty($query))
            {
                $query = 'SELECT 0 LIMIT 0;';
            }
        }

        $hash = sha1(uniqid(mt_rand(), true));
        $out = new Squelette_Snippet();
        $out->append(1, '$parent_hash = $this->current[\'_self_hash\'];');
        $out->append(1, '$this->parent =& $parent_hash ? $this->_vars[$parent_hash] : null;');

        if (!empty($search))
        {
            $out->append(1, 'if (trim($this->getVariable(\'recherche\'))) { ');
        }

        $out->append(1, '$statement = $db->prepare(\''.$query.'\'); ');
        // Sécurité anti injection
        $out->append(1, 'if (!$statement->readOnly()) { throw new \\MiniSkelMarkupException("Requête en écriture illégale: '.$query.'"); } ');

        foreach ($query_args as $k=>$arg)
        {
            $out->append(1, '$statement->bindValue(' . ($k+1) . ', ' . (is_array($arg) ? $arg[0] : var_export($arg, true)) . ');');
        }

        $out->append(1, '$result_'.$hash.' = $statement->execute(); ');
        $out->append(1, '$nb_rows = $db->countRows($result_'.$hash.'); ');

        if (!empty($search))
        {
            $out->append(1, '} else { $result_'.$hash.' = false; $nb_rows = 0; }');
        }