loviuz/openstamanager
loviuz
/
openstamanager
mirror of https://github.com/devcode-it/openstamanager.git
1
0
Fork 0
Code Issues Releases Activity

Bugfix modulo Viste

This commit is contained in:
Thomas Zilio 2018-11-09 07:17:37 +01:00
parent 2d42bb56c6
commit cd4729a091
1 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
modules/viste/actions.php
View File

@ -39,14 +39,13 @@ switch (filter('op')) {
case 'fields': case 'fields':
$rs = true; $rs = true;
foreach ((array) post('query') as $c => $k) { // Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML
// Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML $queries = (array) $_POST['query'];
post('query')[$c] = $_POST['query'][$c]; foreach ($queries as $c => $query) {
if (check_query($query)) {
if (check_query(post('query')[$c])) {
$array = [ $array = [
'name' => post('name')[$c], 'name' => post('name')[$c],
'query' => post('query')[$c], 'query' => $query,
'visible' => post('visible')[$c], 'visible' => post('visible')[$c],
'search' => post('search')[$c], 'search' => post('search')[$c],
'slow' => post('slow')[$c], 'slow' => post('slow')[$c],
@ -57,11 +56,11 @@ switch (filter('op')) {
'id_module' => $id_record, 'id_module' => $id_record,
]; ];
if (!empty(post('id')[$c]) && !empty(post('query')[$c])) { if (!empty(post('id')[$c]) && !empty($query)) {
$id = post('id')[$c]; $id = post('id')[$c];
$dbo->update('zz_views', $array, ['id' => $id]); $dbo->update('zz_views', $array, ['id' => $id]);
} elseif (!empty(post('query')[$c])) { } elseif (!empty($query)) {
$array['order'] = orderValue('zz_views', 'id_module', $id_record); $array['order'] = orderValue('zz_views', 'id_module', $id_record);
$dbo->insert('zz_views', $array); $dbo->insert('zz_views', $array);
@ -87,24 +86,25 @@ switch (filter('op')) {
case 'filters': case 'filters':
$rs = true; $rs = true;
foreach ((array) post('query') as $c => $k) { // Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML
// Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML $queries = (array) $_POST['query'];
post('query')[$c] = $_POST['query'][$c]; foreach ($queries as $c => $query) {
$query = $_POST['query'][$c];
if (check_query(post('query')[$c])) { if (check_query($query)) {
$array = [ $array = [
'name' => post('name')[$c], 'name' => post('name')[$c],
'idgruppo' => post('gruppo')[$c], 'idgruppo' => post('gruppo')[$c],
'idmodule' => $id_record, 'idmodule' => $id_record,
'clause' => post('query')[$c], 'clause' => $query,
'position' => !empty(post('position')[$c]) ? 'HVN' : 'WHR', 'position' => !empty(post('position')[$c]) ? 'HVN' : 'WHR',
]; ];
if (!empty(post('id')[$c]) && !empty(post('query')[$c])) { if (!empty(post('id')[$c]) && !empty($query)) {
$id = post('id')[$c]; $id = post('id')[$c];
$dbo->update('zz_group_module', $array, ['id' => $id]); $dbo->update('zz_group_module', $array, ['id' => $id]);
} elseif (!empty(post('query')[$c])) { } elseif (!empty($query)) {
$dbo->insert('zz_group_module', $array); $dbo->insert('zz_group_module', $array);
$id = $dbo->lastInsertedID(); $id = $dbo->lastInsertedID();
@ -127,9 +127,9 @@ switch (filter('op')) {
$rs = $dbo->fetchArray('SELECT enabled FROM zz_group_module WHERE id='.prepare($id)); $rs = $dbo->fetchArray('SELECT enabled FROM zz_group_module WHERE id='.prepare($id));
$array = ['enabled' => !empty($rs[0]['enabled']) ? 0 : 1]; $dbo->update('zz_group_module', [
'enabled' => !empty($rs[0]['enabled']) ? 0 : 1
$dbo->update('zz_group_module', $array, ['id' => $id]); ], ['id' => $id]);
flash()->info(tr('Salvataggio completato!')); flash()->info(tr('Salvataggio completato!'));