本文整理汇总了PHP中sensitiveIO::sanitizeSQLString方法的典型用法代码示例。如果您正苦于以下问题:PHP sensitiveIO::sanitizeSQLString方法的具体用法?PHP sensitiveIO::sanitizeSQLString怎么用?PHP sensitiveIO::sanitizeSQLString使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类sensitiveIO
的用法示例。
在下文中一共展示了sensitiveIO::sanitizeSQLString方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: getByEmail
/**
* Get array of contacts data by Email
*
* @param string $data
* @return array of CMS_profile_user
* @access public
*/
static function getByEmail($data)
{
if (!SensitiveIO::isValidEmail($data)) {
CMS_grandFather::raiseError('$data must be a valid email : ' . $data);
return array();
}
$aUsers = array();
//create the request to look for the data
$sql = 'select `id_cd`
from `contactDatas`
where `email_cd` = "' . sensitiveIO::sanitizeSQLString($data) . '"';
//launching the request
$q = new CMS_query($sql);
//checking if ok and looping on results
if (!$q->hasError()) {
while (($oTmpUserId = $q->getValue("id_cd")) !== false) {
//creating the user and filling the data
$oTmpUser = CMS_profile_usersCatalog::getByID($oTmpUserId);
if (!$oTmpUser->hasError()) {
$oTmpUser->getContactData();
if (!$oTmpUser->hasError()) {
$aUsers[] = $oTmpUser;
}
}
}
unset($oTmpUser, $oTmpUserId);
}
return $aUsers;
}
示例2: setParameters
/**
* Set the script informations.
*
* @return boolean true on success, false on failure
* @access public
*/
function setParameters($module, $parameters)
{
if (!$this->_scriptName) {
return false;
}
$sql = "\n\t\t\tupdate\n\t\t\t\tscriptsStatuses\n\t\t\tset\n\t\t\t\tmodule_ss='" . sensitiveIO::sanitizeSQLString($module) . "',\n\t\t\t\tparameters_ss='" . sensitiveIO::sanitizeSQLString($parameters) . "'\n\t\t\twhere\n\t\t\t\tscriptName_ss='" . $this->_scriptName . "'";
$q = new CMS_query($sql);
return true;
}
示例3: exists
/**
* Check if website currently exists
* Static function.
*
* @param integer $id The DB ID of the CMS_website to check
* @return boolean
* @access public
*/
static function exists($id)
{
static $websites;
if (!isset($websites[$id])) {
$websites[$id] = false;
$sql = "\n\t\t\t\tselect\n\t\t\t\t\tid_web\n\t\t\t\tfrom\n\t\t\t\t\twebsites\n\t\t\t\twhere\n\t\t\t\t\tid_web = " . sensitiveIO::sanitizeSQLString($id) . "\n\t\t\t";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
$websites[$id] = true;
}
}
return $websites[$id];
}
示例4: getSearch
/**
* Get the search.
*
* @param integer $searchType : the type of the search (see constants)
* @return array of CMS_page the result pages
* @access public
*/
function getSearch($keywords, $user, $public = false, $withPageContent = false)
{
if (is_a($user, 'CMS_profile_user')) {
$cms_language = $user->getLanguage();
} else {
$cms_language = new CMS_language('fr');
}
$results = array();
$count = 0;
/*$messages = array();
$message = '';*/
$where = $order = '';
$foundLinkToIDs = $foundLinkFromIDs = $foundPagesFromTemplate = $foundPagesFromRow = $matches = array();
// Clean keywords
$keywords = SensitiveIO::sanitizeSQLString($keywords);
$keywords = strtr($keywords, ",;", " ");
$blocks = array();
$blocks = array_map("trim", array_unique(explode(" ", $keywords)));
$cleanedBlocks = array();
foreach ($blocks as $block) {
if ($block !== '' || sensitiveIO::isPositiveInteger($block)) {
$block = str_replace(array('%', '_'), array('\\%', '\\_'), $block);
$cleanedBlocks[] = $block;
}
}
// Separate block codes
if ($cleanedBlocks) {
$allDatas = array();
$allCodes = CMS_search::getAllCodes();
foreach ($allCodes as $code) {
$datas = array();
foreach (array_keys($cleanedBlocks) as $key) {
if (strstr($cleanedBlocks[$key], $code . ':')) {
$datas[] = $cleanedBlocks[$key];
unset($cleanedBlocks[$key]);
}
}
if ($datas) {
$allDatas[$code] = $datas;
}
}
$allDatas[self::SEARCH_TYPE_DEFAULT] = $cleanedBlocks;
// Get IDs from all specific codes
$foundIDs = array();
$allLinksNumber = 0;
foreach ($allCodes as $code) {
switch ($code) {
case self::SEARCH_TYPE_LINKTO:
if (isset($allDatas[self::SEARCH_TYPE_LINKTO])) {
$foundLinkToIDs = array();
$where = '';
$count = 0;
foreach ($allDatas[self::SEARCH_TYPE_LINKTO] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " start_lre = '" . $tabValues[1] . "' ";
}
}
if ($where) {
$select = ' stop_lre ';
$from = 'linx_real_public';
$sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
$q = new CMS_query($sql);
$arr = array();
while ($arr = $q->getArray()) {
$foundLinkToIDs[] = $arr["stop_lre"];
}
// Count links number
$allLinksNumber += count($foundLinkToIDs);
$where = $select = '';
}
}
break;
case self::SEARCH_TYPE_LINKFROM:
if (isset($allDatas[self::SEARCH_TYPE_LINKFROM])) {
$foundLinkFromIDs = array();
$where = '';
$count = 0;
/*$messagesIDs = array();*/
foreach ($allDatas[self::SEARCH_TYPE_LINKFROM] as $block) {
$tabValues = explode(':', $block);
if (SensitiveIO::isPositiveInteger($tabValues[1])) {
$where .= $count ? ' or ' : '';
$count++;
$where .= " stop_lre = '" . $tabValues[1] . "' ";
}
}
if ($where) {
$select = ' start_lre ';
$from = 'linx_real_public';
$sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where;
//.........这里部分代码省略.........
示例5: searchMessages
/**
* Search messages
* Static function.
*
* @param string module : module to search messages
* @param string search : search message by value
* @param array languagesOnly : limit search to given languages codes
* @param array options : search options
* @param string direction : search is ordered by results id. Specify order direction (asc or desc). Default : asc
* @param integer start : search start offset
* @param integer limit : search limit (default : 0 : unlimited)
* @param integer resultsnb : return results count by reference
* @return array(id => msg)
* @access public
*/
static function searchMessages($module, $search = '', $languagesOnly = array(), $options = array(), $direction = 'asc', $start = 0, $limit = 0, &$resultsnb)
{
$start = (int) $start;
$limit = (int) $limit;
$direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
$emptyOnly = $idsOnly = false;
if (is_array($options)) {
$emptyOnly = isset($options['empty']) && $options['empty'] ? true : false;
$idsOnly = isset($options['ids']) && is_array($options['ids']) ? $options['ids'] : false;
}
$keywordsWhere = $languagesWhere = $emptyWhere = $orderBy = $orderClause = $idsWhere = '';
//get ids for which one message is missing
if ($emptyOnly) {
$qLanguages = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct language_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t");
$qIds = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct id_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t");
$allIds = $qIds->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
$missingIds = array();
while ($language = $qLanguages->getValue('language_mes')) {
$qLang = new CMS_query("\n\t\t\t\t\tselect \n\t\t\t\t\t\tdistinct id_mes\n\t\t\t\t\tfrom \n\t\t\t\t\t\tmessages\n\t\t\t\t\twhere\n\t\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\t\t\tand language_mes='" . $language . "'\n\t\t\t\t\t\tand message_mes != ''\n\t\t\t\t");
$ids = $qLang->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
$missingIds = array_merge($missingIds, array_diff($allIds, $ids));
}
if (!$missingIds) {
$resultsnb = 0;
return array();
}
$emptyWhere = ' and id_mes in (' . implode($missingIds, ',') . ')';
}
if ($idsOnly) {
$idsWhere = ' and id_mes in (' . io::sanitizeSQLString(implode($idsOnly, ',')) . ')';
}
if ($search) {
//clean user keywords (never trust user input, user is evil)
$search = strtr($search, ",;", " ");
if (isset($options['phrase']) && $options['phrase']) {
$search = str_replace(array('%', '_'), array('\\%', '\\_'), $search);
if (htmlentities($search) != $search) {
$keywordsWhere .= " and (\n\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($search)) . "%'\n\t\t\t\t\t)";
} else {
$keywordsWhere .= " and message_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%'";
}
} else {
$words = array();
$words = array_map("trim", array_unique(explode(" ", io::strtolower($search))));
$cleanedWords = array();
foreach ($words as $aWord) {
if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
$aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
$cleanedWords[] = $aWord;
}
}
if (!$cleanedWords) {
//if no words after cleaning, return
return array();
}
foreach ($cleanedWords as $cleanedWord) {
$keywordsWhere .= $keywordsWhere ? " and " : '';
if (htmlentities($aWord) != $aWord) {
$keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($cleanedWord)) . "%'\n\t\t\t\t\t\t)";
} else {
$keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\t\t)";
}
}
$keywordsWhere = ' and (' . $keywordsWhere . ')';
}
}
if (is_array($languagesOnly) && $languagesOnly) {
$languagesWhere = ' and language_mes in (\'' . implode($languagesOnly, '\',\'') . '\')';
}
$orderClause = "order by\n\t\t\tid_mes\n\t\t\t" . $direction;
$sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $languagesWhere . "\n\t\t\t" . $emptyWhere . "\n\t\t\t" . $idsWhere . "\n\t\t";
$q = new CMS_query($sql);
if (!$q->getNumRows()) {
$resultsnb = 0;
return array();
}
$messageIds = array();
$messageIds = $q->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0);
$sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id,\n\t\t\t\tmodule_mes as module,\n\t\t\t\tlanguage_mes as language,\n\t\t\t\tmessage_mes as message\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\tand id_mes in (" . implode($messageIds, ',') . ")\n\t\t\t\t" . $orderClause . "\n\t\t";
$q = new CMS_query($sql);
if (!$q->getNumRows()) {
$resultsnb = 0;
return array();
}
$messageGroups = array();
//.........这里部分代码省略.........
示例6: addWhereCondition
/**
* Builds where statement with a key and its value
* The key can be a known string, this class will create statements in consequence
* or it can be a field id
*
* @access public
* @param string $key name of statement to set
* @param string $value , the value to give
* @param string $operator, additional optional search operator
* @return void or false if an error occured
*/
function addWhereCondition($type, $value, $operator = false)
{
if (!$type || !$value && !$operator) {
return;
}
//clean value
if (!is_object($value) && !is_array($value)) {
$value = sensitiveIO::sanitizeSQLString($value);
} elseif (is_array($value)) {
$value = array_map(array('sensitiveIO', 'sanitizeSQLString'), $value);
}
$operator = $operator ? io::decodeEntities($operator) : false;
$statusSuffix = $this->_public ? "_public" : "_edited";
switch ($type) {
case "object":
if ($value && !is_a($value, 'CMS_poly_object_definition')) {
$this->raiseError('Value must be a valid CMS_poly_object_definition.');
return false;
}
$this->_object = $value;
$this->_whereConditions['object'][] = array('value' => $value, 'operator' => $operator);
break;
case "item":
if (!sensitiveIO::isPositiveInteger($value)) {
$this->raiseError("Value must be a positive Integer.");
return false;
}
$this->_whereConditions['item'][] = array('value' => $value, 'operator' => $operator);
break;
case "items":
if (!$value) {
$this->raiseError('Value must be a populated array.');
return false;
}
$this->_whereConditions['items'][] = array('value' => $value, 'operator' => $operator);
break;
case 'archives':
if ($this->_public && $this->_object->isPrimaryResource() && ($value == 1 || $value == 'true' || $value == true)) {
unset($this->_whereConditions['publication date before']);
unset($this->_whereConditions['publication date end']);
}
break;
case "itemsOrdered":
if (!$value) {
$this->raiseError('Value must be a populated array.');
return false;
}
$this->_whereConditions['items'][] = array('value' => $value, 'operator' => $operator);
$this->_orderConditions['itemsOrdered']['order'] = $value;
break;
case "profile":
if (!is_a($value, 'CMS_profile_user')) {
$this->raiseError('Value must be a valid CMS_profile_user.');
return false;
}
$this->_whereConditions['profile'][] = array('value' => $value, 'operator' => $operator);
break;
case "category":
//this search type is deprecated, keep it for compatibility but now it is replaced by direct field id access
//get field of categories for searched object type (assume it uses categories)
$categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->_object->getId());
$this->_whereConditions[$categoriesFields[0]][] = array('value' => $value, 'operator' => $operator);
break;
case "keywords":
if ($value) {
$this->_whereConditions['keywords'][] = array('value' => $value, 'operator' => $operator);
}
break;
case "publication date after":
// Date start
if ($this->_object->isPrimaryResource()) {
if (!is_a($value, 'CMS_date')) {
$this->raiseError('Value must be a valid CMS_date.');
return false;
}
$this->_whereConditions['publication date after'][] = array('value' => $value, 'operator' => $operator);
}
break;
case "publication date before":
// Date End
if ($this->_object->isPrimaryResource()) {
if (!is_a($value, 'CMS_date')) {
$this->raiseError('Value must be a valid CMS_date.');
return false;
}
$this->_whereConditions['publication date before'][] = array('value' => $value, 'operator' => $operator);
}
break;
case "publication date end":
//.........这里部分代码省略.........
示例7: runQueuedScripts
/**
* Run queued scripts.
* This method is used when background scripts are not used.
* It process a number of scripts defined by REGENERATION_THREADS constant
*
* @return void
* @access public
* @static
*/
static function runQueuedScripts()
{
//the sql which selects scripts to regenerate at a time
$sql_select = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tregenerator\n\t\t\tlimit\n\t\t\t\t" . sensitiveIO::sanitizeSQLString(REGENERATION_THREADS) . "\n\t\t";
$q = new CMS_query($sql_select);
$modules = array();
while ($data = $q->getArray()) {
//instanciate script module
if (!isset($modules[$data['module_reg']])) {
$modules[$data['module_reg']] = CMS_modulesCatalog::getByCodename($data['module_reg']);
}
//then send script task to module (return task title by reference)
$task = $modules[$data['module_reg']]->scriptTask(unserialize($data['parameters_reg']));
//delete the current script task
$sql_delete = "\n\t\t\t\tdelete\n\t\t\t\tfrom\n\t\t\t\t\tregenerator\n\t\t\t\twhere\n\t\t\t\t\tid_reg='" . $data['id_reg'] . "'";
$q_delete = new CMS_query($sql_delete);
}
}
示例8: isPolymod
/**
* Is given module is a poly module ?
*
* @param string $codename the codename of the module to check
* @return boolean true if yes, false otherwise
* @access public
*/
static function isPolymod($codename)
{
$sql = "select\n\t\t\t\t\t1\n\t\t\t\tfrom\n\t\t\t\t\tmodules\n\t\t\t\twhere\n\t\t\t\t\tcodename_mod='" . sensitiveIO::sanitizeSQLString($codename) . "'\n\t\t\t\t\tand isPolymod_mod='1'\n\t\t\t\t";
$q = new CMS_query($sql);
return $q->getNumRows() ? true : false;
}
示例9: getByResourceAction
/**
* Get by resource
*
* @param CMS_
* @return array(CMS_log)
* @access public
*/
static function getByResourceAction($moduleCodename, $resourceId, $action, $limit = false)
{
$sql = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tlog\n\t\t\twhere\n\t\t\t\tmodule_log='" . sensitiveIO::sanitizeSQLString($moduleCodename) . "'\n\t\t\t\tand resource_log='" . sensitiveIO::sanitizeSQLString($resourceId) . "'";
if (is_array($action)) {
$sql .= " and action_log in (" . sensitiveIO::sanitizeSQLString(implode(',', $action)) . ")";
} else {
$sql .= " and action_log='" . sensitiveIO::sanitizeSQLString($action) . "'";
}
$sql .= "\n\t\t\torder by\n\t\t\t\tdatetime_log desc\n\t\t";
if ($limit && sensitiveIO::isPositiveInteger($limit)) {
$sql .= " limit 0, " . $limit;
}
$logs = array();
$q = new CMS_query($sql);
if ($q->getNumRows()) {
$users = array();
while ($r = $q->getArray()) {
if (!isset($users[$r["user_log"]])) {
$users[$r["user_log"]] = CMS_profile_usersCatalog::getByID($r["user_log"]);
}
$lg = new CMS_log($r, $users[$r["user_log"]]);
if (!$lg->hasError()) {
$logs[] = $lg;
}
}
}
return $logs;
}
示例10: search
/**
* Search users
* Static function.
*
* @param string search : search user by lastname, firstname or login
* @param string letter : search user by first lastname letter
* @param integer group : search user by group ID
* @param string order : order by fieldname (without suffix). default : lastname, firstname
* @param integer start : search start offset
* @param integer limit : search limit (default : 0 : unlimited)
* @param boolean activeOnly : return only active users (default : false)
* @param boolean returnObjects : return CMS_profile_user objects (default) or array of userId
* @return array(CMS_profile_user)
* @access public
*/
static function search($search = '', $letter = '', $group = '', $order = '', $direction = 'asc', $start = 0, $limit = 0, $activeOnly = false, $returnObjects = true, &$score = array())
{
$start = (int) $start;
$limit = (int) $limit;
$group = (int) $group;
$direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
$keywordsWhere = $letterWhere = $groupWhere = $orderBy = $orderClause = $idWhere = '';
$select = 'id_pru';
if (io::strpos($search, ':noroot:') !== false) {
$idWhere = " and id_pru != '" . ROOT_PROFILEUSER_ID . "'";
$search = trim(str_replace(':noroot:', '', $search));
}
if (io::substr($search, 0, 5) == 'user:' && sensitiveIO::isPositiveInteger(io::substr($search, 5))) {
$idWhere = " and id_pru = '" . sensitiveIO::sanitizeSQLString(io::substr($search, 5)) . "'";
$search = '';
}
if (io::substr($search, 0, 6) == 'group:' && sensitiveIO::isPositiveInteger(io::substr($search, 6))) {
$group = io::substr($search, 6);
$search = '';
}
if ($search) {
//clean user keywords (never trust user input, user is evil)
$keyword = strtr($search, ",;", " ");
$words = array();
$words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
$cleanedWords = array();
foreach ($words as $aWord) {
if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
$aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
if (htmlentities($aWord) != $aWord) {
$cleanedWords[] = htmlentities($aWord);
}
$cleanedWords[] = $aWord;
}
}
if (!$cleanedWords) {
//if no words after cleaning, return
return array();
}
foreach ($cleanedWords as $cleanedWord) {
$keywordsWhere .= $keywordsWhere ? " and " : '';
$keywordsWhere .= " (\n\t\t\t\t\tlastName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor firstName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor login_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
}
$keywordsWhere = ' and ((' . $keywordsWhere . ')';
$select .= " , MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') as m ";
$keywordsWhere .= " or MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') )";
}
if ($letter && io::strlen($letter) === 1) {
$letterWhere = " and lastName_pru like '" . sensitiveIO::sanitizeSQLString($letter) . "%'";
}
if ($group) {
$groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($group, false);
if (!$groupUsers) {
return array();
}
$groupWhere = " and id_pru in (" . implode(',', $groupUsers) . ")";
}
if ($order != 'score') {
if ($order) {
$found = false;
$sql = "DESCRIBE profilesUsers";
$q = new CMS_query($sql);
while ($field = $q->getValue('Field')) {
if ($field == $order . '_pru') {
$found = true;
}
}
if ($found) {
$orderBy = $order . '_pru';
} else {
$orderBy = 'lastName_pru,firstName_pru';
}
} else {
$orderBy = 'lastName_pru,firstName_pru';
}
if ($orderBy) {
$orderClause = "order by\n\t\t\t\t\t" . $orderBy . "\n\t\t\t\t\t" . $direction;
}
} elseif ($search) {
$orderClause = " order by m " . $direction;
}
$sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tprofilesUsers\n\t\t\twhere \n\t\t\t deleted_pru='0'\n\t\t\t" . ($activeOnly ? " and active_pru='1' " : '') . "\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $letterWhere . "\n\t\t\t" . $groupWhere . "\n\t\t\t" . $idWhere . "\n\t\t\t" . $orderClause . "\n\t\t";
if ($limit) {
$sql .= "limit \n\t\t\t\t" . $start . ", " . $limit;
}
//.........这里部分代码省略.........
示例11: getAll
/**
* Return all the rows available
*
* @param CMS_profile_user $cms_user : restrict to user rights on modules (default : false)
* @param integer $tplId : restrict to rows usable in given template (default : false)
* @param string $csId : restrict to rows usable in given clientspace (default : false)
* @param integer $start : start position
* @param integer $limit : limit position
* @param integer $count : number of rows found (passed by reference)
* @access public
*/
static function getAll($includeInactive = false, $keyword = '', $groups = array(), $rowIds = array(), $user = false, $tplId = false, $csId = false, $start = 0, $limit = 0, $returnObjects = true, &$score = array())
{
$select = 'id_row';
$where = '';
//keywords
if ($keyword) {
//clean user keywords (never trust user input, user is evil)
$keyword = strtr($keyword, ",;", " ");
$words = array();
$words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
$cleanedWords = array();
foreach ($words as $aWord) {
if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
$aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
$cleanedWords[] = $aWord;
}
}
if (!$cleanedWords) {
//if no words after cleaning, return
return array();
}
$keywordWhere = '';
foreach ($cleanedWords as $cleanedWord) {
$keywordWhere .= $keywordWhere ? ' and ' : '';
$keywordWhere .= " (\n\t\t\t\t\tdescription_row like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor label_row like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
}
$where .= $where ? ' and ' : '';
$where .= " ((" . $keywordWhere . ") or MATCH (label_row, description_row) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') )";
$select .= " , MATCH (label_row, description_row) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') as m ";
}
$sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tmod_standard_rows\n\t\t";
//groups
if ($groups) {
foreach ($groups as $group) {
$where .= $where ? ' and ' : '';
$where .= " (\n\t\t\t\t\tgroupsStack_row='" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t\tor groupsStack_row like '%;" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_row like '" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_row like '%;" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t)";
}
}
//useable
if (!$includeInactive) {
$where .= $where ? ' and ' : '';
$where .= " useable_row=1 ";
}
//rowIds
if ($rowIds) {
$where .= $where ? ' and ' : '';
$where .= " id_row in (" . implode(',', $rowIds) . ") ";
}
if ($tplId) {
$where .= $where ? ' and ' : '';
$where .= " (\n\t\t\t\ttplfilter_row=''\n\t\t\t\tor tplfilter_row='" . sensitiveIO::sanitizeSQLString($tplId) . "'\n\t\t\t\tor tplfilter_row like '%;" . sensitiveIO::sanitizeSQLString($tplId) . ";%'\n\t\t\t\tor tplfilter_row like '" . sensitiveIO::sanitizeSQLString($tplId) . ";%'\n\t\t\t\tor tplfilter_row like '%;" . sensitiveIO::sanitizeSQLString($tplId) . "'\n\t\t\t) ";
}
//user
if (is_object($user) && !$user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) {
$groupsDenied = $user->getRowGroupsDenied();
$groupsDenied = $groupsDenied->getElements();
if ($groupsDenied) {
$where .= $where ? ' and (' : '(';
foreach ($groupsDenied as $group) {
$where .= " (\n\t\t\t\t\t\tgroupsStack_row != '" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t\tand groupsStack_row not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_row not like '" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_row not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t) and";
}
//remove last "or" and append )
$where = io::substr($where, 0, -3) . ')';
}
}
$sql = $sql . ($where ? ' where ' . $where : '');
//order
if (io::strpos($sql, 'MATCH') === false) {
$sql .= " order by label_row ";
} else {
$sql .= " order by m desc ";
}
//limit
if ($start || $limit) {
$sql .= " limit " . sensitiveIO::sanitizeSQLString($start) . "," . sensitiveIO::sanitizeSQLString($limit);
}
//pr($sql);
$q = new CMS_query($sql);
$rows = array();
while ($r = $q->getArray()) {
$id = $r['id_row'];
//set match score if exists
if (isset($r['m'])) {
$score[$id] = $r['m'];
}
if ($returnObjects) {
$row = new CMS_row($id);
if (!$row->hasError()) {
$rows[$row->getID()] = $row;
//.........这里部分代码省略.........
示例12: getByCode
/**
* Get toolbar by code
*
* @param string $code the toolbar code to get
* @param CMS_profile_user $user the toolbar elements to set
* @return array the toolbars
* @access public
* @static
*/
function getByCode($code, &$user)
{
$sql = "\n\t\t\tselect\n\t\t\t\tid_tool\n\t\t\tfrom\n\t\t\t\ttoolbars\n\t\t\twhere\n\t\t\t\tcode_tool = '" . sensitiveIO::sanitizeSQLString($code) . "'\n\t\t";
$q = new CMS_query($sql);
return $q->getNumRows() ? new CMS_wysiwyg_toolbar($q->getValue("id_tool"), $user) : false;
}
示例13: CMS_query
if ($cms_action == "finalisation") {
//Application Label
if (!isset($_POST["label"]) || !$_POST["label"]) {
$error .= $error_step8_label . '<br />';
} else {
//set values in standard_rc.xml file
$module = CMS_modulesCatalog::getByCodename('standard');
$moduleParameters = $module->getParameters(false, true);
$moduleParameters['APPLICATION_LABEL'][0] = $_POST["label"];
$module->setAndWriteParameters($moduleParameters);
//change root page Name
//in edited table
$sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_edited \n\t\t\t\t\tset\n\t\t\t\t\t\ttitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "',\n\t\t\t\t\t\tlinkTitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tpage_pbd = '1'\n\t\t\t\t";
$q = new CMS_query($sql);
//in public table
$sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_public\n\t\t\t\t\tset\n\t\t\t\t\t\ttitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "',\n\t\t\t\t\t\tlinkTitle_pbd = '" . sensitiveIO::sanitizeSQLString($_POST["label"]) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tpage_pbd = '1'\n\t\t\t\t";
$q = new CMS_query($sql);
}
//No application email
if (isset($_POST["no_application_email"]) && $_POST["no_application_email"] == 1) {
//set values in standard_rc.xml file
$module = CMS_modulesCatalog::getByCodename('standard');
$moduleParameters = $module->getParameters(false, true);
$moduleParameters['NO_APPLICATION_MAIL'][0] = 1;
$module->setAndWriteParameters($moduleParameters);
}
//Change resources creation date to force all regenerations at first launch
$sql = "\n\t\t\t\tupdate\n\t\t\t\t\tresourceStatuses\n\t\t\t\tset\n\t\t\t\t\tpublicationDateStart_rs = NOW(),\n\t\t\t\t\tpublication_rs = '1'\n\t\t\t\twhere\n\t\t\t\t\tpublication_rs = '2'\n\t\t\t";
$q = new CMS_query($sql);
//change default user language
if ($install_language == 'en') {
示例14: getTemplateIDForCloneID
/**
* Return a template ID corresponding of a given clone ID
*
* @param integer cloneID : the clone ID to get template ID
* @return integer : the template ID or false if none found
* @access public
*/
static function getTemplateIDForCloneID($cloneID)
{
$sql = "\n\t\t\tselect\n\t\t\t\tdefinitionFile_pt\n\t\t\tfrom\n\t\t\t\tpageTemplates\n\t\t\twhere\n\t\t\t\tid_pt = '" . sensitiveIO::sanitizeSQLString($cloneID) . "'\n\t\t";
$q = new CMS_query($sql);
if (!$q->getNumRows()) {
return false;
} else {
$definition = $q->getValue('definitionFile_pt');
}
if (!$definition) {
return false;
}
$sql = "\n\t\t\tselect\n\t\t\t\tid_pt\n\t\t\tfrom\n\t\t\t\tpageTemplates\n\t\t\twhere\n\t\t\t\tprivate_pt='0'\n\t\t\t\tand definitionFile_pt = '" . $definition . "'\n\t\t";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
return $q->getValue('id_pt');
} else {
return false;
}
}
示例15: labelExists
/**
* Returns boolean depending on wheather label exists or not
* Static function.
*
* @param string $label
* @param integer $groupId
* @access public
*/
static function labelExists($label, $groupId = 0)
{
if ((SensitiveIO::isPositiveInteger($groupId) || $groupId == 0) && $label) {
$sqlWhere = '';
if ($groupId) {
$sqlWhere = "\n\t\t\t\t\tid_prg != '" . $groupId . "' \n\t\t\t\t and ";
}
$sql = "\n\t\t\t\tselect distinct\n\t\t\t\t\t*\n\t\t\t\tfrom\n\t\t\t\t\tprofilesUsersGroups\n\t\t\t\twhere\n\t\t\t\t\t" . $sqlWhere . "\n\t\t\t\t\tlabel_prg='" . trim(sensitiveIO::sanitizeSQLString($label)) . "'\n\t\t\t";
$q = new CMS_query($sql);
return $q->getNumRows();
}
// As label may exist
return true;
}