goodspeed/Cloudlog
1
0
派生 0
代码 工单 合并请求 项目 版本发布 软件包 百科 动态 Actions

removed a lot of unused (and dangerous) functions

浏览代码
这个提交包含在:
int2001 2023-08-08 13:47:23 +00:00
父节点 27ad658f73
当前提交 1e269b18b2
找不到此签名对应的密钥
GPG 密钥 ID: DFB1C13CD2DB037B
共有 4 个文件被更改,包括 2 次插入333 次删除
显示统计信息 下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

256
application/controllers/Api.php
查看文件

@ -151,262 +151,8 @@ class API extends CI_Controller {
} }
} }
// FUNCTION: search()
// Handle search requests
/*
Okay, so here's how it works in a nutshell...
******************************************************************* /*
Because this is effectively just a filter between the query string
and a MySQL statement, if done wrong we're just asking for pain.
DO NOT alter any of the filtering statements without fully
understanding what you're doing. CodeIgniter provides some
protection against unwanted characters in the query string, but
this should in no way be relied upon for safety.
*******************************************************************
Example query:-
.../search/query[Call~M0*(and)(Locator~I*(or)Locator~J*)]/limit[10]/fields[distinct(Call),Locator]/order[Call(asc)]
There's four parts to this query, separated with forward slashes. It's effectively a heavily-sanitised
MySQL query, hence the hideous search and replace code blocks below.
FIELDS
------
Straightforward - input is sanitised and passed on - in the example, this ends up as "DISTINCT (Call),Locator",
which is then the first argument to 'SELECT'
QUERY
-----
This forms the 'WHERE' clause.
* '(and)' and '(or)' are expanded out to ' AND ' and ' OR '
* Parentheses are preserved
* '~' is expanded out to ' LIKE '
* '*' is translated to '%'
* Values are encapsulated in quote marks
So in the example, this translates to "WHERE Call LIKE 'M0%' AND (Locator LIKE 'I%' OR Locator LIKE 'J%')"
ORDER
-----
Sanitised, so our example ends up as "ORDER BY Call ASC".
LIMIT
-----
Straightforward - what's between the square brackets is passed as an argument to 'LIMIT'
Finally, once this has been done, each field name is translated to the MySQL column name.
*/
function search()
{
// Load the API and Logbook models
$this->load->model('api_model');
$this->load->model('logbook_model');
$this->load->model('user_model');
$arguments = $this->_retrieve();
print_r($arguments);
return;
if((!$this->user_model->authorize(3)) && ($this->api_model->authorize($arguments['key']) == 0)) {
$this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard');
}
$this->api_model->update_last_used($obj['key']);
// Retrieve the arguments from the query string
$data['data']['format'] = $arguments['format'];
// Call the parser within the API model to build the query
$query = $this->api_model->select_parse($arguments);
// Execute the query, and retrieve the results
$s = $this->logbook_model->api_search_query($query);
$a = 0;
// Print query results using original column names and exit
if ($arguments['format'] == 'original'){
$results = array();
foreach($s['results']->result() as $row){
//print_r($row);
array_push($results, $row);
}
print json_encode($results);
return;
}
if(isset($s['results'])) {
$results = $s['results'];
// Cycle through the results, and translate between MySQL column names
// and more friendly, descriptive names
if($results->num_rows() != 0)
{
foreach ($results->result() as $row) {
$record = (array)$row;
$r[$a]['rid'] = $a;
while (list($key, $val) = each($record)) {
$r[$a][$this->api_model->name($key)] = $val;
}
$a++;
}
// Add the result record to the main results array
$data['data']['search_Result']['results'] = $r;
}
else
{
// We've got no results, so make this empty for completeness
$data['data']['search_Result']['results'] = "";
}
} else {
$data['data']['error'] = $s['error'];
$data['data']['search_Result']['results'] = "";
}
// Add some debugging information to the XML output
$data['data']['queryInfo']['call'] = "search";
$data['data']['queryInfo']['dbQuery'] = $s['query'];
$data['data']['queryInfo']['numResults'] = $a;
$data['data']['queryInfo']['executionTime'] = $s['time'];
// Load the XML output view
$this->load->view('api/index', $data);
}
/*
* version of search that is callable internally
* $arguments is an array of columns to query
*/
function api_search($arguments){
// Load the API and Logbook models
$this->load->model('api_model');
$this->load->model('logbook_model');
$this->load->model('user_model');
if((!$this->user_model->authorize(3)) && ($this->api_model->authorize($arguments['key']) == 0)) {
$this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard');
}
$this->api_model->update_last_used($obj['key']);
// Retrieve the arguments from the query string
$data['data']['format'] = $arguments['format'];
// Call the parser within the API model to build the query
$query = $this->api_model->select_parse($arguments);
// Execute the query, and retrieve the results
$s = $this->logbook_model->api_search_query($query);
return $s;
}
function validate()
{
// Load the API and Logbook models
$this->load->model('api_model');
$this->load->model('logbook_model');
// Retrieve the arguments from the query string
$arguments = $this->_retrieve();
// Add some debugging information to the XML output
$data['data'] = $arguments;
$data['data']['queryInfo']['call'] = "validate";
$data['data']['queryInfo']['dbQuery'] = "";
$data['data']['queryInfo']['numResults'] = 1;
$data['data']['queryInfo']['executionTime'] = 0;
$data['data']['validate_Result']['results'] = array(0 => array('Result' => $this->api_model->authorize($arguments['key'])));
$this->load->view('api/index', $data);
}
function add()
{
// Load the API and Logbook models
$this->load->model('api_model');
$this->load->model('logbook_model');
$this->load->model('user_model');
if(!$this->user_model->authorize(3)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
// Retrieve the arguments from the query string
$arguments = $this->_retrieve();
// Call the parser within the API model to build the query
$query = $this->api_model->insert_parse($arguments);
# Check for guessable fields
if(!isset($query['COL_TIME_ON']))
{
$query['COL_TIME_ON'] = date("Y-m-d H:i:s", time());
}
if(!isset($query['COL_TIME_OFF']))
{
$query['COL_TIME_OFF'] = date("Y-m-d H:i:s", time());
}
$data['data']['queryInfo']['dbQuery'] = "";
$data['data']['queryInfo']['executionTime'] = 0;
if(!isset($query['COL_CALL'])) {
$data['data']['add_Result']['results'] = array(0 => array('Result' => 'EMISSINGCALL'));
} else {
$s = $this->logbook_model->api_insert_query($query);
$data['data']['queryInfo']['dbQuery'] = $s['query'];
$data['data']['queryInfo']['executionTime'] = $s['time'];
$data['data']['add_Result']['results'] = array(0 => array('Result' => $s['result_string']));
}
// Add some debugging information to the XML output
$data['data']['queryInfo']['call'] = "add";
$data['data']['queryInfo']['numResults'] = 0;
$this->load->view('api/index', $data);
}
// FUNCTION: _retrieve()
// Pull the search query arguments from the query string
private function _retrieve()
{
// This whole function could probably have been done in one line... if this was Perl.
$arguments = array();
// Retrieve each arguments
$query = preg_grep("/^query=(.*)$/", $this->uri->segments);
$limit = preg_grep("/^limit=(.*)$/", $this->uri->segments);
$order = preg_grep("/^order=(.*)$/", $this->uri->segments);
$fields = preg_grep("/^fields=(.*)$/", $this->uri->segments);
$format = preg_grep("/^format=(.*)$/", $this->uri->segments);
$key = preg_grep("/^key=(.*)$/", $this->uri->segments);
// Strip each argument
$arguments['query'] = substr(array_pop($query), 6);
$arguments['query'] = substr($arguments['query'], 0, strlen($arguments['query']));
$arguments['limit'] = substr(array_pop($limit), 6);
$arguments['limit'] = substr($arguments['limit'], 0, strlen($arguments['limit']));
$arguments['order'] = substr(array_pop($order), 6);
$arguments['order'] = substr($arguments['order'], 0, strlen($arguments['order']));
$arguments['fields'] = substr(array_pop($fields), 7);
$arguments['fields'] = substr($arguments['fields'], 0, strlen($arguments['fields']));
$arguments['format'] = substr(array_pop($format), 7);
$arguments['format'] = substr($arguments['format'], 0, strlen($arguments['format']));
$arguments['key'] = substr(array_pop($key), 4);
$arguments['key'] = substr($arguments['key'], 0, strlen($arguments['key']));
// By default, assume XML for the format if not otherwise set
if($arguments['format'] == "") {
$arguments['format'] = "xml";
}
// Return the arguments
return $arguments;
}
/*
* *
* Function: QSO * Function: QSO
* Task: allows passing of ADIF data to Cloudlog * Task: allows passing of ADIF data to Cloudlog

31
application/controllers/Awards.php
查看文件

@ -97,37 +97,6 @@ class Awards extends CI_Controller {
} }
public function dok_details_ajax(){
$a = $this->security->xss_clean($this->input->post());
$q = "";
foreach ($a as $key => $value) {
$q .= $key."=".$value.("(and)");
}
$q = substr($q, 0, strlen($q)-13);
$arguments["query"] = $q;
$arguments["fields"] = '';
$arguments["format"] = "json";
$arguments["limit"] = '';
$arguments["order"] = '';
$arguments["join_station_profile"] = true;
// Load the API and Logbook models
$this->load->model('api_model');
$this->load->model('logbook_model');
// Call the parser within the API model to build the query
$query = $this->api_model->select_parse($arguments);
// Execute the query, and retrieve the results
$data = $this->logbook_model->api_search_query($query);
// Render Page
$data['page_title'] = "Log View - DOK";
$data['filter'] = str_replace("(and)", ", ", $q);
$this->load->view('awards/details', $data);
}
public function dxcc () { public function dxcc () {
$this->load->model('dxcc'); $this->load->model('dxcc');
$this->load->model('modes'); $this->load->model('modes');

14
application/models/Logbook_model.php
查看文件

@ -2629,19 +2629,7 @@ class Logbook_model extends CI_Model {
} }
} }
function api_search_query($query) { function api_insert_query($query) {
$time_start = microtime(true);
$results = $this->db->query($query);
if(!$results) {
return array('query' => $query, 'error' => $this->db->_error_number(), 'time' => 0);
}
$time_end = microtime(true);
$time = round($time_end - $time_start, 4);
return array('query' => $query, 'results' => $results, 'time' => $time);
}
function api_insert_query($query) {
$time_start = microtime(true); $time_start = microtime(true);
$results = $this->db->insert($this->config->item('table_name'), $query); $results = $this->db->insert($this->config->item('table_name'), $query);
if(!$results) { if(!$results) {

34
application/views/interface_assets/footer.php
查看文件

@ -1860,40 +1860,6 @@ $(document).ready(function(){
</script> </script>
<?php } ?> <?php } ?>
<?php if ($this->uri->segment(2) == "dok") { ?>
<script>
function displayDokContacts(dok, band) {
var baseURL= "<?php echo base_url();?>";
$.ajax({
url: baseURL + 'index.php/awards/dok_details_ajax',
type: 'post',
data: {'DOK': dok,
'Band': band
},
success: function(html) {
BootstrapDialog.show({
title: 'QSO Data',
size: BootstrapDialog.SIZE_WIDE,
cssClass: 'qso-dok-dialog',
nl2br: false,
message: html,
onshown: function(dialog) {
$('[data-toggle="tooltip"]').tooltip();
},
buttons: [{
label: 'Close',
action: function (dialogItself) {
dialogItself.close();
}
}]
});
}
});
}
</script>
<?php } ?>
<?php if ($this->uri->segment(2) == "iota") { ?> <?php if ($this->uri->segment(2) == "iota") { ?>
<script> <script>