Skip to content
Snippets Groups Projects
Commit f62bbf80 authored by Hahn Axel (hahn)'s avatar Hahn Axel (hahn)
Browse files

Merge branch 'task-3892-empty-log-search' into 'master' 

Task 3892 empty log search

See merge request !113
parents 02482221 d885d229
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
.gitignore
+ 30
29
View file @ f62bbf80
...@@ -27,3 +27,4 @@ nbproject ...@@ -27,3 +27,4 @@ nbproject
/public_html/vendor/medoo/ /public_html/vendor/medoo/
/config/_inc_projects_config.php /config/_inc_projects_config.php
/config/inc_projects_config.php /config/inc_projects_config.php
/.vscode/
\ No newline at end of file
public_html/deployment/classes/actionlog.class.php
+ 33
17
View file @ f62bbf80
...@@ -136,11 +136,22 @@ class Actionlog { ...@@ -136,11 +136,22 @@ class Actionlog {
return $oResult; return $oResult;
} }
/**
* helper function to remove chars in a string
* @param string $sVal user value
* @param string $sOKChars good chars to keep
* @return string
*/
private function _filterAllowedChars($sVal, $sOKChars){
return preg_replace('/[^'.$sOKChars. ']/i', '',$sVal);
}
/** /**
* get log data * get log data
* @param array $aFilter with the following keys: * @param array $aFilter with the following keys:
* 'project' - filter by project; will be mixed with where (see next key) * 'project' - filter by project; will be mixed with where (see next key)
* 'where' - where clausel - part behind "WHERE " * 'from ' - time greater equal; time as string i.e. "2020-06-24" or "2020-06-24 11:00:00"
* 'to' - max time (see from)
* 'order' - order clausel - part behind "ORDER BY "; default is "id DESC" (order by newest entries) * 'order' - order clausel - part behind "ORDER BY "; default is "id DESC" (order by newest entries)
* 'limit' - limit clausel - part behind "LIMIT " * 'limit' - limit clausel - part behind "LIMIT "
* @return array * @return array
...@@ -151,22 +162,27 @@ class Actionlog { ...@@ -151,22 +162,27 @@ class Actionlog {
$sSql = 'SELECT `id`,`time`,`loglevel`,`ip`,`user`,`project`,`action`,`message` from logs '; $sSql = 'SELECT `id`,`time`,`loglevel`,`ip`,`user`,`project`,`action`,`message` from logs ';
$sWhere = false; $sWhere = false;
if (array_key_exists("where", $aFilter) && $aFilter["where"]) {
$sWhere.=' WHERE (' . $aFilter["where"] . ') '; $aWhere=array();
}
if (array_key_exists("project", $aFilter) && $aFilter["project"]) { if (array_key_exists("project", $aFilter) && $aFilter["project"]) {
$sProjectWhere = '`project`="' . $aFilter["project"] . '"'; $aWhere[]='`project`="' . $this->_filterAllowedChars($aFilter["project"], '[a-z0-9\-\_]') . '"';
$sWhere.= $sWhere ? ' AND ' . $sProjectWhere : 'WHERE ' . $sProjectWhere; }
if (array_key_exists("from", $aFilter) && $aFilter["from"]) {
$aWhere[]='`time`>="' . $this->_filterAllowedChars($aFilter["from"], '[0-9\-\ \:]') . '"';
} }
$sSql.=$sWhere; if (array_key_exists("to", $aFilter) && $aFilter["to"]) {
$aWhere[]='`time`<="' . $this->_filterAllowedChars($aFilter["to"], '[0-9\-\ \:]') . '"';
}
$sSql.=(count($aWhere) ? 'WHERE '. implode(' AND ', $aWhere) : '');
if (array_key_exists("order", $aFilter) && $aFilter["order"]) { if (array_key_exists("order", $aFilter) && $aFilter["order"]) {
$sSql.=' ORDER BY ' . $aFilter["order"]; $sSql.=' ORDER BY ' . $this->_filterAllowedChars($aFilter["order"], '[a-z\`0-9\,\ ]');
} else { } else {
$sSql.=' ORDER BY id DESC '; $sSql.=' ORDER BY id DESC ';
} }
if (array_key_exists("limit", $aFilter) && $aFilter["limit"]) { if (array_key_exists("limit", $aFilter) && $aFilter["limit"]) {
$sSql.=' LIMIT ' . $aFilter["limit"]; $sSql.=' LIMIT ' . $this->_filterAllowedChars($aFilter["limit"], '[0-9\,\ ]');
} }
foreach ($this->_makeQuery($sSql) as $row) { foreach ($this->_makeQuery($sSql) as $row) {
...@@ -250,7 +266,7 @@ class Actionlog { ...@@ -250,7 +266,7 @@ class Actionlog {
$aForms["filter"]["form"]['selectproject']['options'][$row[0]]=array('label'=>$row[0]); $aForms["filter"]["form"]['selectproject']['options'][$row[0]]=array('label'=>$row[0]);
} }
} }
$aForms["filter"]["form"]['selectWheretime'] = array( $aForms["filter"]["form"]['selectfrom'] = array(
'type' => 'select', 'type' => 'select',
'name' => 'selectWheretime', 'name' => 'selectWheretime',
'label' => '<i class="glyphicon glyphicon-calendar"></i> '.t("class-actionlog-time"), 'label' => '<i class="glyphicon glyphicon-calendar"></i> '.t("class-actionlog-time"),
......
public_html/deployment/classes/sws.class.php
+ 8
2
View file @ f62bbf80
...@@ -174,10 +174,16 @@ class sws { ...@@ -174,10 +174,16 @@ class sws {
*/ */
private function _verifyParamValue($sParamValue){ private function _verifyParamValue($sParamValue){
$sOKChars='a-z0-9\"\{\}\[\]\.\,\ \:\-\+'; $sOKChars='a-z0-9\"\{\}\[\]\.\,\ \:\-\+';
/*
$sOKChars='a-z0-9\"\`\'\{\}\[\]\.\,\ \:\-\+'
.'\<\>\='
;
*/
if(isset($this->_aParams[$sParamValue])){ if(isset($this->_aParams[$sParamValue])){
$sVal=urldecode($this->_aParams[$sParamValue]); $sVal=urldecode($this->_aParams[$sParamValue]);
if(preg_match('/[^'.$sOKChars. ']/i', $sVal)){ $sBadchars=preg_replace('/['.$sOKChars. ']/i', '',$sVal);
$this->_quit("ERROR: parameter $sParamValue=.. contains unsupported character(s): [". preg_replace('/['.$sOKChars. ']/i', '',$sVal)."]"); if($sBadchars){
$this->_quit("ERROR: parameter $sParamValue=.. contains unsupported character(s): [". $sBadchars."]");
} }
} }
......
public_html/deployment/js/functions.js
+ 53
2
View file @ f62bbf80
...@@ -60,8 +60,8 @@ $(document).ready(function() { ...@@ -60,8 +60,8 @@ $(document).ready(function() {
/** /**
* get filtered action log table * get filtered action log table
* @returns {undefined} * @returns {undefined}
*/
function updateActionlog(){ function __REMOVEME___updateActionlog(){
var sUrlBase="/webservice/?class=Actionlog&action=getLogs&type=json&args="; var sUrlBase="/webservice/?class=Actionlog&action=getLogs&type=json&args=";
var aArgs={}; var aArgs={};
...@@ -124,7 +124,58 @@ function updateActionlog(){ ...@@ -124,7 +124,58 @@ function updateActionlog(){
}); });
} }
*/
/**
* get filtered action log table
* @returns {undefined}
*/
function updateActionlog(){
var sUrlBase="/webservice/?class=Actionlog&action=getLogs&type=json&args=";
// columns in output table
var aTableitems=["id", "time", "loglevel", "ip", "user", "project", "action", "message"];
var aArgs={
'project': $('#selectproject').val(),
'from': $('#selectfrom').val(),
'to': $('#selectto').val(),
'limit': $('#selectlimit').val(),
}
// --- get data
var sUrl=sUrlBase+'['+JSON.stringify(aArgs)+']';
$.post( sUrl, function( aData ) {
var sHtml='';
// --- generate output
if (aData.length && aData[0]["id"]){
for (i=0; i<aData.length; i++){
sHtml+='<tr class="tractionlogs loglevel-'+aData[i]["loglevel"]+' '+aData[i]["project"]+'">';
for (j=0; j<aTableitems.length; j++){
sHtml+='<td>'+aData[i][aTableitems[j]]+'</td>';
}
sHtml+='</tr>';
}
}
drawTimeline(aData);
if (!sHtml){
sHtml=sMsgNolog; // variable is set in actionlog.class.php
} else {
sHead='';
for (j=0; j<aTableitems.length; j++){
sHead+='<th>'+aTableitems[j]+'</th>';
}
sHead='<thead><tr>'+sHead+'</tr></thead>';
sHtml='<table class="table table-condensed">'+sHead+'<tbody>'+sHtml+'</tbody></table>';
}
$('#tableLogactions').html(sHtml);
filterLogTable();
});
}
/** /**
* render timeline with Visjs * render timeline with Visjs
* *
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment