arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Fix TableEditor-based pages including CMS & Documents

Browse Source
This commit is contained in:
patrick 2025-02-10 04:48:34 +00:00
parent 66aeb66fda
commit a2d3e6112b
3 changed files with 28 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
admin/cms.php
View File

@ -79,7 +79,7 @@ if (get_value_from_array($_POST, 'action') == 'save') {
? ?
)"); )");
$q->execute([$filename,$insertdt,$lang,$text,get_value_from_array($_POST, $titlename, ''),get_value_from_array($_POST, $showlogoname, '')]); $q->execute([$filename,$insertdt,$lang,$text,get_value_from_array($_POST, $titlename, ''),get_value_from_array($_POST, $showlogoname, '')]);
if ($pdo->errorInfo()) { if (!$pdo->errorInfo()) {
echo error(i18n('An error occurred saving %1 in %2', array($filename, $langname))); echo error(i18n('An error occurred saving %1 in %2', array($filename, $langname)));
$err = true; $err = true;
} }
@ -88,7 +88,7 @@ if (get_value_from_array($_POST, 'action') == 'save') {
echo happy(i18n('%1 successfully saved', array($_POST['filename']))); echo happy(i18n('%1 successfully saved', array($_POST['filename'])));
} }
if (get_value_from_array($_GET, 'filename', '') || get_value_from_array($_GET, 'action', 'create')) { if (get_value_from_array($_GET, 'filename') || get_value_from_array($_GET, 'action') == 'create') {
echo "<a href=\"cms.php\">&lt;&lt; Back to file list</a><br />\n"; echo "<a href=\"cms.php\">&lt;&lt; Back to file list</a><br />\n";
echo '<form method="post" action="cms.php">'; echo '<form method="post" action="cms.php">';
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
@ -104,7 +104,7 @@ if (get_value_from_array($_GET, 'filename', '') || get_value_from_array($_GET, '
echo '<tr><th colspan="2">'; echo '<tr><th colspan="2">';
$q = $pdo->prepare("SELECT * FROM cms WHERE filename=? AND lang=? ORDER BY dt DESC LIMIT 1"); $q = $pdo->prepare("SELECT * FROM cms WHERE filename=? AND lang=? ORDER BY dt DESC LIMIT 1");
$q->execute([get_value_from_array($_GET, 'filename', ''),$lang]); $q->execute([$_GET['filename'],$lang]);
if ($r = $q->fetch(PDO::FETCH_OBJ)) { if ($r = $q->fetch(PDO::FETCH_OBJ)) {
if ($r->dt == '0000-00-00 00:00:00' || !$r->dt) if ($r->dt == '0000-00-00 00:00:00' || !$r->dt)
$dt = 'Never'; $dt = 'Never';
@ -163,8 +163,8 @@ if (get_value_from_array($_GET, 'filename', '') || get_value_from_array($_GET, '
echo '<tr><th>' . i18n('File History') . "</th></tr>\n"; echo '<tr><th>' . i18n('File History') . "</th></tr>\n";
$q = $pdo->prepare("SELECT DISTINCT(dt) FROM cms WHERE filename=? ORDER BY dt DESC LIMIT ?"); $q = $pdo->prepare("SELECT DISTINCT(dt) FROM cms WHERE filename=? ORDER BY dt DESC LIMIT $historylimit");
$q->execute([get_value_from_array($_GET, 'filename', ''),$historylimit]); $q->execute([get_value_from_array($_GET, 'filename')]);
$first = true; $first = true;
if ($q->rowCount()) { if ($q->rowCount()) {
while ($r = $q->fetch(PDO::FETCH_OBJ)) { while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -203,12 +203,12 @@ if (get_value_from_array($_GET, 'filename', '') || get_value_from_array($_GET, '
echo '<table class="summarytable">'; echo '<table class="summarytable">';
$q = $pdo->prepare('SELECT DISTINCT(filename) AS filename FROM cms ORDER BY filename'); $q = $pdo->prepare('SELECT DISTINCT(filename) AS filename FROM cms ORDER BY filename');
$q->execute();
echo '<tr><th>' . i18n('Filename') . '</th><th>' . i18n('Last Update') . '</th></tr>'; echo '<tr><th>' . i18n('Filename') . '</th><th>' . i18n('Last Update') . '</th></tr>';
while ($r = $q->fetch(PDO::FETCH_ASSOC)) { while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo '<tr><td><a href="cms.php?filename=' . rawurlencode($r->filename) . "\">/web/$r->filename</a></td>"; echo '<tr><td><a href="cms.php?filename=' . rawurlencode($r->filename) . "\">/web/$r->filename</a></td>";
$q2 = $pdo->prepare("SELECT dt FROM cms WHERE filename=? ORDER BY dt DESC LIMIT 1"); $q2 = $pdo->prepare("SELECT dt FROM cms WHERE filename=? ORDER BY dt DESC LIMIT 1");
$q->execute([$r->filename]); $q2->execute([$r->filename]);
$r2 = $q2->fetch(PDO::FETCH_OBJ); $r2 = $q2->fetch(PDO::FETCH_OBJ);
if ($r2->dt == '0000-00-00 00:00:00') if ($r2->dt == '0000-00-00 00:00:00')
$dt = 'Never'; $dt = 'Never';

1
admin/documents.php
View File

@ -45,7 +45,6 @@ $editor = new TableEditor('documents',
'sel_category' => 'Category', 'sel_category' => 'Category',
'filename' => 'Filename', 'filename' => 'Filename',
)); ));
$editor->setPrimaryKey('id'); $editor->setPrimaryKey('id');
$editor->setUploadPath('../data/documents'); $editor->setUploadPath('../data/documents');
$editor->setDefaultSortField('sel_category,date'); $editor->setDefaultSortField('sel_category,date');

36
tableeditor.class.php
View File

@ -79,6 +79,7 @@ if (!$icon_extension) {
$icon_extension = 'png'; $icon_extension = 'png';
} }
/** /**
* The main class * The main class
* @package tableeditor * @package tableeditor
@ -141,7 +142,7 @@ class TableEditor
* @param array $editfields * @param array $editfields
* @param array $hiddenfields * @param array $hiddenfields
*/ */
function TableEditor($classname, $listfields = null, $editfields = null, $hiddenfields = null) function __construct($classname, $listfields = null, $editfields = null, $hiddenfields = null)
{ {
// set defaults // set defaults
$this->timeformat = '12hrs'; $this->timeformat = '12hrs';
@ -368,8 +369,8 @@ class TableEditor
$inputsize = 0; $inputsize = 0;
// figure out what kind of input this should be // figure out what kind of input this should be
$q = $pdo->prepare("SHOW COLUMNS FROM ? LIKE ?"); $q = $pdo->prepare("SHOW COLUMNS FROM $this->table LIKE '$f'");
$q->execute([$this->table,$f]); $q->execute();
$r = $q->fetch(PDO::FETCH_OBJ); $r = $q->fetch(PDO::FETCH_OBJ);
if (preg_match('/([a-z]*)\(([0-9,]*)\)/', $r->Type, $regs)) { if (preg_match('/([a-z]*)\(([0-9,]*)\)/', $r->Type, $regs)) {
@ -461,15 +462,16 @@ class TableEditor
function defaultLoad() function defaultLoad()
{ {
global $pdo; global $pdo;
$query = "SELECT ?"; $query = "SELECT $this->primaryKey";
foreach ($this->editfields AS $f => $n) foreach ($this->editfields AS $f => $n)
$query .= ", ?"; $query .= ", `$f`";
$query .= " FROM ?"; $query .= " FROM $this->table";
$query .= " WHERE {$this->primaryKey}=?"; $query .= " WHERE $this->primaryKey=". $_GET['edit'];
if ($this->DEBUG) if ($this->DEBUG)
echo $query; echo $query;
$editquery = $pdo->prepare($query); $editquery = $pdo->prepare($query);
$editquery->execute([$this->primaryKey,$f,$this->table,$_GET['edit']]); $editquery->execute();
$editdata = $editquery->fetch(PDO::FETCH_ASSOC); $editdata = $editquery->fetch(PDO::FETCH_ASSOC);
return $editdata; return $editdata;
} }
@ -699,6 +701,7 @@ class TableEditor
echo '<input type="hidden" name="TableEditorAction" value="editsave">'; echo '<input type="hidden" name="TableEditorAction" value="editsave">';
echo "<input type=\"hidden\" name=\"editsave\" value=\"{$_GET['edit']}\">"; echo "<input type=\"hidden\" name=\"editsave\" value=\"{$_GET['edit']}\">";
$data = "";
if ($this->classname) if ($this->classname)
$data = new $this->classname($_GET['edit']); $data = new $this->classname($_GET['edit']);
@ -785,8 +788,8 @@ class TableEditor
case 'enum': case 'enum':
break; break;
case 'select_or_text': case 'select_or_text':
$optq = $pdo->prepare("SELECT DISTINCT(?) AS ? FROM ? ORDER BY ?"); $optq = $pdo->prepare("SELECT DISTINCT('$f') AS '$f' FROM $this->table ORDER BY '$f'");
$optq->execute([$f,$f,$this->table, $f]); $optq->execute();
if ($this->fieldInputOptions[$f]) if ($this->fieldInputOptions[$f])
echo '<select ' . $this->fieldInputOptions[$f] . ' id="' . $f . '_select" name="' . $f . '_select">'; echo '<select ' . $this->fieldInputOptions[$f] . ' id="' . $f . '_select" name="' . $f . '_select">';
else else
@ -958,6 +961,7 @@ class TableEditor
global $icon_extension; global $icon_extension;
global $editdata; global $editdata;
global $pdo; global $pdo;
global $config;
$query = "SELECT SQL_CALC_FOUND_ROWS $this->primaryKey"; $query = "SELECT SQL_CALC_FOUND_ROWS $this->primaryKey";
@ -991,7 +995,7 @@ class TableEditor
// just to make sure nothing funky is goin on. // just to make sure nothing funky is goin on.
if ($offset < 0) if ($offset < 0)
$offset = 0; $offset = 0;
$query .= " LIMIT ?,?"; $query .= " LIMIT $offset,$this->rowsPerPage";
} }
if ($this->allowAdding) { if ($this->allowAdding) {
@ -1001,9 +1005,8 @@ class TableEditor
if ($this->DEBUG) if ($this->DEBUG)
echo $query; echo $query;
echo $query;
$q = $pdo->prepare($query); $q = $pdo->prepare($query);
$q->execute([$offset,$this->rowsPerPage]); $q->execute();
if ($q == false) { if ($q == false) {
echo "Sorry, DB query failed: <pre>$query</pre><br />"; echo "Sorry, DB query failed: <pre>$query</pre><br />";
@ -1101,11 +1104,12 @@ class TableEditor
echo '</tr>'; echo '</tr>';
while ($r = $q->fetch(PDO::FETCH_OBJ)) { while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo '<tr>'; echo '<tr>';
foreach ($this->listfields AS $f => $n) { foreach ($this->listfields AS $f => $n) {
// figure out what kind of input this should be // figure out what kind of input this should be
$typeq = $pdo->prepare("SHOW COLUMNS FROM ? LIKE ?"); $typeq = $pdo->prepare("SHOW COLUMNS FROM $this->table LIKE '$f'");
$typeq->execute([$this->table,$config['FAIRYEAR']]); $typeq->execute();
$typer = $typeq->fetCh(PDO::FETCH_OBJ); $typer = $typeq->fetch(PDO::FETCH_OBJ);
if ($typer->Type == 'time') if ($typer->Type == 'time')
echo '<td valign="top">' . $this->format_time($r->$f) . '</td>'; echo '<td valign="top">' . $this->format_time($r->$f) . '</td>';
else if ($typer->Type == 'date') else if ($typer->Type == 'date')