meteo/Sentri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed the basequery builder so it can be set manually.

Browse Source
This commit is contained in:
Meteo
2026-01-07 23:13:11 +01:00
parent f279a78366
commit 604d71e0e6
2 changed files with 20 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pub/api/classes/API.php
View File

@@ -39,6 +39,9 @@ class API
private $requiredFields = [];
private $optionalFields = [];
# Used for the query builder base
public $baseQuery = false;
public function __construct()
{
# Setup Database connection
@@ -222,13 +225,11 @@ class API
$field = $builder['where'][0];
$value = $builder['where'][1];
// Check if the field is allowed (in required or optional)
$rules = $requiredFields[$field] ?? $optionalFields[$field] ?? null;
if (!$rules) {
$this->apiOutput(403, ['error' => "Field not allowed in query: $field"]);
}
// Validate and sanitize
if (!$this->validateField($value, $rules)) {
$this->apiOutput(422, ['error' => "Invalid value for builder field: $field"]);
}
@@ -682,13 +683,16 @@ class API
protected function buildDynamicQuery(string $tableName): array
{
$baseQuery = "SELECT * FROM " . $tableName;
if (!$this->baseQuery) {
$this->baseQuery = "SELECT * FROM " . $tableName;
}
$whereClauses = [];
$types = '';
$values = [];
if (!isset($_GET['builder']) || !is_array($_GET['builder'])) {
return [$baseQuery, $types, $values];
return [$this->baseQuery, $types, $values];
}
foreach ($_GET['builder'] as $builder) {
@@ -705,10 +709,10 @@ class API
}
if (!empty($whereClauses)) {
$baseQuery .= " WHERE " . implode(" AND ", $whereClauses);
$this->baseQuery .= " WHERE " . implode(" AND ", $whereClauses);
}
return [$baseQuery, $types, $values];
return [$this->baseQuery, $types, $values];
}
protected function generalGetFunction($query, $types, $params, $returnBoolean, $itemName)

36
pub/bin/pages/servers/pageServerOverview_view.php
View File

@@ -28,16 +28,11 @@ $jsScriptLoadData['multiFilterSelectServers'] = true;
# Retrieve Information for the page
if (!isset($_GET['del'])) {
$query = "SELECT * FROM servers LEFT JOIN companies ON companies.company_uuid = servers.company_uuid WHERE servers.server_state != 'deleted' ORDER BY server_vm_host_name";
} else {
$query = "SELECT * FROM servers LEFT JOIN companies ON companies.company_uuid = servers.company_uuid ORDER BY server_vm_host_name";
}
$stmt = $GLOBALS['conn']->query($query);
$servers = [];
while ($row = $stmt->fetch_assoc()) {
array_push($servers, $row);
}
if ($GLOBALS['modules_enabled']['customers']) {
$API_servers->baseQuery = "SELECT * FROM servers LEFT JOIN companies ON companies.company_uuid = servers.company_uuid WHERE servers.server_state != 'deleted'";
} else {
$API_servers->baseQuery = "SELECT * FROM servers WHERE servers.server_state != 'deleted'";
}
$allBackupTypes = [];
$allLicenseTypes = [];
@@ -94,23 +89,12 @@ if (isset($_COOKIE['serverTableColumns'])) {
$showColumns[$CheckedColumn] = true;
}
} else {
$showColumns['server_hostname'] = true;
$showColumns['company_name'] = true;
$showColumns['server_os'] = true;
$showColumns['server_cpu'] = true;
$showColumns['server_memory'] = true;
$showColumns['server_memory_demand'] = true;
$showColumns['server_disks'] = true;
$showColumns['server_state'] = true;
}
function cleanNumber($num)
{
// If integer value, return without formatting
if (floor($num) == $num) {
return (string)$num;
if ($GLOBALS['modules_enabled']['customers']) {
$API_servers->baseQuery = "SELECT * FROM servers LEFT JOIN companies ON companies.company_uuid = servers.company_uuid";
} else {
$API_servers->baseQuery = "SELECT * FROM servers";
}
}
// Otherwise return trimmed float
return rtrim(rtrim(number_format($num, 10, '.', ''), '0'), '.');