Sahana Agasti

Merge lp:~andy-freeborough/sahana-agasti/krakatoa into lp:sahana-agasti/krakatoa

  1. krakatoa
  2. Merge into stable-0.6
Proposed by Andy Freeborough
Status: Merged
Merge reported by: dot dot dot
Merged at revision: not available
Proposed branch: lp:~andy-freeborough/sahana-agasti/krakatoa
Merge into: lp:sahana-agasti/krakatoa
Diff against target: 1294 lines (+714/-259)
3 files modified
sahana-phase2/mod/cs/lib_cs_validate.inc (+2/-2)
sahana-phase2/mod/vm/model/dao.php (+410/-257)
sahana-phase2/www/xml.php (+302/-0)
To merge this branch: bzr merge lp:~andy-freeborough/sahana-agasti/krakatoa
Reviewer Review Type Date Requested Status
dot dot dot Pending
Review via email: mp+49512@code.launchpad.net

Commit message

merged

Description of the change

I've restored /xml.php which was removed thinking it was no longer used. I've removed any potential of SQL injection attacks from /xml.php by changing queries built as strings to use bound parameters. I also fixed a problem with the config include and variables being used before they were declared.

To post a comment you must log in.
lp:~andy-freeborough/sahana-agasti/krakatoa updated
3816. By Andy Freeborough

In mod/vm/model/dao.php I've wrapped all uses of a database query result object with a check to ensure that the result object isn't empty. This specifically addresses the issues reported in bug #632834 .

3817. By Andy Freeborough

Fixed a problem where you could not add aid item types to a catalog - the code was incorrectly handling the measurement unit as a string rather than an array. This fixes bug #633267.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'sahana-phase2/mod/cs/lib_cs_validate.inc'
2--- sahana-phase2/mod/cs/lib_cs_validate.inc 2011-01-13 18:35:44 +0000
3+++ sahana-phase2/mod/cs/lib_cs_validate.inc 2011-02-12 21:04:37 +0000
4@@ -113,7 +113,7 @@
5 * @return boolean
6 */
7 function _shn_cs_validate_additem_form()
8-{
9+{
10 $error_flag = false;
11 clean_errors();
12
13@@ -128,7 +128,7 @@
14 $error_flag = true;
15 }
16
17- if(trim($_POST['unit_select']) == null) {
18+ if(empty($_POST['unit_select'])) {
19 add_error(_("Please select unit/units"));
20 $error_flag = true;
21 }
22
23=== modified file 'sahana-phase2/mod/vm/model/dao.php'
24--- sahana-phase2/mod/vm/model/dao.php 2008-10-31 03:31:55 +0000
25+++ sahana-phase2/mod/vm/model/dao.php 2011-02-12 21:04:37 +0000
26@@ -118,10 +118,14 @@
27
28 $result = $this->execute("select opt_id_type, serial from identity_to_person where p_uuid = '" . $id. "'");
29 $info["ids"]= array();
30- while(!$result->EOF)
31+
32+ if( !empty( $result ) )
33 {
34- $info["ids"][$result->fields["opt_id_type"]] = $result->fields["serial"];
35- $result->moveNext();
36+ while(!$result->EOF)
37+ {
38+ $info["ids"][$result->fields["opt_id_type"]] = $result->fields["serial"];
39+ $result->moveNext();
40+ }
41 }
42
43 // locations
44@@ -149,10 +153,13 @@
45 $info['proj_id'] = $info['pos_id'] = array();
46 $result = $this->execute("select pos_id, proj_id from vm_vol_assignment_active where p_uuid = '$id'");
47
48- while(!$result->EOF) {
49- $info['pos_id' ][] = $result->fields['pos_id'];
50- $info['proj_id'][] = $result->fields['proj_id'];
51- $result->MoveNext();
52+ if( !empty( $result ) )
53+ {
54+ while(!$result->EOF) {
55+ $info['pos_id' ][] = $result->fields['pos_id'];
56+ $info['proj_id'][] = $result->fields['proj_id'];
57+ $result->MoveNext();
58+ }
59 }
60
61
62@@ -184,11 +191,16 @@
63 "where pgoc_uuid = '$id'");
64
65 $contacts=array();
66- while(!$result->EOF)
67+
68+ if( !empty( $result ) )
69 {
70- $contacts[$result->fields['opt_contact_type']] = $result->fields['contact_value'];
71- $result->moveNext();
72+ while(!$result->EOF)
73+ {
74+ $contacts[$result->fields['opt_contact_type']] = $result->fields['contact_value'];
75+ $result->moveNext();
76+ }
77 }
78+
79 $info['contact'] = $contacts;
80
81 //number of unread messages
82@@ -202,9 +214,13 @@
83 //get skills
84 $info['skills'] = array();
85 $result = $this->execute("SELECT opt_skill_code, option_description FROM vm_vol_skills JOIN field_options ON (opt_skill_code = option_code AND field_name = 'opt_skill_type') WHERE p_uuid = '$id'");
86- while(!$result->EOF) {
87- $info['skills'][$result->fields['opt_skill_code']] = $result->fields['option_description'];
88- $result->moveNext();
89+
90+ if( !empty( $result ) )
91+ {
92+ while(!$result->EOF) {
93+ $info['skills'][$result->fields['opt_skill_code']] = $result->fields['option_description'];
94+ $result->moveNext();
95+ }
96 }
97
98 return $info;
99@@ -225,11 +241,16 @@
100 // get the ID codes and names from the 'field_options' table
101 $result = $this->execute("select option_code, option_description from field_options where field_name = 'opt_id_type'");
102 $id_types = array();
103- while(!$result->EOF)
104+
105+ if( !empty( $result ) )
106 {
107- $id_types[$result->fields['option_code']]= $result->fields['option_description'];
108- $result->moveNext();
109- }
110+ while(!$result->EOF)
111+ {
112+ $id_types[$result->fields['option_code']]= $result->fields['option_description'];
113+ $result->moveNext();
114+ }
115+ }
116+
117 return $id_types;
118 }
119
120@@ -319,11 +340,16 @@
121 {
122 $result = $this->execute("select option_code, option_description from field_options where field_name = 'opt_contact_type'");
123 $contact_types = array();
124- while(!$result->EOF)
125+
126+ if( !empty( $result ) )
127 {
128- $contact_types[$result->fields['option_code']]= $result->fields['option_description'];
129- $result->moveNext();
130- }
131+ while(!$result->EOF)
132+ {
133+ $contact_types[$result->fields['option_code']]= $result->fields['option_description'];
134+ $result->moveNext();
135+ }
136+ }
137+
138 return $contact_types;
139 }
140
141@@ -388,20 +414,23 @@
142
143 $info = array();
144
145- while(!$r->EOF)
146+ if( !empty( $r ) )
147 {
148- if(!isset($info[$r->fields['proj_id']]))
149- $info[$r->fields['proj_id']] = array('project_name' => $r->fields['project_name']);
150-
151- $info[$r->fields['proj_id']][$r->fields['pos_id']] = array
152- (
153- 'title' => $r->fields['title'],
154- 'payrate' => $r->fields['payrate'],
155- 'status' => $r->fields['status']
156- );
157-
158- $r->MoveNext();
159- }
160+ while(!$r->EOF)
161+ {
162+ if(!isset($info[$r->fields['proj_id']]))
163+ $info[$r->fields['proj_id']] = array('project_name' => $r->fields['project_name']);
164+
165+ $info[$r->fields['proj_id']][$r->fields['pos_id']] = array
166+ (
167+ 'title' => $r->fields['title'],
168+ 'payrate' => $r->fields['payrate'],
169+ 'status' => $r->fields['status']
170+ );
171+
172+ $r->MoveNext();
173+ }
174+ }
175
176
177 //get the volunteer's hours worked for each project position
178@@ -461,10 +490,15 @@
179
180 // put all information into an array for returning
181 $volunteers = array();
182- while(!$result->EOF) {
183- $volunteers[] = new Volunteer($result->fields['p_uuid']);
184- $result->moveNext();
185- }
186+
187+ if( !empty( $result ) )
188+ {
189+ while(!$result->EOF) {
190+ $volunteers[] = new Volunteer($result->fields['p_uuid']);
191+ $result->moveNext();
192+ }
193+ }
194+
195 return $volunteers;
196 }
197
198@@ -525,24 +559,29 @@
199 // put all information into an array for returning
200
201 $volunteers = array();
202- while(!$result->EOF)
203+
204+ if( !empty( $result ) )
205 {
206- if(empty($result->fields['location_id']))
207- $locations = array();
208- else
209- $locations = $this->getParentLocations($result->fields['location_id']);
210-
211- $volunteers[$result->fields['p_uuid']] = array
212- (
213- 'full_name' => $result->fields['full_name'],
214- 'locations' => $locations,
215- 'affiliation' => ($result->fields['org_name']==null)?'':$result->fields['org_name'],
216- 'pay_info' => $this->getVolHoursAndRate($result->fields['p_uuid'], $proj_id),
217- 'status' => $result->fields['status']
218- );
219-
220- $result->moveNext();
221- }
222+ while(!$result->EOF)
223+ {
224+ if(empty($result->fields['location_id']))
225+ $locations = array();
226+ else
227+ $locations = $this->getParentLocations($result->fields['location_id']);
228+
229+ $volunteers[$result->fields['p_uuid']] = array
230+ (
231+ 'full_name' => $result->fields['full_name'],
232+ 'locations' => $locations,
233+ 'affiliation' => ($result->fields['org_name']==null)?'':$result->fields['org_name'],
234+ 'pay_info' => $this->getVolHoursAndRate($result->fields['p_uuid'], $proj_id),
235+ 'status' => $result->fields['status']
236+ );
237+
238+ $result->moveNext();
239+ }
240+ }
241+
242 return $volunteers;
243 }
244
245@@ -720,11 +759,15 @@
246
247 $result = $this->execute("SELECT pos_id, proj_id,project_name, ptype_id, slots, title, description, ptype_title, ptype_description, skill_code FROM vm_vol_assignment $whereClause ORDER BY proj_id ");
248 $positions = array();
249- while(!$result->EOF) {
250-
251- $this->remove_keys($result->fields);
252- $positions[] = $result->fields;
253- $result->moveNext();
254+
255+ if( !empty( $result ) )
256+ {
257+ while(!$result->EOF) {
258+
259+ $this->remove_keys($result->fields);
260+ $positions[] = $result->fields;
261+ $result->moveNext();
262+ }
263 }
264
265 $result = $this->execute("select pos_id, count(*) numVolunteers FROM vm_vol_assignment_active group by pos_id");
266@@ -784,11 +827,16 @@
267
268 $result = $this->execute($query);
269 $position = array();
270- while(!$result->EOF)
271+
272+ if( !empty( $result ) )
273 {
274- $position[$result->fields['pos_id']] = array('title' => $result->fields['title'],'skill_code' => $result->fields['skill_code'], 'payrate' => $result->fields['payrate'], 'description' => $result->fields['description'],'slots' => $result->fields['slots']);
275- $result->moveNext();
276+ while(!$result->EOF)
277+ {
278+ $position[$result->fields['pos_id']] = array('title' => $result->fields['title'],'skill_code' => $result->fields['skill_code'], 'payrate' => $result->fields['payrate'], 'description' => $result->fields['description'],'slots' => $result->fields['slots']);
279+ $result->moveNext();
280+ }
281 }
282+
283 return $position;
284 }
285
286@@ -814,11 +862,16 @@
287 function listPositionTypes() {
288 $result = $this->execute("select ptype_id, title, description, skill_code from vm_positiontype");
289 $ptypes = array();
290- while(!$result->EOF) {
291- $this->remove_keys($result->fields);
292- $ptypes[] = $result->fields;
293- $result->moveNext();
294- }
295+
296+ if( !empty( $result ) )
297+ {
298+ while(!$result->EOF) {
299+ $this->remove_keys($result->fields);
300+ $ptypes[] = $result->fields;
301+ $result->moveNext();
302+ }
303+ }
304+
305 return $ptypes;
306 }
307
308@@ -936,14 +989,18 @@
309 $result = $this->execute($query);
310 }
311 $projects = array();
312- while(!$result->EOF)
313+
314+ if( !empty( $result ) )
315 {
316- if($simple)
317- $projects[$result->fields['proj_id']] = $result->fields['name'];
318- else
319- $projects[$result->fields['proj_id']] = array('name' => $result->fields['name'], 'description' => $result->fields['description']);
320- $result->moveNext();
321- }
322+ while(!$result->EOF)
323+ {
324+ if($simple)
325+ $projects[$result->fields['proj_id']] = $result->fields['name'];
326+ else
327+ $projects[$result->fields['proj_id']] = array('name' => $result->fields['name'], 'description' => $result->fields['description']);
328+ $result->moveNext();
329+ }
330+ }
331
332 return $projects;
333 }
334@@ -978,13 +1035,17 @@
335 "from vm_position_active where proj_id = '$proj_id'");
336
337 $proj['positions'] = array();
338- while(!$result->EOF) {
339- $this->remove_keys($result->fields);
340- $result->fields['pos_id'] = $result->fields['this_pos_id'];
341- unset($result->fields['this_pos_id']);
342- $proj['positions'][$result->fields['pos_id']] = $result->fields;
343- $result->moveNext();
344- }
345+
346+ if( !empty( $result ) )
347+ {
348+ while(!$result->EOF) {
349+ $this->remove_keys($result->fields);
350+ $result->fields['pos_id'] = $result->fields['this_pos_id'];
351+ unset($result->fields['this_pos_id']);
352+ $proj['positions'][$result->fields['pos_id']] = $result->fields;
353+ $result->moveNext();
354+ }
355+ }
356
357 return $proj;
358 }
359@@ -1104,45 +1165,48 @@
360 $tree = new Tree("?mod=vm&stream=text&act=display_js&js=");
361 $tree->setRoot(new Node(_('Skills and Work Restrictions')));
362
363- while(!$result->EOF)
364+ if( !empty( $result ) )
365 {
366- $split = preg_split('/'. VM_SKILLS_DELIMETER .'/', $result->fields['option_description']);
367- $cur_parent = $tree->root;
368-
369- foreach($split as $index => $name)
370- {
371- $name = trim($name);
372- if($name != '')
373- {
374- if($index < (count($split) - 1))
375- {
376- $search_result = $tree->findNodeAux($cur_parent, $name);
377- if($search_result == null)
378- {
379- $tmp_child = new Node($name, 'CheckboxNode', array('input_name' => 'null'));
380- $cur_parent->addChild($tmp_child);
381- $cur_parent = $tmp_child;
382- }
383- else
384- {
385- $cur_parent = $search_result;
386- }
387- }
388- else
389- {
390- $extra_info = array('input_name' => "'SKILL_{$result->fields['option_code']}'");
391-
392- if(in_array($result->fields['option_code'], $skills_array))
393- $extra_info['checked'] = true;
394-
395- $tmp_child = new Node($name, 'CheckboxNode', $extra_info);
396- $cur_parent->addChild($tmp_child);
397- }
398- }
399- }
400-
401- $result->MoveNext();
402- }
403+ while(!$result->EOF)
404+ {
405+ $split = preg_split('/'. VM_SKILLS_DELIMETER .'/', $result->fields['option_description']);
406+ $cur_parent = $tree->root;
407+
408+ foreach($split as $index => $name)
409+ {
410+ $name = trim($name);
411+ if($name != '')
412+ {
413+ if($index < (count($split) - 1))
414+ {
415+ $search_result = $tree->findNodeAux($cur_parent, $name);
416+ if($search_result == null)
417+ {
418+ $tmp_child = new Node($name, 'CheckboxNode', array('input_name' => 'null'));
419+ $cur_parent->addChild($tmp_child);
420+ $cur_parent = $tmp_child;
421+ }
422+ else
423+ {
424+ $cur_parent = $search_result;
425+ }
426+ }
427+ else
428+ {
429+ $extra_info = array('input_name' => "'SKILL_{$result->fields['option_code']}'");
430+
431+ if(in_array($result->fields['option_code'], $skills_array))
432+ $extra_info['checked'] = true;
433+
434+ $tmp_child = new Node($name, 'CheckboxNode', $extra_info);
435+ $cur_parent->addChild($tmp_child);
436+ }
437+ }
438+ }
439+
440+ $result->MoveNext();
441+ }
442+ }
443
444 return $tree;
445 }
446@@ -1160,10 +1224,13 @@
447 $skills_array = array();
448 $result = $this->execute("SELECT opt_skill_code FROM vm_vol_skills WHERE p_uuid = '$p_uuid'");
449
450- while(!$result->EOF)
451+ if( !empty( $result ) )
452 {
453- $skills_array[] = $result->fields['opt_skill_code'];
454- $result->MoveNext();
455+ while(!$result->EOF)
456+ {
457+ $skills_array[] = $result->fields['opt_skill_code'];
458+ $result->MoveNext();
459+ }
460 }
461
462 return $skills_array;
463@@ -1192,32 +1259,35 @@
464
465 // now store the skills in a Tree structure
466
467- while(!$result->EOF)
468- {
469- $split = preg_split('/'. VM_SKILLS_DELIMETER .'/', $result->fields['option_description']);
470- $cur_parent = $tree->root;
471-
472- foreach($split as $index => $name)
473- {
474- $name = trim($name);
475- if($name != '') {
476- $search_result = $tree->findNodeAux($cur_parent, $name);
477- if($search_result == null)
478- {
479- $tmp_child = new Node($name);
480- $cur_parent->addChild($tmp_child);
481- $cur_parent = $tmp_child;
482- }
483- else
484- {
485- $cur_parent = $search_result;
486- }
487- }
488-
489- }
490-
491- $result->MoveNext();
492- }
493+ if( !empty( $result ) )
494+ {
495+ while(!$result->EOF)
496+ {
497+ $split = preg_split('/'. VM_SKILLS_DELIMETER .'/', $result->fields['option_description']);
498+ $cur_parent = $tree->root;
499+
500+ foreach($split as $index => $name)
501+ {
502+ $name = trim($name);
503+ if($name != '') {
504+ $search_result = $tree->findNodeAux($cur_parent, $name);
505+ if($search_result == null)
506+ {
507+ $tmp_child = new Node($name);
508+ $cur_parent->addChild($tmp_child);
509+ $cur_parent = $tmp_child;
510+ }
511+ else
512+ {
513+ $cur_parent = $search_result;
514+ }
515+ }
516+
517+ }
518+
519+ $result->MoveNext();
520+ }
521+ }
522
523 return $tree;
524 }
525@@ -1235,11 +1305,16 @@
526 {
527 $result = $this->execute("SELECT option_code FROM field_options WHERE field_name = 'opt_skill_type'");
528 $skill_ids = array();
529- while(!$result->EOF)
530+
531+ if( !empty( $result ) )
532 {
533- $skill_ids[] = $result->fields['option_code'];
534- $result->MoveNext();
535- }
536+ while(!$result->EOF)
537+ {
538+ $skill_ids[] = $result->fields['option_code'];
539+ $result->MoveNext();
540+ }
541+ }
542+
543 return $skill_ids;
544 }
545
546@@ -1247,10 +1322,15 @@
547 $result = $this->execute("select option_code code, option_description skill from field_options where field_name = 'opt_skill_type' order by option_description asc");
548 if(!$result->EOF) {
549 $skills = array();
550- while(!$result->EOF) {
551- $skills[$result->fields['code']] = $result->fields['skill'];
552- $result->moveNext();
553+
554+ if( !empty( $result ) )
555+ {
556+ while(!$result->EOF) {
557+ $skills[$result->fields['code']] = $result->fields['skill'];
558+ $result->moveNext();
559+ }
560 }
561+
562 return $skills;
563 } else
564 return false;
565@@ -1297,11 +1377,16 @@
566
567 $result = $this->execute($q);
568 $orgs = array();
569- while(!$result->EOF)
570+
571+ if( !empty( $result ) )
572 {
573- $orgs[$result->fields['o_uuid']] = $result->fields['name'];
574- $result->MoveNext();
575- }
576+ while(!$result->EOF)
577+ {
578+ $orgs[$result->fields['o_uuid']] = $result->fields['name'];
579+ $result->MoveNext();
580+ }
581+ }
582+
583 return $orgs;
584 }
585
586@@ -1382,11 +1467,16 @@
587 ORDER BY status");
588
589 $vols = array();
590- while(!$result->EOF)
591+
592+ if( !empty( $result ) )
593 {
594- $vols[$result->fields['p_uuid']] = array('name' => $result->fields['full_name'], 'status' => $result->fields['status']);
595- $result->moveNext();
596+ while(!$result->EOF)
597+ {
598+ $vols[$result->fields['p_uuid']] = array('name' => $result->fields['full_name'], 'status' => $result->fields['status']);
599+ $result->moveNext();
600+ }
601 }
602+
603 return $vols;
604 }
605
606@@ -1486,11 +1576,16 @@
607
608 $result = $this->getCurrentPage($query);
609 $messages = array();
610- while(!$result->EOF) {
611- $this->remove_keys($result->fields);
612- $messages[]= $result->fields;
613- $result->moveNext();
614+
615+ if( !empty( $result ) )
616+ {
617+ while(!$result->EOF) {
618+ $this->remove_keys($result->fields);
619+ $messages[]= $result->fields;
620+ $result->moveNext();
621+ }
622 }
623+
624 return $messages;
625 }
626
627@@ -1507,11 +1602,16 @@
628 {
629 $result = $this->execute("SELECT to_id, full_name FROM vm_courier, person_uuid WHERE p_uuid = to_id AND message_id = $msg_id");
630 $list = array();
631- while(!$result->EOF && $result != null)
632+
633+ if( !empty( $result ) )
634 {
635- $list[$result->fields['to_id']] = $result->fields['full_name'];
636- $result->MoveNext();
637+ while(!$result->EOF && $result != null)
638+ {
639+ $list[$result->fields['to_id']] = $result->fields['full_name'];
640+ $result->MoveNext();
641+ }
642 }
643+
644 return $list;
645 }
646
647@@ -1811,9 +1911,12 @@
648
649 $search_results = array();
650
651- while(!$result->EOF) {
652- $search_results[] = new Volunteer($result->fields['p_uuid']);
653- $result->MoveNext();
654+ if( !empty( $result ) )
655+ {
656+ while(!$result->EOF) {
657+ $search_results[] = new Volunteer($result->fields['p_uuid']);
658+ $result->MoveNext();
659+ }
660 }
661
662 return $search_results;
663@@ -1830,6 +1933,8 @@
664 {
665 $result = $this->execute("SELECT p_uuid, full_name FROM person_uuid WHERE p_uuid IN (SELECT p_uuid FROM vm_vol_active)");
666
667+ if( !empty( $result ) )
668+ {
669 while(!$result->EOF)
670 {
671 $p_uuid = $result->fields['p_uuid'];
672@@ -1845,6 +1950,7 @@
673
674 $result->MoveNext();
675 }
676+ }
677 }
678
679 /**
680@@ -1936,11 +2042,16 @@
681 {
682 $result = $this->execute("SELECT constraint_id, description FROM vm_access_constraint");
683 $constraints = array();
684- while(!$result->EOF)
685+
686+ if( !empty( $result ) )
687 {
688- $constraints[$result->fields['constraint_id']] = $result->fields['description'];
689- $result->MoveNext();
690+ while(!$result->EOF)
691+ {
692+ $constraints[$result->fields['constraint_id']] = $result->fields['description'];
693+ $result->MoveNext();
694+ }
695 }
696+
697 return $constraints;
698 }
699
700@@ -1958,26 +2069,29 @@
701 AND vm_access_constraint.constraint_id = vm_access_constraint_to_request.constraint_id");
702 $access = array();
703
704- while(!$result->EOF)
705+ if( !empty( $result ) )
706 {
707- $act = $result->fields['act'];
708- $vm_action = $result->fields['vm_action'];
709- $constraint = $result->fields['constraint_id'];
710- $req_desc = $result->fields['req_desc'];
711-
712- if(!is_array($access[$act]))
713- $access[$act] = array();
714-
715- if(!is_array($access[$act][$vm_action]))
716- $access[$act][$vm_action] = array();
717-
718- if(!is_array($access[$act][$vm_action]['extra']))
719- $access[$act][$vm_action]['extra'] = array();
720-
721- $access[$act][$vm_action]['extra'][] = $constraint;
722-
723- $result->MoveNext();
724- }
725+ while(!$result->EOF)
726+ {
727+ $act = $result->fields['act'];
728+ $vm_action = $result->fields['vm_action'];
729+ $constraint = $result->fields['constraint_id'];
730+ $req_desc = $result->fields['req_desc'];
731+
732+ if(!is_array($access[$act]))
733+ $access[$act] = array();
734+
735+ if(!is_array($access[$act][$vm_action]))
736+ $access[$act][$vm_action] = array();
737+
738+ if(!is_array($access[$act][$vm_action]['extra']))
739+ $access[$act][$vm_action]['extra'] = array();
740+
741+ $access[$act][$vm_action]['extra'][] = $constraint;
742+
743+ $result->MoveNext();
744+ }
745+ }
746
747 //next get Sahana-specific data classification constraints
748
749@@ -1985,26 +2099,29 @@
750 FROM vm_access_request, vm_access_classification_to_request
751 WHERE vm_access_request.request_id = vm_access_classification_to_request.request_id");
752
753- while(!$result->EOF)
754+ if( !empty( $result ) )
755 {
756- $act = $result->fields['act'];
757- $vm_action = $result->fields['vm_action'];
758- $table_name = $result->fields['table_name'];
759- $crud = $result->fields['crud'];
760-
761- if(!is_array($access[$act]))
762- $access[$act] = array();
763-
764- if(!is_array($access[$act][$vm_action]))
765- $access[$act][$vm_action] = array();
766-
767- if(!is_array($access[$act][$vm_action]['tables']))
768- $access[$act][$vm_action]['tables'] = array();
769-
770- $access[$act][$vm_action]['tables'][$table_name] = $crud;
771-
772- $result->MoveNext();
773- }
774+ while(!$result->EOF)
775+ {
776+ $act = $result->fields['act'];
777+ $vm_action = $result->fields['vm_action'];
778+ $table_name = $result->fields['table_name'];
779+ $crud = $result->fields['crud'];
780+
781+ if(!is_array($access[$act]))
782+ $access[$act] = array();
783+
784+ if(!is_array($access[$act][$vm_action]))
785+ $access[$act][$vm_action] = array();
786+
787+ if(!is_array($access[$act][$vm_action]['tables']))
788+ $access[$act][$vm_action]['tables'] = array();
789+
790+ $access[$act][$vm_action]['tables'][$table_name] = $crud;
791+
792+ $result->MoveNext();
793+ }
794+ }
795
796 return $access;
797 }
798@@ -2033,20 +2150,24 @@
799 {
800 $result = $this->execute("SELECT act, vm_action, description FROM vm_access_request ORDER BY description");
801 $requests = array();
802- while(!$result->EOF)
803+
804+ if( !empty( $result ) )
805 {
806- $act = $result->fields['act'];
807- $vm_action = $result->fields['vm_action'];
808- $desc = $result->fields['description'];
809-
810- if(!is_array($requests[$act]))
811- $requests[$act] = array();
812-
813- $requests[$act][$vm_action] = $desc;
814-
815- $result->moveNext();
816- }
817- return $requests;
818+ while(!$result->EOF)
819+ {
820+ $act = $result->fields['act'];
821+ $vm_action = $result->fields['vm_action'];
822+ $desc = $result->fields['description'];
823+
824+ if(!is_array($requests[$act]))
825+ $requests[$act] = array();
826+
827+ $requests[$act][$vm_action] = $desc;
828+
829+ $result->moveNext();
830+ }
831+ return $requests;
832+ }
833 }
834
835 /**
836@@ -2057,19 +2178,24 @@
837 {
838 $result = $this->execute("SELECT act, vm_action, description FROM vm_access_request ORDER BY description");
839 $requests = array();
840- while(!$result->EOF)
841+
842+ if( !empty( $result ) )
843 {
844- $act = $result->fields['act'];
845- $vm_action = $result->fields['vm_action'];
846- $desc = $result->fields['description'];
847-
848- $matches = array();
849- preg_match("/^\s*(\w+)(.*)/", $desc, $matches);
850-
851- $requests[] = array('display_action' => $matches[1], 'partial_desc' => $matches[2], 'act' => $act, 'vm_action' => $vm_action);
852-
853- $result->MoveNext();
854- }
855+ while(!$result->EOF)
856+ {
857+ $act = $result->fields['act'];
858+ $vm_action = $result->fields['vm_action'];
859+ $desc = $result->fields['description'];
860+
861+ $matches = array();
862+ preg_match("/^\s*(\w+)(.*)/", $desc, $matches);
863+
864+ $requests[] = array('display_action' => $matches[1], 'partial_desc' => $matches[2], 'act' => $act, 'vm_action' => $vm_action);
865+
866+ $result->MoveNext();
867+ }
868+ }
869+
870 return $requests;
871 }
872
873@@ -2087,10 +2213,14 @@
874 WHERE act = '$act' AND vm_action = '$vm_action'
875 AND vm_access_request.request_id = vm_access_constraint_to_request.request_id
876 AND vm_access_constraint.constraint_id = vm_access_constraint_to_request.constraint_id");
877- while(!$result->EOF)
878+
879+ if( !empty( $result ) )
880 {
881- $constraints['extra'][] = $result->fields['constraint_id'];
882- $result->MoveNext();
883+ while(!$result->EOF)
884+ {
885+ $constraints['extra'][] = $result->fields['constraint_id'];
886+ $result->MoveNext();
887+ }
888 }
889
890 //data classification access constraints
891@@ -2098,10 +2228,14 @@
892 FROM vm_access_request, vm_access_classification_to_request
893 WHERE act = '$act' AND vm_action = '$vm_action'
894 AND vm_access_request.request_id = vm_access_classification_to_request.request_id");
895- while(!$result->EOF)
896+
897+ if( !empty( $result ) )
898 {
899- $constraints['tables'][$result->fields['table_name']] = $result->fields['crud'];
900- $result->MoveNext();
901+ while(!$result->EOF)
902+ {
903+ $constraints['tables'][$result->fields['table_name']] = $result->fields['crud'];
904+ $result->MoveNext();
905+ }
906 }
907
908 return $constraints;
909@@ -2141,11 +2275,16 @@
910 {
911 $tables = array();
912 $result = $this->execute("SHOW TABLES");
913- while(!$result->EOF)
914+
915+ if( !empty( $result ) )
916 {
917- $tables[] = $result->fields[0];
918- $result->MoveNext();
919+ while(!$result->EOF)
920+ {
921+ $tables[] = $result->fields[0];
922+ $result->MoveNext();
923+ }
924 }
925+
926 return $tables;
927 }
928
929@@ -2196,11 +2335,15 @@
930
931 $options = array();
932
933- while(!$result==NULL && !$result->EOF)
934+ if( !empty( $result ) )
935 {
936- $options[$result->fields['opt_skill_code']] = $result->fields['option_description'];
937- $result->MoveNext();
938+ while(!$result==NULL && !$result->EOF)
939+ {
940+ $options[$result->fields['opt_skill_code']] = $result->fields['option_description'];
941+ $result->MoveNext();
942+ }
943 }
944+
945 return $options;
946 }
947
948@@ -2226,11 +2369,16 @@
949
950 $result = $this->execute($q);
951 $vols = array();
952- while(!$result->EOF)
953+
954+ if( !empty( $result ) )
955 {
956- $vols[$result->fields['p_uuid']] = $result->fields['full_name'];
957- $result->moveNext();
958+ while(!$result->EOF)
959+ {
960+ $vols[$result->fields['p_uuid']] = $result->fields['full_name'];
961+ $result->moveNext();
962+ }
963 }
964+
965 return $vols;
966 }
967
968@@ -2298,11 +2446,16 @@
969 {
970 $result = $this->execute("SELECT level_id, level FROM sys_data_classifications");
971 $levels = array();
972- while(!$result->EOF)
973+
974+ if( !empty( $result ) )
975 {
976- $levels[$result->fields['level_id']] = $result->fields['level'];
977- $result->moveNext();
978+ while(!$result->EOF)
979+ {
980+ $levels[$result->fields['level_id']] = $result->fields['level'];
981+ $result->moveNext();
982+ }
983 }
984+
985 return $levels;
986 }
987
988
989=== added file 'sahana-phase2/www/xml.php'
990--- sahana-phase2/www/xml.php 1970-01-01 00:00:00 +0000
991+++ sahana-phase2/www/xml.php 2011-02-12 21:04:37 +0000
992@@ -0,0 +1,302 @@
993+<?php
994+/**
995+ * @package Sahana - http://agasti.sahanafoundation.org
996+ * @author Ravindra <ravindra@opensource.lk>
997+ * @author Greg Miernicki <g@miernicki.com>
998+ * @copyright Lanka Software Foundation - http://www.opensource.lk
999+ *
1000+ */
1001+
1002+$act = $_GET{"act"};
1003+
1004+if($act == 'add_loc') {
1005+ _shn_get_level_location();
1006+} else if ($act=='sub_cat') {
1007+ _shn_get_sub_catalogs();
1008+} else if($act=='unit_cat') {
1009+ _shn_get_units();
1010+} else if($act=='get_loc_val') {
1011+ _shn_get_locations();
1012+} else if($act=='victims') {
1013+ _shn_get_victims();
1014+} else {
1015+ _shn_get_children();
1016+}
1017+
1018+
1019+function _shn_get_units() {
1020+ require_once('../3rd/adodb/adodb.inc.php');
1021+ require_once('../conf/sysconf.inc');
1022+
1023+ //Make the connection to $global['db']
1024+ $db = NewADOConnection($conf['db_engine']);
1025+ $db ->Connect($conf['db_host'].($conf['db_port']?':'.$conf['db_port']:''),$conf['db_user'],$conf['db_pass'],$conf['db_name']);
1026+ $cat = $_GET{"cat"};
1027+
1028+ $q = "
1029+ select unit_uuid,name
1030+ from ct_unit
1031+ where unit_type_uuid = " . $db->param( "0" ) . ";
1032+ ";
1033+ $res_child=$db->Execute( $q, array( $cat ) );
1034+
1035+ if(!$res_child==NULL && !$res_child->EOF){
1036+ while(!$res_child->EOF){
1037+ $res=$res.",".$res_child->fields[0];
1038+ $res=$res.",".$res_child->fields[1];
1039+ $res_child->MoveNext();
1040+ }
1041+ echo $res;
1042+ } else {
1043+ echo "null,";
1044+ }
1045+}
1046+
1047+
1048+
1049+function _shn_get_sub_catalogs() {
1050+ require_once('../3rd/adodb/adodb.inc.php');
1051+ require_once('../conf/sysconf.inc');
1052+
1053+ // Make the connection to $global['db']
1054+ $db = NewADOConnection($conf['db_engine']);
1055+ $db ->Connect($conf['db_host'].($conf['db_port']?':'.$conf['db_port']:''),$conf['db_user'],$conf['db_pass'],$conf['db_name']);
1056+ $cat = $_GET{"cat"};
1057+ $flag = $_GET{"flag"};
1058+ if($flag == false) {
1059+ $q ="
1060+ select ct_uuid,name
1061+ from ct_catalogue
1062+ where parentid = " . $db->param( "0" ) . ";
1063+ ";
1064+ $res_child=$db->Execute( $q, array( $cat ) );
1065+ } else if($flag==true) {
1066+ $q = "
1067+ select ct_uuid,name
1068+ from ct_catalogue
1069+ where parentid= " . $db->param( "0" ) . "
1070+ and final_flag='0';
1071+ ";
1072+ $res_child=$db->Execute( $q, array( $cat ) );
1073+ }
1074+
1075+ $res = "";
1076+ $res = $res.","."";
1077+ $res = $res.","."";
1078+
1079+ if(!$res_child == NULL && !$res_child->EOF) {
1080+ while(!$res_child->EOF) {
1081+ $res=$res.",".$res_child->fields[0];
1082+ $res=$res.",".$res_child->fields[1];
1083+ $res_child->MoveNext();
1084+ }
1085+ echo $res;
1086+ } else {
1087+ echo "null,";
1088+ }
1089+}
1090+
1091+
1092+
1093+function _shn_get_children() {
1094+ require_once('../3rd/adodb/adodb.inc.php');
1095+ require_once('../conf/sysconf.inc');
1096+
1097+ //Make the connection to $global['db']
1098+ $db = NewADOConnection($conf['db_engine']);
1099+ $db ->Connect($conf['db_host'].($conf['db_port']?':'.$conf['db_port']:''),$conf['db_user'],$conf['db_pass'],$conf['db_name']);
1100+
1101+ $level = $_GET{"lvl"}+1;
1102+ $parent = $_GET{"sel"};
1103+
1104+ $q = "
1105+ SELECT location.name, location.loc_uuid, parent_id
1106+ FROM location
1107+ WHERE location.opt_location_type = " . $db->param( "0" ) . "
1108+ AND parent_id = " . $db->param( "1" ) . "
1109+ ORDER BY location.name;
1110+ ";
1111+
1112+ $res_child = $db->Execute( $q, array( $level, $parent ) );
1113+ if($res_child->EOF) {
1114+ return;
1115+ }
1116+
1117+ $res = "";
1118+ while(!$res_child->EOF) {
1119+ $res=$res.",".$res_child->fields[1];
1120+ $res=$res.",".$res_child->fields[0];
1121+ $res_child->MoveNext();
1122+ }
1123+ echo $res;
1124+}
1125+
1126+
1127+
1128+function _shn_get_locations(){
1129+ require_once('../3rd/adodb/adodb.inc.php');
1130+ require_once('../conf/sysconf.inc');
1131+
1132+ //Make the connection to $global['db']
1133+ $db = NewADOConnection($conf['db_engine']);
1134+ $db ->Connect($conf['db_host'].($conf['db_port']?':'.$conf['db_port']:''),$conf['db_user'],$conf['db_pass'],$conf['db_name']);
1135+
1136+ $level = 1;
1137+ $sel_id = $_GET{"sel"};
1138+
1139+ if($_GET{"type"} == "camp") {
1140+ $q = "
1141+ SELECT location_id
1142+ FROM camp_general
1143+ WHERE c_uuid = " . $db->param( "0" ) . ";
1144+ ";
1145+ $res = $db->Execute( $q, array( $sel_id ) );
1146+ if($res->EOF) {
1147+ return;
1148+ }
1149+ $loc_id = $res->fields["location_id"];
1150+
1151+ } else if($_GET{"type"}=="poc") {
1152+ $q = "
1153+ SELECT location_id
1154+ FROM location_details
1155+ WHERE poc_uuid = " . $db->param( "0" ) . ";
1156+ ";
1157+ $res = $db->Execute( $q, array( $sel_id ) );
1158+ if($res->EOF) {
1159+ return;
1160+ }
1161+ $loc_id = $res->fields["location_id"];
1162+ } else {
1163+ $loc_id = $_GET{"sel"};
1164+ }
1165+
1166+ $q = "
1167+ SELECT parent_id, opt_location_type
1168+ FROM location
1169+ WHERE loc_uuid = " . $db->param( "0" ) . ";
1170+ ";
1171+ $res = $db->Execute( $q, array( $loc_id ) );
1172+ if($res->EOF) {
1173+ return;
1174+ }
1175+
1176+ $parent = $res->fields["parent_id"];
1177+
1178+ $header = "";
1179+ $header .= "loc_dir".",".$parent;
1180+ $header .=",".$res->fields["opt_location_type"];
1181+
1182+ $level = $res->fields["opt_location_type"];
1183+
1184+ $q = "
1185+ SELECT location.name, location.loc_uuid
1186+ FROM location
1187+ WHERE location.opt_location_type = " . $db->param( "0" ) . "
1188+ AND parent_id = " . $db->param( "1" ) . "
1189+ ORDER BY location.name;
1190+ ";
1191+
1192+ $res_child = $db->Execute( $q, array( $level, $parent ) );
1193+ if($res_child->EOF) {
1194+ return;
1195+ }
1196+ $count = 0;
1197+
1198+ $res_data = "";
1199+ while(!$res_child->EOF) {
1200+ if($count==0) {
1201+ $res_data=$res_data.$res_child->fields["loc_uuid"];
1202+ $res_data=$res_data.":".$res_child->fields["name"];
1203+ } else {
1204+ $res_data=$res_data.",".$res_child->fields["loc_uuid"];
1205+ $res_data=$res_data.":".$res_child->fields["name"];
1206+ }
1207+ if($res_child->fields["loc_uuid"]==$loc_id) {
1208+ $header.=",".$count;
1209+ }
1210+ $count++;
1211+ $res_child->MoveNext();
1212+ }
1213+ echo $header.";".$res_data;
1214+}
1215+
1216+
1217+
1218+function _shn_get_level_location() {
1219+ require_once('../3rd/adodb/adodb.inc.php');
1220+ require_once('../conf/sysconf.inc');
1221+
1222+ //Make the connection to $global['db']
1223+ $db = NewADOConnection($conf['db_engine']);
1224+ $db ->Connect($conf['db_host'].($conf['db_port']?':'.$conf['db_port']:''),$conf['db_user'],$conf['db_pass'],$conf['db_name']);
1225+
1226+ $level = $_GET{"sel"};
1227+ if($level == 1) {
1228+ echo "none,";
1229+ }
1230+ $q = "
1231+ SELECT location.name, location.loc_uuid,parent_id
1232+ FROM location
1233+ WHERE location.opt_location_type = " . $db->param( "0" ) . ";
1234+ ";
1235+ $res_child = $db->Execute( $q, array( $level ) );
1236+ if($res_child->EOF) {
1237+ return;
1238+ }
1239+
1240+ $res = "";
1241+ while(!$res_child->EOF) {
1242+ $res=$res.",".$res_child->fields[1];
1243+ $res=$res.",".$res_child->fields[0];
1244+ $res_child->MoveNext();
1245+ }
1246+ echo $res;
1247+}
1248+
1249+
1250+
1251+function _shn_get_victims() {
1252+ require_once('../3rd/adodb/adodb.inc.php');
1253+ require_once('../conf/sysconf.inc');
1254+
1255+ //Make the connection to $global['db']
1256+ $db = NewADOConnection($conf['db_engine']);
1257+ $db ->Connect($conf['db_host'].($conf['db_port']?':'.$conf['db_port']:''),$conf['db_user'],$conf['db_pass'],$conf['db_name']);
1258+
1259+ $level = 1;
1260+ $head_name = $_GET{"head_name"};
1261+
1262+ $search = "
1263+ select p.p_uuid as pid, pe.full_name as full_name, pe.family_name as family_name
1264+ from person_to_pgroup as p inner
1265+ join pgroup as pg on pg.g_uuid = p.g_uuid
1266+ inner join group_details as gd on gd.g_uuid = p.g_uuid
1267+ inner join person_uuid as pe on pe.p_uuid = p.p_uuid
1268+ left join identity_to_person as i on (i.p_uuid = p.p_uuid and i.opt_id_type='idcard')
1269+ left join contact as c on (c.pgoc_uuid = p.p_uuid and c.opt_contact_type='address')
1270+ where pe.full_name = " . $db->param( "0" ) . "
1271+ or pe.family_name = " . $db->param( "1" ) . "
1272+ or pe.l10n_name = " . $db->param( "2" ) . "
1273+ or i.serial = " . $db->param( "3" ) . ";
1274+ ";
1275+ $res = $db->Execute( $search, array( $head_name, $head_name, $head_name, $head_name ) );
1276+ $i = 0;
1277+ if(!$res->EOF && $res!=NULL) {
1278+
1279+ $victim_array = "";
1280+ while(!$res->EOF && $res!=NULL) {
1281+ //$name=$res->fields['first_name']." " .$res->fields['last_name'];
1282+ $victim_array=$victim_array.",".$res->fields['0'];
1283+ $victim_array=$victim_array.",".$res->fields['1']." ".$res->fields['2'];
1284+
1285+ //$victim_array[$i]=$i;
1286+ $i=$i+1;
1287+ $res->MoveNext();
1288+ }
1289+ //return $victim_array;
1290+ echo $victim_array;
1291+ } else {
1292+ echo "null";
1293+ }
1294+}

Subscribers

People subscribed via source and target branches

to all changes:
to status/vote changes: