Skip to content

Commit

Permalink
Dashboard: Avoid backtick quoting breaking PostgreSQL
Browse files Browse the repository at this point in the history
Credits to @greenbea for reporting the issue and helping with the fix!

Related to #293
  • Loading branch information
liviuchircu committed Jun 18, 2024
1 parent 9fad823 commit 3edd69f
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 12 deletions.
4 changes: 3 additions & 1 deletion config/db.inc.php
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@
if (!empty($config->db_port) ) $config->db_host = $config->db_host . ";port=" . $config->db_port;

//connection attributes, optional
//$config->db_attr = array(PDO::MYSQL_ATTR_LOCAL_INFILE => true);
//$config->db_attr = array(
// PDO::MYSQL_ATTR_LOCAL_INFILE => true,
// PDO::MYSQL_ATTR_INIT_COMMAND => 'SET sql_mode="ANSI_QUOTES"');

?>
2 changes: 1 addition & 1 deletion web/common/cfg_comm.php
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ function load_panels() {
require("".__DIR__."/../../config/tools/system/dashboard/settings.inc.php");
unset($_SESSION['config']['panels']);
$max_order = -1;
$sql = 'select `name`, id, content, positions, `order` from ocp_dashboard';
$sql = 'select "name", id, content, positions, "order" from ocp_dashboard';
$stm = $link->prepare($sql);
if ($stm === false) {
die('Failed to issue query ['.$sql.'], error message : ' . print_r($link->errorInfo(), true));
Expand Down
6 changes: 3 additions & 3 deletions web/tools/system/dashboard/dashboard.php
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,7 @@
if ($action == "add_verify") {
if(!$_SESSION['read_only']){
extract($_POST);
$sql = 'INSERT INTO '.$table.' (`name`, `order`) VALUES (?, ?) ';
$sql = 'INSERT INTO '.$table.' ("name", "order") VALUES (?, ?) ';
$stm = $link->prepare($sql);
if ($stm === false) {
die('Failed to issue query ['.$sql.'], error message : ' . print_r($link->errorInfo(), true));
Expand Down Expand Up @@ -375,7 +375,7 @@
}
$widget_contents_json = json_encode($widget_contents);

$sql = 'UPDATE '.$table.' SET `name`=?, content=?, `order`=?, positions=? where id = ?';
$sql = 'UPDATE '.$table.' SET "name"=?, content=?, "order"=?, positions=? where id = ?';
$stm = $link->prepare($sql);
if ($stm === false) {
die('Failed to issue query ['.$sql.'], error message : ' . print_r($link->errorInfo(), true));
Expand Down Expand Up @@ -427,7 +427,7 @@
if ($action == "change_name_verify") {
if(!$_SESSION['read_only']){
extract($_POST);
$sql = 'UPDATE '.$table.' SET name = ? WHERE id = ? ';
$sql = 'UPDATE '.$table.' SET "name" = ? WHERE id = ? ';
$stm = $link->prepare($sql);
if ($stm === false) {
die('Failed to issue query ['.$sql.'], error message : ' . print_r($link->errorInfo(), true));
Expand Down
9 changes: 8 additions & 1 deletion web/tools/system/dashboard/db_connect.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,16 @@
$config->db_name = $config->db_name_smonitor;
}

$db_attr = $config->db_attr;
if (!isset($db_attr))
$db_attr = array();

// dashboard uses "identifier" quoting in queries, so try to stay Postgres-compatible too
$db_attr[PDO::MYSQL_ATTR_INIT_COMMAND] = "SET sql_mode='ANSI_QUOTES'";

$dsn = $config->db_driver . ':host=' . $config->db_host . ';dbname='. $config->db_name;
try {
$link = new PDO($dsn, $config->db_user, $config->db_pass);
$link = new PDO($dsn, $config->db_user, $config->db_pass, options: $db_attr);
} catch (PDOException $e) {
error_log(print_r("Failed to connect to: ".$dsn, true));
print "Error!: " . $e->getMessage() . "<br/>";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
}
$start_limit=($page-1)*$res_no;
//$sql_command.=" limit ".$start_limit.", ".$res_no;
$sql_command="select `name`, id, `order` from ".$table." order by `order` asc limit ".$res_no;
$sql_command='select "name", id, "order" from '.$table.' order by "order" asc limit '.$res_no;
if ($start_limit!=0)
$sql_command.=" OFFSET " . $start_limit;
$stm = $link->prepare( $sql_command );
Expand Down
10 changes: 5 additions & 5 deletions web/tools/system/dashboard/template/functions.inc.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,12 @@ function swap_panels($first, $second, $table) {
require("../../../../config/db.inc.php");
require("../../../../config/tools/system/dashboard/settings.inc.php");

$sql = 'UPDATE '.$table.' SET `order` =
$sql = 'UPDATE '.$table.' SET "order" =
CASE
WHEN `order` = ? THEN ?
WHEN `order` = ? THEN ?
WHEN "order" = ? THEN ?
WHEN "order" = ? THEN ?
END
WHERE `order` = ? or `order` = ?
WHERE "order" = ? or "order" = ?
';
$stm = $link->prepare($sql);
if ($stm === false) {
Expand Down Expand Up @@ -80,4 +80,4 @@ function print_description_widget($desc) {
");
}
?>
?>

0 comments on commit 3edd69f

Please sign in to comment.