Skip to content

Commit

Permalink
Review Rules data management see #3692
Browse files Browse the repository at this point in the history
  • Loading branch information
@moyooo
moyooo committed Jun 26, 2012
1 parent bade122 commit a2b68bc
Show file tree
Hide file tree
Showing 15 changed files with 61 additions and 69 deletions.
21 changes: 10 additions & 11 deletions inc/OCS_ocsserver.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1519,9 +1519,9 @@ static function getComputerInformations($ocs_fields=array(), $cfg_ocs, $entities
&& ($ocs_fields["DESCRIPTION"] != NOT_AVAILABLE)) {
$input[$glpi_field] = $ocs_fields["DESCRIPTION"] . "\r\n";
}
$input[$glpi_field] = sprintf(__('%1$s %2$s'), $input[$glpi_field],
sprintf(__('%1$s: %2$s'), __('Swap'),
$ocs_fields["SWAP"]));
$input[$glpi_field] = addslashes(sprintf(__('%1$s %2$s'), $input[$glpi_field],
sprintf(__('%1$s: %2$s'), __('Swap'),
$ocs_fields["SWAP"])));
break;
}
}
Expand Down Expand Up @@ -1608,7 +1608,7 @@ static function importComputer($ocsid, $ocsservers_id, $lock=0, $defaultentity=-
$rulelink_results = array();
$params = array('entities_id' => $data['entities_id'],
'ocsservers_id' => $ocsservers_id);
$rulelink_results = $rulelink->processAllRules($input, array(), $params);
$rulelink_results = $rulelink->processAllRules(Toolbox::stripslashes_deep($input), array(), $params);

//If at least one rule matched
//else do import as usual
Expand Down Expand Up @@ -2958,7 +2958,7 @@ static function showComputersToAdd($ocsservers_id, $advanced, $check, $start, $e
$rulelink_results = array();
$params = array('entities_id' => $entity,
'ocsservers_id' => $ocsservers_id);
$rulelink_results = $rulelink->processAllRules($tab, array(), $params);
$rulelink_results = $rulelink->processAllRules(Toolbox::stripslashes_deep($tab), array(), $params);

//Look for the computer using automatic link criterias as defined in OCSNG configuration
$options = array('name' => "tolink[".$tab["id"]."]");
Expand Down Expand Up @@ -4764,13 +4764,12 @@ static function updateSoftware($computers_id, $entity, $ocsid, $ocsservers_id, a
if (!$cfg_ocs["use_soft_dict"]) {
//Software dictionnary
$rulecollection = new RuleDictionnarySoftwareCollection();
$res_rule = $rulecollection->processAllRules(array("name" => $name,
$res_rule = $rulecollection->processAllRules(Toolbox::stripslashes_deep(array("name" => $name,
"manufacturer" => $manufacturer,
"old_version" => $version,
"entities_id" => $entity),
"entities_id" => $entity)),
array(),
array('version' => $version));
$res_rule = Toolbox::addslashes_deep($res_rule);
Toolbox::stripslashes_deep(array('version' => $version)));

if (isset($res_rule["name"]) && $res_rule["name"]) {
$modified_name = $res_rule["name"];
Expand Down Expand Up @@ -5008,7 +5007,7 @@ static function updateAdministrativeInfo($computers_id, $ocsid, $ocsservers_id,

if (isset($data_ocs[$ocs_column])
&& !in_array($glpi_column, $computer_updates)) {
$var = $data_ocs[$ocs_column];
$var = addslashes($data_ocs[$ocs_column]);
switch ($glpi_column) {
case "groups_id" :
$var = self::importGroup($var, $entity);
Expand Down Expand Up @@ -5327,7 +5326,7 @@ static function updatePeripherals($itemtype, $entity, $computers_id, $ocsid, $oc

if (!empty($print["name"])) {
$rulecollection = new RuleDictionnaryPrinterCollection();
$res_rule = Toolbox::addslashes_deep($rulecollection->processAllRules($params,
$res_rule = Toolbox::addslashes_deep($rulecollection->processAllRules(Toolbox::stripslashes_deep($params),
array(),
array()));

Expand Down
10 changes: 5 additions & 5 deletions inc/commondropdown.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -598,10 +598,10 @@ function import(array $input) {
*
* This import a new dropdown if it doesn't exist - Play dictionnary if needed
*
* @param $value string Value of the new dropdown.
* @param $value string Value of the new dropdown (need to be addslashes)
* @param $entities_id int entity in case of specific dropdown (default -1)
* @param $external_params array (manufacturer)
* @param $comment (default '')
* @param $external_params array (manufacturer) (need to be addslashes)
* @param $comment (default '') (need to be addslashes)
* @param $add if true, add it if not found. if false,
* just check if exists (true by default)
*
Expand All @@ -615,7 +615,7 @@ function importExternal($value, $entities_id=-1, $external_params=array(), $comm
return 0;
}

$ruleinput = array("name" => $value);
$ruleinput = array("name" => stripslashes($value));
$rulecollection = RuleCollection::getClassByType($this->getType(),true);

foreach ($this->additional_fields_for_dictionnary as $field) {
Expand All @@ -642,7 +642,7 @@ function importExternal($value, $entities_id=-1, $external_params=array(), $comm
$input["entities_id"] = $entities_id;

if ($rulecollection) {
$res_rule = $rulecollection->processAllRules($ruleinput, array(), array());
$res_rule = $rulecollection->processAllRules(Toolbox::stripslashes_deep($ruleinput), array(), array());
if (isset($res_rule["name"])) {
$input["name"] = $res_rule["name"];
}
Expand Down
6 changes: 3 additions & 3 deletions inc/dropdown.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1507,10 +1507,10 @@ static function import($itemtype, $input) {
* This import a new dropdown if it doesn't exist - Play dictionnary if needed
*
* @param $itemtype string name of the class
* @param $value string Value of the new dropdown.
* @param $value string Value of the new dropdown. (need to be addslashes)
* @param $entities_id integer entity in case of specific dropdown (default -1)
* @param $external_params array
* @param $comment (default '')
* @param $external_params array (need to be addslashes)
* @param $comment (default '') (need to be addslashes)
* @param $add if true, add it if not found. if false, just check if exists
* (true by default)
*
Expand Down
5 changes: 3 additions & 2 deletions inc/manufacturer.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ static function getTypeName($nb=0) {


/**
* @param $old_name
* @param $old_name Old name (need to be addslahes)
* @return new addslashes name
**/
static function processName($old_name) {

Expand All @@ -57,7 +58,7 @@ static function processName($old_name) {

$rulecollection = new RuleDictionnaryManufacturerCollection();
$output = array();
$output = $rulecollection->processAllRules(array("name" => addslashes($old_name)),
$output = $rulecollection->processAllRules(array("name" => stripslashes($old_name)),
$output, array());
if (isset($output["name"])) {
return $output["name"];
Expand Down
8 changes: 4 additions & 4 deletions inc/printer.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -622,8 +622,8 @@ function getSearchOptions() {
/**
* Add a printer. If already exist in trash restore it
*
* @param $name the printer's name
* @param $manufacturer the software's manufacturer
* @param $name the printer's name (need to be addslahes)
* @param $manufacturer the software's manufacturer (need to be addslahes)
* @param $entity the entity in which the software must be added
* @param $comment comment (default '')
**/
Expand Down Expand Up @@ -663,8 +663,8 @@ function addOrRestoreFromTrash($name, $manufacturer, $entity, $comment='') {
/**
* Create a new printer
*
* @param $name the printer's name
* @param $manufacturer the printer's manufacturer
* @param $name the printer's name (need to be addslahes)
* @param $manufacturer the printer's manufacturer (need to be addslahes)
* @param $entity the entity in which the printer must be added
* @param $comment (default '')
*
Expand Down
9 changes: 5 additions & 4 deletions inc/rulecachedcollection.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,13 +104,13 @@ function processAllRules($input=array(), $output=array(), $params=array(),

if ($new_values != Rule::RULE_NOT_IN_CACHE) {
$output["_rule_process"] = true;
return array_merge($output, $new_values);
return Toolbox::addslashes_deep(array_merge($output, $new_values));
}
$output = parent::processAllRules($input, $output, $params, $force_no_cache);

if (!$force_no_cache
&& isset($output["_ruleid"])) {
$this->insertDataInCache($input, $output);
$this->insertDataInCache(Toolbox::addslashes_deep($input), $output);
unset($output["_ruleid"]);
}

Expand Down Expand Up @@ -171,7 +171,8 @@ function checkDataInCache($input) {

$where = "";
$first = true;

$input = Toolbox::addslashes_deep($input);

foreach ($this->cache_params["input_value"] as $param => $value) {
if (isset($input[$param])) {
$where .= (!$first?" AND ":"")." `".$value."` = '".$input[$param]."'";
Expand Down Expand Up @@ -228,7 +229,7 @@ function insertDataInCache($input, $output) {
}
$into_new .= ", `".$value."`";
// Output are not slashes protected...
$new_values .= " ,'".addslashes($output[$param])."'";
$new_values .= " ,'".$output[$param]."'";
}

$sql = "INSERT INTO `".$this->cache_table."`
Expand Down
12 changes: 6 additions & 6 deletions inc/rulecollection.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -659,13 +659,13 @@ function moveRule($ID, $ref_ID, $type='after') {
/**
* Process all the rules collection
*
* @param input array the input data used to check criterias
* @param output array the initial ouput array used to be manipulate by actions
* @param params array parameters for all internal functions
* @param input array the input data used to check criterias (need to be clean slashes)
* @param output array the initial ouput array used to be manipulate by actions (need to be clean slashes)
* @param params array parameters for all internal functions (need to be clean slashes)
* @param force_no_cache don't write rule's result into cache (for preview mode mainly)
* (false by default)
*
* @return the output array updated by actions
* @return the output array updated by actions (addslashes datas)
**/
function processAllRules($input=array() ,$output=array(), $params=array(),
$force_no_cache=false) {
Expand All @@ -686,7 +686,7 @@ function processAllRules($input=array() ,$output=array(), $params=array(),
if ($output["_rule_process"] && $this->stop_on_first_match) {
unset($output["_rule_process"]);
$output["_ruleid"] = $rule->fields["id"];
return $output;
return Toolbox::addslahes_deep($output);
}
}

Expand All @@ -696,7 +696,7 @@ function processAllRules($input=array() ,$output=array(), $params=array(),
}
}
}
return $output;
return Toolbox::addslashes_deep($output);
}


Expand Down
8 changes: 0 additions & 8 deletions inc/rulecriteria.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,14 +150,6 @@ static function match(RuleCriteria &$criterion, $field, &$criterias_results, &$r
return true;
}

// Input are slashed protected, not output.
if (is_array($field)) {
$field = Toolbox::stripslashes_deep($field);
} else {
// Trim for remove keyboard errors
$field = stripslashes(trim($field));
}

$pattern = trim($pattern);

switch ($condition) {
Expand Down
2 changes: 1 addition & 1 deletion inc/ruledictionnarydropdowncollection.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ function replayRulesOnExistingDBForModel($offset=0, $maxtime=0) {

// Model case
if (isset($data["manufacturer"])) {
$data["manufacturer"] = Manufacturer::processName($data["manufacturer"]);
$data["manufacturer"] = Manufacturer::processName(addslashes($data["manufacturer"]));
}

//Replay Type dictionnary
Expand Down
10 changes: 4 additions & 6 deletions inc/ruledictionnaryprintercollection.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,9 +128,7 @@ function replayRulesOnExistingDB($offset=0, $maxtime=0, $items=array(), $params=
}

//Replay printer dictionnary rules
$input = Toolbox::addslashes_deep($input);
$res_rule = $this->processAllRules($input, array(), array());
$res_rule = Toolbox::addslashes_deep($res_rule);

foreach (array('manufacturer', 'is_global', 'name') as $attr) {
if (isset($res_rule[$attr]) && ($res_rule[$attr] == '')) {
Expand Down Expand Up @@ -270,11 +268,9 @@ function replayDictionnaryOnOnePrinter(array &$new_printers, array $res_rule, $p

$input["name"] = $p['name'];
$input["manufacturer"] = $p['manufacturer'];
$input = Toolbox::addslashes_deep($input);

if (empty($res_rule)) {
$res_rule = $this->processAllRules($input, array(), array());
$res_rule = Toolbox::addslashes_deep($res_rule);
}

$printer = new Printer();
Expand All @@ -286,8 +282,10 @@ function replayDictionnaryOnOnePrinter(array &$new_printers, array $res_rule, $p
$manufacturer = "";

if (isset($res_rule["manufacturer"])) {
$manufacturer = Dropdown::getDropdownName("glpi_manufacturers",
$res_rule["manufacturer"]);
$manufacturer = addslashes(Dropdown::getDropdownName("glpi_manufacturers",
$res_rule["manufacturer"]));
} else {
$manufacturer = addslashes($p['manufacturer']);
}

//New printer not already present in this entity
Expand Down
17 changes: 8 additions & 9 deletions inc/ruledictionnarysoftwarecollection.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,13 +170,11 @@ function replayRulesOnExistingDB($offset=0, $maxtime=0, $items=array(), $params=

//If manufacturer is set, then first run the manufacturer's dictionnary
if (isset($input["manufacturer"])) {
$input["manufacturer"] = Manufacturer::processName($input["manufacturer"]);
$input["manufacturer"] = Manufacturer::processName(addslashes($input["manufacturer"]));
}

//Replay software dictionnary rules
$input = Toolbox::addslashes_deep($input);
$res_rule = $this->processAllRules($input, array(), array());
$res_rule = Toolbox::addslashes_deep($res_rule);

if ((isset($res_rule["name"]) && ($res_rule["name"] != $input["name"]))
|| (isset($res_rule["version"]) && ($res_rule["version"] != ''))
Expand Down Expand Up @@ -279,7 +277,7 @@ function replayDictionnaryOnSoftwaresByID(array $IDs, $res_rule=array()) {
* @param $ID ID of the software
* @param $entity working entity ID
* @param $name softwrae name
* @param $manufacturer manufacturer ID
* @param $manufacturer manufacturer name
* @param &$soft_ids array containing replay software need to be trashed
**/
function replayDictionnaryOnOneSoftware(array &$new_softs, array $res_rule, $ID, $entity, $name,
Expand All @@ -289,12 +287,11 @@ function replayDictionnaryOnOneSoftware(array &$new_softs, array $res_rule, $ID,
$input["name"] = $name;
$input["manufacturer"] = $manufacturer;
$input["entities_id"] = $entity;
$input = Toolbox::addslashes_deep($input);

if (empty($res_rule)) {
$res_rule = $this->processAllRules($input, array(), array());
$res_rule = Toolbox::addslashes_deep($res_rule);
}

$soft = new Software();

//Software's name has changed or entity
Expand All @@ -308,12 +305,14 @@ function replayDictionnaryOnOneSoftware(array &$new_softs, array $res_rule, $ID,
if (isset($res_rule["name"])) {
$new_name = $res_rule["name"];
} else {
$new_name = $name;
$new_name = addslashes($name);
}

if (isset($res_rule["manufacturer"])) {
$manufacturer = Dropdown::getDropdownName("glpi_manufacturers",
$res_rule["manufacturer"]);
$manufacturer = addslashes(Dropdown::getDropdownName("glpi_manufacturers",
$res_rule["manufacturer"]));
} else {
$manufacturer = addslashes($manufacturer);
}

//New software not already present in this entity
Expand Down
6 changes: 3 additions & 3 deletions inc/ruleimportcomputer.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -363,15 +363,15 @@ function findWithGlobalCriteria($input) {

case 'model' :
// search for model, don't create it if not found
$options = array('manufacturer' => $input['manufacturer']);
$mid = Dropdown::importExternal('ComputerModel', $input['model'], -1,
$options = array('manufacturer' => addslashes($input['manufacturer']));
$mid = Dropdown::importExternal('ComputerModel', addslashes($input['model']), -1,
$options, '', false);
$sql_where .= " AND `glpi_computers`.`computermodels_id` = '$mid'";
break;

case 'manufacturer' :
// search for manufacturer, don't create it if not found
$mid = Dropdown::importExternal('Manufacturer', $input['manufacturer'], -1,
$mid = Dropdown::importExternal('Manufacturer', addslashes($input['manufacturer']), -1,
array(), '', false);
$sql_where .= " AND `glpi_computers`.`manufacturers_id` = '$mid'";
break;
Expand Down
Loading

0 comments on commit a2b68bc

Please sign in to comment.