[Mrbs-commits] SF.net Hg: hg-code [fb8a5207f03a]: Fixed a few bugs, including a...

MRBS commits Sat, 24 Sep 2016 16:23:41 -0700

Changeset:
        fb8a5207f03a
        
https://sourceforge.net/p/mrbs/hg-code/ci/fb8a5207f03a6e5d65afc1a7d98ec3ddcd9fe679
Author:
        John Beranek <[email protected]>
Date:
        Sun Sep 25 00:22:07 2016 +0100
Log message:


Fixed a few bugs, including an odd one in search.php which only threw an error 
for pgsql

diffstat:

 web/edit_users.php  |   2 +-
 web/lib/MRBS/DB.php |   2 +-
 web/search.php      |  37 ++++++++++++++++++++++++-------------
 3 files changed, 26 insertions(+), 15 deletions(-)

diffs (110 lines):

diff -r 546b3d749d34 -r fb8a5207f03a web/edit_users.php
--- a/web/edit_users.php        Sat Sep 24 23:33:08 2016 +0100
+++ b/web/edit_users.php        Sun Sep 25 00:22:07 2016 +0100
@@ -639,7 +639,7 @@
             $sql_params[] = $Id;
           }
           $query .= " LIMIT 1";  // we only want to know if there is at least 
one instance of the name
-          $result = sql_query($query, $params);
+          $result = sql_query($query, $sql_params);
           if (sql_count($result) > 0)
           {
             $valid_data = FALSE;
diff -r 546b3d749d34 -r fb8a5207f03a web/lib/MRBS/DB.php
--- a/web/lib/MRBS/DB.php       Sat Sep 24 23:33:08 2016 +0100
+++ b/web/lib/MRBS/DB.php       Sun Sep 25 00:22:07 2016 +0100
@@ -132,7 +132,7 @@
     $sth = $this->dbh->prepare($sql);
     if (!$sth)
     {
-      trigger_error($this->error(), E_USER_WARNING);
+      trigger_error($sql." ".$this->error(), E_USER_WARNING);
       return -1;
     }
     $sth->execute($params);
diff -r 546b3d749d34 -r fb8a5207f03a web/search.php
--- a/web/search.php    Sat Sep 24 23:33:08 2016 +0100
+++ b/web/search.php    Sun Sep 25 00:22:07 2016 +0100
@@ -197,9 +197,9 @@
 // NOTE: sql_syntax_caseless_contains() modifies our SQL params for us
 
 $sql_params = array();
-$sql_pred = "( " . sql_syntax_caseless_contains("E.create_by", $search_str, 
$sql_params)
-  . " OR " . sql_syntax_caseless_contains("E.name", $search_str, $sql_params)
-  . " OR " . sql_syntax_caseless_contains("E.description", $search_str, 
$sql_params);
+$sql_pred = "(( " . sql_syntax_caseless_contains("E.create_by", $search_str, 
$sql_params)
+  . ") OR (" . sql_syntax_caseless_contains("E.name", $search_str, $sql_params)
+  . ") OR (" . sql_syntax_caseless_contains("E.description", $search_str, 
$sql_params). ")";
 
 // Also need to search custom fields (but only those with character data,
 // which can include fields that have an associative array of options)
@@ -219,21 +219,21 @@
         // assume PHP5
         if (($key !== '') && (strpos(utf8_strtolower($value), 
utf8_strtolower($search_str)) !== FALSE))
         {
-          $sql_pred .= " OR E." . sql_quote($field['name']) . "=?";
+          $sql_pred .= " OR (E." . sql_quote($field['name']) . "=?)";
           $sql_params[] = $key;
         }
       }
     }
     elseif ($field['nature'] == 'character')
     {
-      $sql_pred .= " OR " . sql_syntax_caseless_contains("E." . 
sql_quote($field['name']), $search_str, $sql_params);
+      $sql_pred .= " OR (" . sql_syntax_caseless_contains("E." . 
sql_quote($field['name']), $search_str, $sql_params).")";
     }
   }
 }
 
-$sql_pred .= ") AND E.end_time > ?";
+$sql_pred .= ") AND (E.end_time > ?)";
 $sql_params[] = $now;
-$sql_pred .= " AND E.room_id = R.id AND R.area_id = A.id";
+$sql_pred .= " AND (E.room_id = R.id) AND (R.area_id = A.id)";
 
 
 // If we're not an admin (they are allowed to see everything), then we need
@@ -248,9 +248,17 @@
     //   - all bookings, if private_override is set to 'public'
     //   - their own bookings, and others' public bookings if private_override 
is set to 'none'
     //   - just their own bookings, if private_override is set to 'private'
-    $sql_pred .= " AND ((A.private_override='public') OR
-                        (A.private_override='none' AND ((E.status&" . 
STATUS_PRIVATE . "=0) OR E.create_by = ? OR
-                        (A.private_override='private' AND E.create_by = ?))";
+    $sql_pred .= " AND (
+                        (A.private_override='public') OR
+                        (A.private_override='none') AND
+                        (
+                         (E.status&" . STATUS_PRIVATE . "=0) OR
+                         (E.create_by = ?) OR
+                         (
+                          (A.private_override='private') AND (E.create_by = ?)
+                         )
+                        )
+                       )";
     $sql_params[] = $user;
     $sql_params[] = $user;
   }
@@ -259,8 +267,12 @@
     // if the user is not logged in they can see:
     //   - all bookings, if private_override is set to 'public'
     //   - public bookings if private_override is set to 'none'
-    $sql_pred .= " AND ((A.private_override='public') OR
-                        (A.private_override='none' AND (E.status&" . 
STATUS_PRIVATE . "=0)))";
+    $sql_pred .= " AND (
+                        (A.private_override='public') OR
+                        (
+                         (A.private_override='none') AND (E.status&" . 
STATUS_PRIVATE . "=0)
+                        )
+                       )";
   }
 }
 
@@ -312,7 +324,6 @@
     $sql .= " " . sql_syntax_limit($search["count"], $search_pos);
   }
 
-
   // this is a flag to tell us not to display a "Next" link
   $result = sql_query($sql, $sql_params);
   if (! $result)

------------------------------------------------------------------------------
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

[Mrbs-commits] SF.net Hg: hg-code [fb8a5207f03a]: Fixed a few bugs, including a...

Reply via email to