From 107124d525708de86163dd877d819dda63f96627 Mon Sep 17 00:00:00 2001 From: Adi Mihaila Date: Thu, 13 Jul 2023 09:39:30 +0300 Subject: [PATCH 1/3] Add slashes to the filter value to prevent invalid MySQL statements when the query has special characters --- src/api/TotalRecordsController.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/api/TotalRecordsController.php b/src/api/TotalRecordsController.php index 428365a..fbcdcb1 100644 --- a/src/api/TotalRecordsController.php +++ b/src/api/TotalRecordsController.php @@ -55,17 +55,17 @@ public function handle(NovaRequest $request) $filter = $seriesData->filter; $labelList[$seriesKey] = $seriesData->label; if(empty($filter->value)&&isset($filter->operator)&&($filter->operator=='IS NULL' || $filter->operator=='IS NOT NULL')) { - $seriesSql .= ", SUM(CASE WHEN ".$filter->key." ".$filter->operator." then ".$calculation." else 0 end) as \"".$labelList[$seriesKey]."\""; + $seriesSql .= ", SUM(CASE WHEN ".$filter->key." ".$filter->operator." then ".$calculation." else 0 end) as \"".addslashes($labelList[$seriesKey])."\""; } else if(empty($filter->value)){ $seriesSql .= ", SUM(CASE WHEN "; $countFilter = count($filter); foreach($filter as $keyFilter => $listFilter){ - $seriesSql .= " ".$listFilter->key." ".($listFilter->operator ?? "=")." '".$listFilter->value."' "; + $seriesSql .= " ".$listFilter->key." ".($listFilter->operator ?? "=")." '".addslashes($listFilter->value)."' "; $seriesSql .= $countFilter-1 != $keyFilter ? " AND " : ""; } - $seriesSql .= "then ".$calculation." else 0 end) as \"".$labelList[$seriesKey]."\""; + $seriesSql .= "then ".$calculation." else 0 end) as \"".addslashes($labelList[$seriesKey])."\""; } else { - $seriesSql .= ", SUM(CASE WHEN ".$filter->key." ".($filter->operator ?? "=")." '".$filter->value."' then ".$calculation." else 0 end) as \"".$labelList[$seriesKey]."\""; + $seriesSql .= ", SUM(CASE WHEN ".$filter->key." ".($filter->operator ?? "=")." '".addslashes($filter->value)."' then ".$calculation." else 0 end) as \"".addslashes($labelList[$seriesKey])."\""; } } } From d11a77ead1104c15c1ffc7da83094b0dd5b4f364 Mon Sep 17 00:00:00 2001 From: Adi Mihaila Date: Thu, 18 Apr 2024 17:33:28 +0300 Subject: [PATCH 2/3] Fix casting JSON to object issue --- src/api/TotalRecordsController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/api/TotalRecordsController.php b/src/api/TotalRecordsController.php index d1db5a2..1e53386 100644 --- a/src/api/TotalRecordsController.php +++ b/src/api/TotalRecordsController.php @@ -55,7 +55,7 @@ public function handle(NovaRequest $request) $defaultColor = array("rgba($brandColor, 1)", "#ffcc5c","#91e8e1","#ff6f69","#88d8b0","#b088d8","#d8b088", "#88b0d8", "#6f69ff","#7cb5ec","#434348","#90ed7d","#8085e9","#f7a35c","#f15c80","#e4d354","#2b908f","#f45b5b","#91e8e1","#E27D60","#85DCB","#E8A87C","#C38D9E","#41B3A3","#67c4a7","#992667","#ff4040","#ff7373","#d2d2d2"); if(isset($request->series)){ foreach($request->series as $seriesKey => $serieslist){ - $seriesData = (object) $serieslist; + $seriesData = (object) (is_array($serieslist) ? $serieslist : json_decode($serieslist, true)); $filter = (object) $seriesData->filter; $labelList[$seriesKey] = $seriesData->label; if(empty($filter->value)&&isset($filter->operator)&&($filter->operator=='IS NULL' || $filter->operator=='IS NOT NULL')) { @@ -64,7 +64,7 @@ public function handle(NovaRequest $request) $seriesSql .= ", SUM(CASE WHEN "; $countFilter = count((array) $filter); foreach($filter as $keyFilter => $listFilter){ - $listFilter = (object) $listFilter; + $listFilter = (object) (is_array($listFilter) ? $listFilter : json_decode($listFilter, true)); $seriesSql .= " ".$listFilter->key." ".($listFilter->operator ?? "=")." '".addslashes($listFilter->value)."' "; $seriesSql .= $countFilter-1 != $keyFilter ? " AND " : ""; } @@ -238,7 +238,7 @@ public function handle(NovaRequest $request) if(isset($request->series)){ $countKey = 0; foreach($request->series as $sKey => $sData){ - $dataSeries = (object) $sData; + $dataSeries = (object) (is_array($sData) ? $sData : json_decode($sData, true)); $filter = (object) $dataSeries->filter; $yAxis[$sKey]['label'] = $dataSeries->label; if(isset($dataSeries->fill)){ From 172f430a1edbaf104664214097011a2738948419 Mon Sep 17 00:00:00 2001 From: Adi Mihaila Date: Fri, 18 Oct 2024 15:56:54 +0300 Subject: [PATCH 3/3] Use OR instead of AND when there are multiple filters for the same series --- src/api/TotalRecordsController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/TotalRecordsController.php b/src/api/TotalRecordsController.php index 1e53386..db37f18 100644 --- a/src/api/TotalRecordsController.php +++ b/src/api/TotalRecordsController.php @@ -66,7 +66,7 @@ public function handle(NovaRequest $request) foreach($filter as $keyFilter => $listFilter){ $listFilter = (object) (is_array($listFilter) ? $listFilter : json_decode($listFilter, true)); $seriesSql .= " ".$listFilter->key." ".($listFilter->operator ?? "=")." '".addslashes($listFilter->value)."' "; - $seriesSql .= $countFilter-1 != $keyFilter ? " AND " : ""; + $seriesSql .= $countFilter-1 != $keyFilter ? " OR " : ""; } $seriesSql .= "then ".$calculation." else 0 end) as \"".addslashes($labelList[$seriesKey])."\""; } else {