From c02988270f3917af694fcd5934fffbc3bf7be0f4 Mon Sep 17 00:00:00 2001 From: Emrys Date: Mon, 17 Jun 2019 11:02:14 +0100 Subject: [PATCH 1/2] added new model method 'get_from_public_alias()' --- dashboard_controller.php | 8 +++----- dashboard_model.php | 20 +++++++++++++++++++- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/dashboard_controller.php b/dashboard_controller.php index 39f82b3..4820ee5 100644 --- a/dashboard_controller.php +++ b/dashboard_controller.php @@ -41,10 +41,11 @@ function dashboard_controller() $dashid =(int) get('id'); if ($dashid) { $dash = $dashboard->get($dashid); - } - else if ($session['read']) { + } else if ($session['read']) { if ($route->subaction) $dash = $dashboard->get_from_alias($session['userid'],$route->subaction); else $dash = $dashboard->get_main($session['userid']); + } else { + if ($route->subaction) $dash = $dashboard->get_from_public_alias($route->subaction); } if (isset($dash)){ if ($dash['public'] || ($session['read'] && $session['userid']>0 && $dash['userid']==$session['userid'] && !isset($session['profile']) )) { @@ -54,9 +55,6 @@ function dashboard_controller() $result = view("Modules/dashboard/Views/dashboard_list.php", array('js_css_version'=>$js_css_version)); } } - if ($session['write']) { - $submenu = view("Modules/dashboard/Views/dashboard_menu.php", array('id'=>$dash['id'], 'type'=>"view", 'js_css_version'=>$js_css_version)); - } } else if ($route->action == "edit" && $session['write']) diff --git a/dashboard_model.php b/dashboard_model.php index cbd178a..a50a4c1 100644 --- a/dashboard_model.php +++ b/dashboard_model.php @@ -205,7 +205,25 @@ public function get_from_alias($userid, $alias) $result = $this->mysqli->query("SELECT * FROM dashboard WHERE userid='$userid' and alias='$alias'"); return $result->fetch_array(); } - + /** + * Get the public dashboard from $alias + * return array of fields for found database + * @param string $alias + */ + public function get_from_public_alias($alias) + { + $alias = preg_replace('/[^\p{L}_\p{N}\s\-]/u','',$alias); + // access to public dashboards + if(!empty($alias)) { + $stmt = $this->mysqli->prepare("SELECT * FROM dashboard WHERE alias=?"); + $stmt->bind_param("s",$alias); + $stmt->execute(); + $result = $stmt->get_result(); + $stmt->free_result(); + $stmt->close(); + return $result->fetch_array(); + } + } public function build_menu_array($location) { global $session; From 9e7880ee9a6f23331b2d8dcf84759f777b05d9b3 Mon Sep 17 00:00:00 2001 From: Emrys Date: Mon, 17 Jun 2019 11:59:26 +0100 Subject: [PATCH 2/2] fixed codacy quality review --- dashboard_controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard_controller.php b/dashboard_controller.php index 4820ee5..b496a1b 100644 --- a/dashboard_controller.php +++ b/dashboard_controller.php @@ -44,7 +44,7 @@ function dashboard_controller() } else if ($session['read']) { if ($route->subaction) $dash = $dashboard->get_from_alias($session['userid'],$route->subaction); else $dash = $dashboard->get_main($session['userid']); - } else { + } else if (!$session['read']) { if ($route->subaction) $dash = $dashboard->get_from_public_alias($route->subaction); } if (isset($dash)){