dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update conference_controls.php (#4245)

This commit is contained in:
AlexanderDCrane 2019-06-03 10:54:38 -06:00 committed by FusionPBX
parent 57c0c95ac0
commit 136807335a
1 changed files with 28 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
app/conference_controls/conference_controls.php
View File

@ -22,12 +22,27 @@
$order_by = check_str($_GET["order_by"]);
$order = check_str($_GET["order"]);
//validate order by
if (strlen($order_by) > 0) {
$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
}
//validate the order
switch ($order) {
case 'asc':
break;
case 'desc':
break;
default:
$order = '';
}
//add the search term
$search = strtolower(check_str($_GET["search"]));
if (strlen($search) > 0) {
$sql_search = "where (";
$sql_search .= "lower(control_name) like '%".$search."%' ";
$sql_search .= "or lower(control_description) like '%".$search."%' ";
$sql_search .= "lower(control_name) like :search ";
$sql_search .= "or lower(control_description) like :search ";
$sql_search .= ") ";
}
@ -39,18 +54,11 @@
$sql = "select count(conference_control_uuid) as num_rows ";
$sql .= "from v_conference_controls";
$sql .= $sql_search;
if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
$prep_statement = $db->prepare($sql);
if ($prep_statement) {
$prep_statement->execute();
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
if ($row['num_rows'] > 0) {
$num_rows = $row['num_rows'];
}
else {
$num_rows = '0';
}
if (strlen($search) > 0) {
$parameters['search'] = '%'.$search.'%';
}
$database = new database;
$row = $database->select($sql, $parameters, 'all');
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@ -62,14 +70,15 @@
//get the list
$sql = "select * from v_conference_controls ";
//$sql .= "where domain_uuid = '".$_SESSION["domain_uuid"]."' ";
//$sql .= "where domain_uuid = :domain_uuid ";
$sql .= $sql_search;
if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
$sql .= "limit $rows_per_page offset $offset ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
unset ($prep_statement, $sql);
$sql .= "limit :rows_per_page offset :offset ";
//$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['rows_per_page'] = $rows_per_page;
$parameters['offset'] = $offset;
$database = new database;
$result = $database->select($sql, $parameters, 'all');
//alternate the row style
$c = 0;