From 3042447d2a6aa11f56fce48d0b02cba036562cce Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Sat, 8 Jun 2019 10:02:23 -0600 Subject: [PATCH] Update conference_session_details.php --- .../conference_session_details.php | 111 ++++++++++-------- 1 file changed, 62 insertions(+), 49 deletions(-) diff --git a/app/conference_centers/conference_session_details.php b/app/conference_centers/conference_session_details.php index 8d15fe4562..78ee9ed0f6 100644 --- a/app/conference_centers/conference_session_details.php +++ b/app/conference_centers/conference_session_details.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Copyright (C) 2008-2012 All Rights Reserved. + Copyright (C) 2008-2019 All Rights Reserved. Contributor(s): Mark J Crane @@ -46,30 +46,46 @@ require_once "resources/paging.php"; //set variables from the http values - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); - $conference_session_uuid = check_str($_GET["uuid"]); + $order_by = $_GET["order_by"]; + $order = $_GET['order']; + $conference_session_uuid = $_GET["uuid"]; + +//validate order by + if (strlen($order_by) > 0) { + $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); + } + +//validate the order + switch ($order) { + case 'asc': + break; + case 'desc': + break; + default: + $order = ''; + } //add meeting_uuid to a session variable - if (strlen($conference_session_uuid) > 0) { + if (strlen($conference_session_uuid) > 0 && is_uuid($conference_session_uuid)) { $_SESSION['meeting']['session_uuid'] = $conference_session_uuid; } //get the list $sql = "select * from v_conference_sessions "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and conference_session_uuid = '".$_SESSION['meeting']['session_uuid']."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and conference_session_uuid = :conference_session_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['conference_session_uuid'] = $_SESSION['meeting']['session_uuid']; + $database = new database; + $conference_sessions = $database->select($sql, $parameters, 'all'); + foreach ($conference_sessions as $row) { $meeting_uuid = $row["meeting_uuid"]; $recording = $row["recording"]; $start_epoch = $row["start_epoch"]; $end_epoch = $row["end_epoch"]; $profile = $row["profile"]; } - unset ($prep_statement); + unset ($conference_sessions, $parameters); //set the year, month and day based on the session start epoch $tmp_year = date("Y", $start_epoch); @@ -114,50 +130,47 @@ echo " \n"; echo "\n"; - //prepare to page the results - $sql = "select count(*) as num_rows from v_conference_session_details "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and conference_session_uuid = '".$_SESSION['meeting']['session_uuid']."' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $num_rows = $row['num_rows']; - } - else { - $num_rows = '0'; - } - } +//prepare to page the results + $sql = "select count(*) as num_rows from v_conference_session_details "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and conference_session_uuid = :conference_session_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['conference_session_uuid'] = $_SESSION['meeting']['session_uuid']; + $num_rows = $database->select($sql, $parameters, 'column'); + unset($parameters); - //prepare to page the results - $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; - $param = ""; - $page = $_GET['page']; - if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; } - list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page); - $offset = $rows_per_page * $page; +//prepare to page the results + $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; + $param = ''; + $page = $_GET['page']; + if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; } + list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page); + $offset = $rows_per_page * $page; - //get the list - $sql = "select * from v_conference_session_details "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and conference_session_uuid = '".$_SESSION['meeting']['session_uuid']."' "; - if (strlen($order_by) == 0) { - $sql .= "order by start_epoch asc "; - } - else { - $sql .= "order by $order_by $order "; - } - $sql .= "limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $conference_session_details = $prep_statement->fetchAll(); - unset ($prep_statement, $sql); +//get the list + $sql = "select * from v_conference_session_details "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and conference_session_uuid = :conference_session_uuid "; + if (strlen($order_by) == 0) { + $sql .= "order by start_epoch asc "; + } + else { + $sql .= "order by $order_by $order "; + } + $sql .= "limit :rows_per_page offset :offset "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['conference_session_uuid'] = $_SESSION['meeting']['session_uuid']; + $parameters['rows_per_page'] = $rows_per_page; + $parameters['offset'] = $offset; + $conference_session_details = $database->select($sql, $parameters, 'all'); + unset ($parameters); +//show the styles $c = 0; $row_style["0"] = "row_style0"; $row_style["1"] = "row_style1"; +//show the conent echo "\n"; echo "\n"; //echo th_order_by('meeting_uuid', 'Meeting UUID', $order_by, $order);