dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update paging.php

This commit is contained in:
FusionPBX 2019-08-10 14:34:18 -06:00 committed by GitHub
parent 76eda582f6
commit 640cecf676
1 changed files with 44 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
resources/paging.php
View File

@ -39,6 +39,40 @@ function paging($num_rows, $param, $rows_per_page, $mini = false, $result_count
$page_number = 0; $page_number = 0;
} }
//sanitize the parameters
$sanitized_parameters = '';
if (isset($param) && strlen($param) > 0) {
$param_array = explode("&", $param);
if (is_array($param_array)) {
foreach($param_array as $row) {
$param_sub_array = explode("=", $row);
$key = preg_replace('#[^a-zA-Z0-9_\-]#', '', $param_sub_array['0']);
$value = urldecode($param_sub_array['1']);
if ($key == 'order_by' && strlen($value) > 0) {
//validate order by
$sanitized_parameters .= "&order_by=". preg_replace('#[^a-zA-Z0-9_\-]#', '', $value);
}
elseif ($key == 'order' && strlen($value) > 0) {
//validate order
switch ($value) {
case 'asc':
$sanitized_parameters .= "&order=asc";
break;
case 'desc':
$sanitized_parameters .= "&order=desc";
break;
}
}
elseif (strlen($value) > 0 && is_numeric($value)) {
$sanitized_parameters .= "&".$key."=".$value;
}
else {
$sanitized_parameters .= "&".$key."=".urlencode($value);
}
}
}
}
//get the offset //get the offset
$offset = ($page_number - 1) * $rows_per_page; $offset = ($page_number - 1) * $rows_per_page;
@ -51,8 +85,8 @@ function paging($num_rows, $param, $rows_per_page, $mini = false, $result_count
$language = new text; $language = new text;
$text = $language->get(); $text = $language->get();
// print the link to access each page //print the link to access each page
$self = $_SERVER['PHP_SELF']; $self = escape($_SERVER['PHP_SELF']);
$nav = ''; $nav = '';
for($page = 1; $page <= $max_page; $page++){ for($page = 1; $page <= $max_page; $page++){
if ($page == $page_number) { if ($page == $page_number) {
@ -64,21 +98,21 @@ function paging($num_rows, $param, $rows_per_page, $mini = false, $result_count
} }
if ($page_number > 0) { if ($page_number > 0) {
$page = $page_number - 1; $page = $page_number - 1;
$prev = "<input class='btn' type='button' value='".$text['button-back']."' alt='".($page+1)."' title='".($page+1)."' onClick=\"window.location = '".$self."?page=$page".$param."';\">\n"; //&#9664; $prev = "<input class='btn' type='button' value='".$text['button-back']."' alt='".($page+1)."' title='".($page+1)."' onClick=\"window.location = '".$self."?page=".$page.$sanitized_parameters."';\">\n"; //&#9664;
$first = "<input class='btn' type='button' value='".$text['button-next']."' onClick=\"window.location = '".$self."?page=1".$param."';\">\n"; //&#9650; $first = "<input class='btn' type='button' value='".$text['button-next']."' onClick=\"window.location = '".$self."?page=1".$sanitized_parameters."';\">\n"; //&#9650;
} }
else { else {
$prev = "<input class='btn' type='button' disabled value='".$text['button-back']."' style='opacity: 0.4; -moz-opacity: 0.4; cursor: default;'>\n"; //&#9664; $prev = "<input class='btn' type='button' disabled value='".$text['button-back']."' style='opacity: 0.4; -moz-opacity: 0.4; cursor: default;'>\n"; //&#9664;
} }
if (($page_number + 1) < $max_page) { if (($page_number + 1) < $max_page) {
$page = $page_number + 1; $page = $page_number + 1;
$next = "<input class='btn' type='button' value='".$text['button-next']."' alt='".($page+1)."' title='".($page+1)."' onClick=\"window.location = '".$self."?page=$page".$param."';\">\n"; //&#9654; $next = "<input class='btn' type='button' value='".$text['button-next']."' alt='".($page+1)."' title='".($page+1)."' onClick=\"window.location = '".$self."?page=".$page.$sanitized_parameters."';\">\n"; //&#9654;
$last = "<input class='btn' type='button' value='".$text['button-back']."' onClick=\"window.location = '".$self."?page=$max_page".$param."';\">\n"; //&#9660; $last = "<input class='btn' type='button' value='".$text['button-back']."' onClick=\"window.location = '".$self."?page=".$max_page.$sanitized_parameters."';\">\n"; //&#9660;
} }
else { else {
$last = "<input class='btn' type='button' value='".$text['button-next']."' onClick=\"window.location = '".$self."?page=$max_page".$param."';\">\n"; //&#9660; $last = "<input class='btn' type='button' value='".$text['button-next']."' onClick=\"window.location = '".$self."?page=".$max_page.$sanitized_parameters."';\">\n"; //&#9660;
$next = "<input class='btn' type='button' disabled value='".$text['button-next']."' style='opacity: 0.4; -moz-opacity: 0.4; cursor: default;'>\n"; //&#9654; $next = "<input class='btn' type='button' disabled value='".$text['button-next']."' style='opacity: 0.4; -moz-opacity: 0.4; cursor: default;'>\n"; //&#9654;
} }
@ -123,7 +157,7 @@ function paging($num_rows, $param, $rows_per_page, $mini = false, $result_count
"// action to peform when enter is hit\n". "// action to peform when enter is hit\n".
"if (page_num < 1) { page_num = 1; }\n". "if (page_num < 1) { page_num = 1; }\n".
"if (page_num > ".$max_page.") { page_num = ".$max_page."; }\n". "if (page_num > ".$max_page.") { page_num = ".$max_page."; }\n".
"document.location.href = '".$self."?page='+(--page_num)+'".$param."';\n". "document.location.href = '".$self."?page='+(--page_num)+'".$sanitized_parameters."';\n".
"}\n". "}\n".
"}\n". "}\n".
"</script>\n"; "</script>\n";