[syslog] Make client log searchable

Closes #3474

1 files changed, 43 insertions, 32 deletions

diff --git a/modules-available/syslog/page.inc.php b/modules-available/syslog/page.inc.php
index 6c1a0a16..6868994e 100644
--- a/modules-available/syslog/page.inc.php
+++ b/modules-available/syslog/page.inc.php
@@ -25,6 +25,17 @@ class Page_SysLog extends Page
 			}
 			Util::redirect('?do=syslog');
 		}
+		if (Request::isPost()) {
+			$search = Request::any('search');
+			$filter = Request::any('filter');
+			$not = Request::any('not', false, 'bool');
+			$machineuuid = Request::any('machineuuid');
+			Session::set('log_search', $search);
+			Session::set('log_filter', $filter);
+			Session::set('log_not', $not);
+			Session::save();
+			Util::redirect('?do=syslog&' . http_build_query(compact('search', 'filter', 'not', 'machineuuid')));
+		}
 		User::assertPermission('*');
 	}
 
@@ -40,63 +51,62 @@ class Page_SysLog extends Page
 		}
 
 		$cutoff = strtotime('-1 month');
-		$res = Database::simpleQuery("SELECT logtypeid, Count(*) AS counter FROM clientlog WHERE dateline > $cutoff GROUP BY logtypeid ORDER BY counter ASC");
+		$res = Database::simpleQuery("SELECT logtypeid, Count(*) AS counter
+			FROM clientlog
+			WHERE dateline > $cutoff
+			GROUP BY logtypeid ORDER BY counter ASC");
 		$types = array();
 		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
 			$types[$row['logtypeid']] = $row;
 		}
-		if (Request::get('filter') !== false) {
+		if (Request::get('filter') !== false || Request::get('search') !== false) {
+			$search = Request::get('search');
 			$filter = Request::get('filter');
-			$not = Request::get('not') ? 'NOT' : '';
-		} elseif (Request::post('filter') !== false) {
-			$filter = Request::post('filter');
-			$not = Request::post('not') ? 'NOT' : '';
-
-			Session::set('log_filter', $filter);
-			Session::set('log_not', $not);
-			Session::save();
+			$not = Request::get('not', false, 'bool');
 		} else {
+			$search = Session::get('log_search');
 			$filter = Session::get('log_filter');
-			$not = Session::get('log_not') ? 'NOT' : '';
+			$not = (bool)Session::get('log_not');
 		}
+		$qArgs = [];
+		$whereClause = '1';
 		if (!empty($filter)) {
-			$filterList = explode(',', $filter);
-			$whereClause = array();
+			$whereClause .= ' AND ( ';
+			if ($not) {
+				$whereClause .= 'NOT ';
+			}
+			$filterList = array_unique(explode(',', $filter));
 			foreach ($filterList as $filterItem) {
-				$filterItem = preg_replace('/[^a-z0-9_\-]/', '', trim($filterItem));
-				if (empty($filterItem) || in_array($filterItem, $whereClause)) continue;
-				$whereClause[] = "'$filterItem'";
 				if (!isset($types[$filterItem])) {
 					$types[$filterItem] = ['logtypeid' => $filterItem, 'counter' => ''];
 				}
 			}
-			if (!empty($whereClause)) $whereClause = ' WHERE logtypeid ' . $not . ' IN (' . implode(', ', $whereClause) . ')';
+			$whereClause .= "logtypeid IN (:typeids) )";
+			$qArgs['typeids'] = $filterList;
+		}
+		if (!empty($search)) {
+			$qArgs['search'] = '%' . str_replace(array('=', '_', '%', '*', '?'), array('==', '=_', '=%', '%', '_'), $search) . '%';
+			$whereClause .= " AND description LIKE :search ESCAPE '='";
 		}
-		if (!isset($whereClause) || empty($whereClause)) $whereClause = '';
 		if (Request::get('machineuuid')) {
-			if (empty($whereClause))
-				$whereClause .= ' WHERE ';
-			else
-				$whereClause .= ' AND ';
-
-			$whereClause .= "machineuuid='" . preg_replace('/[^0-9a-zA-Z\-]/', '', Request::get('machineuuid', '', 'string')) . "'";
+			$whereClause .= " AND machineuuid = :uuid";
+			$qArgs['uuid'] = Request::get('machineuuid', '', 'string');
 		}
 
 		$allowedLocations = User::getAllowedLocations("view");
 		$joinClause = "";
 		if (!in_array(0, $allowedLocations)) {
 			$joinClause = "INNER JOIN machine USING (machineuuid)";
-			if (empty($whereClause))
-				$whereClause .= ' WHERE ';
-			else
-				$whereClause .= ' AND ';
-
-			$whereClause .= 'locationid IN (:allowedLocations)';
+			$whereClause .= ' locationid IN (:allowedLocations)';
+			$qArgs['allowedLocations'] = $allowedLocations;
 		}
 
 		$lines = array();
-		$paginate = new Paginate("SELECT logid, dateline, logtypeid, clientlog.clientip, clientlog.machineuuid, description, extra FROM clientlog $joinClause $whereClause ORDER BY logid DESC", 50);
-		$res = $paginate->exec(array("allowedLocations" => $allowedLocations));
+		$paginate = new Paginate("SELECT logid, dateline, logtypeid, clientlog.clientip, clientlog.machineuuid, description, extra
+			FROM clientlog $joinClause
+			WHERE $whereClause
+			ORDER BY logid DESC", 50);
+		$res = $paginate->exec($qArgs);
 		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
 			$row['date'] = Util::prettyTime($row['dateline']);
 			$row['icon'] = $this->eventToIconName($row['logtypeid']);
@@ -105,6 +115,7 @@ class Page_SysLog extends Page
 
 		$paginate->render('page-syslog', array(
 			'filter'   => $filter,
+			'search'   => $search,
 			'not'      => $not,
 			'list'     => $lines,
 			'types'    => json_encode(array_values($types)),