diff options
Diffstat (limited to 'modules-available/dozmod/pages/actionlog.inc.php')
-rw-r--r-- | modules-available/dozmod/pages/actionlog.inc.php | 124 |
1 files changed, 69 insertions, 55 deletions
diff --git a/modules-available/dozmod/pages/actionlog.inc.php b/modules-available/dozmod/pages/actionlog.inc.php index a014ddf7..182198c2 100644 --- a/modules-available/dozmod/pages/actionlog.inc.php +++ b/modules-available/dozmod/pages/actionlog.inc.php @@ -11,7 +11,7 @@ class SubPage User::assertPermission("actionlog.view"); self::$action = Request::get('action', '', 'string'); if (self::$action !== '' && self::$action !== 'showtarget' && self::$action !== 'showuser') { - Util::traceError('Invalid action for actionlog: "' . self::$action . '"'); + ErrorHandler::traceError('Invalid action for actionlog: "' . self::$action . '"'); } self::$uuid = Request::get('uuid', '', 'string'); } @@ -20,15 +20,15 @@ class SubPage { Render::addTemplate('actionlog-header'); if (self::$action === '') { - self::generateLog("SELECT al.dateline, al.targetid, al.description," - . " img.displayname AS imgname, tu.firstname AS tfirstname, tu.lastname AS tlastname, l.displayname AS lecturename," - . " al.userid AS uuserid, usr.firstname AS ufirstname, usr.lastname AS ulastname" - . " FROM sat.actionlog al" - . " LEFT JOIN sat.imagebase img ON (img.imagebaseid = targetid)" - . " LEFT JOIN sat.user usr ON (usr.userid = al.userid)" - . " LEFT JOIN sat.user tu ON (tu.userid = al.targetid)" - . " LEFT JOIN sat.lecture l ON (l.lectureid = targetid)" - . " ORDER BY al.dateline DESC LIMIT 500", array(), true, true); + self::generateLog("SELECT al.dateline, al.targetid, al.description, + img.displayname AS imgname, tu.firstname AS tfirstname, tu.lastname AS tlastname, l.displayname AS lecturename, + al.userid AS uuserid, usr.firstname AS ufirstname, usr.lastname AS ulastname + FROM sat.actionlog al + LEFT JOIN sat.imagebase img ON (img.imagebaseid = targetid) + LEFT JOIN sat.user usr ON (usr.userid = al.userid) + LEFT JOIN sat.user tu ON (tu.userid = al.targetid) + LEFT JOIN sat.lecture l ON (l.lectureid = targetid) + ORDER BY al.dateline DESC LIMIT 500", array(), true, true); } elseif (self::$action === 'showuser') { self::listUser(); } else { @@ -39,11 +39,11 @@ class SubPage private static function listUser() { // Query user - $user = Database::queryFirst('SELECT userid, firstname, lastname, email, lastlogin,' - . ' organization.displayname AS orgname FROM sat.user' - . ' LEFT JOIN sat.organization USING (organizationid)' - . ' WHERE userid = :uuid' - . ' LIMIT 1', array('uuid' => self::$uuid)); + $user = Database::queryFirst('SELECT userid, firstname, lastname, email, lastlogin, + organization.displayname AS orgname FROM sat.user + LEFT JOIN sat.organization USING (organizationid) + WHERE userid = :uuid + LIMIT 1', array('uuid' => self::$uuid)); if ($user === false) { Message::addError('unknown-userid', self::$uuid); Util::redirect('?do=dozmod§ion=actionlog'); @@ -52,14 +52,14 @@ class SubPage $user['lastlogin_s'] = date('d.m.Y H:i', $user['lastlogin']); Render::addTemplate('actionlog-user', $user); // Finally add the actionlog - self::generateLog("SELECT al.dateline, al.targetid, al.description," - . " img.displayname AS imgname, usr.firstname AS tfirstname, usr.lastname AS tlastname, l.displayname AS lecturename" - . " FROM sat.actionlog al" - . " LEFT JOIN sat.imagebase img ON (img.imagebaseid = targetid)" - . " LEFT JOIN sat.user usr ON (usr.userid = targetid)" - . " LEFT JOIN sat.lecture l ON (l.lectureid = targetid)" - . " WHERE al.userid = :uuid" - . " ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), false, true); + self::generateLog("SELECT al.dateline, al.targetid, al.description, + img.displayname AS imgname, usr.firstname AS tfirstname, usr.lastname AS tlastname, l.displayname AS lecturename + FROM sat.actionlog al + LEFT JOIN sat.imagebase img ON (img.imagebaseid = targetid) + LEFT JOIN sat.user usr ON (usr.userid = targetid) + LEFT JOIN sat.lecture l ON (l.lectureid = targetid) + WHERE al.userid = :uuid + ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), false, true); } private static function listTarget() @@ -72,54 +72,68 @@ class SubPage } // Finally add the actionlog - self::generateLog("SELECT al.dateline, al.userid AS uuserid, al.description," - . " usr.firstname AS ufirstname, usr.lastname AS ulastname" - . " FROM sat.actionlog al" - . " LEFT JOIN sat.user usr ON (usr.userid = al.userid)" - . " WHERE al.targetid = :uuid" - . " ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), true, false); + self::generateLog("SELECT al.dateline, al.userid AS uuserid, al.description, + usr.firstname AS ufirstname, usr.lastname AS ulastname + FROM sat.actionlog al + LEFT JOIN sat.user usr ON (usr.userid = al.userid) + WHERE al.targetid = :uuid + ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), true, false); } - private static function addImageHeader() + private static function mangleHtml($desc) { - $image = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname,' - . ' u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname,' - . ' img.displayname, img.description, img.createtime, img.updatetime,' - . ' os.displayname AS osname' - . ' FROM sat.imagebase img' - . ' LEFT JOIN sat.user o ON (img.ownerid = o.userid)' - . ' LEFT JOIN sat.user u ON (img.updaterid = u.userid)' - . ' LEFT JOIN sat.operatingsystem os ON (img.osid = os.osid)' - . ' WHERE img.imagebaseid = :uuid' - . ' LIMIT 1', array('uuid' => self::$uuid)); + if (substr($desc, 0, 5) === '<html') { + $desc = strip_tags($desc, + '<strong><b><i><u><ul><li><font><span><p><div><hr><h1><h2><h3><h4><h5><h6>'); + $desc = preg_replace('/\b(on\w+|style)[\s\r\n]*=[\s\r\n]*(\'.*?\'|".*?"|[^\'"]\S*)/si', '', $desc); + } else { + $desc = nl2br(htmlspecialchars($desc)); + } + return $desc; + } + + private static function addImageHeader(): bool + { + $image = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname, + u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname, + img.displayname, img.description, img.createtime, img.updatetime, + os.displayname AS osname + FROM sat.imagebase img + LEFT JOIN sat.user o ON (img.ownerid = o.userid) + LEFT JOIN sat.user u ON (img.updaterid = u.userid) + LEFT JOIN sat.operatingsystem os ON (img.osid = os.osid) + WHERE img.imagebaseid = :uuid + LIMIT 1', array('uuid' => self::$uuid)); if ($image !== false) { // Mangle date and render $image['createtime_s'] = date('d.m.Y H:i', $image['createtime']); $image['updatetime_s'] = date('d.m.Y H:i', $image['updatetime']); - $image['descriptionHtml'] = nl2br(htmlspecialchars($image['description'])); + $image['descriptionHtml'] = self::mangleHtml($image['description']); Render::addTemplate('actionlog-image', $image); } return $image !== false; } - private static function addLectureHeader() + private static function addLectureHeader(): bool { - $lecture = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname,' - . ' u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname,' - . ' l.displayname, l.description, l.createtime, l.updatetime,' - . ' img.displayname AS imgname, img.imagebaseid' - . ' FROM sat.lecture l' - . ' LEFT JOIN sat.user o ON (l.ownerid = o.userid)' - . ' LEFT JOIN sat.user u ON (l.updaterid = u.userid)' - . ' LEFT JOIN sat.imageversion ver ON (ver.imageversionid = l.imageversionid)' - . ' LEFT JOIN sat.imagebase img ON (img.imagebaseid = ver.imagebaseid)' - . ' WHERE l.lectureid = :uuid' - . ' LIMIT 1', array('uuid' => self::$uuid)); + $lecture = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname, + u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname, + l.displayname, l.description, l.createtime, l.updatetime, l.usecount, l.lastused, + img.displayname AS imgname, img.imagebaseid + FROM sat.lecture l + LEFT JOIN sat.user o ON (l.ownerid = o.userid) + LEFT JOIN sat.user u ON (l.updaterid = u.userid) + LEFT JOIN sat.imageversion ver ON (ver.imageversionid = l.imageversionid) + LEFT JOIN sat.imagebase img ON (img.imagebaseid = ver.imagebaseid) + WHERE l.lectureid = :uuid + LIMIT 1', array('uuid' => self::$uuid)); if ($lecture !== false) { // Mangle date and render $lecture['createtime_s'] = date('d.m.Y H:i', $lecture['createtime']); $lecture['updatetime_s'] = date('d.m.Y H:i', $lecture['updatetime']); - $lecture['descriptionHtml'] = nl2br(htmlspecialchars($lecture['description'])); + $lecture['lastused_s'] = date('d.m.Y H:i', $lecture['lastused']); + + $lecture['descriptionHtml'] = self::mangleHtml($lecture['description']); Render::addTemplate('actionlog-lecture', $lecture); } return $lecture !== false; @@ -130,7 +144,7 @@ class SubPage // query action log $res = Database::simpleQuery($query, $params); $events = array(); - while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + foreach ($res as $row) { $row['dateline_s'] = date('d.m.Y H:i', $row['dateline']); if (isset($row['imgname'])) { $row['targeturl'] = '?do=dozmod§ion=actionlog&action=showtarget&uuid=' . $row['targetid']; |