summaryrefslogtreecommitdiffstats
path: root/modules-available/dozmod/pages/actionlog.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules-available/dozmod/pages/actionlog.inc.php')
-rw-r--r--modules-available/dozmod/pages/actionlog.inc.php124
1 files changed, 69 insertions, 55 deletions
diff --git a/modules-available/dozmod/pages/actionlog.inc.php b/modules-available/dozmod/pages/actionlog.inc.php
index a014ddf7..182198c2 100644
--- a/modules-available/dozmod/pages/actionlog.inc.php
+++ b/modules-available/dozmod/pages/actionlog.inc.php
@@ -11,7 +11,7 @@ class SubPage
User::assertPermission("actionlog.view");
self::$action = Request::get('action', '', 'string');
if (self::$action !== '' && self::$action !== 'showtarget' && self::$action !== 'showuser') {
- Util::traceError('Invalid action for actionlog: "' . self::$action . '"');
+ ErrorHandler::traceError('Invalid action for actionlog: "' . self::$action . '"');
}
self::$uuid = Request::get('uuid', '', 'string');
}
@@ -20,15 +20,15 @@ class SubPage
{
Render::addTemplate('actionlog-header');
if (self::$action === '') {
- self::generateLog("SELECT al.dateline, al.targetid, al.description,"
- . " img.displayname AS imgname, tu.firstname AS tfirstname, tu.lastname AS tlastname, l.displayname AS lecturename,"
- . " al.userid AS uuserid, usr.firstname AS ufirstname, usr.lastname AS ulastname"
- . " FROM sat.actionlog al"
- . " LEFT JOIN sat.imagebase img ON (img.imagebaseid = targetid)"
- . " LEFT JOIN sat.user usr ON (usr.userid = al.userid)"
- . " LEFT JOIN sat.user tu ON (tu.userid = al.targetid)"
- . " LEFT JOIN sat.lecture l ON (l.lectureid = targetid)"
- . " ORDER BY al.dateline DESC LIMIT 500", array(), true, true);
+ self::generateLog("SELECT al.dateline, al.targetid, al.description,
+ img.displayname AS imgname, tu.firstname AS tfirstname, tu.lastname AS tlastname, l.displayname AS lecturename,
+ al.userid AS uuserid, usr.firstname AS ufirstname, usr.lastname AS ulastname
+ FROM sat.actionlog al
+ LEFT JOIN sat.imagebase img ON (img.imagebaseid = targetid)
+ LEFT JOIN sat.user usr ON (usr.userid = al.userid)
+ LEFT JOIN sat.user tu ON (tu.userid = al.targetid)
+ LEFT JOIN sat.lecture l ON (l.lectureid = targetid)
+ ORDER BY al.dateline DESC LIMIT 500", array(), true, true);
} elseif (self::$action === 'showuser') {
self::listUser();
} else {
@@ -39,11 +39,11 @@ class SubPage
private static function listUser()
{
// Query user
- $user = Database::queryFirst('SELECT userid, firstname, lastname, email, lastlogin,'
- . ' organization.displayname AS orgname FROM sat.user'
- . ' LEFT JOIN sat.organization USING (organizationid)'
- . ' WHERE userid = :uuid'
- . ' LIMIT 1', array('uuid' => self::$uuid));
+ $user = Database::queryFirst('SELECT userid, firstname, lastname, email, lastlogin,
+ organization.displayname AS orgname FROM sat.user
+ LEFT JOIN sat.organization USING (organizationid)
+ WHERE userid = :uuid
+ LIMIT 1', array('uuid' => self::$uuid));
if ($user === false) {
Message::addError('unknown-userid', self::$uuid);
Util::redirect('?do=dozmod&section=actionlog');
@@ -52,14 +52,14 @@ class SubPage
$user['lastlogin_s'] = date('d.m.Y H:i', $user['lastlogin']);
Render::addTemplate('actionlog-user', $user);
// Finally add the actionlog
- self::generateLog("SELECT al.dateline, al.targetid, al.description,"
- . " img.displayname AS imgname, usr.firstname AS tfirstname, usr.lastname AS tlastname, l.displayname AS lecturename"
- . " FROM sat.actionlog al"
- . " LEFT JOIN sat.imagebase img ON (img.imagebaseid = targetid)"
- . " LEFT JOIN sat.user usr ON (usr.userid = targetid)"
- . " LEFT JOIN sat.lecture l ON (l.lectureid = targetid)"
- . " WHERE al.userid = :uuid"
- . " ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), false, true);
+ self::generateLog("SELECT al.dateline, al.targetid, al.description,
+ img.displayname AS imgname, usr.firstname AS tfirstname, usr.lastname AS tlastname, l.displayname AS lecturename
+ FROM sat.actionlog al
+ LEFT JOIN sat.imagebase img ON (img.imagebaseid = targetid)
+ LEFT JOIN sat.user usr ON (usr.userid = targetid)
+ LEFT JOIN sat.lecture l ON (l.lectureid = targetid)
+ WHERE al.userid = :uuid
+ ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), false, true);
}
private static function listTarget()
@@ -72,54 +72,68 @@ class SubPage
}
// Finally add the actionlog
- self::generateLog("SELECT al.dateline, al.userid AS uuserid, al.description,"
- . " usr.firstname AS ufirstname, usr.lastname AS ulastname"
- . " FROM sat.actionlog al"
- . " LEFT JOIN sat.user usr ON (usr.userid = al.userid)"
- . " WHERE al.targetid = :uuid"
- . " ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), true, false);
+ self::generateLog("SELECT al.dateline, al.userid AS uuserid, al.description,
+ usr.firstname AS ufirstname, usr.lastname AS ulastname
+ FROM sat.actionlog al
+ LEFT JOIN sat.user usr ON (usr.userid = al.userid)
+ WHERE al.targetid = :uuid
+ ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), true, false);
}
- private static function addImageHeader()
+ private static function mangleHtml($desc)
{
- $image = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname,'
- . ' u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname,'
- . ' img.displayname, img.description, img.createtime, img.updatetime,'
- . ' os.displayname AS osname'
- . ' FROM sat.imagebase img'
- . ' LEFT JOIN sat.user o ON (img.ownerid = o.userid)'
- . ' LEFT JOIN sat.user u ON (img.updaterid = u.userid)'
- . ' LEFT JOIN sat.operatingsystem os ON (img.osid = os.osid)'
- . ' WHERE img.imagebaseid = :uuid'
- . ' LIMIT 1', array('uuid' => self::$uuid));
+ if (substr($desc, 0, 5) === '<html') {
+ $desc = strip_tags($desc,
+ '<strong><b><i><u><ul><li><font><span><p><div><hr><h1><h2><h3><h4><h5><h6>');
+ $desc = preg_replace('/\b(on\w+|style)[\s\r\n]*=[\s\r\n]*(\'.*?\'|".*?"|[^\'"]\S*)/si', '', $desc);
+ } else {
+ $desc = nl2br(htmlspecialchars($desc));
+ }
+ return $desc;
+ }
+
+ private static function addImageHeader(): bool
+ {
+ $image = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname,
+ u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname,
+ img.displayname, img.description, img.createtime, img.updatetime,
+ os.displayname AS osname
+ FROM sat.imagebase img
+ LEFT JOIN sat.user o ON (img.ownerid = o.userid)
+ LEFT JOIN sat.user u ON (img.updaterid = u.userid)
+ LEFT JOIN sat.operatingsystem os ON (img.osid = os.osid)
+ WHERE img.imagebaseid = :uuid
+ LIMIT 1', array('uuid' => self::$uuid));
if ($image !== false) {
// Mangle date and render
$image['createtime_s'] = date('d.m.Y H:i', $image['createtime']);
$image['updatetime_s'] = date('d.m.Y H:i', $image['updatetime']);
- $image['descriptionHtml'] = nl2br(htmlspecialchars($image['description']));
+ $image['descriptionHtml'] = self::mangleHtml($image['description']);
Render::addTemplate('actionlog-image', $image);
}
return $image !== false;
}
- private static function addLectureHeader()
+ private static function addLectureHeader(): bool
{
- $lecture = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname,'
- . ' u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname,'
- . ' l.displayname, l.description, l.createtime, l.updatetime,'
- . ' img.displayname AS imgname, img.imagebaseid'
- . ' FROM sat.lecture l'
- . ' LEFT JOIN sat.user o ON (l.ownerid = o.userid)'
- . ' LEFT JOIN sat.user u ON (l.updaterid = u.userid)'
- . ' LEFT JOIN sat.imageversion ver ON (ver.imageversionid = l.imageversionid)'
- . ' LEFT JOIN sat.imagebase img ON (img.imagebaseid = ver.imagebaseid)'
- . ' WHERE l.lectureid = :uuid'
- . ' LIMIT 1', array('uuid' => self::$uuid));
+ $lecture = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname,
+ u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname,
+ l.displayname, l.description, l.createtime, l.updatetime, l.usecount, l.lastused,
+ img.displayname AS imgname, img.imagebaseid
+ FROM sat.lecture l
+ LEFT JOIN sat.user o ON (l.ownerid = o.userid)
+ LEFT JOIN sat.user u ON (l.updaterid = u.userid)
+ LEFT JOIN sat.imageversion ver ON (ver.imageversionid = l.imageversionid)
+ LEFT JOIN sat.imagebase img ON (img.imagebaseid = ver.imagebaseid)
+ WHERE l.lectureid = :uuid
+ LIMIT 1', array('uuid' => self::$uuid));
if ($lecture !== false) {
// Mangle date and render
$lecture['createtime_s'] = date('d.m.Y H:i', $lecture['createtime']);
$lecture['updatetime_s'] = date('d.m.Y H:i', $lecture['updatetime']);
- $lecture['descriptionHtml'] = nl2br(htmlspecialchars($lecture['description']));
+ $lecture['lastused_s'] = date('d.m.Y H:i', $lecture['lastused']);
+
+ $lecture['descriptionHtml'] = self::mangleHtml($lecture['description']);
Render::addTemplate('actionlog-lecture', $lecture);
}
return $lecture !== false;
@@ -130,7 +144,7 @@ class SubPage
// query action log
$res = Database::simpleQuery($query, $params);
$events = array();
- while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ foreach ($res as $row) {
$row['dateline_s'] = date('d.m.Y H:i', $row['dateline']);
if (isset($row['imgname'])) {
$row['targeturl'] = '?do=dozmod&section=actionlog&action=showtarget&uuid=' . $row['targetid'];
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-05 01:09:32 +0200