1 files changed, 49 insertions, 35 deletions

diff --git a/modules-available/syslog/page.inc.php b/modules-available/syslog/page.inc.php
index 6c1a0a16..401d9dd8 100644
--- a/modules-available/syslog/page.inc.php
+++ b/modules-available/syslog/page.inc.php
@@ -25,6 +25,20 @@ class Page_SysLog extends Page
 			}
 			Util::redirect('?do=syslog');
 		}
+		if (Request::isPost()) {
+			$pairs = [];
+			foreach (['search', 'filter', 'not', 'machineuuid'] as $key) {
+				$val = Request::any($key, false, 'string');
+				if (!empty($val)) {
+					if ($key === 'not') {
+						$val = (bool)$val;
+					}
+					$pairs[$key] = $val;
+				}
+				Session::set('log_' . $key, $pairs[$key] ?? false, false);
+			}
+			Util::redirect('?do=syslog&' . http_build_query($pairs));
+		}
 		User::assertPermission('*');
 	}
 
@@ -40,64 +54,63 @@ class Page_SysLog extends Page
 		}
 
 		$cutoff = strtotime('-1 month');
-		$res = Database::simpleQuery("SELECT logtypeid, Count(*) AS counter FROM clientlog WHERE dateline > $cutoff GROUP BY logtypeid ORDER BY counter ASC");
+		$res = Database::simpleQuery("SELECT logtypeid, Count(*) AS counter
+			FROM clientlog
+			WHERE dateline > $cutoff
+			GROUP BY logtypeid ORDER BY counter ASC");
 		$types = array();
-		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+		foreach ($res as $row) {
 			$types[$row['logtypeid']] = $row;
 		}
-		if (Request::get('filter') !== false) {
+		if (Request::get('filter') !== false || Request::get('search') !== false) {
+			$search = Request::get('search');
 			$filter = Request::get('filter');
-			$not = Request::get('not') ? 'NOT' : '';
-		} elseif (Request::post('filter') !== false) {
-			$filter = Request::post('filter');
-			$not = Request::post('not') ? 'NOT' : '';
-
-			Session::set('log_filter', $filter);
-			Session::set('log_not', $not);
-			Session::save();
+			$not = Request::get('not', false, 'bool');
 		} else {
+			$search = Session::get('log_search');
 			$filter = Session::get('log_filter');
-			$not = Session::get('log_not') ? 'NOT' : '';
+			$not = (bool)Session::get('log_not');
 		}
+		$qArgs = [];
+		$whereClause = '1';
 		if (!empty($filter)) {
-			$filterList = explode(',', $filter);
-			$whereClause = array();
+			$whereClause .= ' AND ( ';
+			if ($not) {
+				$whereClause .= 'NOT ';
+			}
+			$filterList = array_unique(explode(',', $filter));
 			foreach ($filterList as $filterItem) {
-				$filterItem = preg_replace('/[^a-z0-9_\-]/', '', trim($filterItem));
-				if (empty($filterItem) || in_array($filterItem, $whereClause)) continue;
-				$whereClause[] = "'$filterItem'";
 				if (!isset($types[$filterItem])) {
 					$types[$filterItem] = ['logtypeid' => $filterItem, 'counter' => ''];
 				}
 			}
-			if (!empty($whereClause)) $whereClause = ' WHERE logtypeid ' . $not . ' IN (' . implode(', ', $whereClause) . ')';
+			$whereClause .= "logtypeid IN (:typeids) )";
+			$qArgs['typeids'] = $filterList;
+		}
+		if (!empty($search)) {
+			$qArgs['search'] = '%' . str_replace(array('=', '_', '%', '*', '?'), array('==', '=_', '=%', '%', '_'), $search) . '%';
+			$whereClause .= " AND description LIKE :search ESCAPE '='";
 		}
-		if (!isset($whereClause) || empty($whereClause)) $whereClause = '';
 		if (Request::get('machineuuid')) {
-			if (empty($whereClause))
-				$whereClause .= ' WHERE ';
-			else
-				$whereClause .= ' AND ';
-
-			$whereClause .= "machineuuid='" . preg_replace('/[^0-9a-zA-Z\-]/', '', Request::get('machineuuid', '', 'string')) . "'";
+			$whereClause .= " AND machineuuid = :uuid";
+			$qArgs['uuid'] = Request::get('machineuuid', '', 'string');
 		}
 
 		$allowedLocations = User::getAllowedLocations("view");
 		$joinClause = "";
 		if (!in_array(0, $allowedLocations)) {
 			$joinClause = "INNER JOIN machine USING (machineuuid)";
-			if (empty($whereClause))
-				$whereClause .= ' WHERE ';
-			else
-				$whereClause .= ' AND ';
-
-			$whereClause .= 'locationid IN (:allowedLocations)';
+			$whereClause .= ' AND locationid IN (:allowedLocations)';
+			$qArgs['allowedLocations'] = $allowedLocations;
 		}
 
 		$lines = array();
-		$paginate = new Paginate("SELECT logid, dateline, logtypeid, clientlog.clientip, clientlog.machineuuid, description, extra FROM clientlog $joinClause $whereClause ORDER BY logid DESC", 50);
-		$res = $paginate->exec(array("allowedLocations" => $allowedLocations));
-		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+		$paginate = new Paginate("SELECT logid, dateline, logtypeid, clientlog.clientip, clientlog.machineuuid, description, extra
+			FROM clientlog $joinClause
+			WHERE $whereClause
+			ORDER BY logid DESC", 50);
+		$res = $paginate->exec($qArgs);
+		foreach ($res as $row) {
 			$row['date'] = Util::prettyTime($row['dateline']);
 			$row['icon'] = $this->eventToIconName($row['logtypeid']);
 			$lines[] = $row;
@@ -105,6 +118,7 @@ class Page_SysLog extends Page
 
 		$paginate->render('page-syslog', array(
 			'filter'   => $filter,
+			'search'   => $search,
 			'not'      => $not,
 			'list'     => $lines,
 			'types'    => json_encode(array_values($types)),
@@ -112,7 +126,7 @@ class Page_SysLog extends Page
 		));
 	}
 
-	private function eventToIconName($event)
+	private function eventToIconName(string $event): string
 	{
 		switch ($event) {
 		case 'session-open':