mirror of
https://github.com/fusionpbx/fusionpbx.git
synced 2026-01-06 19:53:56 +00:00
Update voicemails.php
Uppercase the SQL, cast voicemail id as text, and add sterilize user data.
This commit is contained in:
FusionPBX
@@ -23,24 +23,34 @@
|
|||||||
Contributor(s):
|
Contributor(s):
|
||||||
Mark J Crane <markjcrane@fusionpbx.com>
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
*/
|
*/
|
||||||
require_once "root.php";
|
|
||||||
require_once "resources/require.php";
|
//includes
|
||||||
require_once "resources/check_auth.php";
|
require_once "root.php";
|
||||||
if (permission_exists('voicemail_view')) {
|
require_once "resources/require.php";
|
||||||
//access granted
|
require_once "resources/check_auth.php";
|
||||||
}
|
|
||||||
else {
|
//check permissions
|
||||||
echo "access denied";
|
if (permission_exists('voicemail_view')) {
|
||||||
exit;
|
//access granted
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
echo "access denied";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
//add multi-lingual support
|
//add multi-lingual support
|
||||||
$language = new text;
|
$language = new text;
|
||||||
$text = $language->get();
|
$text = $language->get();
|
||||||
|
|
||||||
//retrieve order by
|
//set the variables
|
||||||
$order_by = check_str($_GET["order_by"]);
|
$order_by = check_str($_GET["order_by"]);
|
||||||
$order = check_str($_GET["order"]);
|
$order = check_str($_GET["order"]);
|
||||||
|
$search = check_str($_GET["search"]);
|
||||||
|
|
||||||
|
//sterilize the user data
|
||||||
|
$order_by = preg_replace('/\s+/', '', $order_by);
|
||||||
|
if (!(strtolower($order) == "asc" or strtolower($order) == "desc")) { $order = ''; }
|
||||||
|
if (strlen($search) > 15) { $search = substr($search, 0, 15); }
|
||||||
|
|
||||||
//set the voicemail id and voicemail uuid arrays
|
//set the voicemail id and voicemail uuid arrays
|
||||||
if (isset($_SESSION['user']['extension'])) foreach ($_SESSION['user']['extension'] as $index => $row) {
|
if (isset($_SESSION['user']['extension'])) foreach ($_SESSION['user']['extension'] as $index => $row) {
|
||||||
@@ -62,15 +72,15 @@ else {
|
|||||||
require_once "resources/paging.php";
|
require_once "resources/paging.php";
|
||||||
|
|
||||||
//prepare to page the results
|
//prepare to page the results
|
||||||
$sql = "select count(*) as num_rows from v_voicemails ";
|
$sql = "SELECT count(*) AS num_rows FROM v_voicemails ";
|
||||||
$sql .= "where domain_uuid = '$domain_uuid' ";
|
$sql .= "WHERE domain_uuid = '$domain_uuid' ";
|
||||||
if (strlen($search) > 0) {
|
if (strlen($search) > 0) {
|
||||||
$sql .= "and (";
|
$sql .= "and (";
|
||||||
$sql .= " voicemail_id like '%".$search."%' ";
|
$sql .= " CAST(voicemail_id AS TEXT) LIKE '%".$search."%' ";
|
||||||
$sql .= " or voicemail_mail_to like '%".$search."%' ";
|
$sql .= " OR voicemail_mail_to LIKE '%".$search."%' ";
|
||||||
$sql .= " or voicemail_local_after_email like '%".$search."%' ";
|
$sql .= " OR voicemail_local_after_email LIKE '%".$search."%' ";
|
||||||
$sql .= " or voicemail_enabled like '%".$search."%' ";
|
$sql .= " OR voicemail_enabled LIKE '%".$search."%' ";
|
||||||
$sql .= " or voicemail_description like '%".$search."%' ";
|
$sql .= " OR voicemail_description LIKE '%".$search."%' ";
|
||||||
$sql .= ") ";
|
$sql .= ") ";
|
||||||
}
|
}
|
||||||
if (!permission_exists('voicemail_delete')) {
|
if (!permission_exists('voicemail_delete')) {
|
||||||
@@ -82,14 +92,14 @@ else {
|
|||||||
$sql .= "voicemail_uuid = '".$row['voicemail_uuid']."' ";
|
$sql .= "voicemail_uuid = '".$row['voicemail_uuid']."' ";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$sql .= " or voicemail_uuid = '".$row['voicemail_uuid']."'";
|
$sql .= " OR voicemail_uuid = '".$row['voicemail_uuid']."'";
|
||||||
}
|
}
|
||||||
$x++;
|
$x++;
|
||||||
}
|
}
|
||||||
$sql .= ")";
|
$sql .= ")";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$sql .= "and voicemail_uuid is null ";
|
$sql .= "AND voicemail_uuid IS NULL ";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$prep_statement = $db->prepare($sql);
|
$prep_statement = $db->prepare($sql);
|
||||||
@@ -114,14 +124,14 @@ else {
|
|||||||
$offset = $rows_per_page * $page;
|
$offset = $rows_per_page * $page;
|
||||||
|
|
||||||
//get the list
|
//get the list
|
||||||
$sql = str_replace('count(*) as num_rows', '*', $sql);
|
$sql = str_replace('count(*) AS num_rows', '*', $sql);
|
||||||
if (strlen($order_by) > 0) {
|
if (strlen($order_by) > 0) {
|
||||||
$sql .= ($order_by == 'voicemail_id') ? "order by voicemail_id ".$order." " : "order by ".$order_by." ".$order." ";
|
$sql .= ($order_by == 'voicemail_id') ? "ORDER BY voicemail_id ".$order." " : "ORDER BY ".$order_by." ".$order." ";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$sql .= "order by voicemail_id asc ";
|
$sql .= "ORDER BY voicemail_id ASC ";
|
||||||
}
|
}
|
||||||
$sql .= "limit ".$rows_per_page." offset ".$offset." ";
|
$sql .= "LIMIT ".$rows_per_page." OFFSET ".$offset." ";
|
||||||
$prep_statement = $db->prepare(check_sql($sql));
|
$prep_statement = $db->prepare(check_sql($sql));
|
||||||
$prep_statement->execute();
|
$prep_statement->execute();
|
||||||
$voicemails = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
$voicemails = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
||||||
@@ -266,4 +276,4 @@ else {
|
|||||||
|
|
||||||
//include the footer
|
//include the footer
|
||||||
require_once "resources/footer.php";
|
require_once "resources/footer.php";
|
||||||
?>
|
?>
|
||||||
|
|||||||
Reference in New Issue
Block a user