AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-23 22:15:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rework tag filter a bit to use array_map instead of looping through the get vars, update string wording to tag_filter and only show tags in the tag filter that are relatd to an entity and also include tags in the get var fixes

Browse Source
This commit is contained in:
johnnyq
2025-03-22 18:32:56 -04:00
parent 19b2b08eac
commit c2adb92d28
4 changed files with 28 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
clients.php
View File

@@ -20,17 +20,13 @@ if (isset($_GET['leads']) && $_GET['leads'] == 1) {
// Tags Filter // Tags Filter
if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) { if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
// Sanitize each element of the status array // Sanitize each element of the tags array
$sanitizedTags = array(); $sanitizedTags = array_map('intval', $_GET['tags']);
foreach ($_GET['tags'] as $tag) {
// Escape each status to prevent SQL injection
$sanitizedTags[] = "'" . intval($tag) . "'";
}
// Convert the sanitized tags into a comma-separated string // Convert the sanitized tags into a comma-separated string
$sanitizedTagsString = implode(",", $sanitizedTags); $tag_filter = implode(",", $sanitizedTags);
$tag_query = "AND tags.tag_id IN ($sanitizedTagsString)"; $tag_query = "AND tags.tag_id IN ($tag_filter)";
} else { } else {
$tag_filter = 0;
$tag_query = ''; $tag_query = '';
} }
@@ -191,12 +187,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<select onchange="this.form.submit()" class="form-control select2" name="tags[]" data-placeholder="- Select Tags -" multiple> <select onchange="this.form.submit()" class="form-control select2" name="tags[]" data-placeholder="- Select Tags -" multiple>
<?php <?php
$sql_tags_filter = mysqli_query($mysqli, " $sql_tags_filter = mysqli_query($mysqli, "
SELECT tags.tag_id, tags.tag_name, tag_type SELECT tags.tag_id, tags.tag_name
FROM tags FROM tags
LEFT JOIN client_tags ON client_tags.tag_id = tags.tag_id LEFT JOIN client_tags ON client_tags.tag_id = tags.tag_id
WHERE tag_type = 1 WHERE tag_type = 1
GROUP BY tags.tag_id GROUP BY tags.tag_id
HAVING COUNT(client_tags.client_id) > 0 HAVING COUNT(client_tags.client_id) > 0 OR tags.tag_id IN ($tag_filter)
"); ");
while ($row = mysqli_fetch_array($sql_tags_filter)) { while ($row = mysqli_fetch_array($sql_tags_filter)) {
$tag_id = intval($row['tag_id']); $tag_id = intval($row['tag_id']);
@@ -497,10 +493,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php <?php
require_once "modals/client_add_modal.php"; require_once "modals/client_add_modal.php";
require_once "modals/client_import_modal.php"; require_once "modals/client_import_modal.php";
require_once "modals/client_export_modal.php"; require_once "modals/client_export_modal.php";
require_once "includes/footer.php"; require_once "includes/footer.php";

20
contacts.php
View File

@@ -17,17 +17,13 @@ if (isset($_GET['client_id'])) {
// Tags Filter // Tags Filter
if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) { if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
// Sanitize each element of the status array // Sanitize each element of the tags array
$sanitizedTags = array(); $sanitizedTags = array_map('intval', $_GET['tags']);
foreach ($_GET['tags'] as $tag) {
// Escape each status to prevent SQL injection
$sanitizedTags[] = "'" . intval($tag) . "'";
}
// Convert the sanitized tags into a comma-separated string // Convert the sanitized tags into a comma-separated string
$sanitizedTagsString = implode(",", $sanitizedTags); $tag_filter = implode(",", $sanitizedTags);
$tag_query = "AND tags.tag_id IN ($sanitizedTagsString)"; $tag_query = "AND tags.tag_id IN ($tag_filter)";
} else { } else {
$tag_filter = 0;
$tag_query = ''; $tag_query = '';
} }
@@ -119,12 +115,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php <?php
$sql_tags_filter = mysqli_query($mysqli, " $sql_tags_filter = mysqli_query($mysqli, "
SELECT tags.tag_id, tags.tag_name, tag_type SELECT tags.tag_id, tags.tag_name
FROM tags FROM tags
LEFT JOIN contact_tags ON contact_tags.tag_id = tags.tag_id LEFT JOIN contact_tags ON contact_tags.tag_id = tags.tag_id
LEFT JOIN contacts ON contact_tags.contact_id = contacts.contact_id LEFT JOIN contacts ON contact_tags.contact_id = contacts.contact_id
WHERE tag_type = 3 WHERE tag_type = 3
$client_query -- This ensures we only get tags relevant to the selected client $client_query OR tags.tag_id IN ($tag_filter) -- This ensures we only get tags relevant to the selected client or Include the tags in the URL, even if no contacts are associated with them
GROUP BY tags.tag_id GROUP BY tags.tag_id
HAVING COUNT(contact_tags.contact_id) > 0 HAVING COUNT(contact_tags.contact_id) > 0
"); ");
@@ -132,7 +128,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$tag_id = intval($row['tag_id']); $tag_id = intval($row['tag_id']);
$tag_name = nullable_htmlentities($row['tag_name']); ?> $tag_name = nullable_htmlentities($row['tag_name']); ?>
<option value="<?php echo $tag_id ?>" <?php if (isset($_GET['tags']) && is_array($_GET['tags']) && in_array($tag_id, $_GET['tags'])) { echo 'selected'; } ?>> <?php echo $tag_name ?> </option> <option value="<?php echo $tag_id ?>" <?php if (isset($_GET['tags']) && in_array($tag_id, $_GET['tags'])) { echo 'selected'; } ?>> <?php echo $tag_name ?> </option>
<?php } ?> <?php } ?>
</select> </select>

16
credentials.php
View File

@@ -24,17 +24,13 @@ enforceUserPermission('module_credential');
// Tags Filter // Tags Filter
if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) { if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
// Sanitize each element of the status array // Sanitize each element of the tags array
$sanitizedTags = array(); $sanitizedTags = array_map('intval', $_GET['tags']);
foreach ($_GET['tags'] as $tag) {
// Escape each status to prevent SQL injection
$sanitizedTags[] = "'" . intval($tag) . "'";
}
// Convert the sanitized tags into a comma-separated string // Convert the sanitized tags into a comma-separated string
$sanitizedTagsString = implode(",", $sanitizedTags); $tag_filter = implode(",", $sanitizedTags);
$tag_query = "AND tags.tag_id IN ($sanitizedTagsString)"; $tag_query = "AND tags.tag_id IN ($tag_filter)";
} else { } else {
$tag_filter = 0;
$tag_query = ''; $tag_query = '';
} }
@@ -138,7 +134,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
LEFT JOIN credential_tags ON credential_tags.tag_id = tags.tag_id LEFT JOIN credential_tags ON credential_tags.tag_id = tags.tag_id
LEFT JOIN credentials ON credential_tags.credential_id = credentials.credential_id LEFT JOIN credentials ON credential_tags.credential_id = credentials.credential_id
WHERE tag_type = 4 WHERE tag_type = 4
$client_query -- This ensures we only get tags relevant to the selected client $client_query OR tags.tag_id IN ($tag_filter) -- This ensures we only get tags relevant to the selected client or Include the tags in the URL, even if no contacts are associated with them
GROUP BY tags.tag_id GROUP BY tags.tag_id
HAVING COUNT(credential_tags.credential_id) > 0 HAVING COUNT(credential_tags.credential_id) > 0
"); ");

16
locations.php
View File

@@ -29,17 +29,13 @@ if (!$client_url) {
// Tags Filter // Tags Filter
if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) { if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
// Sanitize each element of the status array // Sanitize each element of the tags array
$sanitizedTags = array(); $sanitizedTags = array_map('intval', $_GET['tags']);
foreach ($_GET['tags'] as $tag) {
// Escape each status to prevent SQL injection
$sanitizedTags[] = "'" . intval($tag) . "'";
}
// Convert the sanitized tags into a comma-separated string // Convert the sanitized tags into a comma-separated string
$sanitizedTagsString = implode(",", $sanitizedTags); $tag_filter = implode(",", $sanitizedTags);
$tag_query = "AND tags.tag_id IN ($sanitizedTagsString)"; $tag_query = "AND tags.tag_id IN ($tag_filter)";
} else { } else {
$tag_filter = 0;
$tag_query = ''; $tag_query = '';
} }
@@ -112,7 +108,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
LEFT JOIN location_tags ON location_tags.tag_id = tags.tag_id LEFT JOIN location_tags ON location_tags.tag_id = tags.tag_id
LEFT JOIN locations ON location_tags.location_id = locations.location_id LEFT JOIN locations ON location_tags.location_id = locations.location_id
WHERE tag_type = 2 WHERE tag_type = 2
$client_query -- This ensures we only get tags relevant to the selected client $client_query OR tags.tag_id IN ($tag_filter) -- This ensures we only get tags relevant to the selected client or Include the tags in the URL, even if no contacts are associated with them
GROUP BY tags.tag_id GROUP BY tags.tag_id
HAVING COUNT(location_tags.location_id) > 0 HAVING COUNT(location_tags.location_id) > 0
"); ");