ChangeSet ID: 30911 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner@winehq.org 2007/01/27 16:58:12
Modified files: . : browse_downloadable.php include : version.php
Log message: Alexander Nicolaysen Sørnes alex@thehandofagony.com Allow filtering by license when browsing downloadable apps
Patch: http://cvs.winehq.org/patch.py?id=30911
Old revision New revision Changes Path 1.1 1.2 +42 -10 appdb/browse_downloadable.php 1.102 1.103 +14 -0 appdb/include/version.php
Index: appdb/browse_downloadable.php diff -u -p appdb/browse_downloadable.php:1.1 appdb/browse_downloadable.php:1.2 --- appdb/browse_downloadable.php:1.1 27 Jan 2007 22:58:12 -0000 +++ appdb/browse_downloadable.php 27 Jan 2007 22:58:12 -0000 @@ -9,6 +9,9 @@ require(BASE."include/incl.php");
apidb_header("Browse Downloadable Applications");
+/* Match specific license? */ +$sLicense = version::checkLicense($aClean['sLicense']); + /* Set default values */ if(!$aClean['iNumVersions'] || $aClean['iNumVersions'] > 200 || $aClean['iNumVersions'] < 0) $aClean['iNumVersions'] = 25; @@ -17,12 +20,19 @@ if(!$aClean['iPage']) $aClean['iPage'] = 1;
/* Count the possible matches */ -$hResult = query_parameters("SELECT DISTINCT appFamily.appName, +$sQuery = "SELECT DISTINCT appFamily.appName, appVersion.versionName, appVersion.versionId, appFamily.description FROM appFamily, appVersion, appData WHERE appData.type = '?' AND appData.versionId = appVersion.versionId - AND appFamily.appId = appVersion.appId", - "downloadurl"); + AND appFamily.appId = appVersion.appId"; + +if(!$sLicense) + $hResult = query_parameters($sQuery, "downloadurl"); +else +{ + $sQuery .= " AND license = '?'"; + $hResult = query_parameters($sQuery, "downloadurl", $sLicense); +}
if($hResult && mysql_num_rows($hResult)) $num = mysql_num_rows($hResult); @@ -58,16 +68,38 @@ foreach($numVersionsArray as $i)
echo "</select>\n";
+echo "<b>Filter by license</b>\n"; +$oVersion = new Version(); +echo $oVersion->makeLicenseList($sLicense); + echo " <input type="submit" value="Refresh" />\n"; echo "</form></div>\n<br />\n";
-$hResult = query_parameters("SELECT DISTINCT appFamily.appName, - appVersion.versionName, appVersion.versionId, appFamily.description - FROM appFamily, appVersion, appData - WHERE appData.type = '?' AND appData.versionId = appVersion.versionId - AND appFamily.appId = appVersion.appId - ORDER BY appFamily.appName LIMIT ?, ?", - "downloadurl", $iLimitLower, $aClean['iNumVersions']); +if(!$num) +{ + echo "<div align="center"><font color="red">No matches found</font></div>\n"; + echo html_frame_end(" "); + exit; +} + +$sQuery = "SELECT DISTINCT appFamily.appName, + appVersion.versionName, appVersion.versionId, appFamily.description + FROM appFamily, appVersion, appData + WHERE appData.type = '?' AND appData.versionId = appVersion.versionId + AND appFamily.appId = appVersion.appId "; + +if(!$sLicense) +{ + $sQuery .= "ORDER BY appFamily.appName LIMIT ?, ?"; + $hResult = query_parameters($sQuery, "downloadurl", $iLimitLower, + $aClean['iNumVersions']); +} else +{ + $sQuery .= "AND license = '?' ORDER BY appFamily.appName LIMIT ?, ?"; + $hResult = query_parameters($sQuery, + "downloadurl", $sLicense, $iLimitLower, + $aClean['iNumVersions']); +}
if($hResult && mysql_num_rows($hResult)) { Index: appdb/include/version.php diff -u -p appdb/include/version.php:1.102 appdb/include/version.php:1.103 --- appdb/include/version.php:1.102 27 Jan 2007 22:58:12 -0000 +++ appdb/include/version.php 27 Jan 2007 22:58:12 -0000 @@ -1121,6 +1121,20 @@ class Version { return $sReturn; }
+ /* In order to prevent MySQL injections. Returns matched license */ + function checkLicense($sLicense) + { + $aLicense = array(LICENSE_RETAIL, LICENSE_OPENSOURCE, LICENSE_FREEWARE, + LICENSE_DEMO, LICENSE_SHAREWARE); + + foreach($aLicense as $sElement) + { + if($sLicense == $sElement) + return $sElement; + } + + return FALSE; + } }
?>
-
WineHQ