public static function LogFilter::ajaxCallback in Log Filter 7
Access permission: 'access site reports'.
All actions require the POST var form_token.
Expects (requires) POST vars on actions:
- filter_create|filter_edit: name, filter, conditions, order_by
- list_logs: conditions, order_by, offset, max, translate
- delete_logs: conditions, order_by, offset, max
Parameters
string $action:
Return value
void
- sends 403 header if the expected POST vars arent set or their sanitized values evaluates to empty
See also
LogFilter::ajaxCallback
1 call to LogFilter::ajaxCallback()
- log_filter_ajax_callback in ./
log_filter.module - Access permission: 'access site reports'.
File
- ./
LogFilter.inc, line 1784 - Drupal Log Filter module
Class
- LogFilter
- @file Drupal Log Filter module
Code
public static function ajaxCallback($action) {
if (!user_access('access site reports') || !$action || !($le = strlen($action)) || $le > 32) {
header('HTTP/1.1 403 Forbidden');
exit;
}
$action = '' . $action;
$oResp = new stdClass();
$oResp->action = check_plain($action);
// Redundant; vs. code review.
$oResp->error = '';
$oResp->success = TRUE;
$oResp->error_code = 0;
try {
switch ($action) {
case 'username_autocomplete':
$oResp = array();
if (isset($_GET['term']) && strlen($needle = trim($_GET['term'])) && drupal_validate_utf8($needle)) {
$maxResult = 9;
//$oResp = array( array('value' => '8', 'label' => 'someuser'), );
$uids = array();
$users = db_select('users', 'u')
->fields('u', array(
'uid',
'name',
))
->condition('name', db_like($needle) . '%', 'LIKE')
->orderBy('u.name', 'ASC')
->range(0, $maxResult)
->execute()
->fetchAll();
if ($le = count($users)) {
for ($i = 0; $i < $le; ++$i) {
$oResp[] = array(
'value' => $uids[] = $users[$i]->uid,
'label' => $users[$i]->name,
);
}
}
if ($le < $maxResult) {
$users = db_select('users', 'u')
->fields('u', array(
'uid',
'name',
));
if ($uids) {
$users = $users
->condition('uid', $uids, 'NOT IN');
}
$users = $users
->condition('name', '%' . db_like($needle) . '%', 'LIKE')
->orderBy('u.name', 'ASC')
->range(0, $maxResult - $le)
->execute()
->fetchAll();
if ($le = count($users)) {
for ($i = 0; $i < $le; ++$i) {
$oResp[] = array(
'value' => $users[$i]->uid,
'label' => $users[$i]->name,
);
}
}
}
}
break;
case 'filter_create':
case 'filter_edit':
$conditions = $order_by = NULL;
if (!array_key_exists('name', $_POST) || !($le = strlen($name = $_POST['name'])) || $le > 32 || !array_key_exists('filter', $_POST) || !is_array($filter = $_POST['filter']) || !array_key_exists('require_admin', $filter) || !(($require_admin = (int) $filter['require_admin']) == 0 || $require_admin == 1) || !array_key_exists('description', $filter) || ($description = $filter['description']) !== '' && (!drupal_validate_utf8($description) || drupal_strlen($description) > 255) || array_key_exists('conditions', $_POST) && ($conditions = $_POST['conditions']) && !is_array($conditions) || array_key_exists('order_by', $_POST) && ($order_by = $_POST['order_by']) && !is_array($order_by)) {
header('HTTP/1.1 403 Forbidden');
exit;
}
if (!user_access('log_filter edit filters')) {
$oResp->success = FALSE;
$oResp->error_code = self::$_errorCodes['perm_filter_crud'];
}
elseif (!preg_match('/^[a-z_][a-z\\d_]+$/', $name) || $name == 'default' || $name == 'adhoc') {
// @IDE: var $name is declared.
$oResp->success = FALSE;
$oResp->error_code = self::$_errorCodes['filter_name_composition'];
// $oResp->error = t('Invalid machine name[' . $name . '].'); Frontend creates own message.
$oResp->name = check_plain($name);
}
else {
$oResp->name = $name = check_plain(strtolower($name));
// Deliberately not drupal_...().
$oResp->description = !$description ? '' : check_plain(trim(str_replace(array(
"\r",
"\n",
"\t",
), ' ', $description)));
self::_saveFilter($name, array(
'filter' => array(
'require_admin' => $require_admin,
'description' => $description,
),
'conditions' => $conditions ? $conditions : array(),
// _saveFilter() checks/filters conditions buckets vs. xss.
'order_by' => $order_by ? $order_by : array(),
), $action == 'filter_create');
}
break;
case 'list_logs':
$conditions = $order_by = NULL;
if (array_key_exists('conditions', $_POST) && ($conditions = $_POST['conditions']) && !is_array($conditions) || array_key_exists('order_by', $_POST) && ($order_by = $_POST['order_by']) && !is_array($order_by) || !array_key_exists('offset', $_POST) || ($offset = (int) $_POST['offset']) < -1 || $offset > PHP_INT_MAX || !array_key_exists('max', $_POST) || ($max = (int) $_POST['max']) < 0 || $max > PHP_INT_MAX || !array_key_exists('translate', $_POST)) {
header('HTTP/1.1 403 Forbidden');
exit;
}
if ($max > self::PAGE_RANGE_MAX) {
$max = self::PAGE_RANGE_MAX;
}
if (!$conditions) {
$conditions = array();
}
$oResp->log_list = self::_listLogs($conditions, $order_by ? $order_by : array(), $offset, $max, $translate = (bool) $_POST['translate']);
// Save pager_range and translate to session.
$session = array(
'settings' => array(
'pager_range' => $max > 0 ? $max : variable_get('log_filter_pgrng', self::PAGE_RANGE_DEFAULT),
'translate' => $translate,
),
);
if (module_exists('state')) {
State::sessionSet('module', 'log_filter', $session);
}
else {
drupal_session_start();
if (!isset($_SESSION['module'])) {
$_SESSION['module'] = array(
'log_filter' => $session,
);
}
else {
$_SESSION['module']['log_filter'] = $session;
}
}
break;
case 'delete_logs':
$conditions = $order_by = NULL;
if (array_key_exists('conditions', $_POST) && ($conditions = $_POST['conditions']) && !is_array($conditions) || array_key_exists('order_by', $_POST) && ($order_by = $_POST['order_by']) && !is_array($order_by) || !array_key_exists('offset', $_POST) || ($offset = (int) $_POST['offset']) < -1 || $offset > PHP_INT_MAX || !array_key_exists('max', $_POST) || ($max = (int) $_POST['max']) < 0 || $max > PHP_INT_MAX) {
header('HTTP/1.1 403 Forbidden');
exit;
}
$oResp->delete_logs = self::_deleteLogs($conditions ? $conditions : array(), $order_by ? $order_by : array(), $offset, $max);
break;
default:
$oResp->success = FALSE;
$oResp->error_code = 1;
$oResp->error = 'Unsupported action[' . $action . '].';
}
} catch (PDOException $xc) {
self::_errorHandler($xc);
$oResp->success = FALSE;
$oResp->error_code = self::$_errorCodes['db_general'];
} catch (Exception $xc) {
self::_errorHandler($xc);
$oResp->success = FALSE;
if (($error_code = $xc
->getCode()) && in_array($error_code, self::$_errorCodes)) {
$oResp->error_code = $error_code;
}
else {
$oResp->error_code = self::$_errorCodes['unknown'];
}
}
header('Content-Type: application/json; charset=utf-8');
header('Cache-Control: private, no-store, no-cache, must-revalidate');
header('Expires: Thu, 01 Jan 1970 00:00:01 GMT');
echo drupal_json_encode($oResp);
flush();
exit;
}