mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-05-09 01:35:52 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #1557 removed %% in front and escaped groups for mysql8

Browse source
This commit is contained in:
Matthieu Leproux 2021-11-15 13:20:22 +01:00
parent 438d0c1269
commit 74153db445
2 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
admin/themes/default/js/user_list.js
View file

@ -1519,7 +1519,9 @@ function update_user_list() {
per_page: per_page, per_page: per_page,
exclude: [guest_id] exclude: [guest_id]
} }
update_data["filter"] = "%" + $("#user_search").val() + "%"; if ($("#user_search").val().length != 0) {
update_data["filter"] = $("#user_search").val();
}
if ($("#advanced-filter-container").css("display") !== "none") { if ($("#advanced-filter-container").css("display") !== "none") {
update_data["status"] = $(".advanced-filter-select[name=filter_status]").val(); update_data["status"] = $(".advanced-filter-select[name=filter_status]").val();
update_data["group_id"] = $(".advanced-filter-select[name=filter_group]").val(); update_data["group_id"] = $(".advanced-filter-select[name=filter_group]").val();

10
include/ws_functions/pwg.users.php
View file

@ -44,16 +44,16 @@ function ws_users_getList($params, &$service)
$filtered_groups = array(); $filtered_groups = array();
if (!empty($params['filter'])) if (!empty($params['filter']))
{ {
$filter_query = 'SELECT id FROM '. GROUPS_TABLE .' WHERE name LIKE \''. $params['filter'] . '\';'; $filter_query = 'SELECT id FROM `'. GROUPS_TABLE .'` WHERE name LIKE \'%'. $params['filter'] . '%\';';
$filtered_groups_res = pwg_query($filter_query); $filtered_groups_res = pwg_query($filter_query);
while ($row = pwg_db_fetch_assoc($filtered_groups_res)) while ($row = pwg_db_fetch_assoc($filtered_groups_res))
{ {
$filtered_groups[] = $row['id']; $filtered_groups[] = $row['id'];
} }
$filter_where_clause = '('.'u.'.$conf['user_fields']['username'].' LIKE \''. $filter_where_clause = '('.'u.'.$conf['user_fields']['username'].' LIKE \'%'.
pwg_db_real_escape_string($params['filter']).'\' OR ' pwg_db_real_escape_string($params['filter']).'%\' OR '
.'u.'.$conf['user_fields']['email'].' LIKE \''. .'u.'.$conf['user_fields']['email'].' LIKE \'%'.
pwg_db_real_escape_string($params['filter']).'\''; pwg_db_real_escape_string($params['filter']).'%\'';
if (!empty($filtered_groups)) { if (!empty($filtered_groups)) {
$filter_where_clause .= 'OR ug.group_id IN ('. implode(',', $filtered_groups).')'; $filter_where_clause .= 'OR ug.group_id IN ('. implode(',', $filtered_groups).')';