Ignore:
Timestamp:
05/09/07 11:07:22 (18 years ago)
Author:
Kris Deugau
Message:

/branches/stable

Tweak searchme view to include circuit ID field
Make sure we don't spit out data we shouldn't from searches;

make all "select ... from searchme" SQL explicitly request
the columns we want to show.

Location:
branches/stable/cgi-bin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/stable/cgi-bin/ipdb.psql

    r353 r361  
    111111GRANT ALL on "allocations" to "ipdb";
    112112
    113 CREATE VIEW "searchme" as SELECT allocations.cidr, allocations.custid, allocations."type", allocations.city, allocations.description, allocations.notes FROM allocations UNION SELECT poolips.ip, poolips.custid, poolips.type, poolips.city, poolips.description, poolips.notes FROM poolips;
     113CREATE VIEW "searchme" as SELECT allocations.cidr, allocations.custid, allocations."type", allocations.city, allocations.description, allocations.notes, allocations.oldcustid, allocations.circuitid FROM allocations UNION SELECT poolips.ip, poolips.custid, poolips.type, poolips.city, poolips.description, poolips.notes, poolips.oldcustid, poolips.circuitid FROM poolips;
    114114
    115115REVOKE ALL on "searchme" from PUBLIC;
  • branches/stable/cgi-bin/search.cgi

    r357 r361  
    279279#    which probably shouldn't be for reasons of sanity.
    280280
     281  my $cols = "cidr,custid,type,city,description";
     282
    281283  if ($category eq 'all') {
    282284
    283285    print qq(<div class="heading">Showing all netblock and static-IP allocations</div><br>\n);
    284     $sql = "select * from searchme";
     286    $sql = "select $cols from searchme";
    285287    my $count = countRows($sql);
    286288    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
     
    293295    # Query for a customer ID.  Note that we can't restrict to "numeric-only"
    294296    # as we have non-numeric custIDs in the legacy data.  :/
    295     $sql = "select * from searchme where custid ilike '%$query%' or oldcustid ilike '%$query%'";
     297    $sql = "select $cols from searchme where custid ilike '%$query%' or oldcustid ilike '%$query%'";
    296298    my $count = countRows($sql);
    297299    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
     
    302304    print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
    303305    # Query based on description (includes "name" from old DB).
    304     $sql = "select * from searchme where description ilike '%$query%'".
     306    $sql = "select $cols from searchme where description ilike '%$query%'".
    305307        " or custid ilike '%$query%'";
    306308    my $count = countRows($sql);
     
    320322        # /0->/9 are silly to worry about right now.  I don't think
    321323        # we'll be getting a class A anytime soon.  <g>
    322         $sql = "select * from searchme where cidr='$query'";
     324        $sql = "select $cols from searchme where cidr='$query'";
    323325        queryResults($sql, $webvar{page}, 1);
    324326      } else {
    325327        #print "Finding all blocks with netmask /$maskbits, leading octet(s) $net<br>\n";
    326328        # Partial match;  beginning of subnet and maskbits are provided
    327         $sql = "select * from searchme where text(cidr) like '$net%' and ".
     329        $sql = "select $cols from searchme where text(cidr) like '$net%' and ".
    328330                "text(cidr) like '%$maskbits'";
    329331        my $count = countRows($sql);
     
    336338      my ($net,$ip) = ($query =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.)(\d{1,3})/);
    337339      my $sfor = new NetAddr::IP $query;
    338       $sth = $ip_dbh->prepare("select * from searchme where text(cidr) like '$net%'");
     340      $sth = $ip_dbh->prepare("select $cols from searchme where text(cidr) like '$net%'");
    339341      $sth->execute;
    340342      while (my @data = $sth->fetchrow_array()) {
    341343        my $cidr = new NetAddr::IP $data[0];
    342344        if ($cidr->contains($sfor)) {
    343           queryResults("select * from searchme where cidr='$cidr'", $webvar{page}, 1);
     345          queryResults("select $cols from searchme where cidr='$cidr'", $webvar{page}, 1);
    344346        }
    345347      }
    346348    } elsif ($query =~ /^(\d{1,3}\.){1,3}\d{1,3}\.?$/) {
    347349      #print "Finding matches with leading octet(s) $query<br>\n";
    348       $sql = "select * from searchme where text(cidr) like '$query%'";
     350      $sql = "select $cols from searchme where text(cidr) like '$query%'";
    349351      my $count = countRows($sql);
    350352      $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
Note: See TracChangeset for help on using the changeset viewer.