Ignore:
Timestamp:
05/09/07 11:07:22 (17 years ago)
Author:
Kris Deugau
Message:

/branches/stable

Tweak searchme view to include circuit ID field
Make sure we don't spit out data we shouldn't from searches;

make all "select ... from searchme" SQL explicitly request
the columns we want to show.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/stable/cgi-bin/search.cgi

    r357 r361  
    279279#    which probably shouldn't be for reasons of sanity.
    280280
     281  my $cols = "cidr,custid,type,city,description";
     282
    281283  if ($category eq 'all') {
    282284
    283285    print qq(<div class="heading">Showing all netblock and static-IP allocations</div><br>\n);
    284     $sql = "select * from searchme";
     286    $sql = "select $cols from searchme";
    285287    my $count = countRows($sql);
    286288    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
     
    293295    # Query for a customer ID.  Note that we can't restrict to "numeric-only"
    294296    # as we have non-numeric custIDs in the legacy data.  :/
    295     $sql = "select * from searchme where custid ilike '%$query%' or oldcustid ilike '%$query%'";
     297    $sql = "select $cols from searchme where custid ilike '%$query%' or oldcustid ilike '%$query%'";
    296298    my $count = countRows($sql);
    297299    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
     
    302304    print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
    303305    # Query based on description (includes "name" from old DB).
    304     $sql = "select * from searchme where description ilike '%$query%'".
     306    $sql = "select $cols from searchme where description ilike '%$query%'".
    305307        " or custid ilike '%$query%'";
    306308    my $count = countRows($sql);
     
    320322        # /0->/9 are silly to worry about right now.  I don't think
    321323        # we'll be getting a class A anytime soon.  <g>
    322         $sql = "select * from searchme where cidr='$query'";
     324        $sql = "select $cols from searchme where cidr='$query'";
    323325        queryResults($sql, $webvar{page}, 1);
    324326      } else {
    325327        #print "Finding all blocks with netmask /$maskbits, leading octet(s) $net<br>\n";
    326328        # Partial match;  beginning of subnet and maskbits are provided
    327         $sql = "select * from searchme where text(cidr) like '$net%' and ".
     329        $sql = "select $cols from searchme where text(cidr) like '$net%' and ".
    328330                "text(cidr) like '%$maskbits'";
    329331        my $count = countRows($sql);
     
    336338      my ($net,$ip) = ($query =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.)(\d{1,3})/);
    337339      my $sfor = new NetAddr::IP $query;
    338       $sth = $ip_dbh->prepare("select * from searchme where text(cidr) like '$net%'");
     340      $sth = $ip_dbh->prepare("select $cols from searchme where text(cidr) like '$net%'");
    339341      $sth->execute;
    340342      while (my @data = $sth->fetchrow_array()) {
    341343        my $cidr = new NetAddr::IP $data[0];
    342344        if ($cidr->contains($sfor)) {
    343           queryResults("select * from searchme where cidr='$cidr'", $webvar{page}, 1);
     345          queryResults("select $cols from searchme where cidr='$cidr'", $webvar{page}, 1);
    344346        }
    345347      }
    346348    } elsif ($query =~ /^(\d{1,3}\.){1,3}\d{1,3}\.?$/) {
    347349      #print "Finding matches with leading octet(s) $query<br>\n";
    348       $sql = "select * from searchme where text(cidr) like '$query%'";
     350      $sql = "select $cols from searchme where text(cidr) like '$query%'";
    349351      my $count = countRows($sql);
    350352      $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
Note: See TracChangeset for help on using the changeset viewer.