Dodaj walidację i rzutowanie typów dla wartości w metodach związanych z ogłoszeniami oraz popraw zapytanie SQL w metodzie szczegółów ogłoszenia.
This commit is contained in:
@@ -6,16 +6,16 @@ class Articles
|
||||
{
|
||||
return \front\factory\Articles::pixieset_save_favorite_images( $hash );
|
||||
}
|
||||
|
||||
|
||||
public static function pixieset_image_favorite( $image_id, $hash )
|
||||
{
|
||||
return \front\factory\Articles::pixieset_image_favorite( $image_id, $hash );
|
||||
}
|
||||
|
||||
|
||||
public static function images_download( $hash )
|
||||
{
|
||||
global $mdb;
|
||||
|
||||
|
||||
$results = $mdb -> query( 'SELECT * FROM ('
|
||||
. 'SELECT id, MD5( CONCAT( id, date_add ) ) AS hash FROM pp_articles ) AS q1'
|
||||
. ' WHERE hash = \'' . $hash . '\'' ) -> fetchAll( \PDO::FETCH_ASSOC );
|
||||
@@ -23,37 +23,37 @@ class Articles
|
||||
{
|
||||
$zip = new \ZipArchive;
|
||||
$tmp_file = 'temp/' . $hash . '.zip';
|
||||
|
||||
|
||||
if ( file_exists( $tmp_file ) )
|
||||
return $tmp_file;
|
||||
|
||||
if ( $zip -> open( $tmp_file, \ZipArchive::CREATE ) )
|
||||
|
||||
if ( $zip -> open( $tmp_file, \ZipArchive::CREATE ) )
|
||||
{
|
||||
$results2 = $mdb -> select( 'pp_articles_images', 'src', [ 'article_id' => $row['id'] ] );
|
||||
if ( is_array( $results2 ) and count( $results2 ) ) foreach ( $results2 as $row2 )
|
||||
if ( is_array( $results2 ) and count( $results2 ) ) foreach ( $results2 as $row2 )
|
||||
{
|
||||
$file = substr( $row2, 1, strlen( $row2 ) );
|
||||
$zip -> addFile( $file, basename( $file ) );
|
||||
}
|
||||
|
||||
|
||||
$zip -> close();
|
||||
|
||||
|
||||
return $tmp_file;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public static function image()
|
||||
{
|
||||
global $mdb;
|
||||
|
||||
|
||||
$results = $mdb -> query( 'SELECT * FROM ('
|
||||
. 'SELECT id, src, MD5( CONCAT( id, src ) ) AS hash FROM pp_articles_images ) AS q1'
|
||||
. ' WHERE hash = \'' . \S::get( 'hash' ) . '\'' ) -> fetchAll( \PDO::FETCH_ASSOC );
|
||||
if ( is_array( $results ) and count( $results ) )
|
||||
{
|
||||
$file = substr( $results[0]['src'], 1, strlen( $results[0]['src'] ) );
|
||||
|
||||
|
||||
header('Content-Description: File Transfer');
|
||||
header('Content-Type: application/octet-stream');
|
||||
header('Content-Disposition: attachment; filename="' . basename( $file ) . '"');
|
||||
@@ -67,7 +67,7 @@ class Articles
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
public static function article_unlock( $password, $article_id )
|
||||
{
|
||||
if ( $password == \front\factory\Articles::article_password( $article_id ) )
|
||||
|
||||
@@ -300,6 +300,8 @@ class GlobelusAdverts
|
||||
{
|
||||
global $mdb;
|
||||
|
||||
$advert_id = (int)$advert_id;
|
||||
|
||||
$email = $mdb -> get( 'globelus_adverts', 'email', [ 'id' => $advert_id ] );
|
||||
|
||||
if ( !$email )
|
||||
@@ -312,6 +314,17 @@ class GlobelusAdverts
|
||||
{
|
||||
global $mdb;
|
||||
|
||||
$values['categories'] = array_values(array_unique(array_map('intval', (array)$values['categories'] ?? [])));
|
||||
$values['countries'] = array_values(array_unique(array_map('intval', (array)$values['countries'] ?? [])));
|
||||
$voivodeships = array_values(array_unique(array_map('intval', (array)$voivodeships ?? [])));
|
||||
$values['work_types'] = array_values(array_unique(array_map('intval', (array)$values['work_types'] ?? [])));
|
||||
$values['work_type'] = (int)($values['work_type'] ?? 0);
|
||||
$values['salary'] = (int)($values['salary'] ?? 0);
|
||||
$values['time'] = (int)($values['time'] ?? 0);
|
||||
$values['sort'] = (int)($values['sort'] ?? 0);
|
||||
$values['start'] = max(0, (int)($values['start'] ?? 0));
|
||||
$values['limit'] = max(1, min(100, (int)($values['limit'] ?? 20)));
|
||||
|
||||
if ( is_array( $values['categories'] ) and count( $values['categories'] ) )
|
||||
$filtr = 'AND category_id IN (' . implode( ',', $values['categories'] ) . ') ';
|
||||
|
||||
@@ -453,6 +466,17 @@ class GlobelusAdverts
|
||||
{
|
||||
global $mdb;
|
||||
|
||||
$values['categories'] = array_values(array_unique(array_map('intval', (array)$values['categories'] ?? [])));
|
||||
$values['countries'] = array_values(array_unique(array_map('intval', (array)$values['countries'] ?? [])));
|
||||
$voivodeships = array_values(array_unique(array_map('intval', (array)$voivodeships ?? [])));
|
||||
$values['work_types'] = array_values(array_unique(array_map('intval', (array)$values['work_types'] ?? [])));
|
||||
$values['work_type'] = (int)($values['work_type'] ?? 0);
|
||||
$values['salary'] = (int)($values['salary'] ?? 0);
|
||||
$values['time'] = (int)($values['time'] ?? 0);
|
||||
$values['sort'] = (int)($values['sort'] ?? 0);
|
||||
$values['start'] = max(0, (int)($values['start'] ?? 0));
|
||||
$values['limit'] = max(1, min(100, (int)($values['limit'] ?? 20)));
|
||||
|
||||
if ( $values['start'] < 1 )
|
||||
$values['start'] = 0;
|
||||
else
|
||||
@@ -597,17 +621,20 @@ class GlobelusAdverts
|
||||
public static function advert_details( $advert_id )
|
||||
{
|
||||
global $mdb;
|
||||
return $mdb -> query( 'SELECT '
|
||||
. 'ga.id, title, ga.user_id, category_id, ga.country_id, ga.city, ga.region, text, contact_person, email, ga.phone, gfd.clauses, '
|
||||
. 'gac.name AS category_name, gc.name AS country_name, gfd.firm_name_profile, date_add, salary, work_type, without_language, '
|
||||
. 'without_experience, for_couples, from_now, accommodation, accommodation_cost, overtime, overtime_quantity, travel_refund, outside_ue, without_driving_license, ga.old, ga.visible, id_voivodeship, aplication_link, id_position '
|
||||
. 'FROM '
|
||||
. 'globelus_adverts AS ga '
|
||||
. 'LEFT JOIN globelus_adverts_categories AS gac ON gac.id = ga.category_id '
|
||||
. 'LEFT JOIN globelus_countries AS gc ON gc.id = ga.country_id '
|
||||
. 'LEFT JOIN globelus_firms_data AS gfd ON gfd.user_id = ga.user_id '
|
||||
. 'WHERE '
|
||||
. 'ga.id = ' . (int)$advert_id ) -> fetch( \PDO::FETCH_ASSOC );
|
||||
$sql = 'SELECT
|
||||
ga.id, title, ga.user_id, category_id, ga.country_id, ga.city, ga.region, text, contact_person, email, ga.phone, gfd.clauses,
|
||||
gac.name AS category_name, gc.name AS country_name, gfd.firm_name_profile, date_add, salary, work_type, without_language,
|
||||
without_experience, for_couples, from_now, accommodation, accommodation_cost, overtime, overtime_quantity, travel_refund,
|
||||
outside_ue, without_driving_license, ga.old, ga.visible, id_voivodeship, aplication_link, id_position
|
||||
FROM globelus_adverts AS ga
|
||||
LEFT JOIN globelus_adverts_categories AS gac ON gac.id = ga.category_id
|
||||
LEFT JOIN globelus_countries AS gc ON gc.id = ga.country_id
|
||||
LEFT JOIN globelus_firms_data AS gfd ON gfd.user_id = ga.user_id
|
||||
WHERE ga.id = :advert_id';
|
||||
|
||||
return $mdb -> query( $sql, [
|
||||
':advert_id' => (int)$advert_id,
|
||||
] ) -> fetch( \PDO::FETCH_ASSOC );
|
||||
}
|
||||
|
||||
public static function categories( $user_categories = '' )
|
||||
|
||||
Reference in New Issue
Block a user