use strict;
use vars qw( $AUTOLOAD @ISA @EXPORT_OK $DEBUG
- $conf $me
+ $conf $conf_encryption $me
%virtual_fields_cache
- $nowarn_identical $no_update_diff $no_check_foreign
+ $nowarn_identical $nowarn_classload
+ $no_update_diff $no_check_foreign
);
use Exporter;
use Carp qw(carp cluck croak confess);
$me = '[FS::Record]';
$nowarn_identical = 0;
+$nowarn_classload = 0;
$no_update_diff = 0;
$no_check_foreign = 0;
my $rsa_encrypt;
my $rsa_decrypt;
+$conf = '';
+$conf_encryption = '';
FS::UID->install_callback( sub {
eval "use FS::Conf;";
die $@ if $@;
$conf = FS::Conf->new;
+ $conf_encryption = $conf->exists('encryption');
$File::CounterFile::DEFAULT_DIR = $conf->base_dir . "/counters.". datasrc;
} );
unless ( defined ( $self->table ) ) {
$self->{'Table'} = shift;
- carp "warning: FS::Record::new called with table name ". $self->{'Table'};
+ carp "warning: FS::Record::new called with table name ". $self->{'Table'}
+ unless $nowarn_classload;
}
$self->{'Hash'} = shift;
The preferred usage is to pass a hash reference of named parameters:
- my @records = qsearch( {
- 'table' => 'table_name',
- 'hashref' => { 'field' => 'value'
- 'field' => { 'op' => '<',
- 'value' => '420',
- },
- },
-
- #these are optional...
- 'select' => '*',
- 'extra_sql' => 'AND field ',
- 'order_by' => 'ORDER BY something',
- #'cache_obj' => '', #optional
- 'addl_from' => 'LEFT JOIN othtable USING ( field )',
- 'debug' => 1,
- }
- );
+ @records = qsearch( {
+ 'table' => 'table_name',
+ 'hashref' => { 'field' => 'value'
+ 'field' => { 'op' => '<',
+ 'value' => '420',
+ },
+ },
+
+ #these are optional...
+ 'select' => '*',
+ 'extra_sql' => 'AND field = ? AND intfield = ?',
+ 'extra_param' => [ 'value', [ 5, 'int' ] ],
+ 'order_by' => 'ORDER BY something',
+ #'cache_obj' => '', #optional
+ 'addl_from' => 'LEFT JOIN othtable USING ( field )',
+ 'debug' => 1,
+ }
+ );
Much code still uses old-style positional parameters, this is also probably
fine in the common case where there are only two parameters:
my %TYPE = (); #for debugging
+sub _is_fs_float {
+ my ($type, $value) = @_;
+ if ( ( $type =~ /(numeric)/i && $value =~ /^[+-]?\d+(\.\d+)?$/ ) ||
+ ( $type =~ /(real|float4)/i && $value =~ /[-+]?\d*\.?\d+([eE][-+]?\d+)?/)
+ ) {
+ return 1;
+ }
+ '';
+}
+
sub qsearch {
- my($stable, $record, $select, $extra_sql, $order_by, $cache, $addl_from );
+ my($stable, $record, $cache );
+ my( $select, $extra_sql, $extra_param, $order_by, $addl_from );
my $debug = '';
if ( ref($_[0]) ) { #hashref for now, eventually maybe accept a list too
my $opt = shift;
- $stable = $opt->{'table'} or die "table name is required";
- $record = $opt->{'hashref'} || {};
- $select = $opt->{'select'} || '*';
- $extra_sql = $opt->{'extra_sql'} || '';
- $order_by = $opt->{'order_by'} || '';
- $cache = $opt->{'cache_obj'} || '';
- $addl_from = $opt->{'addl_from'} || '';
- $debug = $opt->{'debug'} || '';
+ $stable = $opt->{'table'} or die "table name is required";
+ $record = $opt->{'hashref'} || {};
+ $select = $opt->{'select'} || '*';
+ $extra_sql = $opt->{'extra_sql'} || '';
+ $extra_param = $opt->{'extra_param'} || [];
+ $order_by = $opt->{'order_by'} || '';
+ $cache = $opt->{'cache_obj'} || '';
+ $addl_from = $opt->{'addl_from'} || '';
+ $debug = $opt->{'debug'} || '';
} else {
($stable, $record, $select, $extra_sql, $cache, $addl_from ) = @_;
$select ||= '*';
if ( eval 'scalar(@FS::'. $table. '::ISA);' ) {
@virtual_fields = grep exists($record->{$_}), "FS::$table"->virtual_fields;
} else {
- cluck "warning: FS::$table not loaded; virtual fields not searchable";
+ cluck "warning: FS::$table not loaded; virtual fields not searchable"
+ unless $nowarn_classload;
@virtual_fields = ();
}
) {
my $value = $record->{$field};
+ my $op = (ref($value) && $value->{op}) ? $value->{op} : '=';
$value = $value->{'value'} if ref($value);
my $type = dbdef->table($table)->column($field)->type;
my $TYPE = SQL_VARCHAR;
- if ( $type =~ /(int|(big)?serial)/i && $value =~ /^\d+(\.\d+)?$/ ) {
+ if ( $type =~ /(big)?(int|serial)/i && $value =~ /^\d+(\.\d+)?$/ ) {
$TYPE = SQL_INTEGER;
#DBD::Pg 1.49: Cannot bind ... unknown sql_type 6 with SQL_FLOAT
- } elsif ( ( $type =~ /(numeric)/i && $value =~ /^[+-]?\d+(\.\d+)?$/)
- || ( $type =~ /(real|float4)/i
- && $value =~ /[-+]?\d*\.?\d+([eE][-+]?\d+)?/
- )
- ) {
+ #fixed by DBD::Pg 2.11.8
+ #can change back to SQL_FLOAT in early-mid 2010, once everyone's upgraded
+ } elsif ( _is_fs_float( $type, $value ) ) {
$TYPE = SQL_DECIMAL;
}
warn " bind_param $bind (for field $field), $value, TYPE $TYPE{$TYPE}\n";
}
- $sth->bind_param($bind++, $value, { TYPE => $TYPE } );
+ #if this needs to be re-enabled, it needs to use a custom op like
+ #"APPROX=" or something (better name?, not '=', to avoid affecting other
+ # searches
+ #if ($TYPE eq SQL_DECIMAL && $op eq 'APPROX=' ) {
+ # # these values are arbitrary; better (faster?) ones welcome
+ # $sth->bind_param($bind++, $value*1.00001, { TYPE => $TYPE } );
+ # $sth->bind_param($bind++, $value*.99999, { TYPE => $TYPE } );
+ #} else {
+ $sth->bind_param($bind++, $value, { TYPE => $TYPE } );
+ #}
}
+ foreach my $param ( @$extra_param ) {
+ my $TYPE = SQL_VARCHAR;
+ my $value = $param;
+ if ( ref($param) ) {
+ $value = $param->[0];
+ my $type = $param->[1];
+ if ( $type =~ /(big)?(int|serial)/i && $value =~ /^\d+(\.\d+)?$/ ) {
+ $TYPE = SQL_INTEGER;
+ } # & DECIMAL? well, who cares for now
+ }
+ $sth->bind_param($bind++, $value, { TYPE => $TYPE } );
+ }
+
# $sth->execute( map $record->{$_},
# grep defined( $record->{$_} ) && $record->{$_} ne '', @fields
# ) or croak "Error executing \"$statement\": ". $sth->errstr;
if ( eval 'scalar(@FS::'. $table. '::ISA);' ) {
@virtual_fields = "FS::$table"->virtual_fields;
} else {
- cluck "warning: FS::$table not loaded; virtual fields not returned either";
+ cluck "warning: FS::$table not loaded; virtual fields not returned either"
+ unless $nowarn_classload;
@virtual_fields = ();
}
# Check for encrypted fields and decrypt them.
## only in the local copy, not the cached object
- if ( $conf && $conf->exists('encryption') # $conf doesn't exist when doing
- # the initial search for
- # access_user
- && eval 'defined(@FS::'. $table . '::encrypted_fields)') {
+ if ( $conf_encryption
+ && eval 'defined(@FS::'. $table . '::encrypted_fields)' ) {
foreach my $record (@return) {
foreach my $field (eval '@FS::'. $table . '::encrypted_fields') {
# Set it directly... This may cause a problem in the future...
}
}
} else {
- cluck "warning: FS::$table not loaded; returning FS::Record objects";
+ cluck "warning: FS::$table not loaded; returning FS::Record objects"
+ unless $nowarn_classload;
@return = map {
FS::Record->new( $table, { %{$_} } );
} values(%result);
my $op = '=';
my $column = $_;
+ my $type = dbdef->table($table)->column($column)->type;
+ my $value = $record->{$column};
+ $value = $value->{'value'} if ref($value);
if ( ref($record->{$_}) ) {
$op = $record->{$_}{'op'} if $record->{$_}{'op'};
#$op = 'LIKE' if $op =~ /^ILIKE$/i && driver_name ne 'Pg';
if ( ! defined( $record->{$_} ) || $record->{$_} eq '' ) {
if ( $op eq '=' ) {
if ( driver_name eq 'Pg' ) {
- my $type = dbdef->table($table)->column($column)->type;
- if ( $type =~ /(int|(big)?serial)/i ) {
+ if ( $type =~ /(int|numeric|real|float4|(big)?serial)/i ) {
qq-( $column IS NULL )-;
} else {
qq-( $column IS NULL OR $column = '' )-;
}
} elsif ( $op eq '!=' ) {
if ( driver_name eq 'Pg' ) {
- my $type = dbdef->table($table)->column($column)->type;
- if ( $type =~ /(int|(big)?serial)/i ) {
+ if ( $type =~ /(int|numeric|real|float4|(big)?serial)/i ) {
qq-( $column IS NOT NULL )-;
} else {
qq-( $column IS NOT NULL AND $column != '' )-;
qq-( $column $op "" )-;
}
}
+ #if this needs to be re-enabled, it needs to use a custom op like
+ #"APPROX=" or something (better name?, not '=', to avoid affecting other
+ # searches
+ #} elsif ( $op eq 'APPROX=' && _is_fs_float( $type, $value ) ) {
+ # ( "$column <= ?", "$column >= ?" );
} else {
"$column $op ?";
}
=item ut_text COLUMN
Check/untaint text. Alphanumerics, spaces, and the following punctuation
-symbols are currently permitted: ! @ # $ % & ( ) - + ; : ' " , . ? / = [ ]
+symbols are currently permitted: ! @ # $ % & ( ) - + ; : ' " , . ? / = [ ] < >
May not be null. If there is an error, returns the error, otherwise returns
false.
#warn "notexist ". \¬exist. "\n";
#warn "AUTOLOAD ". \&AUTOLOAD. "\n";
$self->getfield($field)
- =~ /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=\[\]]+)$/
+ =~ /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=\[\]\<\>]+)$/
or return gettext('illegal_or_empty_text'). " $field: ".
$self->getfield($field);
$self->setfield($field,$1);
: '';
}
-=item ut_agentnum_acl
+=item ut_agentnum_acl COLUMN [ NULL_RIGHT | NULL_RIGHT_LISTREF ]
Checks this column as an agentnum, taking into account the current users's
-ACLs.
+ACLs. NULL_RIGHT or NULL_RIGHT_LISTREF, if specified, indicates the access
+right or rights allowing no agentnum.
=cut
sub ut_agentnum_acl {
- my( $self, $field, $null_acl ) = @_;
+ my( $self, $field ) = (shift, shift);
+ my $null_acl = scalar(@_) ? shift : [];
+ $null_acl = [ $null_acl ] unless ref($null_acl);
my $error = $self->ut_foreign_keyn($field, 'agent', 'agentnum');
return "Illegal agentnum: $error" if $error;
} else {
return "Access denied"
- unless $curuser->access_right($null_acl);
+ unless grep $curuser->access_right($_), @$null_acl;
}