Changed the php report format to use eval instead of include. This ma…

…de Mongo, MySQL, and PHP reports are handle included reports the same way.

You can now specify an included file relative to $reportDir by putting a '/' at the beginning of the file name.
Fixed html injection in the formatted query for Mongo reports.
Made a formatted query for PHP reports that also gracefully shows macros and all included reports.

classes/headers/IncludeHeader.php

@@ -1,7 +1,12 @@
 <?php
 class IncludeHeader extends HeaderBase {
 	public static function parse($key, $value, &$report) {
-		$report_path = dirname($report->report).'/'.$value;
+		if($value[0] === '/') {
+			$report_path = substr($value,1);
+		}
+		else {
+			$report_path = dirname($report->report).'/'.$value;
+		}
 
 		if(!file_exists(PhpReports::$config['reportDir'].'/'.$report_path)) {
 			$possible_reports = glob(PhpReports::$config['reportDir'].'/'.$report_path.'.*');

classes/report_types/MongoReportType.php

@@ -53,7 +53,7 @@ public static function run(&$report) {
 			'mongo '.$config['host'].':'.$config['port'].'/'.$mongo_database.' --quiet --eval '."'...'".
 			'</pre>'.
 			'Eval String:'.
-			'<pre style="border-left: 1px solid black; padding-left: 20px;">'.$eval.'</pre>
+			'<pre style="border-left: 1px solid black; padding-left: 20px;">'.htmlentities($eval).'</pre>
 		</div>';
 
 		$result = shell_exec($command);

classes/report_types/PhpReportType.php

@@ -1,7 +1,19 @@
 <?php
 abstract class PhpReportType extends ReportTypeBase {
 	public static function init(&$report) {
+		$report->raw_query = "<?php\n//REPORT: ".$report->report."\n".trim($report->raw_query);
 
+		//if there are any included reports, add it to the top of the raw query
+		if(isset($report->options['Includes'])) {
+			$included_code = '';
+			foreach($report->options['Includes'] as &$included_report) {
+				$included_code .= "\n<?php /*BEGIN INCLUDED REPORT*/ ?>".trim($included_report->raw_query)."<?php /*END INCLUDED REPORT*/ ?>";
+			}
+
+			if($included_code) $included_code.= "\n";
+
+			$report->raw_query = $included_code . $report->raw_query;
+		}
 	}
 
 	public static function openConnection(&$report) {
@@ -12,14 +24,31 @@ public static function closeConnection(&$report) {
 
 	}
 
-	public static function run(&$report) {		
-		extract($report->macros);
+	public static function run(&$report) {
+		$eval = "<?php /*BEGIN REPORT MACROS*/ ?><?php ";
+		foreach($report->macros as $key=>$value) {
+			$eval .= "\n".'$'.$key.' = "'.addslashes($value).'";';
+		}
+		$eval .= "\n?><?php /*END REPORT MACROS*/ ?>".$report->raw_query;
 
 		$config = PhpReports::$config;
 		$database = PhpReports::$config['databases'][$report->options['Database']];
 
+		$report->options['Query'] = $report->raw_query;
+
+		$parts = preg_split('/<\?php \/\*(BEGIN|END) (INCLUDED REPORT|REPORT MACROS)\*\/ \?>/',$eval);
+		$formatted = '';
+		$code = '<div style="margin: 10px 0;">'.htmlentities(array_pop($parts)).'</div>';
+		foreach($parts as $part) {
+			if(!trim($part)) continue;
+			$formatted .= "<div class='included_report'>".htmlentities($part)."</div>";
+		}
+		$formatted .= $code;
+
+		$report->options['Query_Formatted'] = '<div><pre style="border-left: 1px solid black; padding-left: 20px;">'.$formatted.'</pre></div>';		
+
 		ob_start();
-		require(PhpReports::$config['reportDir'].'/'.$report->report);
+		eval('?>'.$eval);
 		$result = ob_get_contents();
 		ob_end_clean();
 

templates/html/report.mustache

@@ -177,6 +177,16 @@ $('.show_query').click(function() {
 	
 	return false;
 });
+$('.included_report').each(function() {
+	var self = $(this);
+	self.css('display','none').css('background-color','#ddd');
+	var link = $('<a>').attr('href','#').text('View Included Report').css('display','block').click(function() {
+		self.toggle(200);
+		return false;
+	});
+	
+	self.before(link);
+});
 </script>
 {{/Query}}