From 100bdf1025bb3689d055eb707faa6f43a482fb64 Mon Sep 17 00:00:00 2001 From: Jeremy Dorn Date: Wed, 13 Jun 2012 11:17:14 -0700 Subject: [PATCH] Changed the php report format to use eval instead of include. This made Mongo, MySQL, and PHP reports are handle included reports the same way. You can now specify an included file relative to $reportDir by putting a '/' at the beginning of the file name. Fixed html injection in the formatted query for Mongo reports. Made a formatted query for PHP reports that also gracefully shows macros and all included reports. --- classes/headers/IncludeHeader.php | 7 ++++- classes/report_types/MongoReportType.php | 2 +- classes/report_types/PhpReportType.php | 35 ++++++++++++++++++++++-- templates/html/report.mustache | 10 +++++++ 4 files changed, 49 insertions(+), 5 deletions(-) diff --git a/classes/headers/IncludeHeader.php b/classes/headers/IncludeHeader.php index 7d39e709..a9dd2b49 100644 --- a/classes/headers/IncludeHeader.php +++ b/classes/headers/IncludeHeader.php @@ -1,7 +1,12 @@ report).'/'.$value; + if($value[0] === '/') { + $report_path = substr($value,1); + } + else { + $report_path = dirname($report->report).'/'.$value; + } if(!file_exists(PhpReports::$config['reportDir'].'/'.$report_path)) { $possible_reports = glob(PhpReports::$config['reportDir'].'/'.$report_path.'.*'); diff --git a/classes/report_types/MongoReportType.php b/classes/report_types/MongoReportType.php index 7dda50c7..bcb2859e 100644 --- a/classes/report_types/MongoReportType.php +++ b/classes/report_types/MongoReportType.php @@ -53,7 +53,7 @@ public static function run(&$report) { 'mongo '.$config['host'].':'.$config['port'].'/'.$mongo_database.' --quiet --eval '."'...'". ''. 'Eval String:'. - '
'.$eval.'
+ '
'.htmlentities($eval).'
'; $result = shell_exec($command); diff --git a/classes/report_types/PhpReportType.php b/classes/report_types/PhpReportType.php index 23c6cde6..aefdd257 100644 --- a/classes/report_types/PhpReportType.php +++ b/classes/report_types/PhpReportType.php @@ -1,7 +1,19 @@ raw_query = "report."\n".trim($report->raw_query); + //if there are any included reports, add it to the top of the raw query + if(isset($report->options['Includes'])) { + $included_code = ''; + foreach($report->options['Includes'] as &$included_report) { + $included_code .= "\n".trim($included_report->raw_query).""; + } + + if($included_code) $included_code.= "\n"; + + $report->raw_query = $included_code . $report->raw_query; + } } public static function openConnection(&$report) { @@ -12,14 +24,31 @@ public static function closeConnection(&$report) { } - public static function run(&$report) { - extract($report->macros); + public static function run(&$report) { + $eval = "macros as $key=>$value) { + $eval .= "\n".'$'.$key.' = "'.addslashes($value).'";'; + } + $eval .= "\n?>".$report->raw_query; $config = PhpReports::$config; $database = PhpReports::$config['databases'][$report->options['Database']]; + $report->options['Query'] = $report->raw_query; + + $parts = preg_split('/<\?php \/\*(BEGIN|END) (INCLUDED REPORT|REPORT MACROS)\*\/ \?>/',$eval); + $formatted = ''; + $code = '
'.htmlentities(array_pop($parts)).'
'; + foreach($parts as $part) { + if(!trim($part)) continue; + $formatted .= "
".htmlentities($part)."
"; + } + $formatted .= $code; + + $report->options['Query_Formatted'] = '
'.$formatted.'
'; + ob_start(); - require(PhpReports::$config['reportDir'].'/'.$report->report); + eval('?>'.$eval); $result = ob_get_contents(); ob_end_clean(); diff --git a/templates/html/report.mustache b/templates/html/report.mustache index 3a3697e6..6859ec22 100644 --- a/templates/html/report.mustache +++ b/templates/html/report.mustache @@ -177,6 +177,16 @@ $('.show_query').click(function() { return false; }); +$('.included_report').each(function() { + var self = $(this); + self.css('display','none').css('background-color','#ddd'); + var link = $('').attr('href','#').text('View Included Report').css('display','block').click(function() { + self.toggle(200); + return false; + }); + + self.before(link); +}); {{/Query}}