From 4fa1193948c1a972327ecfb820af670d653218ad Mon Sep 17 00:00:00 2001 From: Paolo Date: Mon, 16 Jan 2023 12:10:49 +0100 Subject: [PATCH 1/6] - Added new CI config file application/config/db_crypt.php, it is loaded by core/DB_Model - Added new constant ENCRYPTION_PASSWORDS to application/core/DB_Model.php - Added new protected properties passwordName and encryptedColumns to core/DB_Model - Added new private methods _isCryptoEnabledAndValid, _getCipher, _encrypt and _decrypt to core/DB_Model - core/DB_Model properties insert and update now are making use of _encrypt() - core/DB_Model properties loadWhere and loadTree now are making use of _decrypt() --- application/config/db_crypt.php | 24 ++++++ application/core/DB_Model.php | 148 ++++++++++++++++++++++++++++++-- 2 files changed, 165 insertions(+), 7 deletions(-) create mode 100644 application/config/db_crypt.php diff --git a/application/config/db_crypt.php b/application/config/db_crypt.php new file mode 100644 index 000000000..e3329a158 --- /dev/null +++ b/application/config/db_crypt.php @@ -0,0 +1,24 @@ +. + */ + +if (!defined('BASEPATH')) exit('No direct script access allowed'); + +// NOTE: if database encryption is _not_ used then leave this array empty! +$config['encryption_passwords'] = array(); + diff --git a/application/core/DB_Model.php b/application/core/DB_Model.php index bdd5316e7..752561615 100644 --- a/application/core/DB_Model.php +++ b/application/core/DB_Model.php @@ -1,7 +1,26 @@ . + */ + if (!defined('BASEPATH')) exit('No direct script access allowed'); +use phpseclib\Crypt\Twofish; + /** * */ @@ -28,15 +47,20 @@ class DB_Model extends CI_Model const PGSQL_FLOAT4_TYPE = 'float4'; const PGSQL_FLOAT8_TYPE = 'float8'; + // Name of the config entry containing an array of password that can be used to encrypt/decrypt + const ENCRYPTION_PASSWORDS = 'encryption_passwords'; + protected $dbTable; // Name of the DB-Table for CI-Insert, -Update, ... protected $pk; // Name of the PrimaryKey for DB-Update, Load, ... protected $hasSequence; // False if this table has a composite primary key that is not using a sequence // True if this table has a primary key that uses a sequence + protected $passwordName; // Eventually the name of the password that is used to encrypt/decrypt + protected $encryptedColumns; // Eventually an array of columns to be encrypted/decrypted private $executedQueryMetaData; private $executedQueryListFields; - private $debugMode; + private $debugMode; // Debug mode enable (true) or disabled (false) /** * Constructor @@ -46,20 +70,25 @@ class DB_Model extends CI_Model // Call parent constructor parent::__construct(); - // Set properties - $this->hasSequence = true; - - // Loads DB conns and confs + // Loads DB connections and configs $this->load->database($dbtype); + // Loads the DB config to encrypt/decrypt data + $this->config->load('db_crypt'); + + // Set properties + $this->hasSequence = true; + $this->passwordName = null; + $this->encryptedColumns = null; + $this->debugMode = isset($this->db->db_debug) && $this->db->db_debug === true; + + // Loads UDF model $this->load->model('system/UDF_model', 'UDFModel'); // Loads the UDF library $this->load->library('UDFLib'); // Loads the logs library $this->load->library('LogLib'); - - $this->debugMode = isset($this->db->db_debug) && $this->db->db_debug === true; } // ------------------------------------------------------------------------------------------ @@ -93,6 +122,9 @@ class DB_Model extends CI_Model // If this table has UDF and the validation of them is ok if (isError($validate = $this->_prepareUDFsWrite($data, $this->dbTable))) return $validate; + // + $this->_encrypt($data); + // DB-INSERT $insert = $this->db->insert($this->dbTable, $data); @@ -161,6 +193,9 @@ class DB_Model extends CI_Model $this->db->where($tmpId); + // + $this->_encrypt($data); + // DB-UPDATE $update = $this->db->update($this->dbTable, $data); @@ -265,6 +300,9 @@ class DB_Model extends CI_Model if ($result) { + // Decrypt data if needed + $this->_decrypt($result); + return success($this->_toPhp($result)); } else @@ -328,6 +366,9 @@ class DB_Model extends CI_Model // Execute the query $resultDB = $this->db->get_where($this->dbTable, $where); + // Decrypt data if needed + $this->_decrypt($resultDB); + $this->_logLastQuery(); // If everything went ok... @@ -851,6 +892,99 @@ class DB_Model extends CI_Model // ------------------------------------------------------------------------------------------ // Private methods + // + // + + + /** + * If the cryptography is enabled and correctly configured + */ + private function _isCryptoEnabledAndValid() + { + // Get the password list to decrypt/encrypt from the configuration + $encryptionPasswords = $this->config->item(self::ENCRYPTION_PASSWORDS); + + // If not configured or wrongly configured + if (isEmptyArray($encryptionPasswords)) return false; + + // If array of encrypted columns is defined or wrongly defined for this model + if (isEmptyArray($this->encryptedColumns)) return false; + + // If no decryption/encryption password name is defined for this model + if (isEmptyString($this->passwordName)) return false; + + // If the configured password name does not exists in the password list to decrypt/encrypt + if (!array_key_exists($this->passwordName, $encryptionPasswords)) return false; + + // + return true; + } + + /** + * Returns a cipher to decrypt/encrypt data + */ + private function _getCipher() + { + // Set the cipher type + $cipher = new Twofish(); + // Set the password to encrypt using the chosen one + $cipher->setPassword($this->config->item(self::ENCRYPTION_PASSWORDS)[$this->passwordName]); + + return $cipher; + } + + /** + * To encrypt data + * Data is an associative array that contains column names as keys and the colum value as array value + */ + private function _encrypt(&$data) + { + // If no encryption is configured or not correctly configured then exit this method + if (!$this->_isCryptoEnabledAndValid()) return; + + // Gets the cipher + $cipher = $this->_getCipher(); + + // For each column that is going to be inserted/updated + foreach ($data as $column => $value) + { + // If the current column is in the list of the columns to be encrypted + if (in_array($column, $this->encryptedColumns)) + { + // Encrypt it! + $data[$column] = base64_encode($cipher->encrypt($value)); + } + } + } + + /** + * To decrypt data + * dbResult is an array of objects, each object is a representation of a database record, + * each property of the object is the column name and the property value is the database value + */ + private function _decrypt(&$dbResult) + { + // If no encryption is configured or not correctly configured then exit this method + if (!$this->_isCryptoEnabledAndValid()) return; + + // Gets the cipher + $cipher = $this->_getCipher(); + + // For each record from database + foreach ($dbResult->result() as $record) + { + // For each column to be encrypted + foreach ($this->encryptedColumns as $column) + { + // If the current record contains such a column + if (property_exists($record, $column)) + { + // Decrypt it! + $record->{$column} = $cipher->decrypt(base64_decode($record->{$column})); + } + } + } + } /** * Invalid ID From c8313550123c43cd3aca28444c813cc126940e99 Mon Sep 17 00:00:00 2001 From: Paolo Date: Wed, 8 Feb 2023 13:33:40 +0100 Subject: [PATCH 2/6] - FilterWidget: now it is possible to provide the encryptedColumns parameter to specify which columns of a database table are encrypted, how to cast them and which password to use to decrypt them - Added new constants PGSQL_BYTEA_TYPE, CRYPT_CONF_PASSWORDS, CRYPT_CAST, CRYPT_PASSWORD_NAME, CRYPT_SELECT_TEMPLATE, CRYPT_WHERE_TEMPLATE and CRYPT_WRITE_TEMPLATE to application/core/DB_Model.php - Added new optional parameter encryptedColumns to application/core/DB_Model insert, update, load, loadWhere, execQuery, execReadOnlyQuery and _toPhp - Added new private methods _addEncrypt, _addDecryptQuery and _addDecryptLoad to application/core/DB_Model.php - core/DB_Model: now it is possible to provide the encryptedColumns parameter to specify which columns of a database table are encrypted, how to cast them and which password to use to decrypt them - Adapted application/models/system/PersonLog_model.php --- application/core/DB_Model.php | 322 ++++++++++++------ application/libraries/FilterWidgetLib.php | 23 +- application/models/person/Person_model.php | 19 ++ application/models/system/PersonLog_model.php | 19 +- application/widgets/FilterWidget.php | 33 +- 5 files changed, 314 insertions(+), 102 deletions(-) diff --git a/application/core/DB_Model.php b/application/core/DB_Model.php index 752561615..69e088ef8 100644 --- a/application/core/DB_Model.php +++ b/application/core/DB_Model.php @@ -3,7 +3,7 @@ /** * Copyright (C) 2023 fhcomplete.org * - * This program is free software: you can redistribute it and/or modify + * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. @@ -19,8 +19,6 @@ if (!defined('BASEPATH')) exit('No direct script access allowed'); -use phpseclib\Crypt\Twofish; - /** * */ @@ -46,16 +44,20 @@ class DB_Model extends CI_Model const PGSQL_INT8_TYPE = 'int8'; const PGSQL_FLOAT4_TYPE = 'float4'; const PGSQL_FLOAT8_TYPE = 'float8'; + const PGSQL_BYTEA_TYPE = 'bytea'; // Name of the config entry containing an array of password that can be used to encrypt/decrypt - const ENCRYPTION_PASSWORDS = 'encryption_passwords'; + const CRYPT_CONF_PASSWORDS = 'encryption_passwords'; + const CRYPT_CAST = 'cast'; + const CRYPT_PASSWORD_NAME = 'passwordName'; + const CRYPT_SELECT_TEMPLATE = 'PGP_SYM_DECRYPT(%s, \'%s\')::%s AS %s'; + const CRYPT_WHERE_TEMPLATE = 'PGP_SYM_DECRYPT(%s, \'%s\')::%s'; + const CRYPT_WRITE_TEMPLATE = 'PGP_SYM_ENCRYPT(\'%s\', \'%s\')'; protected $dbTable; // Name of the DB-Table for CI-Insert, -Update, ... protected $pk; // Name of the PrimaryKey for DB-Update, Load, ... protected $hasSequence; // False if this table has a composite primary key that is not using a sequence // True if this table has a primary key that uses a sequence - protected $passwordName; // Eventually the name of the password that is used to encrypt/decrypt - protected $encryptedColumns; // Eventually an array of columns to be encrypted/decrypted private $executedQueryMetaData; private $executedQueryListFields; @@ -78,8 +80,6 @@ class DB_Model extends CI_Model // Set properties $this->hasSequence = true; - $this->passwordName = null; - $this->encryptedColumns = null; $this->debugMode = isset($this->db->db_debug) && $this->db->db_debug === true; // Loads UDF model @@ -114,7 +114,7 @@ class DB_Model extends CI_Model * @param array $data DataArray for Insert * @return array */ - public function insert($data) + public function insert($data, $encryptedColumns = null) { // Check class properties if (is_null($this->dbTable)) return error('The given database table name is not valid', EXIT_MODEL); @@ -122,8 +122,8 @@ class DB_Model extends CI_Model // If this table has UDF and the validation of them is ok if (isError($validate = $this->_prepareUDFsWrite($data, $this->dbTable))) return $validate; - // - $this->_encrypt($data); + // Add the pgp_sym_eccrypt postgresql function to the set clause if needed + $this->_addEncrypt($encryptedColumns, $data); // DB-INSERT $insert = $this->db->insert($this->dbTable, $data); @@ -167,7 +167,7 @@ class DB_Model extends CI_Model * @param array $data DataArray for Insert * @return array */ - public function update($id, $data) + public function update($id, $data, $encryptedColumns = null) { // Check class properties if (is_null($this->pk)) return error('The given primary key is not valid', EXIT_MODEL); @@ -193,8 +193,8 @@ class DB_Model extends CI_Model $this->db->where($tmpId); - // - $this->_encrypt($data); + // Add the pgp_sym_eccrypt postgresql function to the set clause if needed + $this->_addEncrypt($encryptedColumns, $data); // DB-UPDATE $update = $this->db->update($this->dbTable, $data); @@ -259,7 +259,7 @@ class DB_Model extends CI_Model * @param string $id ID (Primary Key) for SELECT ... WHERE * @return array */ - public function load($id = null) + public function load($id = null, $encryptedColumns = null) { // Check class properties if (is_null($this->pk)) return error('The given primary key is not valid', EXIT_MODEL); @@ -280,7 +280,7 @@ class DB_Model extends CI_Model $tmpId = array($this->pk => $id); } - return $this->loadWhere($tmpId); + return $this->loadWhere($tmpId, $encryptedColumns); } /** @@ -288,11 +288,14 @@ class DB_Model extends CI_Model * * @return array */ - public function loadWhere($where = null) + public function loadWhere($where = null, $encryptedColumns = null) { // Check class properties if (is_null($this->dbTable)) return error('The given database table name is not valid', EXIT_MODEL); + // Add the pgp_sym_decrypt postgresql function to the select and where clause if needed + $this->_addDecryptLoad($encryptedColumns, $where); + // Execute query $result = $this->db->get_where($this->dbTable, $where); @@ -300,10 +303,7 @@ class DB_Model extends CI_Model if ($result) { - // Decrypt data if needed - $this->_decrypt($result); - - return success($this->_toPhp($result)); + return success($this->_toPhp($result, $encryptedColumns)); } else { @@ -366,9 +366,6 @@ class DB_Model extends CI_Model // Execute the query $resultDB = $this->db->get_where($this->dbTable, $where); - // Decrypt data if needed - $this->_decrypt($resultDB); - $this->_logLastQuery(); // If everything went ok... @@ -799,7 +796,7 @@ class DB_Model extends CI_Model /** * Like execQuery, but it allows only to perform queries to read data */ - public function execReadOnlyQuery($query, $parametersArray = null) + public function execReadOnlyQuery($query, $parametersArray = null, $encryptedColumns = null) { $result = error('You are allowed to run only query for reading data'); // $cleanedQuery = trim(preg_replace('/\t|\n|\r|;/', '', $query)); // @@ -816,7 +813,7 @@ class DB_Model extends CI_Model { $queryToExec = str_replace(';', '', $query); // - $result = $this->execQuery($queryToExec, $parametersArray); + $result = $this->execQuery($queryToExec, $parametersArray, $encryptedColumns); } return $result; @@ -831,13 +828,16 @@ class DB_Model extends CI_Model * boolean if the query is of the write type (INSERT, UPDATE, DELETE...) * array that represents DB data */ - protected function execQuery($query, $parametersArray = null) + protected function execQuery($query, $parametersArray = null, $encryptedColumns = null) { $result = null; // If the query is empty don't lose time if (!isEmptyString($query)) { + // Add the pgp_sym_decrypt postgresql function to the given query + $this->_addDecryptQuery($encryptedColumns, $query); + // If there are parameters to bind to the query if (is_array($parametersArray) && count($parametersArray) > 0) { @@ -853,7 +853,7 @@ class DB_Model extends CI_Model // If no errors occurred if ($resultDB) { - $result = success($this->_toPhp($resultDB)); + $result = success($this->_toPhp($resultDB, $encryptedColumns)); } else { @@ -895,92 +895,202 @@ class DB_Model extends CI_Model // // - /** - * If the cryptography is enabled and correctly configured + * To add the pgp_sym_encrypt function to the set clause where needed */ - private function _isCryptoEnabledAndValid() + private function _addEncrypt($encryptedColumns, &$data) { - // Get the password list to decrypt/encrypt from the configuration - $encryptionPasswords = $this->config->item(self::ENCRYPTION_PASSWORDS); - - // If not configured or wrongly configured - if (isEmptyArray($encryptionPasswords)) return false; - - // If array of encrypted columns is defined or wrongly defined for this model - if (isEmptyArray($this->encryptedColumns)) return false; - - // If no decryption/encryption password name is defined for this model - if (isEmptyString($this->passwordName)) return false; - - // If the configured password name does not exists in the password list to decrypt/encrypt - if (!array_key_exists($this->passwordName, $encryptionPasswords)) return false; - - // - return true; - } - - /** - * Returns a cipher to decrypt/encrypt data - */ - private function _getCipher() - { - // Set the cipher type - $cipher = new Twofish(); - // Set the password to encrypt using the chosen one - $cipher->setPassword($this->config->item(self::ENCRYPTION_PASSWORDS)[$this->passwordName]); - - return $cipher; - } - - /** - * To encrypt data - * Data is an associative array that contains column names as keys and the colum value as array value - */ - private function _encrypt(&$data) - { - // If no encryption is configured or not correctly configured then exit this method - if (!$this->_isCryptoEnabledAndValid()) return; - - // Gets the cipher - $cipher = $this->_getCipher(); + $tmpData = array(); // Temporary array used to copy not encrypted columns // For each column that is going to be inserted/updated foreach ($data as $column => $value) { // If the current column is in the list of the columns to be encrypted - if (in_array($column, $this->encryptedColumns)) + // and contains the password name element + if (array_key_exists($column, $encryptedColumns) + && array_key_exists(self::CRYPT_PASSWORD_NAME, $encryptedColumns[$column])) { - // Encrypt it! - $data[$column] = base64_encode($cipher->encrypt($value)); + // Password to encrypt data + $encryptionPassword = $this->config->item(self::CRYPT_CONF_PASSWORDS)[ + $encryptedColumns[$column][self::CRYPT_PASSWORD_NAME] + ]; + + // Add the encrypted column to the set clause without escaping + $this->db->set( + $column, + sprintf( + self::CRYPT_WRITE_TEMPLATE, + $value, + $encryptionPassword + ), + false + ); + } + else // otherwise copy this element as it is + { + $tmpData[$column] = $value; + } + } + + $data = $tmpData; // this array does not contain encrypted columns + } + + /** + * To add the pgp_sym_decrypt function to the given query + */ + private function _addDecryptQuery($encryptedColumns, &$query) + { + // If it is request to get encrypted columns + if (!isEmptyArray($encryptedColumns)) + { + // For each requested encrypted column + foreach ($encryptedColumns as $encryptedColumn => $definition) + { + // If the requested encrypted column is well defined + if (!isEmptyArray($definition) + && array_key_exists(self::CRYPT_CAST, $definition) + && array_key_exists(self::CRYPT_PASSWORD_NAME, $definition)) + { + // And if exists the wanted password to decrypt in the configs + if (array_key_exists( + $definition[self::CRYPT_PASSWORD_NAME], + $this->config->item(self::CRYPT_CONF_PASSWORDS)) + ) + { + // Password to decrypt data + $decryptionPassword = $this->config->item(self::CRYPT_CONF_PASSWORDS)[ + $definition[self::CRYPT_PASSWORD_NAME] + ]; + + // Find and replace all the occurrences of the provided encrypted columns + // with the postgresql decryption function + $query = str_replace( + $encryptedColumn, + sprintf( + self::CRYPT_WHERE_TEMPLATE, + $encryptedColumn, + $decryptionPassword, + $definition[self::CRYPT_CAST] + ), + $query + ); + } + } } } } /** - * To decrypt data - * dbResult is an array of objects, each object is a representation of a database record, - * each property of the object is the column name and the property value is the database value + * To add the pgp_sym_decrypt function to the select and where clause where needed */ - private function _decrypt(&$dbResult) + private function _addDecryptLoad($encryptedColumns, &$where) { - // If no encryption is configured or not correctly configured then exit this method - if (!$this->_isCryptoEnabledAndValid()) return; - - // Gets the cipher - $cipher = $this->_getCipher(); - - // For each record from database - foreach ($dbResult->result() as $record) + // If it is request to get encrypted columns + if (!isEmptyArray($encryptedColumns)) { - // For each column to be encrypted - foreach ($this->encryptedColumns as $column) + // For each requested encrypted column + foreach ($encryptedColumns as $encryptedColumn => $definition) { - // If the current record contains such a column - if (property_exists($record, $column)) + // If the requested encrypted column is well defined + if (!isEmptyArray($definition) + && array_key_exists(self::CRYPT_CAST, $definition) + && array_key_exists(self::CRYPT_PASSWORD_NAME, $definition)) { - // Decrypt it! - $record->{$column} = $cipher->decrypt(base64_decode($record->{$column})); + // And if exists the wanted password to decrypt in the configs + if (array_key_exists( + $definition[self::CRYPT_PASSWORD_NAME], + $this->config->item(self::CRYPT_CONF_PASSWORDS)) + ) + { + // Password to decrypt data + $decryptionPassword = $this->config->item(self::CRYPT_CONF_PASSWORDS)[ + $definition[self::CRYPT_PASSWORD_NAME] + ]; + + // ----------------------------------------- + // SELECT + + // Add to the select clause the column to be decrypted + // NOTE: this is going to override any previously added column with the same name + $this->addSelect( + sprintf( + self::CRYPT_SELECT_TEMPLATE, + $encryptedColumn, + $decryptionPassword, + $definition[self::CRYPT_CAST], + $encryptedColumn + ) + ); + + // ----------------------------------------- + // WHERE + + // If the where parameter is a valid array + if (!isEmptyArray($where)) + { + $tmpWhere = array(); + + // For each condition of the where clause + foreach ($where as $column => $condition) + { + $operator = null; // operator not found in the column name + + // Custom operators + if (strpos($column, '>') != false + || strpos($column, '<') != false + || strpos($column, '>=') != false + || strpos($column, '<=') != false + || strpos($column, '!=') != false + || strpos($column, '=') != false + ) + { + $operator = ' '.substr(trim($column), -1).' '; + } + else // default operator + { + $operator = ' = '; + } + + // If the column from the where clause is the same from the encrypted columns definition + if (trim($column) == $encryptedColumn + || ($operator != null && substr(trim($column), 0, strlen(trim($column)) - 2) == $encryptedColumn) + ) + { + // Then rename the column using the postgresql decryption function + $tmpWhere[ + sprintf( + self::CRYPT_WHERE_TEMPLATE, + $encryptedColumn, + $decryptionPassword, + $definition[self::CRYPT_CAST] + ).$operator + ] = $condition; + } + else // otherwise copy the column as it is + { + $tmpWhere[$column] = $condition; + } + } + + $where = $tmpWhere; // replace with the new where + } + // Otherwise if the where parameter is a valid string + elseif (!isEmptyString($where)) + { + // Find and replace all the occurrences of the provided encrypted columns + // with the postgresql decryption function + $where = str_replace( + $encryptedColumn, + sprintf( + self::CRYPT_WHERE_TEMPLATE, + $encryptedColumn, + $decryptionPassword, + $definition[self::CRYPT_CAST] + ), + $where + ); + } + } } } } @@ -1029,7 +1139,7 @@ class DB_Model extends CI_Model * - A FALSE value on failure * - Otherwise an object filled with data on success */ - private function _toPhp($result) + private function _toPhp($result, $encryptedColumns = null) { $udfs = false; // if UDFs are inside the given result set $toPhp = $result; // if there is nothing to convert then return the result from DB @@ -1045,7 +1155,9 @@ class DB_Model extends CI_Model // Looking for booleans, arrays and UDFs foreach ($this->executedQueryMetaData as $eqmd) { - // If array type, boolean type OR a UDF + // If array type, boolean type, numeric type + // Or bytea type + // Or UDF type if (strpos($eqmd->type, DB_Model::PGSQL_ARRAY_TYPE) !== false || $eqmd->type == DB_Model::PGSQL_BOOLEAN_TYPE || $eqmd->type == DB_Model::PGSQL_INT2_TYPE @@ -1053,6 +1165,7 @@ class DB_Model extends CI_Model || $eqmd->type == DB_Model::PGSQL_INT8_TYPE || $eqmd->type == DB_Model::PGSQL_FLOAT4_TYPE || $eqmd->type == DB_Model::PGSQL_FLOAT8_TYPE + || $eqmd->type == DB_Model::PGSQL_BYTEA_TYPE || $this->udflib->isUDFColumn($eqmd->name, $eqmd->type)) { // If UDFs are inside this result set @@ -1115,6 +1228,21 @@ class DB_Model extends CI_Model { $resultElement->{$toBeConverted->name} = $this->pgFloatPhp($resultElement->{$toBeConverted->name}); } + // Byte A type + elseif ($toBeConverted->type == DB_Model::PGSQL_BYTEA_TYPE) + { + // If encrypted columns are defined + // and if the byte a column is defined as encrypted column + if (!isEmptyArray($encryptedColumns) + && array_key_exists($toBeConverted->name, $encryptedColumns)) + { + // keep the column + } + else // otherwise remove the column from the result + { + unset($resultElement->{$toBeConverted->name}); + } + } } } } diff --git a/application/libraries/FilterWidgetLib.php b/application/libraries/FilterWidgetLib.php index 19cdec848..72a749d60 100644 --- a/application/libraries/FilterWidgetLib.php +++ b/application/libraries/FilterWidgetLib.php @@ -1,5 +1,22 @@ . + */ + if (! defined('BASEPATH')) exit('No direct script access allowed'); /** @@ -16,6 +33,7 @@ class FilterWidgetLib const SESSION_SELECTED_FIELDS = 'selectedFields'; const SESSION_COLUMNS_ALIASES = 'columnsAliases'; const SESSION_ADDITIONAL_COLUMNS = 'additionalColumns'; + const SESSION_ENCRYPTED_COLUMNS = 'encryptedColumns'; const SESSION_CHECKBOXES = 'checkboxes'; const SESSION_FILTERS = 'filters'; const SESSION_METADATA = 'datasetMetadata'; @@ -56,6 +74,7 @@ class FilterWidgetLib const ADDITIONAL_COLUMNS = 'additionalColumns'; const CHECKBOXES = 'checkboxes'; const COLUMNS_ALIASES = 'columnsAliases'; + const ENCRYPTED_COLUMNS = 'encryptedColumns'; // ...to format/mark records of a dataset const FORMAT_ROW = 'formatRow'; @@ -367,7 +386,7 @@ class FilterWidgetLib /** * Retrieves the dataset from the DB */ - public function getDataset($datasetQuery) + public function getDataset($datasetQuery, $encryptedColumns) { $dataset = null; @@ -376,7 +395,7 @@ class FilterWidgetLib $this->_ci->load->model('system/Filters_model', 'FiltersModel'); // Execute the given SQL statement suppressing error messages - $dataset = @$this->_ci->FiltersModel->execReadOnlyQuery($datasetQuery); + $dataset = @$this->_ci->FiltersModel->execReadOnlyQuery($datasetQuery, null, $encryptedColumns); } return $dataset; diff --git a/application/models/person/Person_model.php b/application/models/person/Person_model.php index 8875fd4c5..cf99099fe 100644 --- a/application/models/person/Person_model.php +++ b/application/models/person/Person_model.php @@ -1,5 +1,22 @@ . + */ + class Person_model extends DB_Model { /** @@ -8,6 +25,7 @@ class Person_model extends DB_Model public function __construct() { parent::__construct(); + $this->dbTable = 'public.tbl_person'; $this->pk = 'person_id'; @@ -336,3 +354,4 @@ class Person_model extends DB_Model return $this->execQuery($qry, array($person_id, $person_id, $person_id)); } } + diff --git a/application/models/system/PersonLog_model.php b/application/models/system/PersonLog_model.php index 7a66958b8..88b50487a 100644 --- a/application/models/system/PersonLog_model.php +++ b/application/models/system/PersonLog_model.php @@ -1,5 +1,22 @@ . + */ + class PersonLog_model extends DB_Model { /** @@ -17,7 +34,7 @@ class PersonLog_model extends DB_Model * @param array $data Data of Log Entry to save. * @return success object if true */ - public function insert($data) + public function insert($data, $encryptedColumns = null) { $result = $this->db->insert($this->dbTable, $data); if ($result) diff --git a/application/widgets/FilterWidget.php b/application/widgets/FilterWidget.php index 1cef91c15..4c40e434a 100644 --- a/application/widgets/FilterWidget.php +++ b/application/widgets/FilterWidget.php @@ -1,5 +1,22 @@ . + */ + /** * To filter data using a SQL statement */ @@ -59,6 +76,8 @@ class FilterWidget extends Widget private $_sessionTimeout; // session expiring time + private $_encryptedColumns; // contains info about encrypted columns + private static $_FilterWidgetInstance; // static property that contains the instance of itself /** @@ -195,6 +214,7 @@ class FilterWidget extends Widget $this->_formatRow = null; $this->_markRow = null; $this->_checkboxes = null; + $this->_encryptedColumns = null; $this->_hideOptions = null; $this->_hideSelectFields = null; $this->_hideSelectFilters = null; @@ -252,6 +272,14 @@ class FilterWidget extends Widget $this->_additionalColumns = $args[FilterWidgetLib::ADDITIONAL_COLUMNS]; } + // Parameter is used to define the ecrypted columns + if (isset($args[FilterWidgetLib::ENCRYPTED_COLUMNS]) + && is_array($args[FilterWidgetLib::ENCRYPTED_COLUMNS]) + && count($args[FilterWidgetLib::ENCRYPTED_COLUMNS]) > 0) + { + $this->_encryptedColumns = $args[FilterWidgetLib::ENCRYPTED_COLUMNS]; + } + // Parameter is used to add use aliases for the columns fo the dataset if (isset($args[FilterWidgetLib::COLUMNS_ALIASES]) && is_array($args[FilterWidgetLib::COLUMNS_ALIASES]) @@ -441,7 +469,7 @@ class FilterWidget extends Widget ); // Then retrieve dataset from DB - $dataset = $this->filterwidgetlib->getDataset($datasetQuery); + $dataset = $this->filterwidgetlib->getDataset($datasetQuery, $this->_encryptedColumns); // Save changes into session if data are valid if (!isError($dataset)) @@ -476,7 +504,7 @@ class FilterWidget extends Widget $datasetQuery = $this->filterwidgetlib->generateDatasetQuery($this->_query, $parsedFilterJson->filters); // Then retrieve dataset from DB - $dataset = $this->filterwidgetlib->getDataset($datasetQuery); + $dataset = $this->filterwidgetlib->getDataset($datasetQuery, $this->_encryptedColumns); // Try to load the name of the filter using the PhrasesLib $filterName = $this->filterwidgetlib->getFilterName($parsedFilterJson); @@ -497,6 +525,7 @@ class FilterWidget extends Widget FilterWidgetLib::SESSION_SELECTED_FIELDS => $this->_getColumnsNames($parsedFilterJson->columns), // all the selected fields FilterWidgetLib::SESSION_COLUMNS_ALIASES => $this->_columnsAliases, // all the fields aliases FilterWidgetLib::SESSION_ADDITIONAL_COLUMNS => $this->_additionalColumns, // additional columns + FilterWidgetLib::SESSION_ENCRYPTED_COLUMNS => $this->_encryptedColumns, // encrypted columns FilterWidgetLib::SESSION_CHECKBOXES => $this->_checkboxes, // the name of the field used to build the checkboxes column FilterWidgetLib::SESSION_FILTERS => $parsedFilterJson->filters, // all the filters used to filter the dataset FilterWidgetLib::SESSION_METADATA => $this->FiltersModel->getExecutedQueryMetaData(), // the metadata of the dataset From 9b8a1ba096375c783bf1c45f67eff87f9c559b72 Mon Sep 17 00:00:00 2001 From: Paolo Date: Fri, 17 Feb 2023 14:01:09 +0100 Subject: [PATCH 3/6] - Added new constants SESSION_ENCRYPTED_COLUMNS and ENCRYPTED_COLUMNS to libraries/FilterCmptLib - Added new private property _encryptedColumns to libraries/FilterCmptLib - libraries/FilterCmptLib: execReadOnlyQuery is now called providing the parameter _encryptedColumns to read database encrypted columns --- application/libraries/FilterCmptLib.php | 13 ++++++++++++- application/libraries/TableWidgetLib.php | 17 +++++++++++++++++ application/widgets/TableWidget.php | 17 +++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/application/libraries/FilterCmptLib.php b/application/libraries/FilterCmptLib.php index 9d6dfa681..3e885b6e7 100644 --- a/application/libraries/FilterCmptLib.php +++ b/application/libraries/FilterCmptLib.php @@ -1,4 +1,5 @@ _filterKurzbz = null; $this->_query = null; $this->_requiredPermissions = null; + $this->_encryptedColumns = null; $this->_reloadDataset = true; // by default the dataset is NOT cached in session $this->_sessionTimeout = FilterCmptLib::SESSION_DEFAULT_TIMEOUT; @@ -727,6 +732,12 @@ class FilterCmptLib $this->_requiredPermissions = $filterCmptArray[FilterCmptLib::REQUIRED_PERMISSIONS]; } + // Retrieved the encrypted columns parameter if present + if (isset($filterCmptArray[FilterCmptLib::ENCRYPTED_COLUMNS])) + { + $this->_encryptedColumns = $filterCmptArray[FilterCmptLib::ENCRYPTED_COLUMNS]; + } + // Parameters needed to retrieve univocally a filter from DB if (isset($filterCmptArray[FilterCmptLib::APP])) { @@ -1129,7 +1140,7 @@ class FilterCmptLib $this->_ci->load->model('system/Filters_model', 'FiltersModel'); // Execute the given SQL statement suppressing error messages - $dataset = @$this->_ci->FiltersModel->execReadOnlyQuery($datasetQuery); + $dataset = @$this->_ci->FiltersModel->execReadOnlyQuery($datasetQuery, null, $this->_encryptedColumns); } return $dataset; diff --git a/application/libraries/TableWidgetLib.php b/application/libraries/TableWidgetLib.php index dc746b6d5..e8538e84e 100644 --- a/application/libraries/TableWidgetLib.php +++ b/application/libraries/TableWidgetLib.php @@ -1,5 +1,22 @@ . + */ + if (! defined('BASEPATH')) exit('No direct script access allowed'); /** diff --git a/application/widgets/TableWidget.php b/application/widgets/TableWidget.php index 5a000601f..44dc18bd4 100644 --- a/application/widgets/TableWidget.php +++ b/application/widgets/TableWidget.php @@ -1,5 +1,22 @@ . + */ + /** * To display a table that shows data retriev by a SQL statement */ From 2729b60b394a0b20f11a19b013edd81d497cc44f Mon Sep 17 00:00:00 2001 From: Paolo Date: Mon, 20 Feb 2023 11:31:19 +0100 Subject: [PATCH 4/6] - Added new constants SESSION_ENCRYPTED_COLUMNS and ENCRYPTED_COLUMNS to libraries/TableWidgetLib - Changed libraries/TableWidgetLib->getDataset to accept the new parameter encryptedColumns - Added new private method _encryptedColumns to widgets/TableWidget - widgets/TableWidget now calls tablewidgetlib->getDataset now giving the encryptedColumns parameter - widgets/TableWidget stores in the session the encryptedColumns parameter --- application/libraries/TableWidgetLib.php | 6 ++++-- application/widgets/TableWidget.php | 16 ++++++++++++++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/application/libraries/TableWidgetLib.php b/application/libraries/TableWidgetLib.php index e8538e84e..9637122a7 100644 --- a/application/libraries/TableWidgetLib.php +++ b/application/libraries/TableWidgetLib.php @@ -33,6 +33,7 @@ class TableWidgetLib const SESSION_FIELDS = 'fields'; const SESSION_COLUMNS_ALIASES = 'columnsAliases'; const SESSION_ADDITIONAL_COLUMNS = 'additionalColumns'; + const SESSION_ENCRYPTED_COLUMNS = 'encryptedColumns'; const SESSION_CHECKBOXES = 'checkboxes'; const SESSION_METADATA = 'datasetMetadata'; const SESSION_ROW_NUMBER = 'rowNumber'; @@ -66,6 +67,7 @@ class TableWidgetLib const ADDITIONAL_COLUMNS = 'additionalColumns'; const CHECKBOXES = 'checkboxes'; const COLUMNS_ALIASES = 'columnsAliases'; + const ENCRYPTED_COLUMNS = 'encryptedColumns'; // ...to format/mark records of a dataset const FORMAT_ROW = 'formatRow'; @@ -194,7 +196,7 @@ class TableWidgetLib /** * Retrieves the dataset from the DB */ - public function getDataset($datasetQuery) + public function getDataset($datasetQuery, $encryptedColumns) { $dataset = null; @@ -203,7 +205,7 @@ class TableWidgetLib $this->_ci->load->model('system/Filters_model', 'FiltersModel'); // Execute the given SQL statement suppressing error messages - $dataset = @$this->_ci->FiltersModel->execReadOnlyQuery($datasetQuery); + $dataset = @$this->_ci->FiltersModel->execReadOnlyQuery($datasetQuery, null, $encryptedColumns); } return $dataset; diff --git a/application/widgets/TableWidget.php b/application/widgets/TableWidget.php index 44dc18bd4..a1a15d508 100644 --- a/application/widgets/TableWidget.php +++ b/application/widgets/TableWidget.php @@ -57,6 +57,8 @@ class TableWidget extends Widget private $_sessionTimeout; // session expiring time + private $_encryptedColumns; // contains info about encrypted columns + private static $_TableWidgetInstance; // static property that contains the instance of itself /** @@ -144,6 +146,7 @@ class TableWidget extends Widget $this->_datasetRepresentationOptions = null; $this->_datasetRepFieldsDefs = null; $this->_sessionTimeout = TableWidgetLib::SESSION_DEFAULT_TIMEOUT; + $this->_encryptedColumns = null; // Retrieved the required permissions parameter if present if (isset($args[TableWidgetLib::REQUIRED_PERMISSIONS])) @@ -223,6 +226,14 @@ class TableWidget extends Widget { $this->_sessionTimeout = $args[TableWidgetLib::SESSION_TIMEOUT]; } + + // Parameter is used to define the ecrypted columns + if (isset($args[TableWidgetLib::ENCRYPTED_COLUMNS]) + && is_array($args[TableWidgetLib::ENCRYPTED_COLUMNS]) + && count($args[TableWidgetLib::ENCRYPTED_COLUMNS]) > 0) + { + $this->_encryptedColumns = $args[TableWidgetLib::ENCRYPTED_COLUMNS]; + } } /** @@ -305,7 +316,7 @@ class TableWidget extends Widget $datasetQuery = $this->tablewidgetlib->generateDatasetQuery($this->_query); // Then retrieve dataset from DB - $dataset = $this->tablewidgetlib->getDataset($datasetQuery); + $dataset = $this->tablewidgetlib->getDataset($datasetQuery, $this->_encryptedColumns); // Save changes into session if data are valid if (!isError($dataset)) @@ -327,7 +338,7 @@ class TableWidget extends Widget $datasetQuery = $this->tablewidgetlib->generateDatasetQuery($this->_query); // Then retrieve dataset from DB - $dataset = $this->tablewidgetlib->getDataset($datasetQuery); + $dataset = $this->tablewidgetlib->getDataset($datasetQuery, $this->_encryptedColumns); // Save changes into session if data are valid if (!isError($dataset)) @@ -341,6 +352,7 @@ class TableWidget extends Widget TableWidgetLib::SESSION_FIELDS => $this->tablewidgetlib->getExecutedQueryListFields(), // all the fields of the dataset TableWidgetLib::SESSION_COLUMNS_ALIASES => $this->_columnsAliases, // all the fields aliases TableWidgetLib::SESSION_ADDITIONAL_COLUMNS => $this->_additionalColumns, // additional columns + TableWidgetLib::SESSION_ENCRYPTED_COLUMNS => $this->_encryptedColumns, // encrypted columns TableWidgetLib::SESSION_CHECKBOXES => $this->_checkboxes, // the name of the field used to build the checkboxes column TableWidgetLib::SESSION_METADATA => $this->tablewidgetlib->getExecutedQueryMetaData(), // the metadata of the dataset TableWidgetLib::SESSION_ROW_NUMBER => count($dataset->retval), // the number of loaded rows by this table From 2b9af86955e537d747721cb2901def3411d67179 Mon Sep 17 00:00:00 2001 From: Paolo Date: Tue, 21 Feb 2023 16:11:49 +0100 Subject: [PATCH 5/6] - Added examples to application/config/db_crypt.php - core/DB_Model->_addDecryptLoad fixed when checking the condition if the used operator is made of two characters --- application/config/db_crypt.php | 7 ++++++- application/core/DB_Model.php | 16 +++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/application/config/db_crypt.php b/application/config/db_crypt.php index e3329a158..72f8c30d8 100644 --- a/application/config/db_crypt.php +++ b/application/config/db_crypt.php @@ -20,5 +20,10 @@ if (!defined('BASEPATH')) exit('No direct script access allowed'); // NOTE: if database encryption is _not_ used then leave this array empty! -$config['encryption_passwords'] = array(); +$config['encryption_passwords'] = array( + // 'password name 1' => 'password 1' + // 'password name 2' => 'password 2' + // 'password name ...' => 'password ...' + // 'password name N' => 'password N' +); diff --git a/application/core/DB_Model.php b/application/core/DB_Model.php index 69e088ef8..062bc06c2 100644 --- a/application/core/DB_Model.php +++ b/application/core/DB_Model.php @@ -923,7 +923,7 @@ class DB_Model extends CI_Model $value, $encryptionPassword ), - false + false // no escaping ); } else // otherwise copy this element as it is @@ -1035,12 +1035,18 @@ class DB_Model extends CI_Model { $operator = null; // operator not found in the column name - // Custom operators - if (strpos($column, '>') != false - || strpos($column, '<') != false - || strpos($column, '>=') != false + // Custom operators with 2 chars + if (strpos($column, '>=') != false || strpos($column, '<=') != false || strpos($column, '!=') != false + || strpos($column, '<>') != false + ) + { + $operator = ' '.substr(trim($column), -2).' '; + } + // Custom operators with 1 chars + elseif (strpos($column, '>') != false + || strpos($column, '<') != false || strpos($column, '=') != false ) { From 08de013c2332ad0f1914bb3519473930e792c04e Mon Sep 17 00:00:00 2001 From: Paolo Date: Tue, 25 Apr 2023 16:07:42 +0200 Subject: [PATCH 6/6] Fixes: code quality checks --- application/config/db_crypt.php | 2 +- application/core/DB_Model.php | 63 ++++++++++------------ application/libraries/FilterCmptLib.php | 8 +-- application/libraries/FilterWidgetLib.php | 10 ++-- application/libraries/TableWidgetLib.php | 2 +- application/models/person/Person_model.php | 16 ++++-- application/widgets/FilterWidget.php | 4 +- application/widgets/TableWidget.php | 19 +------ 8 files changed, 56 insertions(+), 68 deletions(-) diff --git a/application/config/db_crypt.php b/application/config/db_crypt.php index 72f8c30d8..b9360861b 100644 --- a/application/config/db_crypt.php +++ b/application/config/db_crypt.php @@ -3,7 +3,7 @@ /** * Copyright (C) 2023 fhcomplete.org * - * This program is free software: you can redistribute it and/or modify + * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. diff --git a/application/core/DB_Model.php b/application/core/DB_Model.php index 062bc06c2..d554d8c5c 100644 --- a/application/core/DB_Model.php +++ b/application/core/DB_Model.php @@ -17,6 +17,8 @@ * along with this program. If not, see . */ +use \stdClass as stdClass; + if (!defined('BASEPATH')) exit('No direct script access allowed'); /** @@ -120,7 +122,8 @@ class DB_Model extends CI_Model if (is_null($this->dbTable)) return error('The given database table name is not valid', EXIT_MODEL); // If this table has UDF and the validation of them is ok - if (isError($validate = $this->_prepareUDFsWrite($data, $this->dbTable))) return $validate; + $validate = $this->_prepareUDFsWrite($data, $this->dbTable); + if (isError($validate)) return $validate; // Add the pgp_sym_eccrypt postgresql function to the set clause if needed $this->_addEncrypt($encryptedColumns, $data); @@ -174,7 +177,8 @@ class DB_Model extends CI_Model if (is_null($this->dbTable)) return error('The given database table name is not valid', EXIT_MODEL); // If this table has UDF and the validation of them is ok - if (isError($validate = $this->_prepareUDFsWrite($data, $this->dbTable, $id))) return $validate; + $validate = $this->_prepareUDFsWrite($data, $this->dbTable, $id); + if (isError($validate)) return $validate; $tmpId = $id; @@ -341,7 +345,8 @@ class DB_Model extends CI_Model // NOTE: $this->db->list_fields($tables[$t]) doesn't work if there are two tables with // the same name in two different schemas, use this workaround $fields = array(); - if (isSuccess($lstColumns = $this->_list_columns($schemaAndTable->schema, $schemaAndTable->table))) + $lstColumns = $this->_list_columns($schemaAndTable->schema, $schemaAndTable->table); + if (isSuccess($lstColumns)) { $fields = $lstColumns->retval; } @@ -419,7 +424,8 @@ class DB_Model extends CI_Model $tmpFilteredArray = array_filter(get_object_vars($sideTableObj)); if (isset($tmpFilteredArray) && count($tmpFilteredArray) > 0) { - if (($k = $this->_findMainTable($mainTableObj, $returnArray)) === false) + $k = $this->_findMainTable($mainTableObj, $returnArray); + if ($k === false) { $mainTableObj->{$sideTableProperty} = array($sideTableObj); $returnArray[$returnArrayCounter++] = $mainTableObj; @@ -802,8 +808,7 @@ class DB_Model extends CI_Model $cleanedQuery = trim(preg_replace('/\t|\n|\r|;/', '', $query)); // // - if ( - (stripos($cleanedQuery, 'INSERT') > 0 || stripos($cleanedQuery, 'INSERT') == false) + if ((stripos($cleanedQuery, 'INSERT') > 0 || stripos($cleanedQuery, 'INSERT') == false) && (stripos($cleanedQuery, 'UPDATE') > 0 || stripos($cleanedQuery, 'UPDATE') == false) && (stripos($cleanedQuery, 'CREATE') > 0 || stripos($cleanedQuery, 'CREATE') == false) && (stripos($cleanedQuery, 'DELETE') > 0 || stripos($cleanedQuery, 'DELETE') == false) @@ -881,7 +886,8 @@ class DB_Model extends CI_Model $result->schema = DB_Model::DEFAULT_SCHEMA; // If a schema is specified - if (($pos = strpos($schemaAndTable, '.')) !== false) + $pos = strpos($schemaAndTable, '.'); + if ($pos !== false) { $result->schema = substr($schemaAndTable, 0, $pos); $result->table = substr($schemaAndTable, $pos + 1); @@ -911,9 +917,8 @@ class DB_Model extends CI_Model && array_key_exists(self::CRYPT_PASSWORD_NAME, $encryptedColumns[$column])) { // Password to encrypt data - $encryptionPassword = $this->config->item(self::CRYPT_CONF_PASSWORDS)[ - $encryptedColumns[$column][self::CRYPT_PASSWORD_NAME] - ]; + $cryptConfPasswords = $this->config->item(self::CRYPT_CONF_PASSWORDS); + $encryptionPassword = $cryptConfPasswords[$encryptedColumns[$column][self::CRYPT_PASSWORD_NAME]]; // Add the encrypted column to the set clause without escaping $this->db->set( @@ -952,15 +957,11 @@ class DB_Model extends CI_Model && array_key_exists(self::CRYPT_PASSWORD_NAME, $definition)) { // And if exists the wanted password to decrypt in the configs - if (array_key_exists( - $definition[self::CRYPT_PASSWORD_NAME], - $this->config->item(self::CRYPT_CONF_PASSWORDS)) - ) + if (array_key_exists($definition[self::CRYPT_PASSWORD_NAME], $this->config->item(self::CRYPT_CONF_PASSWORDS))) { // Password to decrypt data - $decryptionPassword = $this->config->item(self::CRYPT_CONF_PASSWORDS)[ - $definition[self::CRYPT_PASSWORD_NAME] - ]; + $cryptConfPasswords = $this->config->item(self::CRYPT_CONF_PASSWORDS); + $decryptionPassword = $cryptConfPasswords[$definition[self::CRYPT_PASSWORD_NAME]]; // Find and replace all the occurrences of the provided encrypted columns // with the postgresql decryption function @@ -997,15 +998,11 @@ class DB_Model extends CI_Model && array_key_exists(self::CRYPT_PASSWORD_NAME, $definition)) { // And if exists the wanted password to decrypt in the configs - if (array_key_exists( - $definition[self::CRYPT_PASSWORD_NAME], - $this->config->item(self::CRYPT_CONF_PASSWORDS)) - ) + if (array_key_exists($definition[self::CRYPT_PASSWORD_NAME], $this->config->item(self::CRYPT_CONF_PASSWORDS))) { // Password to decrypt data - $decryptionPassword = $this->config->item(self::CRYPT_CONF_PASSWORDS)[ - $definition[self::CRYPT_PASSWORD_NAME] - ]; + $cryptConfPasswords = $this->config->item(self::CRYPT_CONF_PASSWORDS); + $decryptionPassword = $cryptConfPasswords[$definition[self::CRYPT_PASSWORD_NAME]]; // ----------------------------------------- // SELECT @@ -1063,14 +1060,12 @@ class DB_Model extends CI_Model ) { // Then rename the column using the postgresql decryption function - $tmpWhere[ - sprintf( - self::CRYPT_WHERE_TEMPLATE, - $encryptedColumn, - $decryptionPassword, - $definition[self::CRYPT_CAST] - ).$operator - ] = $condition; + $tmpWhere[sprintf( + self::CRYPT_WHERE_TEMPLATE, + $encryptedColumn, + $decryptionPassword, + $definition[self::CRYPT_CAST] + ).$operator] = $condition; } else // otherwise copy the column as it is { @@ -1127,11 +1122,11 @@ class DB_Model extends CI_Model { if ($id != null) { - $prepareUDFsWrite = $this->udflib->prepareUDFsWrite($data, $this->dbTable, $this->_getUDFsNoPerms($id)); + $prepareUDFsWrite = $this->udflib->prepareUDFsWrite($data, $schemaAndTable, $this->_getUDFsNoPerms($id)); } else { - $prepareUDFsWrite = $this->udflib->prepareUDFsWrite($data, $this->dbTable); + $prepareUDFsWrite = $this->udflib->prepareUDFsWrite($data, $schemaAndTable); } } diff --git a/application/libraries/FilterCmptLib.php b/application/libraries/FilterCmptLib.php index 3e885b6e7..8b13ae3e5 100644 --- a/application/libraries/FilterCmptLib.php +++ b/application/libraries/FilterCmptLib.php @@ -508,10 +508,12 @@ class FilterCmptLib $saveCustomFilter = true; } - if ($saveCustomFilter === true) + if ($saveCustomFilter === true) { - $this->_setSessionElement(FilterCmptLib::SESSION_SIDE_MENU, - $this->_generateFilterMenu($this->_app, $this->_datasetName)); + $this->_setSessionElement( + FilterCmptLib::SESSION_SIDE_MENU, + $this->_generateFilterMenu($this->_app, $this->_datasetName) + ); } return $saveCustomFilter; diff --git a/application/libraries/FilterWidgetLib.php b/application/libraries/FilterWidgetLib.php index 72a749d60..9968767d9 100644 --- a/application/libraries/FilterWidgetLib.php +++ b/application/libraries/FilterWidgetLib.php @@ -19,6 +19,8 @@ if (! defined('BASEPATH')) exit('No direct script access allowed'); +use \stdClass as stdClass; + /** * FilterWidget logic */ @@ -139,7 +141,7 @@ class FilterWidgetLib /** * Gets the CI instance and loads message helper */ - public function __construct($params = null) + public function __construct() { $this->_ci =& get_instance(); // get code igniter instance } @@ -409,7 +411,7 @@ class FilterWidgetLib public function getFilterName($filterJson) { $filterName = $filterJson->name; // always present, used as default - $trimedname = (isset($filterJson->namePhrase)?trim($filterJson->namePhrase):''); + // Filter name from phrases system if (isset($filterJson->namePhrase) && !isEmptyString($filterJson->namePhrase)) { @@ -470,7 +472,8 @@ class FilterWidgetLib if (in_array($selectedField, $fields)) { // If the selected field is present in the list of the selected fields by the current filter - if (($pos = array_search($selectedField, $selectedFields)) !== false) + $pos = array_search($selectedField, $selectedFields); + if ($pos !== false) { // Then remove it and shift the rest of elements by one if needed array_splice($selectedFields, $pos, 1); @@ -769,7 +772,6 @@ class FilterWidgetLib $this->_ci->load->library('NavigationLib', array(self::NAVIGATION_PAGE => $navigationPage)); $filterMenu = null; - $currentMenu = $this->_ci->navigationlib->getSessionMenu(); // The navigation menu currently stored in session $session = $this->getSession(); // The filter currently stored in session (the one that is currently used) if ($session != null) diff --git a/application/libraries/TableWidgetLib.php b/application/libraries/TableWidgetLib.php index 9637122a7..3af99cca7 100644 --- a/application/libraries/TableWidgetLib.php +++ b/application/libraries/TableWidgetLib.php @@ -93,7 +93,7 @@ class TableWidgetLib /** * Gets the CI instance and loads message helper */ - public function __construct($params = null) + public function __construct() { $this->_ci =& get_instance(); // get code igniter instance } diff --git a/application/models/person/Person_model.php b/application/models/person/Person_model.php index cf99099fe..c326f23ad 100644 --- a/application/models/person/Person_model.php +++ b/application/models/person/Person_model.php @@ -88,7 +88,7 @@ class Person_model extends DB_Model if (isset($person['svnr']) && $person['svnr'] != '') { $this->PersonModel->addOrder('svnr', 'DESC'); - $result = $this->PersonModel->loadWhere(array( + $result = $this->PersonModel->loadWhere(array( 'person_id != ' => $person['person_id'], 'SUBSTRING(svnr FROM 1 FOR 10) = ' => $person['svnr']) ); @@ -156,7 +156,8 @@ class Person_model extends DB_Model 'lower(nachname) like '.$this->db->escape('%'.$filter.'%')." OR lower(vorname) like ".$this->db->escape('%'.$filter.'%')." OR lower(nachname || ' ' || vorname) like ".$this->db->escape('%'.$filter.'%')." - OR lower(vorname || ' ' || nachname) like ".$this->db->escape('%'.$filter.'%')); + OR lower(vorname || ' ' || nachname) like ".$this->db->escape('%'.$filter.'%') + ); return $result; } @@ -170,8 +171,12 @@ class Person_model extends DB_Model */ public function getPersonStammdaten($person_id, $zustellung_only = false) { - $this->addSelect('public.tbl_person.*, tbl_person.staatsbuergerschaft AS staatsbuergerschaft_code, tbl_person.geburtsnation AS geburtsnation_code, - s.kurztext as staatsbuergerschaft, g.kurztext as geburtsnation'); + $this->addSelect('public.tbl_person.*, + tbl_person.staatsbuergerschaft AS staatsbuergerschaft_code, + tbl_person.geburtsnation AS geburtsnation_code, + s.kurztext as staatsbuergerschaft, + g.kurztext as geburtsnation' + ); $this->addJoin('bis.tbl_nation s', 'public.tbl_person.staatsbuergerschaft = s.nation_code', 'LEFT'); $this->addJoin('bis.tbl_nation g', 'public.tbl_person.geburtsnation = g.nation_code', 'LEFT'); @@ -276,7 +281,8 @@ class Person_model extends DB_Model */ public function getFullName($uid) { - if (!$result = getData($this->getByUid($uid))[0]) + $result = getData($this->getByUid($uid))[0]; + if (!$result) { show_error('Failed loading person'); } diff --git a/application/widgets/FilterWidget.php b/application/widgets/FilterWidget.php index 4c40e434a..45bcf7e04 100644 --- a/application/widgets/FilterWidget.php +++ b/application/widgets/FilterWidget.php @@ -554,7 +554,7 @@ class FilterWidget extends Widget private function _setFilterMenu() { // Generates the filters structure array - $filterMenu = $this->filterwidgetlib->generateFilterMenu( + $this->filterwidgetlib->generateFilterMenu( $this->router->directory.$this->router->class.'/'.$this->router->method ); } @@ -633,7 +633,7 @@ class FilterWidget extends Widget { $columnsNames = array(); - foreach ($columns as $key => $obj) + foreach ($columns as $obj) { if (isset($obj->name)) { diff --git a/application/widgets/TableWidget.php b/application/widgets/TableWidget.php index a1a15d508..e59efce10 100644 --- a/application/widgets/TableWidget.php +++ b/application/widgets/TableWidget.php @@ -440,24 +440,6 @@ class TableWidget extends Widget return !isset($class) ? '' : $class; } - /** - * Utility method that retrieves the name of the columns present in a table JSON definition - */ - private function _getColumnsNames($columns) - { - $columnsNames = array(); - - foreach ($columns as $key => $obj) - { - if (isset($obj->name)) - { - $columnsNames[] = $obj->name; - } - } - - return $columnsNames; - } - /** * Loads a view using the given viewName and eventually other parameters */ @@ -467,3 +449,4 @@ class TableWidget extends Widget $ci->load->view($viewName, $parameters); } } +