HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ns3133907 6.8.0-86-generic #87-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 22 18:03:36 UTC 2025 x86_64
User: cssnetorguk (1024)
PHP: 8.2.28
Disabled: NONE
Upload Files
File: //proc/self/root/usr/share/phpmyadmin/libraries/classes/SavedSearches.php
<?php
/**
 * Saved searches managing
 */

declare(strict_types=1);

namespace PhpMyAdmin;

use PhpMyAdmin\ConfigStorage\Features\SavedQueryByExampleSearchesFeature;

use function __;
use function count;
use function intval;
use function is_string;
use function json_decode;
use function json_encode;
use function max;
use function min;

/**
 * Saved searches managing
 */
class SavedSearches
{
    /**
     * Id
     *
     * @var int|null
     */
    private $id = null;

    /**
     * Username
     *
     * @var string
     */
    private $username = null;

    /**
     * DB name
     *
     * @var string
     */
    private $dbname = null;

    /**
     * Saved search name
     *
     * @var string
     */
    private $searchName = null;

    /**
     * Criterias
     *
     * @var array
     */
    private $criterias = null;

    /**
     * Setter of id
     *
     * @param int|null $searchId Id of search
     *
     * @return static
     */
    public function setId($searchId)
    {
        $searchId = (int) $searchId;
        if (empty($searchId)) {
            $searchId = null;
        }

        $this->id = $searchId;

        return $this;
    }

    /**
     * Getter of id
     *
     * @return int|null
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * Setter of searchName
     *
     * @param string $searchName Saved search name
     *
     * @return static
     */
    public function setSearchName($searchName)
    {
        $this->searchName = $searchName;

        return $this;
    }

    /**
     * Getter of searchName
     *
     * @return string
     */
    public function getSearchName()
    {
        return $this->searchName;
    }

    /**
     * Setter for criterias
     *
     * @param array|string $criterias Criterias of saved searches
     * @param bool         $json      Criterias are in JSON format
     *
     * @return static
     */
    public function setCriterias($criterias, $json = false)
    {
        if ($json === true && is_string($criterias)) {
            $this->criterias = json_decode($criterias, true);

            return $this;
        }

        $aListFieldsToGet = [
            'criteriaColumn',
            'criteriaSort',
            'criteriaShow',
            'criteria',
            'criteriaAndOrRow',
            'criteriaAndOrColumn',
            'rows',
            'TableList',
        ];

        $data = [];

        $data['criteriaColumnCount'] = count($criterias['criteriaColumn']);

        foreach ($aListFieldsToGet as $field) {
            if (! isset($criterias[$field])) {
                continue;
            }

            $data[$field] = $criterias[$field];
        }

        /* Limit amount of rows */
        if (! isset($data['rows'])) {
            $data['rows'] = 0;
        } else {
            $data['rows'] = min(
                max(0, intval($data['rows'])),
                100
            );
        }

        for ($i = 0; $i <= $data['rows']; $i++) {
            $data['Or' . $i] = $criterias['Or' . $i];
        }

        $this->criterias = $data;

        return $this;
    }

    /**
     * Getter for criterias
     *
     * @return array
     */
    public function getCriterias()
    {
        return $this->criterias;
    }

    /**
     * Setter for username
     *
     * @param string $username Username
     *
     * @return static
     */
    public function setUsername($username)
    {
        $this->username = $username;

        return $this;
    }

    /**
     * Getter for username
     *
     * @return string
     */
    public function getUsername()
    {
        return $this->username;
    }

    /**
     * Setter for DB name
     *
     * @param string $dbname DB name
     *
     * @return static
     */
    public function setDbname($dbname)
    {
        $this->dbname = $dbname;

        return $this;
    }

    /**
     * Getter for DB name
     *
     * @return string
     */
    public function getDbname()
    {
        return $this->dbname;
    }

    /**
     * Save the search
     */
    public function save(SavedQueryByExampleSearchesFeature $savedQueryByExampleSearchesFeature): bool
    {
        global $dbi;

        if ($this->getSearchName() == null) {
            $message = Message::error(
                __('Please provide a name for this bookmarked search.')
            );
            $response = ResponseRenderer::getInstance();
            $response->setRequestStatus($message->isSuccess());
            $response->addJSON('fieldWithError', 'searchName');
            $response->addJSON('message', $message);
            exit;
        }

        if (
            $this->getUsername() == null
            || $this->getDbname() == null
            || $this->getSearchName() == null
            || $this->getCriterias() == null
        ) {
            $message = Message::error(
                __('Missing information to save the bookmarked search.')
            );
            $response = ResponseRenderer::getInstance();
            $response->setRequestStatus($message->isSuccess());
            $response->addJSON('message', $message);
            exit;
        }

        $savedSearchesTbl = Util::backquote($savedQueryByExampleSearchesFeature->database) . '.'
            . Util::backquote($savedQueryByExampleSearchesFeature->savedSearches);

        //If it's an insert.
        if ($this->getId() === null) {
            $wheres = [
                "search_name = '" . $dbi->escapeString($this->getSearchName())
                . "'",
            ];
            $existingSearches = $this->getList($savedQueryByExampleSearchesFeature, $wheres);

            if (! empty($existingSearches)) {
                $message = Message::error(
                    __('An entry with this name already exists.')
                );
                $response = ResponseRenderer::getInstance();
                $response->setRequestStatus($message->isSuccess());
                $response->addJSON('fieldWithError', 'searchName');
                $response->addJSON('message', $message);
                exit;
            }

            $sqlQuery = 'INSERT INTO ' . $savedSearchesTbl
                . '(`username`, `db_name`, `search_name`, `search_data`)'
                . ' VALUES ('
                . "'" . $dbi->escapeString($this->getUsername()) . "',"
                . "'" . $dbi->escapeString($this->getDbname()) . "',"
                . "'" . $dbi->escapeString($this->getSearchName()) . "',"
                . "'" . $dbi->escapeString(json_encode($this->getCriterias()))
                . "')";

            $dbi->queryAsControlUser($sqlQuery);

            $this->setId($dbi->insertId());

            return true;
        }

        //Else, it's an update.
        $wheres = [
            'id != ' . $this->getId(),
            "search_name = '" . $dbi->escapeString($this->getSearchName()) . "'",
        ];
        $existingSearches = $this->getList($savedQueryByExampleSearchesFeature, $wheres);

        if (! empty($existingSearches)) {
            $message = Message::error(
                __('An entry with this name already exists.')
            );
            $response = ResponseRenderer::getInstance();
            $response->setRequestStatus($message->isSuccess());
            $response->addJSON('fieldWithError', 'searchName');
            $response->addJSON('message', $message);
            exit;
        }

        $sqlQuery = 'UPDATE ' . $savedSearchesTbl
            . "SET `search_name` = '"
            . $dbi->escapeString($this->getSearchName()) . "', "
            . "`search_data` = '"
            . $dbi->escapeString(json_encode($this->getCriterias())) . "' "
            . 'WHERE id = ' . $this->getId();

        return (bool) $dbi->queryAsControlUser($sqlQuery);
    }

    /**
     * Delete the search
     */
    public function delete(SavedQueryByExampleSearchesFeature $savedQueryByExampleSearchesFeature): bool
    {
        global $dbi;

        if ($this->getId() == null) {
            $message = Message::error(
                __('Missing information to delete the search.')
            );
            $response = ResponseRenderer::getInstance();
            $response->setRequestStatus($message->isSuccess());
            $response->addJSON('fieldWithError', 'searchId');
            $response->addJSON('message', $message);
            exit;
        }

        $savedSearchesTbl = Util::backquote($savedQueryByExampleSearchesFeature->database) . '.'
            . Util::backquote($savedQueryByExampleSearchesFeature->savedSearches);

        $sqlQuery = 'DELETE FROM ' . $savedSearchesTbl
            . "WHERE id = '" . $dbi->escapeString((string) $this->getId()) . "'";

        return (bool) $dbi->queryAsControlUser($sqlQuery);
    }

    /**
     * Load the current search from an id.
     */
    public function load(SavedQueryByExampleSearchesFeature $savedQueryByExampleSearchesFeature): bool
    {
        global $dbi;

        if ($this->getId() == null) {
            $message = Message::error(
                __('Missing information to load the search.')
            );
            $response = ResponseRenderer::getInstance();
            $response->setRequestStatus($message->isSuccess());
            $response->addJSON('fieldWithError', 'searchId');
            $response->addJSON('message', $message);
            exit;
        }

        $savedSearchesTbl = Util::backquote($savedQueryByExampleSearchesFeature->database)
            . '.'
            . Util::backquote($savedQueryByExampleSearchesFeature->savedSearches);
        $sqlQuery = 'SELECT id, search_name, search_data '
            . 'FROM ' . $savedSearchesTbl . ' '
            . "WHERE id = '" . $dbi->escapeString((string) $this->getId()) . "' ";

        $resList = $dbi->queryAsControlUser($sqlQuery);
        $oneResult = $resList->fetchAssoc();

        if ($oneResult === []) {
            $message = Message::error(__('Error while loading the search.'));
            $response = ResponseRenderer::getInstance();
            $response->setRequestStatus($message->isSuccess());
            $response->addJSON('fieldWithError', 'searchId');
            $response->addJSON('message', $message);
            exit;
        }

        $this->setSearchName($oneResult['search_name'])
            ->setCriterias($oneResult['search_data'], true);

        return true;
    }

    /**
     * Get the list of saved searches of a user on a DB
     *
     * @param string[] $wheres List of filters
     *
     * @return array List of saved searches or empty array on failure
     */
    public function getList(SavedQueryByExampleSearchesFeature $savedQueryByExampleSearchesFeature, array $wheres = [])
    {
        global $dbi;

        if ($this->getUsername() == null || $this->getDbname() == null) {
            return [];
        }

        $savedSearchesTbl = Util::backquote($savedQueryByExampleSearchesFeature->database)
            . '.'
            . Util::backquote($savedQueryByExampleSearchesFeature->savedSearches);
        $sqlQuery = 'SELECT id, search_name '
            . 'FROM ' . $savedSearchesTbl . ' '
            . 'WHERE '
            . "username = '" . $dbi->escapeString($this->getUsername()) . "' "
            . "AND db_name = '" . $dbi->escapeString($this->getDbname()) . "' ";

        foreach ($wheres as $where) {
            $sqlQuery .= 'AND ' . $where . ' ';
        }

        $sqlQuery .= 'order by search_name ASC ';

        $resList = $dbi->queryAsControlUser($sqlQuery);

        return $resList->fetchAllKeyPair();
    }
}