diff --git a/core/domains/domain_edit.php b/core/domains/domain_edit.php index ff7377ee3..3492c32fb 100644 --- a/core/domains/domain_edit.php +++ b/core/domains/domain_edit.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2025 + Portions created by the Initial Developer are Copyright (C) 2008-2026 the Initial Developer. All Rights Reserved. Contributor(s): @@ -66,6 +66,32 @@ $domain_description = $_POST["domain_description"]; } +// Set variables from http GET parameters + $page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0; + $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'domain_name')); + $order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc'; + $search = $_GET['search'] ?? ''; + $show = $_GET['show'] ?? ''; + +// Build the query string + $url_params = []; + if (!empty($page)) { + $url_params['page'] = $page; + } + if (!empty($_GET['order_by'])) { + $url_params['order_by'] = $order_by; + } + if (!empty($_GET['order'])) { + $url_params['order'] = $order; + } + if (!empty($search)) { + $url_params['search'] = $search; + } + if (!empty($show) && $show == 'all' && permission_exists('domain_all')) { + $url_params['show'] = $show; + } + $query_string = http_build_query($url_params); + //process the data if (!empty($_POST) && empty($_POST["persistformvar"])) { @@ -89,7 +115,7 @@ $cache->flush(); //redirect - header('Location: domains.php'); + header('Location: domains.php'.($query_string ? '?'.$query_string : '')); exit; } @@ -97,7 +123,7 @@ $token = new token; if (!$token->validate($_SERVER['PHP_SELF'])) { message::add($text['message-invalid_token'],'negative'); - header('Location: domains.php'); + header('Location: domains.php'.($query_string ? '?'.$query_string : '')); exit; } @@ -193,7 +219,7 @@ } else { message::add($text['message-domain_exists'],'negative'); - header("Location: domains.php"); + header("Location: domains.php".($query_string ? '?'.$query_string : '')); exit; } } @@ -514,15 +540,15 @@ if ($action == "update") { message::add($text['message-update']); if (!permission_exists('domain_add')) { //admin, updating own domain - header("Location: domain_edit.php"); + header("Location: domain_edit.php".($query_string ? '?'.$query_string : '')); } else { - header("Location: domains.php"); //superadmin + header("Location: domains.php".($query_string ? '?'.$query_string : '')); //superadmin } } if ($action == "add") { message::add($text['message-add']); - header("Location: domains.php"); + header("Location: domains.php".($query_string ? '?'.$query_string : '')); } exit; } @@ -619,7 +645,7 @@ echo "
\n"; if (permission_exists('domain_add')) { - echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','style'=>'margin-right: 15px;','link'=>'domains.php']); + echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','style'=>'margin-right: 15px;','link'=>'domains.php'.($query_string ? '?'.$query_string : '')]); } if ($action == "update" && permission_exists('domain_setting_view')) { echo button::create(['type'=>'button','label'=>$text['button-settings'],'icon'=>$settings->get('theme', 'button_icon_settings'),'id'=>'btn_back','style'=>'margin-right: 2px;','link'=>PROJECT_PATH.'/core/domain_settings/domain_settings.php?id='.urlencode($domain_uuid)]); diff --git a/core/domains/domain_json.php b/core/domains/domain_json.php index ce751bcc9..bf04cb2ab 100644 --- a/core/domains/domain_json.php +++ b/core/domains/domain_json.php @@ -41,10 +41,10 @@ //add the search term if (!empty($_GET["search"])) { - $search = strtolower($_GET["search"]); + $search = lower_case($_GET["search"]); } -//validate the token +//validate the token //$token = new token; //if (!$token->validate($_SERVER['PHP_SELF'])) { // message::add($text['message-invalid_token'],'negative'); diff --git a/core/domains/domains.php b/core/domains/domains.php index 2b6c754fc..e1389cd3c 100644 --- a/core/domains/domains.php +++ b/core/domains/domains.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2018-2025 + Portions created by the Initial Developer are Copyright (C) 2018-2026 the Initial Developer. All Rights Reserved. Contributor(s): @@ -112,10 +112,35 @@ //get the http post data if (!empty($_POST['domains'])) { $action = $_POST['action'] ?? ''; - $search = $_POST['search'] ?? ''; $domains = $_POST['domains'] ?? ''; } +// Set variables from http GET parameters + $page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0; + $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'domain_name')); + $order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc'; + $search = $_GET['search'] ?? ''; + $show = $_GET['show'] ?? ''; + +// Build the query string + $url_params = []; + if (!empty($page)) { + $url_params['page'] = $page; + } + if (!empty($_GET['order_by'])) { + $url_params['order_by'] = $order_by; + } + if (!empty($_GET['order'])) { + $url_params['order'] = $order; + } + if (!empty($search)) { + $url_params['search'] = $search; + } + if (!empty($show) && $show == 'all' && permission_exists('domain_all')) { + $url_params['show'] = $show; + } + $query_string = http_build_query($url_params); + //process the http post data by action if (!empty($action) && !empty($domains)) { switch ($action) { @@ -139,51 +164,39 @@ break; } - header('Location: domains.php'.(!empty($search) ? '?search='.urlencode($search) : '')); + header('Location: domains.php'.($query_string ? '?'.$query_string : '')); exit; } -//get order and order by and sanitize the values - $order_by = $_GET["order_by"] ?? ''; - $order = $_GET["order"] ?? ''; - -//set additional variables - $search = $_GET["search"] ?? ''; - $show = $_GET["show"] ?? ''; - //set from session variables $list_row_edit_button = $settings->get('theme', 'list_row_edit_button', false); -//add the search string - if (!empty($search)) { - $search = strtolower($_GET["search"]); - $sql_search = " ("; - $sql_search .= " lower(domain_name) like :search "; - $sql_search .= " or lower(domain_description) like :search "; - $sql_search .= ") "; - $parameters['search'] = '%'.$search.'%'; - } - //get the count $sql = "select count(domain_uuid) from v_domains "; - if (!empty($sql_search)) { - $sql .= "where ".$sql_search; + if (!empty($search)) { + $sql .= "where ("; + $sql .= " lower(domain_name) like :search "; + $sql .= " or lower(domain_description) like :search "; + $sql .= ") "; + $parameters['search'] = '%'.lower_case($search).'%'; } $num_rows = $database->select($sql, $parameters ?? null, 'column'); //prepare to page the results $rows_per_page = $settings->get('domain', 'paging', 50); - $param = $search ? "&search=".$search : null; - $page = !empty($_GET['page']) ? $_GET['page'] : 0; - list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page); - list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true); + list($paging_controls, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page); + list($paging_controls_mini, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page, true); $offset = $rows_per_page * $page; //get the list $sql = "select domain_uuid, domain_name, cast(domain_enabled as text), domain_description "; $sql .= "from v_domains "; - if (!empty($sql_search)) { - $sql .= "where ".$sql_search; + if (!empty($search)) { + $sql .= "where ("; + $sql .= " lower(domain_name) like :search "; + $sql .= " or lower(domain_description) like :search "; + $sql .= ") "; + $parameters['search'] = '%'.lower_case($search).'%'; } $sql .= order_by($order_by, $order, 'domain_name', 'asc'); $sql .= limit_offset($rows_per_page, $offset); @@ -211,12 +224,17 @@ if (permission_exists('domain_delete') && $domains) { echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$settings->get('theme', 'button_icon_delete'),'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none;','onclick'=>"modal_display_selected('modal-delete'); modal_open('modal-delete','btn_delete_domain');"]); } - echo "\n"; echo "
\n"; @@ -235,7 +253,6 @@ echo "
\n"; echo "\n"; - echo "\n"; echo "
\n"; echo "\n"; @@ -246,11 +263,11 @@ echo " \n"; } if ($show == 'all' && permission_exists('domain_all')) { - echo th_order_by('domain_name', $text['label-domain'], $order_by, $order); + echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, null, null, $query_string); } - echo th_order_by('domain_name', $text['label-domain_name'], $order_by, $order); + echo th_order_by('domain_name', $text['label-domain_name'], $order_by, $order, null, null, $query_string); echo ""; - echo th_order_by('domain_enabled', $text['label-domain_enabled'], $order_by, $order, null, "class='center'"); + echo th_order_by('domain_enabled', $text['label-domain_enabled'], $order_by, $order, null, "class='center'", $query_string); echo " \n"; if (permission_exists('domain_edit') && $list_row_edit_button) { echo " \n"; @@ -262,7 +279,7 @@ foreach ($domains as $row) { $list_row_url = ''; if (permission_exists('domain_edit')) { - $list_row_url = "domain_edit.php?id=".urlencode($row['domain_uuid']); + $list_row_url = "domain_edit.php?id=".urlencode($row['domain_uuid']).($query_string ? '&'.$query_string : ''); } echo "\n"; if (permission_exists('domain_edit') || permission_exists('domain_delete')) {
".$text['label-tools']."".$text['label-domain_description']."