diff --git a/core/contacts/contact_edit.php b/core/contacts/contact_edit.php index ab25d5209..c6018069e 100644 --- a/core/contacts/contact_edit.php +++ b/core/contacts/contact_edit.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2018-2025 + Portions created by the Initial Developer are Copyright (C) 2018-2026 the Initial Developer. All Rights Reserved. */ @@ -51,6 +51,32 @@ $relation_label = ''; $contact_attachments = []; +// Set variables from http GET parameters + $page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0; + $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'last_mod_date')); + $order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc'; + $search = $_GET['search'] ?? ''; + $show = $_GET['show'] ?? ''; + +// Build the query string + $param = []; + if (!empty($page)) { + $param['page'] = $page; + } + if (!empty($_GET['order_by'])) { + $param['order_by'] = $order_by; + } + if (!empty($_GET['order'])) { + $param['order'] = $order; + } + if (!empty($search)) { + $param['search'] = $search; + } + if (!empty($show) && $show == 'all' && permission_exists('contact_all')) { + $param['show'] = $show; + } + $query_string = http_build_query($param); + //set from session variables $body_text_color = !empty($settings->get('theme', 'body_text_color')) ? $settings->get('theme', 'body_text_color') : 'false'; @@ -110,7 +136,7 @@ $token = new token; if (!$token->validate($_SERVER['PHP_SELF'])) { message::add($text['message-invalid_token'],'negative'); - header('Location: contacts.php'); + header('Location: contacts.php'.($query_string ? '?'.$query_string : '')); exit; } @@ -262,7 +288,7 @@ //redirect the user if (in_array($_POST['action'], array('copy', 'delete', 'toggle'))) { - header('Location: contact_edit.php?id='.$id); + header('Location: contact_edit.php?id='.$id.($query_string ? '&'.$query_string : '')); exit; } } @@ -594,7 +620,7 @@ $_SESSION["message"] = $text['message-update']; } //header('Location: contacts.php'); - header('Location: contact_edit.php?id='.urlencode($contact_uuid ?? null)); + header('Location: contact_edit.php?id='.urlencode($contact_uuid ?? null).($query_string ? '&'.$query_string : '')); return; } } @@ -1109,7 +1135,7 @@ echo "
\n"; echo "
".$text['title-contact-edit']."
\n"; echo "
\n"; - echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','collapse'=>'hide-xs','style'=>'margin-right: 15px;','link'=>'contact_view.php?id='.$contact_uuid]); + echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','collapse'=>'hide-xs','style'=>'margin-right: 15px;','link'=>'contact_view.php?id='.$contact_uuid.($query_string ? '&'.$query_string : '')]); if ($action == 'update') { if (permission_exists('contact_phone_add')) { echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$settings->get('theme', 'button_icon_copy'),'id'=>'btn_copy','name'=>'btn_copy','style'=>'display: none;','onclick'=>"modal_open('modal-copy','btn_copy');"]); diff --git a/core/contacts/contact_view.php b/core/contacts/contact_view.php index 9994ab86d..0ca1f7c73 100644 --- a/core/contacts/contact_view.php +++ b/core/contacts/contact_view.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2023 + Portions created by the Initial Developer are Copyright (C) 2008-2026 the Initial Developer. All Rights Reserved. Contributor(s): @@ -38,12 +38,38 @@ $language = new text; $text = $language->get(); +// Set variables from http GET parameters + $page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0; + $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'last_mod_date')); + $order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc'; + $search = $_GET['search'] ?? ''; + $show = $_GET['show'] ?? ''; + +// Build the query string + $param = []; + if (!empty($page)) { + $param['page'] = $page; + } + if (!empty($_GET['order_by'])) { + $param['order_by'] = $order_by; + } + if (!empty($_GET['order'])) { + $param['order'] = $order; + } + if (!empty($search)) { + $param['search'] = $search; + } + if (!empty($show) && $show == 'all' && permission_exists('contact_all')) { + $param['show'] = $show; + } + $query_string = http_build_query($param); + //action add or update if (!empty($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) { $contact_uuid = $_REQUEST["id"]; } else { - header("Location: contacts.php"); + header("Location: contacts.php".($query_string ? '?'.$query_string : null)); } //main contact details @@ -232,7 +258,7 @@ echo "
\n"; echo "
".($contact_name ? $contact_name : $text['header-contact-edit'])."
\n"; echo "
\n"; - echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','collapse'=>'hide-sm-dn','style'=>'margin-right: 15px;','link'=>'contacts.php']); + echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','collapse'=>'hide-sm-dn','style'=>'margin-right: 15px;','link'=>'contacts.php'.($query_string ? '?'.$query_string : '')]); if (permission_exists('contact_time_add')) { //detect timer state (and start time) $sql = "select "; @@ -287,7 +313,7 @@ echo " "; } if (permission_exists('contact_edit')) { - echo button::create(['type'=>'button','label'=>$text['button-edit'],'icon'=>$settings->get('theme', 'button_icon_edit'),'id'=>'btn_edit','style'=>'margin-left: 15px;','collapse'=>'hide-sm-dn','link'=>'contact_edit.php?id='.urlencode($contact_uuid)]); + echo button::create(['type'=>'button','label'=>$text['button-edit'],'icon'=>$settings->get('theme', 'button_icon_edit'),'id'=>'btn_edit','style'=>'margin-left: 15px;','collapse'=>'hide-sm-dn','link'=>'contact_edit.php?id='.urlencode($contact_uuid).($query_string ? '&'.$query_string : '')]); } echo "
\n"; echo "
\n"; diff --git a/core/contacts/contacts.php b/core/contacts/contacts.php index 64e4a27e2..8c5ae2983 100644 --- a/core/contacts/contacts.php +++ b/core/contacts/contacts.php @@ -39,8 +39,31 @@ $language = new text; $text = $language->get(); -//set additional variables - $show = $_GET["show"] ?? ''; +// Set variables from http GET parameters + $page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0; + $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'last_mod_date')); + $order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc'; + $search = $_GET['search'] ?? ''; + $show = $_GET['show'] ?? ''; + +// Build the query string + $param = []; + if (!empty($page)) { + $param['page'] = $page; + } + if (!empty($_GET['order_by'])) { + $param['order_by'] = $order_by; + } + if (!empty($_GET['order'])) { + $param['order'] = $order; + } + if (!empty($search)) { + $param['search'] = $search; + } + if (!empty($show) && $show == 'all' && permission_exists('contact_all')) { + $param['show'] = $show; + } + $query_string = http_build_query($param); //set from session variables $list_row_edit_button = $settings->get('theme', 'list_row_edit_button', false); @@ -48,7 +71,6 @@ //get posted data if (!empty($_POST['contacts'])) { $action = $_POST['action']; - $search = $_POST['search'] ?? ''; $contacts = $_POST['contacts']; } @@ -63,7 +85,7 @@ break; } - header('Location: contacts.php'.(!empty($search) ? '?search='.urlencode($search) : '')); + header('Location: contacts.php'.($query_string ? '?'.$query_string : '')); exit; } @@ -123,13 +145,7 @@ } unset($sql, $parameters, $result); -//get variables used to control the order - $order_by = $_REQUEST["order_by"] ?? ''; - $order = $_REQUEST["order"] ?? ''; - //add the search term - $search = $_REQUEST["search"] ?? ''; - $search = strtolower(trim($search ?? '')); if (!empty($search)) { if (is_numeric($search)) { $sql_search = "and contact_uuid in ( "; @@ -187,7 +203,7 @@ //close container $sql_search .= ") "; } - $parameters['search'] = '%'.$search.'%'; + $parameters['search'] = '%'.lower_case(trim($search)).'%'; } //build query for paging and list @@ -231,14 +247,8 @@ //prepare to page the results $rows_per_page = $settings->get('domain', 'paging', 50); - $param = "&search=".urlencode($search); - if ($show == "all" && permission_exists('contact_all')) { - $param .= "&show=all"; - } - $page = $_GET['page'] ?? ''; - if (empty($page)) { $page = 0; $_GET['page'] = 0; } - list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page); //bottom - list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true); //top + list($paging_controls, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page); //bottom + list($paging_controls_mini, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page, true); //top $offset = $rows_per_page * $page; //get the list @@ -327,25 +337,25 @@ echo button::create(['type'=>'button','label'=>$text['button-import'],'icon'=>$settings->get('theme', 'button_icon_import'),'collapse'=>'hide-sm-dn','style'=>'margin-right: 15px;','link'=>'contact_import.php']); } if (permission_exists('contact_add')) { - echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$settings->get('theme', 'button_icon_add'),'id'=>'btn_add','collapse'=>'hide-sm-dn','link'=>'contact_edit.php']); + echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$settings->get('theme', 'button_icon_add'),'id'=>'btn_add','collapse'=>'hide-sm-dn','link'=>'contact_edit.php'.($query_string ? '?'.$query_string : '')]); } if (permission_exists('contact_delete') && $contacts) { echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$settings->get('theme', 'button_icon_delete'),'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none;','collapse'=>'hide-sm-dn','onclick'=>"modal_open('modal-delete','btn_delete');"]); } - echo "\n"; echo "
\n"; @@ -361,7 +371,6 @@ echo "
\n"; echo "\n"; - echo "\n"; echo "
\n"; echo "\n"; @@ -372,16 +381,16 @@ echo " \n"; } if ($show == "all" && permission_exists('contact_all')) { - echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, $param, "class='shrink'"); + echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, null, "class='shrink'", $query_string); } - echo th_order_by('contact_type', $text['label-contact_type'], $order_by, $order); - echo th_order_by('contact_organization', $text['label-contact_organization'], $order_by, $order); + echo th_order_by('contact_type', $text['label-contact_type'], $order_by, $order, null, null, $query_string); + echo th_order_by('contact_organization', $text['label-contact_organization'], $order_by, $order, null, null, $query_string); echo "\n"; - echo th_order_by('contact_name_given', $text['label-contact_name_given'], $order_by, $order); - echo th_order_by('contact_name_family', $text['label-contact_name_family'], $order_by, $order); - echo th_order_by('contact_nickname', $text['label-contact_nickname'], $order_by, $order, null, "class='hide-xs'"); - echo th_order_by('contact_title', $text['label-contact_title'], $order_by, $order, null, "class='hide-sm-dn'"); - echo th_order_by('contact_role', $text['label-contact_role'], $order_by, $order, null, "class='hide-sm-dn'"); + echo th_order_by('contact_name_given', $text['label-contact_name_given'], $order_by, $order, null, null, $query_string); + echo th_order_by('contact_name_family', $text['label-contact_name_family'], $order_by, $order, null, null, $query_string); + echo th_order_by('contact_nickname', $text['label-contact_nickname'], $order_by, $order, null, "class='hide-xs'", null, null, $query_string); + echo th_order_by('contact_title', $text['label-contact_title'], $order_by, $order, null, "class='hide-sm-dn'", null, null, $query_string); + echo th_order_by('contact_role', $text['label-contact_role'], $order_by, $order, null, "class='hide-sm-dn'", null, null, $query_string); echo "\n"; if ($list_row_edit_button) { echo " \n"; @@ -391,7 +400,7 @@ if (!empty($contacts)) { $x = 0; foreach($contacts as $row) { - $list_row_url = "contact_view.php?id=".urlencode($row['contact_uuid'])."&query_string=".urlencode($_SERVER["QUERY_STRING"]); + $list_row_url = "contact_view.php?id=".urlencode($row['contact_uuid']).($query_string ? '&'.$query_string : ''); if ($row['domain_uuid'] != $_SESSION['domain_uuid'] && permission_exists('domain_select')) { $list_row_url .= '&domain_uuid='.urlencode($row['domain_uuid']).'&domain_change=true'; }