diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2021-04-01 20:55:52 +0200 |
|---|---|---|
| committer | Harald Eilertsen <haraldei@anduin.net> | 2021-04-01 20:55:52 +0200 |
| commit | 65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318 (patch) | |
| tree | 4abffec0ceceaa171f4165f8a9a815bf4926675f | |
| parent | 9611b3fb101f1dde25e01efe5becdce1954d02df (diff) | |
| download | gigologadmin-65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318.tar.gz gigologadmin-65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318.tar.bz2 gigologadmin-65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318.zip | |
Clean up AdminPage::get_filters.
Use the Venue class to fetch venue related info from the database, and
clean up the generation of html a little.
Also sanitize input, to try to prevent XSS vulnerabilities.
| -rw-r--r-- | includes/admin/views/giglog_admin_page.php | 60 |
1 files changed, 26 insertions, 34 deletions
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php index ec397f4..b99c95e 100644 --- a/includes/admin/views/giglog_admin_page.php +++ b/includes/admin/views/giglog_admin_page.php @@ -47,48 +47,40 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) { static function get_filters() { - global $wpdb; + $cities = array_merge(["ALL"], GiglogAdmin_Venue::all_cities()); + $selected_city = + filter_input(INPUT_POST, "selectcity", FILTER_SANITIZE_SPECIAL_CHARS) + || $cities[0]; - //echo (var_dump($_POST["selectvenue"])); + $select = '<form method="POST" action=""><select name="selectcity">'; - $results = $wpdb->get_results('select distinct wpgvenue_city from wpg_venues'); - $select= '<form method="POST" action=""><select name="selectcity">'; - $select.='<option value="ALL" '; - if(isset($_POST["selectcity"]) && $_POST["selectcity"] == "ALL") - { $select.= ' selected = "selected"';} - $select.='> All cities</option>'; - foreach ( $results AS $row ) - { - $select.='<option value="'.$row->wpgvenue_city.'"'; - if(isset($_POST["selectcity"]) && $_POST["selectcity"] == $row->wpgvenue_city) - { $select.= ' selected = "selected"';} - $select.=' >'. $row->wpgvenue_city.'</option>'; + foreach ( $cities AS $city ) { + $select .= '<option value="' . $city . '"' . selected($city, $selected_city) . '>'; + $select .= $city . '</option>'; } - if(isset($_POST["selectcity"]) && $_POST["selectcity"] != "ALL") - { - $select.='</select>'; + $select .= '</select>'; + + if ( $selected_city != "ALL" ) { //second drop down for venue - $vquery = "select id, wpgvenue_name from wpg_venues"; - $vquery.= " where wpgvenue_city='".$_POST["selectcity"]."'"; - $resultsv = $wpdb->get_results($vquery); - $select.= '<select name="selectvenue">'; - $select.='<option value="0" '; - if(isset($_POST["selectvenue"]) && $_POST["selectvenue"] == "0") - { $select.= ' selected = "selected"';} - $select.='> All venues</option>'; - - foreach ( $resultsv AS $rowv ) - { - $select.='<option value="'.$rowv->id.'"'; - if(isset($_POST["selectvenue"]) && $_POST["selectvenue"] == $rowv->id) - { $select.= ' selected = "selected"';} - $select.=' >'. $rowv->wpgvenue_name.'</option>'; + $venues = array_merge([[0, "ALL"]], GiglogAdmin_Venue::venues_in_city($selected_city)); + $selected_venue = + filter_input(INPUT_POST, "selectvenue", FILTER_SANITIZE_SPECIAL_CHARS) + || $venues[0]; + + $select .= '<select name="selectvenue">'; + + foreach ( $venues AS $venue ) { + $select .= '<option value="' . $venue[0] . '"' . selected($venue, $selected_venue) . '>'; + $select .= $venue[1] . '</option>'; } - //end IF that checks if city was selected + + $select .= '</select>'; } - $select.='</select><input type="submit" value="Filter"></form>'; + + $select .= '<input type="submit" value="Filter"></form>'; + return $select; } |