summaryrefslogtreecommitdiffstats
path: root/includes/admin/views
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2021-04-01 20:55:52 +0200
committerHarald Eilertsen <haraldei@anduin.net>2021-04-01 20:55:52 +0200
commit65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318 (patch)
tree4abffec0ceceaa171f4165f8a9a815bf4926675f /includes/admin/views
parent9611b3fb101f1dde25e01efe5becdce1954d02df (diff)
downloadgigologadmin-65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318.tar.gz
gigologadmin-65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318.tar.bz2
gigologadmin-65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318.zip
Clean up AdminPage::get_filters.
Use the Venue class to fetch venue related info from the database, and clean up the generation of html a little. Also sanitize input, to try to prevent XSS vulnerabilities.
Diffstat (limited to 'includes/admin/views')
-rw-r--r--includes/admin/views/giglog_admin_page.php60
1 files changed, 26 insertions, 34 deletions
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php
index ec397f4..b99c95e 100644
--- a/includes/admin/views/giglog_admin_page.php
+++ b/includes/admin/views/giglog_admin_page.php
@@ -47,48 +47,40 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) {
static function get_filters()
{
- global $wpdb;
+ $cities = array_merge(["ALL"], GiglogAdmin_Venue::all_cities());
+ $selected_city =
+ filter_input(INPUT_POST, "selectcity", FILTER_SANITIZE_SPECIAL_CHARS)
+ || $cities[0];
- //echo (var_dump($_POST["selectvenue"]));
+ $select = '<form method="POST" action=""><select name="selectcity">';
- $results = $wpdb->get_results('select distinct wpgvenue_city from wpg_venues');
- $select= '<form method="POST" action=""><select name="selectcity">';
- $select.='<option value="ALL" ';
- if(isset($_POST["selectcity"]) && $_POST["selectcity"] == "ALL")
- { $select.= ' selected = "selected"';}
- $select.='> All cities</option>';
- foreach ( $results AS $row )
- {
- $select.='<option value="'.$row->wpgvenue_city.'"';
- if(isset($_POST["selectcity"]) && $_POST["selectcity"] == $row->wpgvenue_city)
- { $select.= ' selected = "selected"';}
- $select.=' >'. $row->wpgvenue_city.'</option>';
+ foreach ( $cities AS $city ) {
+ $select .= '<option value="' . $city . '"' . selected($city, $selected_city) . '>';
+ $select .= $city . '</option>';
}
- if(isset($_POST["selectcity"]) && $_POST["selectcity"] != "ALL")
- {
- $select.='</select>';
+ $select .= '</select>';
+
+ if ( $selected_city != "ALL" ) {
//second drop down for venue
- $vquery = "select id, wpgvenue_name from wpg_venues";
- $vquery.= " where wpgvenue_city='".$_POST["selectcity"]."'";
- $resultsv = $wpdb->get_results($vquery);
- $select.= '<select name="selectvenue">';
- $select.='<option value="0" ';
- if(isset($_POST["selectvenue"]) && $_POST["selectvenue"] == "0")
- { $select.= ' selected = "selected"';}
- $select.='> All venues</option>';
-
- foreach ( $resultsv AS $rowv )
- {
- $select.='<option value="'.$rowv->id.'"';
- if(isset($_POST["selectvenue"]) && $_POST["selectvenue"] == $rowv->id)
- { $select.= ' selected = "selected"';}
- $select.=' >'. $rowv->wpgvenue_name.'</option>';
+ $venues = array_merge([[0, "ALL"]], GiglogAdmin_Venue::venues_in_city($selected_city));
+ $selected_venue =
+ filter_input(INPUT_POST, "selectvenue", FILTER_SANITIZE_SPECIAL_CHARS)
+ || $venues[0];
+
+ $select .= '<select name="selectvenue">';
+
+ foreach ( $venues AS $venue ) {
+ $select .= '<option value="' . $venue[0] . '"' . selected($venue, $selected_venue) . '>';
+ $select .= $venue[1] . '</option>';
}
- //end IF that checks if city was selected
+
+ $select .= '</select>';
}
- $select.='</select><input type="submit" value="Filter"></form>';
+
+ $select .= '<input type="submit" value="Filter"></form>';
+
return $select;
}