Dashboard: Avoid backtick quoting breaking PostgreSQL

liviuchircu · liviuchircu · commit 3edd69fa9917 · 2024-06-18T18:38:21.000+03:00
Credits to @greenbea for reporting the issue and helping with the fix! Related to #293
diff --git a/config/db.inc.php b/config/db.inc.php
@@ -44,6 +44,8 @@
  if (!empty($config->db_port) ) $config->db_host = $config->db_host . ";port=" . $config->db_port;
 
  //connection attributes, optional
- //$config->db_attr = array(PDO::MYSQL_ATTR_LOCAL_INFILE => true);
+ //$config->db_attr = array(
+ //  PDO::MYSQL_ATTR_LOCAL_INFILE => true,
+ //  PDO::MYSQL_ATTR_INIT_COMMAND => 'SET sql_mode="ANSI_QUOTES"');
  
 ?>
diff --git a/web/common/cfg_comm.php b/web/common/cfg_comm.php
@@ -246,7 +246,7 @@ function load_panels() {
 	require("".__DIR__."/../../config/tools/system/dashboard/settings.inc.php");
 	unset($_SESSION['config']['panels']);
 	$max_order = -1;
-	$sql = 'select `name`, id, content, positions, `order` from ocp_dashboard';
+	$sql = 'select "name", id, content, positions, "order" from ocp_dashboard';
 	$stm = $link->prepare($sql);
 	if ($stm === false) {
 		die('Failed to issue query ['.$sql.'], error message : ' . print_r($link->errorInfo(), true));
diff --git a/web/tools/system/dashboard/dashboard.php b/web/tools/system/dashboard/dashboard.php
@@ -303,7 +303,7 @@
 if ($action == "add_verify") { 
 	if(!$_SESSION['read_only']){
 		extract($_POST);
-		$sql = 'INSERT INTO '.$table.' (`name`, `order`) VALUES (?, ?) ';
+		$sql = 'INSERT INTO '.$table.' ("name", "order") VALUES (?, ?) ';
 		$stm = $link->prepare($sql);
 		if ($stm === false) {
 			die('Failed to issue query ['.$sql.'], error message : ' . print_r($link->errorInfo(), true));
@@ -375,7 +375,7 @@
 		}
 		$widget_contents_json = json_encode($widget_contents);
 
-		$sql = 'UPDATE '.$table.' SET `name`=?, content=?, `order`=?, positions=? where id = ?';
+		$sql = 'UPDATE '.$table.' SET "name"=?, content=?, "order"=?, positions=? where id = ?';
 				$stm = $link->prepare($sql);
 		if ($stm === false) {
 			die('Failed to issue query ['.$sql.'], error message : ' . print_r($link->errorInfo(), true));
@@ -427,7 +427,7 @@
 if ($action == "change_name_verify") { 
 	if(!$_SESSION['read_only']){
 		extract($_POST);
-		$sql = 'UPDATE '.$table.' SET name = ? WHERE id = ? ';
+		$sql = 'UPDATE '.$table.' SET "name" = ? WHERE id = ? ';
 				$stm = $link->prepare($sql);
 		if ($stm === false) {
 			die('Failed to issue query ['.$sql.'], error message : ' . print_r($link->errorInfo(), true));
diff --git a/web/tools/system/dashboard/db_connect.php b/web/tools/system/dashboard/db_connect.php
@@ -32,9 +32,16 @@
 	$config->db_name = $config->db_name_smonitor;
 }
 
+$db_attr = $config->db_attr;
+if (!isset($db_attr))
+    $db_attr = array();
+
+// dashboard uses "identifier" quoting in queries, so try to stay Postgres-compatible too
+$db_attr[PDO::MYSQL_ATTR_INIT_COMMAND] = "SET sql_mode='ANSI_QUOTES'";
+
 $dsn = $config->db_driver . ':host=' . $config->db_host . ';dbname='. $config->db_name;
 try {
-	$link = new PDO($dsn, $config->db_user, $config->db_pass);
+	$link = new PDO($dsn, $config->db_user, $config->db_pass, options: $db_attr);
 } catch (PDOException $e) {
 	error_log(print_r("Failed to connect to: ".$dsn, true));
 	print "Error!: " . $e->getMessage() . "<br/>";
diff --git a/web/tools/system/dashboard/template/dashboard.edit_panel.php b/web/tools/system/dashboard/template/dashboard.edit_panel.php
@@ -65,7 +65,7 @@
 	}
 	$start_limit=($page-1)*$res_no;
 	//$sql_command.=" limit ".$start_limit.", ".$res_no;
-	$sql_command="select `name`, id, `order` from ".$table."  order by `order` asc limit ".$res_no;
+	$sql_command='select "name", id, "order" from '.$table.'  order by "order" asc limit '.$res_no;
 	if ($start_limit!=0)
 		$sql_command.=" OFFSET " . $start_limit;
 	$stm = $link->prepare( $sql_command );
diff --git a/web/tools/system/dashboard/template/functions.inc.php b/web/tools/system/dashboard/template/functions.inc.php
@@ -30,12 +30,12 @@ function swap_panels($first, $second, $table) {
         require("../../../../config/db.inc.php");
         require("../../../../config/tools/system/dashboard/settings.inc.php");
 
-        $sql = 'UPDATE '.$table.' SET `order` = 
+        $sql = 'UPDATE '.$table.' SET "order" = 
         CASE
-         WHEN `order` = ? THEN ?
-         WHEN `order` = ? THEN ?
+         WHEN "order" = ? THEN ?
+         WHEN "order" = ? THEN ?
         END
-        WHERE `order` = ? or `order` = ?
+        WHERE "order" = ? or "order" = ?
         ';
         $stm = $link->prepare($sql);
         if ($stm === false) {
@@ -80,4 +80,4 @@ function print_description_widget($desc) {
 
 		");
 	}
-?>
+?>

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@`
`65`	`65`	`}`
`66`	`66`	`$start_limit=($page-1)*$res_no;`
`67`	`67`	`//$sql_command.=" limit ".$start_limit.", ".$res_no;`
`68`		- $sql_command="select `name`, id, `order` from ".$table." order by `order` asc limit ".$res_no;
	`68`	`+ $sql_command='select "name", id, "order" from '.$table.' order by "order" asc limit '.$res_no;`
`69`	`69`	`if ($start_limit!=0)`
`70`	`70`	`$sql_command.=" OFFSET " . $start_limit;`
`71`	`71`	`$stm = $link->prepare( $sql_command );`