Save temporary filters in session

Instead of using tokens table to store temporary filters, save them in session data. With tokens, only one temporary filter can be in use at a a given time, but now, each filters is assigned a key that can be tracked through the view pages.
mantisbt · Mar 4, 2018 · 5079c07 · 5079c07
1 parent 6e60b69
commit 5079c07
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 20 deletions.
diff --git a/core/current_user_api.php b/core/current_user_api.php
@@ -28,7 +28,6 @@
  * @uses filter_api.php
  * @uses gpc_api.php
  * @uses helper_api.php
- * @uses tokens_api.php
  * @uses user_api.php
  * @uses user_pref_api.php
  * @uses utility_api.php
@@ -39,7 +38,6 @@
 require_api( 'filter_api.php' );
 require_api( 'gpc_api.php' );
 require_api( 'helper_api.php' );
-require_api( 'tokens_api.php' );
 require_api( 'user_api.php' );
 require_api( 'user_pref_api.php' );
 require_api( 'utility_api.php' );
@@ -238,17 +236,10 @@ function current_user_ensure_unprotected() {
  * @access public
  */
 function current_user_get_bug_filter( $p_project_id = null ) {
-	$f_filter_token = gpc_get( 'filter', null );
+	$f_tmp_key = gpc_get_string( 'filter', 0 );
 
-	if( null !== $f_filter_token && token_exists( (int)$f_filter_token ) ) {
-		# If the token id exists, try to load the value
-		# At this point, only one value can exists for each token type and user
-		# so read the token based on type, regardless of the id that was provided
-		$t_token = token_get_value( TOKEN_FILTER );
-		if( null != $t_token ) {
-			$t_filter = json_decode( $t_token, true );
-		}
-		$t_filter = filter_ensure_valid_filter( $t_filter );
+	if( 0 !== $f_tmp_key ) {
+		$t_filter = filter_temporary_get( $f_tmp_key, filter_get_default() );
 	} else {
 		$t_user_id = auth_get_current_user_id();
 		$t_filter = user_get_bug_filter( $t_user_id, $p_project_id );

diff --git a/core/filter_api.php b/core/filter_api.php
@@ -45,6 +45,7 @@
  * @uses profile_api.php
  * @uses project_api.php
  * @uses relationship_api.php
+ * @uses session_api.php
  * @uses string_api.php
  * @uses tag_api.php
  * @uses user_api.php
@@ -75,6 +76,7 @@
 require_api( 'profile_api.php' );
 require_api( 'project_api.php' );
 require_api( 'relationship_api.php' );
+require_api( 'session_api.php' );
 require_api( 'string_api.php' );
 require_api( 'tag_api.php' );
 require_api( 'user_api.php' );
@@ -3745,3 +3747,91 @@ function filter_get( $p_filter_id, array $p_default = null ) {
 
 	return $t_filter;
 }
+
+/**
+ * Returns a filter which is stored in session data, indexed by the provided key.
+ * A default value can be provided to be used when the key doesn't exists
+ *
+ *  You may pass in any array as a default (including null) but if
+ *  you pass in *no* default then an error will be triggered if the key
+ *  cannot be found
+ *
+ * @param string $p_filter_key  Key to look up for in session data
+ * @param mixed $p_default		A default value to return if key not found
+ * @return array	A filter array.
+ */
+function filter_temporary_get( $p_filter_key, $p_default = null ) {
+	# if no default was provided, we will trigger an error if not found
+	$t_trigger_error = func_num_args() == 1;
+
+	$t_session_filters = session_get( 'temporary_filters', array() );
+	if( isset( $t_session_filters[$p_filter_key] ) ) {
+		# setting here the key in the filter array only if the key exists
+		# this validates against receiving garbage input as XSS attacks
+		$t_filter = $t_session_filters[$p_filter_key];
+		return filter_ensure_valid_filter( $t_filter );
+	} else {
+		if( $t_trigger_error ) {
+			error_parameters( $p_filter_id );
+			trigger_error( ERROR_FILTER_NOT_FOUND, ERROR );
+		} else {
+			return $p_default;
+		}
+	}
+}
+
+/**
+ * Saves a filter as a temporary filter in session data.
+ * The filter will be updated or created, indexed by provided $p_filter_key,
+ * If no key is provided, it will search in the filter property that holds
+ * its key if it was loaded as a temporary filter.
+ * If neither key is found, a new one will be created
+ * @param array $p_filter     Filter array
+ * @param type $p_filter_key  Key to update, or null
+ * @return string	The key used for storing the filter.
+ */
+function filter_temporary_set( array $p_filter, $p_filter_key = null ) {
+	if( null === $p_filter_key ) {
+		if( isset( $p_filter['_temporary_key'] ) ) {
+			$t_filter_key = $p_filter['_temporary_key'];
+		} else {
+			$t_filter_key = uniqid();
+		}
+	} else {
+		$t_filter_key = $p_filter_key;
+	}
+	$t_session_filters = session_get( 'temporary_filters', array() );
+	$t_session_filters[$t_filter_key] = $p_filter;
+	session_set( 'temporary_filters', $t_session_filters );
+	return $t_filter_key;
+}
+
+/**
+ * Get the temporary key of the filter, if was loaded from temporary session store
+ * Return null otherwise
+ * @param array $p_filter	Filter array
+ * @return string	Key associated with this filter, null if none
+ */
+function filter_get_temporary_key( array $p_filter ) {
+	if( isset( $p_filter['_temporary_key'] ) ) {
+		return $p_filter['_temporary_key'];
+	} else {
+		return null;
+	}
+}
+
+/**
+ * Returns a string formatted as GET parameter, suitable for tracking a
+ * temporary filter by its session key
+ * If the filter was not originated from a temporary key, returns an empty string
+ * @param array $p_filter	Filter array
+ * @return string	Formatted parameter string, or empty
+ */
+function filter_get_temporary_key_param( array $p_filter ) {
+	$t_key = filter_get_temporary_key( $p_filter );
+	if( $t_key ) {
+		return 'filter=' . $t_key;
+	} else {
+		return '';
+	}
+}
diff --git a/view_all_inc.php b/view_all_inc.php
@@ -135,8 +135,8 @@
 		</div>
 		<div class="btn-group pull-right"><?php
 			# -- Page number links --
-			$f_filter	= gpc_get_int( 'filter', 0);
-			print_page_links( 'view_all_bug_page.php', 1, $t_page_count, (int)$f_page_number, $f_filter );
+			$f_tmp_filter	= gpc_get_string( 'filter', 0);
+			print_page_links( 'view_all_bug_page.php', 1, $t_page_count, (int)$f_page_number, $f_tmp_filter );
 			?>
 		</div>
 	</div>
@@ -235,8 +235,8 @@ function write_bug_rows( array $p_rows ) {
 			</div>
 			<div class="btn-group pull-right">
 				<?php
-					$f_filter = gpc_get_int('filter', 0);
-					print_page_links('view_all_bug_page.php', 1, $t_page_count, (int)$f_page_number, $f_filter);
+					$f_tmp_filter = gpc_get_string('filter', 0);
+					print_page_links('view_all_bug_page.php', 1, $t_page_count, (int)$f_page_number, $f_tmp_filter);
 				?>
 			</div>
 <?php # -- ====================== end of MASS BUG MANIPULATION ========================= -- ?>

diff --git a/view_all_set.php b/view_all_set.php
@@ -35,7 +35,6 @@
  * @uses html_api.php
  * @uses logging_api.php
  * @uses print_api.php
- * @uses tokens_api.php
  * @uses utility_api.php
  */
 
@@ -52,7 +51,6 @@
 require_api( 'html_api.php' );
 require_api( 'logging_api.php' );
 require_api( 'print_api.php' );
-require_api( 'tokens_api.php' );
 require_api( 'utility_api.php' );
 
 auth_ensure_user_authenticated();
@@ -174,7 +172,7 @@
 }
 
 if( $f_temp_filter ) {
-	$t_token_id = token_set( TOKEN_FILTER, json_encode( $t_setting_arr ) );
-	$t_redirect_url = $t_redirect_url . '?filter=' . $t_token_id;
+	$t_temp_key = filter_temporary_set( $t_setting_arr );
+	$t_redirect_url = $t_redirect_url . '?filter=' . $t_temp_key;
 }
 print_header_redirect( $t_redirect_url );