admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#40442 FACFAC Superuser vrije SQL-SELECT kunnen uitvoeren

Browse Source 
svn path=/Website/trunk/; revision=33789
This commit is contained in:
Jos Groot Lipman
2017-05-10 20:05:32 +00:00
parent f6584c2079
commit 21d11cec84
3 changed files with 226 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
APPL/MGT/mgt_genericsql.asp Normal file
View File

@@ -0,0 +1,200 @@
<%@language = "javascript" %>
<% /*
$Revision$
$Id$
File: mgt_genericsql.asp
Description: Ingang om generiek sql SELECT statement uit te voeren
Context: Rechtstreeks of vanuit logfile
Notes:
*/
%>
<!-- #include file="../shared/common.inc" -->
<!-- #include file="../Shared/adovbs.inc" -->
<!-- #include file="../Shared/resultset_table_v2.inc" -->
<%
__Logging = 0; // Is te laat...
Application("otap_environment") == "O" || user.checkAutorisation("WEB_FACFAC");
var sql = getFParam("sql", getQParam("sql", ""));
/*
//Onze SQL-statement zo maar naar een cloud-service sturen mag vast niet van ISO-27001
if (sql && sql != "opener")
{
SXH_PROXY_SET_PROXY = 2
var url="http://www.dpriver.com/cgi-bin/ppserver";
var http_request = new ActiveXObject("MSXML2.ServerXMLHTTP.6.0");
//http_request.setProxy(SXH_PROXY_SET_PROXY, "127.0.0.1:8888")
http_request.open("POST", url, false);
http_request.setRequestHeader("Content-Type", "application/xml; charset=UTF-8")
//6470-1140-4758-5296 demo
//4149-9094-8133-2031 online
// demo mei 2017 <clientid>dpriver-9094-8133-2031</clientid>
var req = "<sqlpp_request><clientid>dpriver-9094-8133-2031</clientid><dbvendor>oracle</dbvendor><outputfmt>html2</outputfmt><inputsql>";
req += Server.HTMLEncode(sql);
req += '</inputsql><formatoptions><keywordcs>Uppercase</keywordcs><identifiercs>Lowercase</identifiercs>'
+ '<functioncs>Uppercase</functioncs><lnbrwithcomma>after</lnbrwithcomma><liststyle>stack</liststyle>'
+ '<salign>sleft</salign><quotechar>"</quotechar><maxlenincm>80</maxlenincm>'
+ '<andorunderwhere>yes</andorunderwhere></formatoptions></sqlpp_request>';
http_request.send(req);
var xslDoc = new ActiveXObject("MSXML2.DOMDocument.6.0");
xslDoc.loadXML(http_request.responseText);
retvalue = xslDoc.selectSingleNode("sqlpp_result/retvalue");
retmessage = xslDoc.selectSingleNode("sqlpp_result/retmessage");
if (retvalue.text != "0")
{
// retmessage.text: AS(1,130) expected token:JOIN
RegCode = retmessage.text.match(/^(\w*)\(1\,(\d+)/); // Zoek: AS(1,130) expected token:JOIN
if (RegCode && RegCode.length > 2)
{
var ll = RegCode[1].length;
var pos = parseInt(RegCode[2], 10);
sql = sql.substr(0, pos-1) + "<span style='background-color:red'>"+RegCode[1]+"</span>" + sql.substr(pos-1+ll);
}
Response.Write("<i>"+retmessage.text+"</i>");
Response.Write("<br>" + sql); // origineel terug
}
else
{
formatted_sql = xslDoc.selectSingleNode("sqlpp_result/formattedsql");
Response.Write(formatted_sql.text);
}
}
*/
%>
<html>
<head>
<% FCLTHeader.Generate({outputmode: 0}) %>
<script>
<% if (sql == "opener") {
sql = "";
%>
$(function () {
if (window.opener && window.opener.genericsql)
{
$("#sql").val(window.opener.genericsql);
$("form").submit();
}
});
<% } %>
function fliptable(evt)
{
FcltMgr.stopPropagation(evt);
$("table#sqldatatable").each(function() {
var $this = $(this);
var newrows = [];
$this.find("tr").each(function(){
var i = 0;
$(this).find("td,th").each(function()
{
if ($(this).closest("thead").hasClass("tableFloatingHeader"))
return;
i++;
if(newrows[i] === undefined) { newrows[i] = $("<tr></tr>"); }
this.align = 'left'; // de data
if (this.tagName == 'TH')
this.style = 'text-align:right'; // de headers
newrows[i].append($(this));
});
});
$this.find("tr").remove();
$.each(newrows, function(){
$this.append(this);
});
});
$("table#sqldatatable").width('auto');
return false;
}
</script>
<style>
table.rstable td {
border-left: 1px solid #bbb;
}
body {
padding: 5px;
}
</style>
</head>
<body id="searchbody">
<div id="search">
<form method='post'>
<textarea name='sql' id='sql' style='width:800px;height:200px' spellcheck="false"><%=safe.textarea(sql)%></textarea>
<button type='submit'>Execute</button>
</form>
</div>
<%
if (!sql)
Response.End;
try
{
var hiresTimer = new ActiveXObject("SLNKDWF.About");
var tm_start = hiresTimer.usTimer;
var oRs = Oracle.RealConnection.Execute("SELECT * FROM ({0})".format(sql)); // de wrapper beschermt tegen INSERT, DELETE en UPDATE
var tm = (hiresTimer.usTimer - tm_start) / 1000;;
Response.Write(tm.toFixed(1) + "ms")
}
catch (e)
{
Response.Write(" <i style='color:red' class='fa fa-warning fa-lg'></i> " + e.description);
Response.End;
}
var rst = new ResultsetTable({ sql: "dummy",
pRs: oRs, // oRs is al eerder bepaald
ID: "sqldatatable",
showAll: true, //showall,
outputmode: 0,
title: "SQL <button onclick='fliptable(event)'>Flip</button>",
noPrint: true,
noExcel: true,
buttons: [] // print en excel komen vanzelf
});
function fnfnmyFloat(kolom)
{
return function (oRs)
{
var v = oRs(kolom).Value;
return safe.displayfloat(v, 2, true); // true voor trimZeros, we weten helemaal niet of die 2 zo bedoeld was
}
}
for (i= 0; i < oRs.Fields.Count; i++)
{
var kolomnaam = oRs.Fields(i).Name.toLowerCase();
var colpar = {caption: kolomnaam,
content: kolomnaam,
datatype: null,
align: null
}
var kolomtype = oRs.Fields(i).Type;
if (kolomtype == adInteger || kolomtype == adDecimal)
{
colpar.datatype = 'number';
}
else if (kolomtype == adCurrency || kolomtype == adNumeric || kolomtype == adVarNumeric || kolomtype == adDouble)
{
colpar.align = "right"
colpar.content = fnfnmyFloat(kolomnaam);
}
else if (kolomtype == adDBTimeStamp)
{
colpar.datatype = 'datetime'; // ??
}
rst.addColumn(new Column(colpar));
}
var cnt = rst.processResultset();
if (cnt == 1)
{
%><script>fliptable()</script><%
}
%>
</body>

2
APPL/Shared/logger.inc
View File

@@ -158,6 +158,8 @@ htmlLogger =
this._file_handle.WriteLine("td.tm:hover div.caller, div.caller:hover { display:block; }");
this._file_handle.WriteLine("</style>");
this._file_handle.WriteLine("<title>*" + __LogfileTitle + (rooturl?" "+rooturl:"") + " FACILITOR logger</title>");
if (Application("otap_environment") == "O")
this._file_handle.WriteLine("<script type='text/javascript' src='../shared/logger.js'></script>");
this._file_handle.WriteLine("</head>");
this._file_handle.WriteLine("<body>");
if (typeof __LogNoClear == "undefined")

24
APPL/Shared/logger.js Normal file
View File

@@ -0,0 +1,24 @@
/*
$Revision$
$Id$
File: logger.js
Description: Wordt bij OTAP==O bijgeladen om SELECT in logfile klikbaar te maken
*/
function showSQL(sql)
{
window.genericsql = sql;
var url = "../mgt/mgt_genericsql.asp?sql=opener";
window.open(url);
}
document.addEventListener("DOMContentLoaded", function(event) {
var times = document.getElementsByClassName('tm');
for (var i = 0; i < times.length; i++)
{
var tddata = times[i].nextElementSibling;
if (tddata.innerText.substr(0, 6).toUpperCase() == 'SELECT')
tddata.innerHTML = '<a href="#" onclick="showSQL(this.parentElement.innerText);return false;" title="View SQL">SELECT</a>' + tddata.innerHTML.substr(6);
}
});