[Rt-commit] rt branch, 4.0/rest-string-eval, created. rt-4.0.0-276-g04adfe6
Shawn Moore
sartak at bestpractical.com
Wed May 11 18:23:30 EDT 2011
The branch, 4.0/rest-string-eval has been created
at 04adfe638624163a23a8a4df4ef0ee549e87e097 (commit)
- Log -----------------------------------------------------------------
commit 04adfe638624163a23a8a4df4ef0ee549e87e097
Author: Shawn M Moore <sartak at bestpractical.com>
Date: Wed May 11 18:23:07 2011 -0400
Remove assinine string eval from REST API
diff --git a/share/html/REST/1.0/search/ticket b/share/html/REST/1.0/search/ticket
index 77160b3..78d866f 100755
--- a/share/html/REST/1.0/search/ticket
+++ b/share/html/REST/1.0/search/ticket
@@ -88,24 +88,29 @@ my ($n, $s);
eval {
($n, $s) = $tickets->FromSQL($query);
};
-my $sortstring = "";
+
if ($orderby) {
- $sortstring = 'FIELD => ';
+ my %args;
+
my $order = substr($orderby, 0, 1);
if ($order eq '+' || $order eq '-') {
- $sortstring .= 'substr($orderby, 1)';
- if ($order eq '+') {
- $sortstring .= ", ORDER => 'ASC'";
- } elsif ($order eq '-') {
- $sortstring .= ", ORDER => 'DESC'";
- }
- } else {
- $sortstring .= '$orderby';
+ # remove the +/- sorting sigil
+ substr($orderby, 0, 1, '');
+
+ if ($order eq '+') {
+ $args{ORDER} = 'ASC';
+ }
+ elsif ($order eq '-') {
+ $args{ORDER} = 'DESC';
+ }
}
- my $foo = 'FIELD => ';
- $foo .= '$orderby';
- $tickets->OrderBy(eval $sortstring);
+
+ $tickets->OrderBy(
+ FIELD => $orderby,
+ %args,
+ );
}
+
if ($@ || $n == 0) {
$s ||= $@;
$status = "400 Bad request";
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list