Skip to content

C
clinicaltrials
Commit 4594dfcb authored by Romain Loth's avatar Romain Loth
Browse files
Options

safer DB write and user input show + new 3 column schema for crowdsourcing table + some css

parent b4d13584
Hide whitespace changes
Inline Side-by-side
Showing with 119 additions and 33 deletions
crowdsourcingModule/README.md 0 → 100644
View file @ 4594dfcb
The user inputs (term/topic suggestions) are saved in an sqlite3 db in dir db/, under table terms.
For a new installation one should create the db with the following commands:
```
> cd db
> sqlite3 crowdsourcing.db
sqlite> CREATE TABLE terms (source CHAR(250),suggestion CHAR(250),time CHAR(30)) ;
sqlite> .exit
> chmod -v 775 crowdsourcing.db
```
crowdsourcingModule/db/g.php 0 → 100755
View file @ 4594dfcb
<?php
try {
print "<style>";
print "table, th, td {";
print " border: 1px solid black;";
print "}";
print "</style>";
//first pass just gets the column names
print '<table>';
$con = new PDO("sqlite:crowdsourcing.db");
$sql_select = 'SELECT * FROM terms ORDER BY rowid DESC';
$result = $con->query($sql_select);
//return only the first row (we only need field names)
$row = $result->fetch(PDO::FETCH_ASSOC);
print " <tr> \n";
foreach ($row as $field => $value){
print " <th>$field</th> \n";
} // end foreach
print " </tr> \n";
//second query gets the data
$data = $con->query($sql_select);
$data->setFetchMode(PDO::FETCH_ASSOC);
foreach($data as $row){
print " <tr> \n";
foreach ($row as $name=>$value){
print " <td>$value</td> \n";
} // end field loop
print " </tr> \n";
} // end record loop
print "</table> \n";
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
} // end try
// // header('Content-Type: application/json');
// $sql_select = 'SELECT * FROM terms ORDER BY rowid DESC';
// // echo "$sql_select";
// $base = new PDO("sqlite:crowdsourcing.db");
// $results = display_data( $base->query($sql_select) );
// // $results = array();
// // foreach ($base->query($sql_select) as $row) {
// // array_push($results, $row);
// // }
// // $base = null;
// echo $results;
?>
crowdsourcingModule/db/s.php 100644 → 100755
View file @ 4594dfcb
<?php <?php
try {
header('Content-Type: application/json'); header('Content-Type: application/json');
if ($_POST) { if ($_POST) {
$source = ( ($_POST['source'])? $_POST['source'] : "" ); $source = ( ($_POST['source'])? $_POST['source'] : "" );
$suggestion = ( ($_POST['data'])? $_POST['data'] : "" ); $suggestion = ( ($_POST['data'])? $_POST['data'] : "" );
$date = ( ($_POST['date'])? $_POST['date'] : "" ); $date = ( ($_POST['date'])? $_POST['date'] : "" );
$geo = ( ($_POST['geo'])? $_POST['geo'] : "" ); $sql_insert = 'INSERT into terms (source, suggestion, time) values ( :source, :suggestion, :date) ; ';
$new_ = ( ($_POST['new'])? $_POST['new'] : -1 )-2; $base = new PDO("sqlite:crowdsourcing.db");
$sql_insert = 'INSERT into terms values ( "'.$source.'" , "'.$suggestion.'" , "'.$date.'" , "'.$geo.'" , '.$new_.' )'; $query = $base->prepare($sql_insert);
$base = new PDO("sqlite:crowdsourcing.db"); $query->bindParam(':source', $source, PDO::PARAM_STR);
$base->exec($sql_insert); $query->bindParam(':suggestion', $suggestion, PDO::PARAM_STR);
$base = null; $query->bindParam(':date', $date, PDO::PARAM_STR);
echo json_encode( [ $suggestion , "OK"] ); $query->execute() ;
$base = null;
echo json_encode( [ $suggestion , "OK"] );
} else { } else {
echo json_encode( [ "OK"] ); echo json_encode( [ "OK"] );
} }
}
catch(Exception $e) {
echo 'Message: ' .$e->getMessage();
}
?> ?>
\ No newline at end of file
crowdsourcingModule/suggest.js
View file @ 4594dfcb
...@@ -17,7 +17,6 @@ $("#searchinput").on("tw:gotAutocomplete", function(e) { ...@@ -17,7 +17,6 @@ $("#searchinput").on("tw:gotAutocomplete", function(e) {
$('#savesuggestion').prop('disabled', true) ; $('#savesuggestion').prop('disabled', true) ;
}); });
// eraseNodeSet event when Tinawab had an empty search or unclick // eraseNodeSet event when Tinawab had an empty search or unclick
$("#searchinput").on("tw:eraseNodeSet", function(e) { $("#searchinput").on("tw:eraseNodeSet", function(e) {
clean_crowdsourcingzone() ; clean_crowdsourcingzone() ;
...@@ -33,9 +32,14 @@ $("#searchinput").on("tw:emptyNodeSet", function(e) { ...@@ -33,9 +32,14 @@ $("#searchinput").on("tw:emptyNodeSet", function(e) {
// (if subchain was in no autocomplete term, it's already on) // (if subchain was in no autocomplete term, it's already on)
$('#savesuggestion').prop('disabled', false) ; $('#savesuggestion').prop('disabled', false) ;
// save_suggestions var p = $('<p>');
$("#crowdsourcing_answer").html("<p>The topic <i>\"" + e.q + "\"</i> is not in the map.</p> <p>(You can click the grey <span class=\"glyphicon glyphicon-save\"></span> button to propose it as a suggestion.)</p>") ; var i = $('<i>');
i.text('"'+e.q+'"'); // using jquery.text sanitize
p.append('The topic ');
p.append(i);
p.append(' is not in the map.');
$("#crowdsourcing_answer").append(p).append('<p>(You can click the grey <span class="glyphicon glyphicon-save"></span> button to suggest it.)</p>');
// $("#searchinput").val() = query ; // $("#searchinput").val() = query ;
} }
}); });
...@@ -45,7 +49,7 @@ $("#savesuggestion").click(function(){ ...@@ -45,7 +49,7 @@ $("#savesuggestion").click(function(){
if (typeof query != "string" || !query.length) { if (typeof query != "string" || !query.length) {
query = TW.lastQuery ; query = TW.lastQuery ;
} }
query = $.trim( query.toLowerCase() ) ; query = normalizeString(query) ;
save_suggestions(query) ; save_suggestions(query) ;
}) })
...@@ -54,15 +58,12 @@ function save_suggestions(term) { ...@@ -54,15 +58,12 @@ function save_suggestions(term) {
"source": window.location.href, "source": window.location.href,
"data" : term, "data" : term,
"date" : (new Date()).toISOString(), "date" : (new Date()).toISOString(),
"geo" : "ip and geoloc"
} }
// sqlite columns in table 'terms' // sqlite columns in new table 'terms'
// 0|source|CHAR(250)|0||0 // 0|source|CHAR(250)|0||0
// 1|suggestion|CHAR(250)|0||0 // 1|suggestion|CHAR(250)|0||0
// 2|time|CHAR(30)|0||0 // 2|time|CHAR(30)|0||0
// 3|space|CHAR(100)|0||0
// 4|new|INTEGER|0||0
// console.log( "SAVE INFO:" + info ) // console.log( "SAVE INFO:" + info )
$.ajax({ $.ajax({
...@@ -76,7 +77,13 @@ function save_suggestions(term) { ...@@ -76,7 +77,13 @@ function save_suggestions(term) {
console.log( "SUCCESS" ) console.log( "SUCCESS" )
console.log( data ) console.log( data )
//$("#sendcrowds").html(D["#sendcrowds"]["thanks"][LA]) //showing message //$("#sendcrowds").html(D["#sendcrowds"]["thanks"][LA]) //showing message
$("#crowdsourcing_answer").html("<p><b>Thank you !</b><br/>(<i>\"" + term + "\"</i> was saved as a suggestion)</p>") ; var p = $('<p>');
var i = $('<i>');
i.text('"'+term+'"');
p.append('<b>Thank you !</b><br/>');
p.append(i);
p.append(' was saved as a suggestion');
$("#crowdsourcing_answer").html(p) ;
// show "saved" icon // show "saved" icon
$("#saveicon").removeClass("glyphicon-save"); $("#saveicon").removeClass("glyphicon-save");
......
libs/css2/custom.css
View file @ 4594dfcb
...@@ -139,17 +139,16 @@ ...@@ -139,17 +139,16 @@
font-family:'Glyphicons Halflings'; font-family:'Glyphicons Halflings';
content:"\e114 "; content:"\e114 ";
float: right; float: right;
color: blue; color: #E3A13D;
} }
.panel-heading a { .panel-heading a {
text-decoration: none !important; text-decoration: none !important;
} }
.panel-heading a:hover {
border-color: blue;
color: black;
}
.panel-heading a.collapsed:before { .panel-heading a.collapsed:before {
font-family:'Glyphicons Halflings';
content:"\e114 "; content:"\e114 ";
float: right;
color:grey; color:grey;
} }
......
tinawebJS/globalUtils.js
View file @ 4594dfcb
...@@ -194,17 +194,24 @@ function rgbToHex(r, g, b) { ...@@ -194,17 +194,24 @@ function rgbToHex(r, g, b) {
// lowercase etc query strings // lowercase etc query strings
normalizeString = function(string) { normalizeString = function(string, escapeHtml) {
if (typeof escapeHtml == "undefined") {
escapeHtml = true ;
}
if (! typeof string == "string") { if (! typeof string == "string") {
return "" ; return "" ;
} }
else { else {
return $.trim( string.toLowerCase() ) string = $.trim( string.toLowerCase() )
if (escapeHtml == true) {
string = saferString(string) ;
}
return string ;
} }
} }
// html-escape user input strings // html-escape user-input strings (before printing them out)
// /!\ TODO check if safe enough? // (or use jquery .text())
saferString = function(string) { saferString = function(string) {
// TODO table in an outer scope // TODO table in an outer scope
conversions = { conversions = {
...@@ -213,10 +220,12 @@ saferString = function(string) { ...@@ -213,10 +220,12 @@ saferString = function(string) {
'>' : '&gt;' , '>' : '&gt;' ,
'"' : '&quot;' , '"' : '&quot;' ,
"'" : '&apos;' , "'" : '&apos;' ,
"{" : '&lcub;' ,
"}" : '&rcub;' ,
'%' : '&percnt;' '%' : '&percnt;'
} ; } ;
matchables = /[&<>"'%]/ ; matchables = /[&<>"'{}%]/g ;
if (! typeof string == "string") { if (! typeof string == "string") {
return "" ; return "" ;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment