Note: changes won't go into effect until you restart the server.
get("rule_name");
if ($rule_name =~ m/\w+:\w+/i) { #if we have a value matching the pattern "Type:Name", we can assume we want to make the change
my $rule_value = $request->get("rule_value"); #not safe from injection, should be able to just escape quotes
my $q3 = "UPDATE rule_values SET rule_value = '$rule_value' WHERE rule_name = '$rule_name'";
my $res3 = $EQDB->query($q3);
print "
\n\t";
if ($res3) { # && ($EQDB->affected_rows > 0)
print "$rule_name successfully changed to '$rule_value' \n";
} else {
my $errno3 = $EQDB->get_errno;
my $err3 = $EQDB->error;
print "Update of $rule_name to '$rule_value' failed! (Error $errno3: $err3) \n";
}
print "
\n";
}
#for some reason, when we submit a change, we go back to the default view
my $ruleset_id = $request->get("ruleset_id", 1); #if we don't put a value, this gets defaulted to 0 no matter what we put for the default value using getInt, so we'll just do our own check
if ($ruleset_id !~ m/^[0-9]+$/) {$ruleset_id = 1;} #this should default any non-numeric values (particularly blank ones), also making it free from injections
my $rule_type = $request->get("rule_type", "All"); #not safe from injection as-is
if ($rule_type !~ m/^\w+$/i) {$rule_type = "All";} #this should make it safe from injection, but may cause issues if we start using non-alphanumeric characters in the first part of the rule_name
#now, we'll put together a list of the rule categories that we can filter by
print "
\n\t";
if ($rule_type eq "All") {print "";}
print "All";
if ($rule_type eq "All") {print "";}
my $q = "SELECT DISTINCT(SUBSTRING(rule_name, 1, LOCATE(':', rule_name) - 1)) AS rule_type FROM rule_values WHERE ruleset_id = '$ruleset_id' ORDER BY rule_type ASC";
my $res = $EQDB->query($q);
if ($res) {
while (my $row = $res->fetch_row_hash) {
print " | \n\t";
if ($rule_type eq $row->{rule_type}) {print "";}
print "{rule_type}\">$row->{rule_type}";
if ($rule_type eq $row->{rule_type}) {print "";}
}
}
print "\n
\n";
#next, we create the table, including the first line which will let us put in a new rule from scratch (eventually)
print "
\n";
print "\t
\n";
print "\t\t
Type
\n";
print "\t\t
Name
\n";
print "\t\t
Value
\n";
print "\t\t
Notes
\n";
print "\t\t
\n";
#print "\t\t
\n";
print "\t
\n";
#print "\t
\n";
#print "\t\t
\n";
#print "\t\t
\n";
#print "\t\t
\n";
#print "\t\t
\n";
#print "\t\t
\n";
#print "\t
\n";
#lastly, output any matching rules
my $w2 = "WHERE ruleset_id = '$ruleset_id'";
if ($rule_type ne "All") {
$w2 .= " AND rule_name LIKE '$rule_type:%'";
}
my $q2 = "SELECT ruleset_id, SUBSTRING(rule_name, 1, LOCATE(':', rule_name) - 1) AS rule_type, SUBSTRING(rule_name, LOCATE(':', rule_name) + 1) AS rule_name_short, rule_name, rule_value, notes FROM rule_values $w2 ORDER BY rule_name ASC";
my $res2 = $EQDB->query($q2);
if ($res) {
while (my $row2 = $res2->fetch_row_hash) {
print "\t