Eric… index.php needs to be modified to refer to your correct framework path.
Eric… index.php needs to be modified to refer to your correct framework path.
This can be fixed changing User::getDataFilterSearchFields() to
public function getDataFilterSearchFields($filterName)
{
switch ($filterName) {
case 'userFieldsSearch':
return array(
'df_users.id'=>'User ID',
'df_users.name'=>'Name',
'df_users.username'=>'Username',
);
}
}
I can not attach fixed demo because of 500KB global upload quota 
.
Eric, you probably need to add datafilters classes to Yii’s import in config/main.php:
// autoloading model and component classes
'import'=>array(
'application.models.*',
'application.components.*',
...
'application.extensions.datafilter.*',
'application.extensions.datafilter.filters.*',
),
Dear All
I meet the problem at multiple data filtering at multiple pages
let say my default controller is
http://localhost/desnet/components/User_Module_Access/index.php?r=users/admin, it is the first page and i add the data filtering on it
and there is another pages http://localhost/desnet/components/User_Module_Access/index.php?r=modules_setup/admin and i also include another
after i run IE by addresss http://localhost/desnet/components/User_Module_Access/index.php, system show me the default page of http://localhost/desnet/components/User_Module_Access/index.php?r=users/admin
and at the menu bar, i click the "Modules Setup", so that it will go to
http://localhost/desnet/components/User_Module_Access/index.php?r=modules_setup/admin
and i do some filtering by module_id = PP and click the search button, system will jump to the
rather than remain
http://localhost/desnet/components/User_Module_Access/index.php?r=modules_setup/admin
Is it is the data filtering LIMITATION?
Please Help~~~~
$criteria->condition = ' countries_id = '.$_GET['countryFilter'];
is very vulnerable against SQL-Injections…
I am not very experienced web-developer and the problem here is that after form is submited previous parameters are striped, for example having
www.sitename/index.php?r=modules_setup/admin
as form action we will get url like
www.sitename/index.php?param1=value1¶m2=value2&...
after form is submited.
I can use hidden field to preserve existing parameters, but I expect some problems with that.
Martial123, maybe you can use “path” urls for your application (setting ‘urlFormat’=>‘path’ for urlManager component in config\main.php)? This also solves a problem.
Can you suggest more secure way to build sql? It is a demo application, but I think some people can reproduce this vulnerable code in their applications.
$criteria->condition = ' countries_id = :filter';
$criteria->params = array(':filter'=>$_GET['countryFilter']);
Thanks, I will use this for the demo application.
I am trying now to build all conditions such way, but have a problem with LIKE condition.
I have code:
$localCriteria = new CDbCriteria;
$localCriteria->condition = ' '.$searchField.' LIKE "%'.$searchValue.'%" ';
It works, but $searchValue taken from $_GET and placed to condition directly.
I changed this code to:
$localCriteria = new CDbCriteria;
$localCriteria->condition = ' '.$searchField.' LIKE "%:searchValue%" ';
$localCriteria->params = array(':searchValue'=>$searchValue);
This code does not work - returned empty set, but I know it should be some results.
May be someone have any suggestions how to make it work?
It should be:
$localCriteria = new CDbCriteria;
$localCriteria->condition = $searchField.' LIKE :searchValue';
$localCriteria->params = array(':searchValue'=>'%'.$searchValue.'%');
Thanks! I tried many combinations, but not the right one .
Pestaa, congratulations for joining Yii team.
I uploaded new datafilter version and demo application: datafilter downloads
CDataFilterWidget.php:
155: echo CHtml::form($this->formAction,$this->formMethod,$this->formOptions);
Did not work on servers where appplication work not in root folder. http://myserv.net/fold/fold/myYiiApp
Should be
155: echo CHtml::form( CHtml::normalizeUrl($this->formAction) ,$this->formMethod,$this->formOptions);
Thanks, will do like you suggested.
I uploaded new datafilter version 0.3 and demo application: datafilter downloads.
Most important new features are: CDataFilterWidget - options to generate submit and reset buttons, CDataFilter - option to store filter state to the session.
@seb - Hi there, not sure why I am getting the following error when installing your version 0.3 extension…
I have tried both yii-1.0.8 and yii-1.0.9, as well as the demo app and adding it to testdrive app with user table.
Still I get the same error. If you know why I get this error would be very helpful.
PHP Error
Description
Declaration of CFilterSearch::applyCriteria() should be compatible with that of CFilterBase::applyCriteria()
Source File
/Library/WebServer/Documents/yii-datafilter/protected/extensions/datafilter/filters/CFilterSearch.php(12)
00001: <?php
00002: /**
00003: * CFilterSearch class file.
00004: *
00005: * @author Seb <serebrov@algo-rithm.com>, Algo-rithm
00006: *
00007: * @version 0.3
00008: *
00009: * @desc CFilterSearch is a link to filter data.
00010: */
00011: class CFilterSearch extends CFilterBase
00012: {
00013: /**
00014: * Apply filter's value to criteria. Method call redirected to model's
00015: * method applyDataSearchCriteria()
00016: * @param <CActiveRecord> $model
00017: * @param <CDbCriteria> $criteria
00018: */
00019: public function applyCriteria($model, &$criteria)
00020: {
00021: $searchFields = $model->getDataFilterSearchFields($this->name);
00022: $fieldName = $this->getValue();
00023:
00024: if ( isset($searchFields[$fieldName])) {
It was a bug in CFilterBase::applyCriteria declaration, it should be:
public function applyCriteria($model, &$criteria)
{
return;
}
This error is reported by PHP only when E_STRICT option is enabled.
I fixed bug and uploaded new version here (I replaced previous v0.3 archives).
I have tested the version 0.3, but the demo has still has a large security leak:
Normal Url:
http://localhost/dfdemo/?userFieldsSearch=df_users.id&userFieldsSearchText=&groupFilter=1&countryFilter=&cityFilter=
Now we change the url a little bit:
http://localhost/dfdemo/?userFieldsSearch=df_users.id&userFieldsSearchText=&groupFilter=999&countryFilter=999&cityFilter=999);DROP DATABASE `dfdemo`;
As result a normal user deletes the whole database…
Please use binding parameters to solve this problem:
http://www.yiiframew…ding-parameters
Greetings
Anticon
Hi, Anticon
Thank you VERY much for your post, because I uploaded wrong (old) version yesterday.
Now I re-uploaded extension and demo application and there are all security fixes as well as a fix I made yesterday.
Sorry to all who downloaded a wrong version and please download it again.
Hi seb,
this version looks better. Thank you. 
Greetings
Anticon
I’m migrating legacy application and found problem using datafilter to search a column which content order no. with format OCYY/MM/NNN, the error occurs when i click on next page as follow :
[code] <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pqc/index.php/tAG/admin/TAGFilter[TagFieldsSearch]/t.ORDERNO/TAGFilter[TagFieldsSearchText]/OC08/10/yt0/Go/TAG_page/3 was not found on this server.</p>
<hr>
<address>Apache/2.2.12 (Ubuntu) Server at domain1.com Port 80</address>
</body></html>
/code]
I notice that the problem is related to slash character use in order no. separator.
Any idea how to solve this problem ?
Rgds
Majin
Hi,
Very nice extension which saves time!
Although I faced several problems:
After applying filtering, or search it goes to default VIEW(that’s sites/index on default and in your demo config ‘defaultController’=>‘user/admin’,)
After selecting country(in my case organisation) and then city(in my case branch) it throws:
CDbException
Description
CDbCommand failed to execute the SQL statement: SQLSTATE[23000]: Integrity constraint violation: 1052 Column 'BraID' in where clause is ambiguous
Source File
C:\wamp\www\framework\db\CDbCommand.php(372)
21:17:55.734893 trace system.db.CDbCommand Querying SQL: SELECT COUNT(*) FROM `course` INNER JOIN `branch` branches ON (`course`.`BraID`=branches.`BraID`) AND (branches.OrgID = :organisationsID) WHERE BraID = :BraID
21:17:55.735400 error system.db.CDbCommand Error in querying SQL: SELECT COUNT(*) FROM `course` INNER JOIN `branch` branches ON (`course`.`BraID`=branches.`BraID`) AND (branches.OrgID = :organisationsID) WHERE BraID = :BraID
Second problem might be on my own 
just don’t see the possible SQL error …
Might this be because Parent PK(OrgID) is same as Child’s tables FK(OrgID)? But then why courses and branches works ok… waiting for help.