diff --git a/app/subnets/mastersubnet-dropdown.php b/app/subnets/mastersubnet-dropdown.php
index 6caf810a287864cb17861ee7f408aeee7c6d53b8..449bf38dec09e45d9c6e60c8f62657c4cad696cf 100644
--- a/app/subnets/mastersubnet-dropdown.php
+++ b/app/subnets/mastersubnet-dropdown.php
@@ -49,7 +49,7 @@ $fields = array('id','masterSubnetId','isFolder','subnet','mask','description');
$strict_subnets = get_strict_subnets($Subnets, $sectionId, $cidr, $fields);
-$folders = $Subnets->fetch_multiple_objects('subnets', 'isFolder', '1', 'id', true, false, $fields);
+$folders = $Subnets->fetch_section_subnets($sectionId, 'isFolder', '1', $fields);
if (!is_array($folders)) $folders = array();
// Generate HTML <options> dropdown menu
@@ -69,7 +69,7 @@ $dropdown->subnets_tree_render(true);
if ($section->strictMode == 0) {
// Strict mode is disabled, allow nested chaos....
- $all_subnets = $Subnets->fetch_section_subnets($sectionId, $fields);
+ $all_subnets = $Subnets->fetch_section_subnets($sectionId, false, false, $fields);
if (!is_array($all_subnets)) $all_subnets = array();
foreach($all_subnets as $subnet) {
diff --git a/functions/classes/class.Subnets.php b/functions/classes/class.Subnets.php
index c59c3add84516cac67054b529ebbb032c94e0ce7..80c8148db7975435bd22528eb4da5c7df5ec41e6 100644
--- a/functions/classes/class.Subnets.php
+++ b/functions/classes/class.Subnets.php
@@ -529,10 +529,12 @@ class Subnets extends Common_functions {
*
* @access public
* @param mixed $sectionId // section identifier
+ * @param string|false $field
+ * @param mixed|false $value
* @param array|string $result_fields // fields to fetch
* @return array
*/
- public function fetch_section_subnets ($sectionId, $result_fields = "*") {
+ public function fetch_section_subnets ($sectionId, $field = false, $value = false, $result_fields = "*") {
# fetch settings and set subnet ordering
$this->get_settings();
@@ -545,14 +547,21 @@ class Subnets extends Common_functions {
// subnet fix
if($order[0]=="subnet") $order[0] = 'LPAD(subnet,39,0)';
- $result_fields = $this->Database->escape_result_fields($result_fields);
+ $safe_result_fields = $this->Database->escape_result_fields($result_fields);
# fetch
+ if ($field!==false) {
+ $field = $this->Database->escape($field);
+ $value = $this->Database->escape($value);
+ $field_query = "AND `$field` = '$value'";
+ } else {
+ $field_query = '';
+ }
// if sectionId is not numeric, assume it is section name rather than id, set query appropriately
if (is_numeric($sectionId)) {
- $query = "SELECT $result_fields FROM `subnets` where `sectionId` = ? order by `isFolder` desc, case `isFolder` when 1 then description else $order[0] end $order[1]";
+ $query = "SELECT $safe_result_fields FROM `subnets` where `sectionId` = ? $field_query order by `isFolder` desc, case `isFolder` when 1 then description else $order[0] end $order[1]";
}
else {
- $query = "SELECT $result_fields FROM `subnets` where `sectionId` in (SELECT id from sections where name = ?) order by `isFolder` desc, case `isFolder` when 1 then description else $order[0] end $order[1]";
+ $query = "SELECT $safe_result_fields FROM `subnets` where `sectionId` in (SELECT id from sections where name = ?) $field_query order by `isFolder` desc, case `isFolder` when 1 then description else $order[0] end $order[1]";
}
try { $subnets = $this->Database->getObjectsQuery($query, array($sectionId)); }
catch (Exception $e) {
@@ -3602,7 +3611,7 @@ class Subnets extends Common_functions {
if(!is_numeric($sectionId)) { $this->Result->show("danger", _("Invalid ID"), true); }
$folders = array();
- $section_subnets = $this->fetch_section_subnets ($sectionId, array("id", "masterSubnetId", "isFolder", "subnet", "mask", "description"));
+ $section_subnets = $this->fetch_section_subnets ($sectionId, false, false, array('id', 'masterSubnetId', 'isFolder', 'subnet', 'mask', 'description'));
if (!is_array($section_subnets)) $section_subnets = array();
foreach($section_subnets as $subnet) {