From b889edb33e4a09cc1f65d2fb9ad9f9ea16b1eae9 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Tue, 04 Sep 2012 11:42:42 -0400
Subject: [PATCH] - Ported changes from Apache plugin to nginx plugin. - Fixed errors in system.inc.php-
---
interface/lib/classes/tform.inc.php | 242 +++++++++++++++++++++++++++++++++++++++---------
1 files changed, 197 insertions(+), 45 deletions(-)
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index ae02efb..12547ba 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -150,6 +150,8 @@
if(isset($wb_global)) unset($wb_global);
$this->wordbook = $wb;
+
+ $this->dateformat = $app->lng('conf_format_dateshort');
return true;
}
@@ -163,11 +165,21 @@
* @return record
*/
function decode($record,$tab) {
- if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: $tab).");
+ global $conf, $app;
+ if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: $tab).");
$new_record = '';
+ $table_idx = $this->formDef['db_table_idx'];
+ if(isset($record[$table_idx])) $new_record[$table_idx] = intval($record[$table_idx ]);
+
if(is_array($record)) {
- foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
- switch ($field['datatype']) {
+ foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
+
+ //* Apply filter to record value.
+ if(isset($field['filters']) && is_array($field['filters'])) {
+ $record[$key] = $this->filterField($key, (isset($record[$key]))?$record[$key]:'', $field['filters'], 'SHOW');
+ }
+
+ switch ($field['datatype']) {
case 'VARCHAR':
$new_record[$key] = $record[$key];
break;
@@ -198,7 +210,7 @@
break;
case 'CURRENCY':
- $new_record[$key] = number_format((double)$record[$key], 2, ',', '');
+ $new_record[$key] = $app->functions->currency_format($record[$key]);
break;
default:
@@ -235,11 +247,12 @@
$table_idx = $this->formDef['db_table_idx'];
$tmp_recordid = (isset($record[$table_idx]))?$record[$table_idx]:0;
+ //$tmp_recordid = intval($this->primary_id);
$querystring = str_replace("{RECORDID}",$tmp_recordid,$querystring);
unset($tmp_recordid);
$querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring);
-
+
// Getting the records
$tmp_records = $app->db->queryAllRecords($querystring);
if($app->db->errorMessage != '') die($app->db->errorMessage);
@@ -357,7 +370,12 @@
$record = $this->decode($record,$tab);
if(is_array($record)) {
foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
- $val = $record[$key];
+
+ if(isset($record[$key])) {
+ $val = $record[$key];
+ } else {
+ $val = '';
+ }
// If Datasource is set, get the data from there
if(isset($field['datasource']) && is_array($field['datasource'])) {
@@ -425,6 +443,7 @@
// HTML schreiben
$out = '';
+ $elementNo = 0;
foreach($field['value'] as $k => $v) {
$checked = '';
@@ -432,7 +451,8 @@
if(trim($tvl) == trim($k)) $checked = ' CHECKED';
}
// $out .= "<label for=\"".$key."[]\" class=\"inlineLabel\"><input name=\"".$key."[]\" id=\"".$key."[]\" value=\"$k\" type=\"checkbox\" $checked /> $v</label>\r\n";
- $out .= "<input name=\"".$key."[]\" id=\"".$key."[]\" value=\"$k\" type=\"checkbox\" $checked /> $v \r\n";
+ $out .= "<label for=\"".$key.$elementNo."\" class=\"inlineLabel\"><input name=\"".$key."[]\" id=\"".$key.$elementNo."\" value=\"$k\" type=\"checkbox\" $checked /> $v</label><br/>\r\n";
+ $elementNo++;
}
}
$new_record[$key] = $out;
@@ -443,10 +463,12 @@
// HTML schreiben
$out = '';
+ $elementNo = 0;
foreach($field['value'] as $k => $v) {
$checked = ($k == $val)?' CHECKED':'';
//$out .= "<label for=\"".$key."[]\" class=\"inlineLabel\"><input name=\"".$key."[]\" id=\"".$key."[]\" value=\"$k\" type=\"radio\" $checked/> $v</label>\r\n";
- $out .= "<input name=\"".$key."[]\" id=\"".$key."[]\" value=\"$k\" type=\"radio\" $checked/> $v\r\n";
+ $out .= "<label for=\"".$key.$elementNo."\" class=\"inlineLabel\"><input name=\"".$key."[]\" id=\"".$key.$elementNo."\" value=\"$k\" type=\"radio\" $checked/> $v </label>\r\n";
+ $elementNo++;
}
}
$new_record[$key] = $out;
@@ -467,7 +489,11 @@
break;
default:
+ if(isset($record[$key])) {
$new_record[$key] = htmlspecialchars($record[$key]);
+ } else {
+ $new_record[$key] = '';
+ }
}
}
}
@@ -534,6 +560,7 @@
// HTML schreiben
$out = '';
+ $elementNo = 0;
foreach($field['value'] as $k => $v) {
$checked = '';
@@ -541,7 +568,8 @@
if(trim($tvl) == trim($k)) $checked = ' CHECKED';
}
// $out .= "<label for=\"".$key."[]\" class=\"inlineLabel\"><input name=\"".$key."[]\" id=\"".$key."[]\" value=\"$k\" type=\"checkbox\" $checked /> $v</label>\r\n";
- $out .= "<input name=\"".$key."[]\" id=\"".$key."[]\" value=\"$k\" type=\"checkbox\" $checked /> $v \r\n";
+ $out .= "<label for=\"".$key.$elementNo."\" class=\"inlineLabel\"><input name=\"".$key."[]\" id=\"".$key.$elementNo."\" value=\"$k\" type=\"checkbox\" $checked /> $v</label> \r\n";
+ $elementNo++;
}
}
$new_record[$key] = $out;
@@ -552,10 +580,12 @@
// HTML schreiben
$out = '';
+ $elementNo = 0;
foreach($field['value'] as $k => $v) {
$checked = ($k == $field["default"])?' CHECKED':'';
//$out .= "<label for=\"".$key."[]\" class=\"inlineLabel\"><input name=\"".$key."[]\" id=\"".$key."[]\" value=\"$k\" type=\"radio\" $checked/> $v</label>\r\n";
- $out .= "<input name=\"".$key."[]\" id=\"".$key."[]\" value=\"$k\" type=\"radio\" $checked/> $v\r\n";
+ $out .= "<label for=\"".$key.$elementNo."\" class=\"inlineLabel\"><input name=\"".$key."[]\" id=\"".$key.$elementNo."\" value=\"$k\" type=\"radio\" $checked/> $v</label>\r\n";
+ $elementNo++;
}
}
$new_record[$key] = $out;
@@ -587,7 +617,7 @@
* @param record = Datensatz als Array
* @return record
*/
- function encode($record,$tab) {
+ function encode($record,$tab,$dbencode = true) {
global $app;
if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: $tab).");
@@ -595,20 +625,28 @@
if(is_array($record)) {
foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
-
- if(isset($field['validators']) && is_array($field['validators'])) $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
+
+ //* Apply filter to record value
+ if(isset($field['filters']) && is_array($field['filters'])) {
+ $record[$key] = $this->filterField($key, (isset($record[$key]))?$record[$key]:'', $field['filters'], 'SAVE');
+ }
+
+ //* Validate record value
+ if(isset($field['validators']) && is_array($field['validators'])) {
+ $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
+ }
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?$record[$key]:'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = $app->db->quote($record[$key]);
+ $new_record[$key] = $record[$key];
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
@@ -623,11 +661,18 @@
break;
case 'DATE':
if($record[$key] != '' && $record[$key] != '0000-00-00') {
- $date_parts = date_parse_from_format($this->dateformat,$record[$key]);
- //list($tag,$monat,$jahr) = explode('.',$record[$key]);
- $new_record[$key] = $date_parts['year'].'-'.$date_parts['month'].'-'.$date_parts['day'];
- //$tmp = strptime($record[$key],$this->dateformat);
- //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
+ if(function_exists('date_parse_from_format')) {
+ $date_parts = date_parse_from_format($this->dateformat,$record[$key]);
+ //list($tag,$monat,$jahr) = explode('.',$record[$key]);
+ $new_record[$key] = $date_parts['year'].'-'.$date_parts['month'].'-'.$date_parts['day'];
+ //$tmp = strptime($record[$key],$this->dateformat);
+ //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
+ } else {
+ //$tmp = strptime($record[$key],$this->dateformat);
+ //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
+ $tmp = strtotime($record[$key]);
+ $new_record[$key] = date('Y-m-d',$tmp);
+ }
} else {
$new_record[$key] = '0000-00-00';
}
@@ -638,7 +683,7 @@
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = $app->db->quote($record[$key]);
+ $new_record[$key] = $record[$key];
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
@@ -666,11 +711,61 @@
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
}
}
-
-
+
+ //* Add slashes to all records, when we encode data which shall be inserted into mysql.
+ if($dbencode == true) $new_record[$key] = $app->db->quote($new_record[$key]);
}
}
return $new_record;
+ }
+
+ /**
+ * process the filters for a given field.
+ *
+ * @param field_name = Name of the field
+ * @param field_value = value of the field
+ * @param filters = Array of filters
+ * @param filter_event = 'SAVE'or 'SHOW'
+ * @return record
+ */
+
+ function filterField($field_name, $field_value, $filters, $filter_event) {
+
+ global $app;
+ $returnval = $field_value;
+
+ //* Loop trough all filters
+ foreach($filters as $filter) {
+ if($filter['event'] == $filter_event) {
+ switch ($filter['type']) {
+ case 'TOLOWER':
+ $returnval = strtolower($field_value);
+ break;
+ case 'TOUPPER':
+ $returnval = strtoupper($field_value);
+ break;
+ case 'IDNTOASCII':
+ if(function_exists('idn_to_ascii')) {
+ $returnval = idn_to_ascii($field_value);
+ } else {
+ $returnval = $field_value;
+ }
+ break;
+ case 'IDNTOUTF8':
+ if(function_exists('idn_to_utf8')) {
+ $returnval = idn_to_utf8($field_value);
+ } else {
+ $returnval = $field_value;
+ }
+ break;
+ default:
+ $this->errorMessage .= "Unknown Filter: ".$filter['type'];
+ break;
+ }
+ }
+ }
+
+ return $returnval;
}
/**
@@ -737,7 +832,17 @@
}
break;
case 'ISEMAIL':
- if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
+ if(function_exists('filter_var')) {
+ if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ } else {
+ if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
@@ -745,8 +850,19 @@
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
+ }
break;
case 'ISINT':
+ if(function_exists('filter_var')) {
+ if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ } else {
$tmpval = intval($field_value);
if($tmpval === 0 and !empty($field_value)) {
$errmsg = $validator['errmsg'];
@@ -756,6 +872,7 @@
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
+ }
break;
case 'ISPOSITIVE':
if(!is_numeric($field_value) || $field_value <= 0){
@@ -784,6 +901,57 @@
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
+ break;
+ case 'ISIP':
+ //* Check if its a IPv4 or IPv6 address
+ if(function_exists('filter_var')) {
+ if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ } else {
+ //* Check content with regex, if we use php < 5.2
+ $ip_ok = 0;
+ if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
+ $ip_ok = 1;
+ }
+ if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ $ip_ok = 1;
+ }
+ if($ip_ok == 0) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ }
+ break;
+ case 'RANGE':
+ //* Checks if the value is within the given range or above / below a value
+ //* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
+ $range_parts = explode(':',trim($validator['range']));
+ $ok = true;
+ if($range_parts[0] != '' && $field_value < $range_parts[0]) {
+ $ok = false;
+ }
+ if($range_parts[1] != '' && $field_value > $range_parts[1]) {
+ $ok = false;
+ }
+ if($ok != true) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ unset($range_parts);
break;
case 'CUSTOM':
// Calls a custom class to validate this record
@@ -834,7 +1002,7 @@
$this->action = $action;
$this->primary_id = $primary_id;
- $record = $this->encode($record,$tab);
+ $record = $this->encode($record,$tab,true);
$sql_insert_key = '';
$sql_insert_val = '';
$sql_update = '';
@@ -852,15 +1020,7 @@
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if($field['encryption'] == 'CRYPT') {
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- //$salt.=chr(mt_rand(64,126));
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- // $salt = substr(md5(time()),0,2);
- $record[$key] = crypt(stripslashes($record[$key]),$salt);
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'MYSQL') {
$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
@@ -887,15 +1047,7 @@
} else {
if($field['formtype'] == 'PASSWORD') {
if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
- $salt="$1$";
- $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- for ($n=0;$n<8;$n++) {
- //$salt.=chr(mt_rand(64,126));
- $salt.=$base64_alphabet[mt_rand(0,63)];
- }
- $salt.="$";
- // $salt = substr(md5(time()),0,2);
- $record[$key] = crypt(stripslashes($record[$key]),$salt);
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
@@ -973,7 +1125,7 @@
//* return a empty string if there is nothing to update
if(trim($sql_update) == '') $sql = '';
}
-
+
return $sql;
}
@@ -1018,7 +1170,7 @@
$app->uses('tform_tpl_generator');
$app->tform_tpl_generator->buildHTML($this->formDef,$tab['name']);
}
-
+ $app->tpl->setVar('readonly_tab', (isset($tab['readonly']) && $tab['readonly'] == true));
$app->tpl->setInclude('content_tpl',$tab["template"]);
$tab["active"] = 1;
$_SESSION["s"]["form"]["tab"] = $tab['name'];
--
Gitblit v1.9.1