From c1fcaed2ee8f05a5030fe4e8e211ca4eae7a9489 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Tue, 11 Jun 2013 11:44:57 -0400
Subject: [PATCH] - Fixed FS#2921 - RBL list field in server config can not be empty.
---
interface/lib/classes/tform.inc.php | 249 ++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 193 insertions(+), 56 deletions(-)
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index b469e2e..8e36fb2 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -54,14 +54,14 @@
* SEPARATOR
* - separator char used for fileds with multiple values
*
-* Hint: The auto increment (ID) filed of the table has not be be definied eoarately.
+* Hint: The auto increment (ID) filed of the table has not be be definied separately.
*
*/
class tform {
/**
- * Table definition (array)
+ * Definition of the database table (array)
* @var tableDef
*/
var $tableDef;
@@ -79,25 +79,25 @@
var $table_name;
/**
- * Enable debigging
+ * Debug Variable
* @var debug
*/
var $debug = 0;
/**
- * name of the primary field of the datbase table (string)
+ * name of the primary field of the database table (string)
* @var table_index
*/
var $table_index;
/**
- * contains the error message
+ * contains the error messages
* @var errorMessage
*/
var $errorMessage = '';
var $dateformat = "d.m.Y";
- var $formDef;
+ var $formDef = array();
var $wordbook;
var $module;
var $primary_id;
@@ -124,7 +124,7 @@
function loadFormDef($file,$module = '') {
global $app,$conf;
- include_once($file);
+ include($file);
$this->formDef = $form;
$this->module = $module;
@@ -169,11 +169,17 @@
if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: $tab).");
$new_record = '';
$table_idx = $this->formDef['db_table_idx'];
- if(isset($record[$table_idx])) $new_record[$table_idx] = intval($record[$table_idx ]);
+ if(isset($record[$table_idx])) $new_record[$table_idx] = $app->functions->intval($record[$table_idx ]);
if(is_array($record)) {
- foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
- switch ($field['datatype']) {
+ foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
+
+ //* Apply filter to record value.
+ if(isset($field['filters']) && is_array($field['filters'])) {
+ $record[$key] = $this->filterField($key, (isset($record[$key]))?$record[$key]:'', $field['filters'], 'SHOW');
+ }
+
+ switch ($field['datatype']) {
case 'VARCHAR':
$new_record[$key] = $record[$key];
break;
@@ -196,7 +202,7 @@
break;
case 'INTEGER':
- $new_record[$key] = intval($record[$key]);
+ $new_record[$key] = $app->functions->intval($record[$key]);
break;
case 'DOUBLE':
@@ -218,7 +224,7 @@
}
/**
- * Get the key => value array of a form filed from a datasource definitiom
+ * Get the key => value array of a form filled from a datasource definitiom
*
* @param field = array with field definition
* @param record = Dataset as array
@@ -241,7 +247,6 @@
$table_idx = $this->formDef['db_table_idx'];
$tmp_recordid = (isset($record[$table_idx]))?$record[$table_idx]:0;
- //$tmp_recordid = intval($this->primary_id);
$querystring = str_replace("{RECORDID}",$tmp_recordid,$querystring);
unset($tmp_recordid);
@@ -270,6 +275,17 @@
} else {
$this->errorMessage .= "Custom datasource class or function is empty<br />\r\n";
}
+ }
+
+ if(isset($field['filters']) && is_array($field['filters'])) {
+ $new_values = array();
+ foreach($values as $index => $value) {
+ $new_index = $this->filterField($index, $index, $field['filters'], 'SHOW');
+ $new_values[$new_index] = $this->filterField($index, (isset($values[$index]))?$values[$index]:'', $field['filters'], 'SHOW');
+ }
+ $values = $new_values;
+ unset($new_values);
+ unset($new_index);
}
return $values;
@@ -394,7 +410,7 @@
$selected = ($k == $val)?' SELECTED':'';
if(!empty($this->wordbook[$v]))
$v = $this->wordbook[$v];
- $out .= "<option value='$k'$selected>$v</option>\r\n";
+ $out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
}
}
$new_record[$key] = $out;
@@ -619,8 +635,15 @@
if(is_array($record)) {
foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) {
-
- if(isset($field['validators']) && is_array($field['validators'])) $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
+
+ //* Apply filter to record value
+ if(isset($field['filters']) && is_array($field['filters'])) {
+ $record[$key] = $this->filterField($key, (isset($record[$key]))?$record[$key]:'', $field['filters'], 'SAVE');
+ }
+ //* Validate record value
+ if(isset($field['validators']) && is_array($field['validators'])) {
+ $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
+ }
switch ($field['datatype']) {
case 'VARCHAR':
@@ -664,7 +687,7 @@
}
break;
case 'INTEGER':
- $new_record[$key] = (isset($record[$key]))?$record[$key]:0;
+ $new_record[$key] = (isset($record[$key]))?$app->functions->intval($record[$key]):0;
//if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default'];
//if($key == 'refresh') die($record[$key]);
break;
@@ -704,6 +727,46 @@
}
return $new_record;
}
+
+ /**
+ * process the filters for a given field.
+ *
+ * @param field_name = Name of the field
+ * @param field_value = value of the field
+ * @param filters = Array of filters
+ * @param filter_event = 'SAVE'or 'SHOW'
+ * @return record
+ */
+
+ function filterField($field_name, $field_value, $filters, $filter_event) {
+
+ global $app;
+ $returnval = $field_value;
+
+ //* Loop trough all filters
+ foreach($filters as $filter) {
+ if($filter['event'] == $filter_event) {
+ switch ($filter['type']) {
+ case 'TOLOWER':
+ $returnval = strtolower($returnval);
+ break;
+ case 'TOUPPER':
+ $returnval = strtoupper($returnval);
+ break;
+ case 'IDNTOASCII':
+ $returnval = $app->functions->idn_encode($returnval);
+ break;
+ case 'IDNTOUTF8':
+ $returnval = $app->functions->idn_decode($returnval);
+ break;
+ default:
+ $this->errorMessage .= "Unknown Filter: ".$filter['type'];
+ break;
+ }
+ }
+ }
+ return $returnval;
+ }
/**
* process the validators for a given field.
@@ -736,7 +799,9 @@
}
break;
case 'UNIQUE':
- if($this->action == 'NEW') {
+ if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
+ if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){
+ if($this->action == 'NEW') {
$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
@@ -746,7 +811,7 @@
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
- } else {
+ } else {
$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
@@ -756,7 +821,8 @@
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
- }
+ }
+ }
break;
case 'NOTEMPTY':
if(empty($field_value)) {
@@ -790,7 +856,7 @@
}
break;
case 'ISINT':
- if(function_exists('filter_var')) {
+ if(function_exists('filter_var') && $field_value < 2147483647) {
if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
@@ -800,7 +866,7 @@
}
}
} else {
- $tmpval = intval($field_value);
+ $tmpval = $app->functions->intval($field_value);
if($tmpval === 0 and !empty($field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
@@ -818,12 +884,45 @@
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
- }
- }
- break;
- case 'ISIPV4':
- $vip=1;
- if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ }
+ }
+ break;
+ /*
+ case 'ISV6PREFIX':
+ $v6_prefix_ok = 0;
+ $explode_field_value = explode(':',$field_value);
+ if ($explode_field_value[count($explode_field_value)-1]=='' && $explode_field_value[count($explode_field_value)-2]=='' ){
+ if ( count($explode_field_value) <= 9 ) {
+ if(filter_var(substr($field_value,0,strlen($field_value)-2),FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).'::0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) or filter_var(substr($field_value,0,strlen($field_value)-2).':0',FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ) {
+ $v6_prefix_ok = 1;
+ }
+ }
+ } else {
+ $v6_prefix_ok = 2;
+ }
+ // check subnet against defined server-ipv6
+ $sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' LIMIT 0,1");
+ $sql_v6_explode=explode(':',$sql_v6['ip_address']);
+ if ( count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address']) ) {
+ $v6_prefix_ok = 3;
+ }
+ if($v6_prefix_ok == 0) {
+ $errmsg = $validator['errmsg'];
+ }
+ if($v6_prefix_ok == 2) {
+ $errmsg = 'IPv6 Prefix must end with ::';
+ }
+ if($v6_prefix_ok == 3) {
+ $errmsg = 'IPv6 Prefix too long (according to Server IP Addresses)';
+ }
+ if($v6_prefix_ok <> 1){
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ break;
+ */
+ case 'ISIPV4':
+ $vip=1;
+ if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
$groups=explode(".",$field_value);
foreach($groups as $group){
if($group<0 OR $group>255)
@@ -840,34 +939,68 @@
}
break;
case 'ISIP':
- //* Check if its a IPv4 or IPv6 address
- if(function_exists('filter_var')) {
- if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
- $errmsg = $validator['errmsg'];
- if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
- } else {
- $this->errorMessage .= $errmsg."<br />\r\n";
- }
- }
+ if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
+ if($validator['allowempty'] == 'y' && $field_value == '') {
+ //* Do nothing
} else {
- //* Check content with regex, if we use php < 5.2
- $ip_ok = 0;
- if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
- $ip_ok = 1;
+ //* Check if its a IPv4 or IPv6 address
+ if(isset($validator['separator']) && $validator['separator'] != '') {
+ //* When the field may contain several IP addresses, split them by the char defined as separator
+ $field_value_array = explode($validator['separator'],$field_value);
+ } else {
+ $field_value_array[] = $field_value;
}
- if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
- $ip_ok = 1;
- }
- if($ip_ok == 0) {
- $errmsg = $validator['errmsg'];
- if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ foreach($field_value_array as $field_value) {
+ if(function_exists('filter_var')) {
+ if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
} else {
- $this->errorMessage .= $errmsg."<br />\r\n";
+ //* Check content with regex, if we use php < 5.2
+ $ip_ok = 0;
+ if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
+ $ip_ok = 1;
+ }
+ if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ $ip_ok = 1;
+ }
+ if($ip_ok == 0) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
}
}
}
+ break;
+ case 'RANGE':
+ //* Checks if the value is within the given range or above / below a value
+ //* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
+ $range_parts = explode(':',trim($validator['range']));
+ $ok = true;
+ if($range_parts[0] != '' && $field_value < $range_parts[0]) {
+ $ok = false;
+ }
+ if($range_parts[1] != '' && $field_value > $range_parts[1]) {
+ $ok = false;
+ }
+ if($ok != true) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ unset($range_parts);
break;
case 'CUSTOM':
// Calls a custom class to validate this record
@@ -892,7 +1025,7 @@
}
/**
- * Create the SQL staement.
+ * Create SQL statement
*
* @param record = Datensatz als Array
* @param action = INSERT oder UPDATE
@@ -918,7 +1051,7 @@
$this->action = $action;
$this->primary_id = $primary_id;
- $record = $this->encode($record,$tab);
+ $record = $this->encode($record,$tab,true);
$sql_insert_key = '';
$sql_insert_val = '';
$sql_update = '';
@@ -939,7 +1072,9 @@
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'MYSQL') {
- $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $record[$key] = $tmp['crypted'];
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'CLEARTEXT') {
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
@@ -966,7 +1101,9 @@
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
- $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $record[$key] = $tmp['crypted'];
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
@@ -1041,7 +1178,7 @@
//* return a empty string if there is nothing to update
if(trim($sql_update) == '') $sql = '';
}
-
+
return $sql;
}
@@ -1086,7 +1223,7 @@
$app->uses('tform_tpl_generator');
$app->tform_tpl_generator->buildHTML($this->formDef,$tab['name']);
}
-
+ $app->tpl->setVar('readonly_tab', (isset($tab['readonly']) && $tab['readonly'] == true));
$app->tpl->setInclude('content_tpl',$tab["template"]);
$tab["active"] = 1;
$_SESSION["s"]["form"]["tab"] = $tab['name'];
--
Gitblit v1.9.1