From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/lib/classes/tform_actions.inc.php |   38 +++++++++++++++++++-------------------
 1 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php
index df00265..da12ac8 100644
--- a/interface/lib/classes/tform_actions.inc.php
+++ b/interface/lib/classes/tform_actions.inc.php
@@ -46,6 +46,7 @@
 		$app->tpl->newTemplate("tabbed_form.tpl.htm");
 
 		// Load table definition from file
+		//$app->tform->loadFormDef($tform_def_file, (isset($_SESSION['s']['module']['name']) ? $_SESSION['s']['module']['name'] : ''));
 		$app->tform->loadFormDef($tform_def_file);
 
 		// Importing ID
@@ -82,7 +83,7 @@
 		// check if the client is locked - he may not change anything, then.
 		if(!$app->auth->is_admin()) {
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
+			$client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 			if(is_array($client) && $client['locked'] == 'y') {
 				$app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />";
 			}
@@ -106,14 +107,13 @@
 		global $app, $conf;
 
 		$this->onBeforeUpdate();
+		$app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$app->tform->formDef['name'].':'.'on_before_update', $this);
 
 		$ext_where = '';
 		$sql = $app->tform->getSQL($this->dataRecord, $app->tform->getCurrentTab(), 'UPDATE', $this->id, $ext_where);
 		if($app->tform->errorMessage == '') {
 
-			if($app->tform->formDef['db_history'] == 'yes') {
-				$this->oldDataRecord = $app->tform->getDataRecord($this->id);
-			}
+			$this->oldDataRecord = $app->tform->getDataRecord($this->id);
 
 			// Save record in database
 			$this->onUpdateSave($sql);
@@ -192,6 +192,7 @@
 		global $app, $conf;
 
 		$this->onBeforeInsert();
+		$app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$app->tform->formDef['name'].':'.'on_before_insert', $this);
 
 		$ext_where = '';
 		$sql = $app->tform->getSQL($this->dataRecord, $app->tform->getCurrentTab(), 'INSERT', $this->id, $ext_where);
@@ -311,7 +312,6 @@
 				if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));
 			}
 
-			//$this->dataRecord = $app->db->queryOneRecord("SELECT * FROM ".$liste["table"]." WHERE ".$liste["table_idx"]." = ".$this->id);
 			$this->dataRecord = $app->tform->getDataRecord($this->id);
 
 			$app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$app->tform->formDef['name'].':'.'on_check_delete', $this);
@@ -324,7 +324,7 @@
 				$app->tform->datalogSave('DELETE', $this->id, $this->dataRecord, array());
 			}
 
-			$app->db->query("DELETE FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." LIMIT 1");
+			$app->db->query("DELETE FROM ?? WHERE ?? = ? LIMIT 1", $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id);
 
 
 			// loading plugins
@@ -379,11 +379,11 @@
 		$app->tpl->setInclude("content_tpl", $app->tform->formDef['template_print']);
 
 		if($app->tform->formDef['auth'] == 'no') {
-			$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+			$sql = "SELECT * FROM ?? WHERE ?? = ?";
 		} else {
-			$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+			$sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
 		}
-		if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+		if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
 
 		$record["datum"] = date("d.m.Y");
 
@@ -423,11 +423,11 @@
 			$app->tpl->setInclude("content_tpl", $app->tform->formDef['template_mailsend']);
 			$app->tpl->setVar('show_mail', 1);
 			if($app->tform->formDef['auth'] == 'no') {
-				$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+				$sql = "SELECT * FROM ?? WHERE ?? = ?";
 			} else {
-				$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+				$sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
 			}
-			if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+			if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
 
 			$record["datum"] = date("d.m.Y");
 			$record["mailmessage"] = $_POST["message"];
@@ -459,11 +459,11 @@
 
 
 		if($app->tform->formDef['auth'] == 'no') {
-			$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+			$sql = "SELECT * FROM ?? WHERE ?? = ?";
 		} else {
-			$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+			$sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
 		}
-		if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+		if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
 
 		$record["datum"] = date("d.m.Y");
 
@@ -560,11 +560,11 @@
 		// bestehenden Datensatz anzeigen
 		if($app->tform->errorMessage == '') {
 			if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
-				$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');
+				$sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');
 			} else {
-				$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+				$sql = "SELECT * FROM ?? WHERE ?? = ?";
 			}
-			if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
+			if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));
 		} else {
 			// $record = $app->tform->encode($_POST,$this->active_tab);
 			$record = $app->tform->encode($this->dataRecord, $this->active_tab, false);
@@ -595,7 +595,7 @@
 				$app->load($plugin_class);
 				$this->plugins[$plugin_name] = new $plugin_class;
 				$this->plugins[$plugin_name]->setOptions($plugin_name, $plugin_settings['options']);
-				// Make the data of the form easily accessible for the plugib
+				// Make the data of the form easily accessible for the plugin
 				$this->plugins[$plugin_name]->form = $this;
 				$this->plugins[$plugin_name]->onLoad();
 			}

--
Gitblit v1.9.1