Commit 37de5761 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Feature: #4049 / '{{...}}' with default value

parent 12472d64
......@@ -561,6 +561,7 @@ if (!function_exists('ldap_escape')) {
}
const TOKEN_FOUND_IN_STORE_QUERY = 'query';
const TOKEN_FOUND_AS_DEFAULT = 'default';
const RANDOM_LENGTH = 32;
......
......@@ -174,9 +174,9 @@ class Evaluate {
* Tries to substitute $token.
* Token might be:
* a) a SQL statement to fire
* b) fetch from a store. Syntax: 'form', 'form:C', 'form:SC0', 'form:S:alnumx', 'form:F:all:s'
* b) fetch from a store. Syntax: 'form', 'form:C', 'form:SC0', 'form:S:alnumx', 'form:F:all:s','form:F:all:s:default'
*
* The token have to be _without_ Delimiter '{{' / '}}'
* The token have to be _without_ Delimiter '{{' , '}}'
* If neither a) or b) match, return the token itself.
*
* @param string $token
......@@ -209,9 +209,9 @@ class Evaluate {
return $this->db->sql($token, $sqlMode);
}
// explode for: <key>:<store priority>:<sanitize class>:<escape>
$arr = explode(':', $token, 4);
$arr = array_merge($arr, [null, null, null, null]); // fake isset()
// explode for: <key>:<store priority>:<sanitize class>:<escape>:<default>
$arr = explode(':', $token, 5);
$arr = array_merge($arr, [null, null, null, null, null]); // fake isset()
$escapeTypes = $arr[3];
if ($escapeTypes == '') {
$escapeTypes = $this->escapeTypeDefault;
......@@ -223,7 +223,7 @@ class Evaluate {
// escape ticks
if (is_string($value)) {
// Process all escape requests in the given order.
for ($ii = 0; $ii < strlen($arr[3]); $ii++) {
for ($ii = 0; $ii < strlen($escapeTypes); $ii++) {
$escape = $escapeTypes[$ii];
switch ($escape) {
case TOKEN_ESCAPE_SINGLE_TICK:
......@@ -250,10 +250,12 @@ class Evaluate {
}
}
// OLD: nothing replaced: put ticks around, to sanitize strings for SQL statements. Nothing to substitute is not a wished situation.
// return ($value === false) ? "'" . $token . "'" : $value;
// Not found and a default is given: take the default.
if ($foundInStore == '' && !empty($arr[4])) {
$foundInStore = TOKEN_FOUND_AS_DEFAULT;
$value = str_replace('\\:', ':', $arr[4]);
}
// NEW: nothing replaced: higher level should decide what to do
return $value;
}
......
......@@ -85,6 +85,11 @@ $UPDATE_ARRAY = array(
'0.25.0' => [
"ALTER TABLE `FormElement` CHANGE `type` `type` ENUM( 'checkbox', 'date', 'datetime', 'dateJQW', 'datetimeJQW', 'extra', 'gridJQW', 'text', 'editor', 'annotate', 'time', 'note', 'password', 'radio', 'select', 'subrecord', 'upload', 'annotate', 'fieldset', 'pill', 'templateGroup', 'beforeLoad', 'beforeSave', 'beforeInsert', 'beforeUpdate', 'beforeDelete', 'afterLoad', 'afterSave', 'afterInsert', 'afterUpdate', 'afterDelete', 'sendMail', 'paste' ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'text';",
],
'0.26.0' => [
"ALTER TABLE `Form` CHANGE `escapeTypeDefault` `escapeTypeDefault` VARCHAR( 32 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'm'",
"UPDATE Form SET escapeTypeDefault = 'm' WHERE escapeTypeDefault = 'c'",
],
);
......
......@@ -416,10 +416,6 @@ class Report {
continue;
}
// Set dbAlias if one is specified. Else keep the parent one.
//TODO dbAlias
// $this->dbAlias = $this->getValueParentDefault("db", $full_super_level, $full_level, $cur_level, DB);
// Set debug, if one is specified else keep the parent one.
$lineDebug = $this->getValueParentDefault(TOKEN_DEBUG, $full_super_level, $full_level, $cur_level, 0);
......
......@@ -9,7 +9,7 @@ CREATE TABLE IF NOT EXISTS `Form` (
`permitNew` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`permitEdit` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'c',
`escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'm',
`render` ENUM('bootstrap', 'table', 'plain') NOT NULL DEFAULT 'bootstrap',
`requiredParameterNew` VARCHAR(255) NOT NULL DEFAULT '',
`requiredParameterEdit` VARCHAR(255) NOT NULL DEFAULT '',
......
......@@ -360,6 +360,17 @@ class EvaluateTest extends \AbstractDatabaseTest {
}
public function testSubstituteDefault() {
$eval = new \qfq\Evaluate($this->store, $this->dbArray[DB_INDEX_DATA_DEFAULT]);
// No escape
$this->store->setVar('a', 'hello', STORE_FORM, true);
$this->assertEquals('hello', $eval->substitute('a:F:all::world', $foundInStore));
$this->assertEquals('world', $eval->substitute('a-notused:F:all::world', $foundInStore));
$this->assertEquals('hello:world', $eval->substitute('a-notused:F:all::hello\\:world', $foundInStore));
}
protected function setUp() {
$this->store = Store::getInstance('form=TestFormName', true);
......
......@@ -9,7 +9,7 @@ CREATE TABLE IF NOT EXISTS `Form` (
`permitNew` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`permitEdit` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'c',
`escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'm',
`render` ENUM('plain', 'table', 'bootstrap') NOT NULL DEFAULT 'plain',
`requiredParameter` VARCHAR(255) NOT NULL DEFAULT '',
`dirtyMode` ENUM('exclusive', 'advisory', 'none') NOT NULL DEFAULT 'exclusive',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment