From 3d7855dd9b760c43fc19f30f813a48650f0dc4ea Mon Sep 17 00:00:00 2001
From: Carsten Rose <carsten.rose@math.uzh.ch>
Date: Tue, 29 Nov 2016 17:14:57 +0100
Subject: [PATCH] FillStoreFrom.php: Bei leeren Feldern kein Sanitizing
durchfuehren
---
extension/qfq/qfq/QuickFormQuery.php | 2 +-
extension/qfq/qfq/store/FillStoreForm.php | 9 +++++++--
extension/qfq/sql/formEditor.sql | 2 +-
3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/extension/qfq/qfq/QuickFormQuery.php b/extension/qfq/qfq/QuickFormQuery.php
index 54fcf67fb..3f01975be 100644
--- a/extension/qfq/qfq/QuickFormQuery.php
+++ b/extension/qfq/qfq/QuickFormQuery.php
@@ -339,7 +339,7 @@ class QuickFormQuery {
}
// Load form
- $form = $this->db->sql("SELECT * FROM Form AS f WHERE f.name LIKE ? AND f.deleted='no'", ROW_EXPECT_1,
+ $form = $this->db->sql("SELECT * FROM Form AS f WHERE f." . F_NAME . " LIKE ? AND f.deleted='no'", ROW_EXPECT_1,
[$formName], 'Form not found or multiple forms with the same name.');
$this->formSpec = $this->eval->parseArray($form);
diff --git a/extension/qfq/qfq/store/FillStoreForm.php b/extension/qfq/qfq/store/FillStoreForm.php
index 52e7b4a61..31de2248b 100644
--- a/extension/qfq/qfq/store/FillStoreForm.php
+++ b/extension/qfq/qfq/store/FillStoreForm.php
@@ -155,8 +155,13 @@ class FillStoreForm {
$newValues[$formElement['name']] = $this->doDateTime($formElement, $clientValues[$clientFieldName]);
break;
default:
- $newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName],
- $formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION);
+ // Check only if their is something
+ if($clientValues[$clientFieldName] !== '') {
+ $newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName],
+ $formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION);
+ } else {
+ $newValues[$formElement['name']] ='';
+ }
break;
}
}
diff --git a/extension/qfq/sql/formEditor.sql b/extension/qfq/sql/formEditor.sql
index 22ccc0e5e..9fa7e7cbc 100644
--- a/extension/qfq/sql/formEditor.sql
+++ b/extension/qfq/sql/formEditor.sql
@@ -167,7 +167,7 @@ VALUES
'', '', '', '', 4, '', ''),
(1, '', 'FormElements', 'show', 'subrecord', 'all', 'native', 500, 0, 0, '', '', '',
- '{{!SELECT IF( fe.enabled="yes", IF( fe.enabled="yes" AND fe.feIdContainer=0 AND !ISNULL(feCX.id) AND fe.class="native", "danger", IF( fe.class="container", "text-info", IF( fe.class="action", "text-success", ""))), "text-muted") AS _rowClass, IF( fe.enabled="yes", IF(fe.feIdContainer=0 AND !ISNULL(feCX.id) AND fe.class="native", "Please choose a container for this formelement", fe.class), "Disabled") AS _rowTitle, fe.id, CONCAT( IFNULL( CONCAT( feC.name, " (", fe.feIdContainer, ")"),"")) AS Container, fe.name, fe.label, fe.mode, fe.class, fe.type, fe.ord, fe.size, fe.sql1, fe.parameter FROM FormElement AS fe LEFT JOIN FormElement AS feC ON feC.id=fe.feIdContainer AND feC.formId=fe.formId LEFT JOIN FormElement AS feCX ON feCX.class="container" AND feCX.enabled="yes" AND feCX.formId=fe.formId WHERE fe.formId={{id:R0}} GROUP BY fe.id ORDER BY fe.class DESC, fe.feIdContainer, fe.ord, fe.id}}',
+ '{{!SELECT IF( fe.enabled="yes", IF( fe.enabled="yes" AND fe.feIdContainer=0 AND !ISNULL(feCX.id) AND fe.class="native", "danger", IF( fe.class="container", "text-info", IF( fe.class="action", "text-success", ""))), "text-muted") AS _rowClass, IF( fe.enabled="yes", IF(fe.feIdContainer=0 AND !ISNULL(feCX.id) AND fe.class="native", "Please choose a container for this formelement", fe.class), "Disabled") AS _rowTitle, fe.id, CONCAT( IFNULL( CONCAT( feC.name, " (", fe.feIdContainer, ")"),"")) AS Container, fe.name, fe.label, fe.mode, fe.class, fe.type, fe.ord, fe.size, fe.sql1, fe.parameter FROM FormElement AS fe LEFT JOIN FormElement AS feC ON feC.id=fe.feIdContainer AND feC.formId=fe.formId LEFT JOIN FormElement AS feCX ON feCX.class="container" AND feCX.enabled="yes" AND feCX.formId=fe.formId WHERE fe.formId={{id:R0}} GROUP BY fe.id ORDER BY fe.class DESC, feC.ord, fe.ord, fe.id}}',
'', 'form=formElement\ndetail=id:formId', 5, 'new,edit,delete', '');
#
--
GitLab