Commit 3d7855dd authored by Carsten  Rose's avatar Carsten Rose
Browse files

FillStoreFrom.php: Bei leeren Feldern kein Sanitizing durchfuehren

parent e071bfb4
...@@ -339,7 +339,7 @@ class QuickFormQuery { ...@@ -339,7 +339,7 @@ class QuickFormQuery {
} }
// Load form // Load form
$form = $this->db->sql("SELECT * FROM Form AS f WHERE f.name LIKE ? AND f.deleted='no'", ROW_EXPECT_1, $form = $this->db->sql("SELECT * FROM Form AS f WHERE f." . F_NAME . " LIKE ? AND f.deleted='no'", ROW_EXPECT_1,
[$formName], 'Form not found or multiple forms with the same name.'); [$formName], 'Form not found or multiple forms with the same name.');
$this->formSpec = $this->eval->parseArray($form); $this->formSpec = $this->eval->parseArray($form);
......
...@@ -155,8 +155,13 @@ class FillStoreForm { ...@@ -155,8 +155,13 @@ class FillStoreForm {
$newValues[$formElement['name']] = $this->doDateTime($formElement, $clientValues[$clientFieldName]); $newValues[$formElement['name']] = $this->doDateTime($formElement, $clientValues[$clientFieldName]);
break; break;
default: default:
$newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName], // Check only if their is something
$formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION); if($clientValues[$clientFieldName] !== '') {
$newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName],
$formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION);
} else {
$newValues[$formElement['name']] ='';
}
break; break;
} }
} }
......
...@@ -167,7 +167,7 @@ VALUES ...@@ -167,7 +167,7 @@ VALUES
'', '', '', '', 4, '', ''), '', '', '', '', 4, '', ''),
(1, '', 'FormElements', 'show', 'subrecord', 'all', 'native', 500, 0, 0, '', '', '', (1, '', 'FormElements', 'show', 'subrecord', 'all', 'native', 500, 0, 0, '', '', '',
'{{!SELECT IF( fe.enabled="yes", IF( fe.enabled="yes" AND fe.feIdContainer=0 AND !ISNULL(feCX.id) AND fe.class="native", "danger", IF( fe.class="container", "text-info", IF( fe.class="action", "text-success", ""))), "text-muted") AS _rowClass, IF( fe.enabled="yes", IF(fe.feIdContainer=0 AND !ISNULL(feCX.id) AND fe.class="native", "Please choose a container for this formelement", fe.class), "Disabled") AS _rowTitle, fe.id, CONCAT( IFNULL( CONCAT( feC.name, " (", fe.feIdContainer, ")"),"")) AS Container, fe.name, fe.label, fe.mode, fe.class, fe.type, fe.ord, fe.size, fe.sql1, fe.parameter FROM FormElement AS fe LEFT JOIN FormElement AS feC ON feC.id=fe.feIdContainer AND feC.formId=fe.formId LEFT JOIN FormElement AS feCX ON feCX.class="container" AND feCX.enabled="yes" AND feCX.formId=fe.formId WHERE fe.formId={{id:R0}} GROUP BY fe.id ORDER BY fe.class DESC, fe.feIdContainer, fe.ord, fe.id}}', '{{!SELECT IF( fe.enabled="yes", IF( fe.enabled="yes" AND fe.feIdContainer=0 AND !ISNULL(feCX.id) AND fe.class="native", "danger", IF( fe.class="container", "text-info", IF( fe.class="action", "text-success", ""))), "text-muted") AS _rowClass, IF( fe.enabled="yes", IF(fe.feIdContainer=0 AND !ISNULL(feCX.id) AND fe.class="native", "Please choose a container for this formelement", fe.class), "Disabled") AS _rowTitle, fe.id, CONCAT( IFNULL( CONCAT( feC.name, " (", fe.feIdContainer, ")"),"")) AS Container, fe.name, fe.label, fe.mode, fe.class, fe.type, fe.ord, fe.size, fe.sql1, fe.parameter FROM FormElement AS fe LEFT JOIN FormElement AS feC ON feC.id=fe.feIdContainer AND feC.formId=fe.formId LEFT JOIN FormElement AS feCX ON feCX.class="container" AND feCX.enabled="yes" AND feCX.formId=fe.formId WHERE fe.formId={{id:R0}} GROUP BY fe.id ORDER BY fe.class DESC, feC.ord, fe.ord, fe.id}}',
'', 'form=formElement\ndetail=id:formId', 5, 'new,edit,delete', ''); '', 'form=formElement\ndetail=id:formId', 5, 'new,edit,delete', '');
# #
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment