Commit 5229fb63 authored by Carsten  Rose's avatar Carsten Rose
Browse files

#3534 / _paged throws an error if there is already a SIP on the current page.

_paged renders the the current client parameter into a return URL. If the current client already contained a SIP, a check in Sip.php threw an exception, to prevent using the parameter 's' by the user.
 Sip.php: New: the exception is only thrown if the SIP is unknown.
parent 82fec047
...@@ -452,7 +452,7 @@ Escape ...@@ -452,7 +452,7 @@ Escape
Sanitize class Sanitize class
^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^
* All values in Store *C* (Client) and store *F* (Form) will be sanitized: * All values in Store *C* (Client=Browser) and store *F* (Form) will be sanitized:
* All :ref:`predefined-variable-names` have a specific default sanitize class. For these variables, it's not necessary * All :ref:`predefined-variable-names` have a specific default sanitize class. For these variables, it's not necessary
to specify a sanitize class. to specify a sanitize class.
* All other variables (Store: C, F) get by default the sanitize class defined in the corresponding form. If not defined * All other variables (Store: C, F) get by default the sanitize class defined in the corresponding form. If not defined
...@@ -901,7 +901,7 @@ Pedantic ...@@ -901,7 +901,7 @@ Pedantic
In case the typed value (technically this is the value of the *id*, latest in the moment when loosing the focus) have In case the typed value (technically this is the value of the *id*, latest in the moment when loosing the focus) have
to be a valid (= exist on the LDAP server), the *typeAheadPedantic* mode can be activated. to be a valid (= exist on the LDAP server), the *typeAheadPedantic* mode can be activated.
If the user typed something and that is not a valid *id*, the client will delete the input when loosing the focus. If the user typed something and that is not a valid *id*, the client (=browser) will delete the input when loosing the focus.
To identify the exact *id*, an additional search filter is necessary. To identify the exact *id*, an additional search filter is necessary.
* *Form.parameter* or *FormElement.parameter*: * *Form.parameter* or *FormElement.parameter*:
...@@ -915,7 +915,7 @@ To identify the exact *id*, an additional search filter is necessary. ...@@ -915,7 +915,7 @@ To identify the exact *id*, an additional search filter is necessary.
Fill STORE LDAP (FSL) Fill STORE LDAP (FSL)
--------------------- ---------------------
Before processing a *FormElement*, an optional configured FLS-action loads **one** record from a LDAP directory and stores Before processing a *FormElement*, an optional configured FSL-action loads **one** record from a LDAP directory and stores
the named attributes in STORE_LDAP. If the LDAP search query selects more than one record, only the first record is processed. the named attributes in STORE_LDAP. If the LDAP search query selects more than one record, only the first record is processed.
The attributes names always becomes lowercase (PHP implentation detail on get_ldap_entries()) in the store. To make The attributes names always becomes lowercase (PHP implentation detail on get_ldap_entries()) in the store. To make
accessing STORE_LDAP easily, the keys are implemented case insensitive for this specific store. FLS is triggered during *Form*-... accessing STORE_LDAP easily, the keys are implemented case insensitive for this specific store. FLS is triggered during *Form*-...
...@@ -1026,7 +1026,7 @@ showButton ...@@ -1026,7 +1026,7 @@ showButton
Display or hide the button `new`, `delete`, `close`, `save`. Display or hide the button `new`, `delete`, `close`, `save`.
* *new*: Creates a new record. If the form needs any special parameter via SIP or Client, hide this 'new' button - the necessary parameter are not provided. * *new*: Creates a new record. If the form needs any special parameter via SIP or Client (=browser), hide this 'new' button - the necessary parameter are not provided.
* *delete*: This either deletes the current record only, or (if defined via action *FormElement* 'before Delete' ) any specified subrecords. * *delete*: This either deletes the current record only, or (if defined via action *FormElement* 'before Delete' ) any specified subrecords.
* *close*: Close the current form. If there are changes, a popup opens and ask to save / close / cancel. The last page from the history will be shown. * *close*: Close the current form. If there are changes, a popup opens and ask to save / close / cancel. The last page from the history will be shown.
* *save*: Save the form. * *save*: Save the form.
......
...@@ -74,6 +74,9 @@ class Session { ...@@ -74,6 +74,9 @@ class Session {
} }
/** /**
* Return content to given $key (=SIP).
* Return 'false' if not found.
*
* @param $key * @param $key
* @return bool * @return bool
*/ */
......
...@@ -142,7 +142,11 @@ class Sip { ...@@ -142,7 +142,11 @@ class Sip {
$clientArray[$key] = $value; $clientArray[$key] = $value;
break; break;
case CLIENT_SIP: case CLIENT_SIP:
throw new CodeException('SIP Parameter ist not allowed to be stored as a regular URL Parameter', ERROR_SIP_NOT_ALLOWED_AS_PARAM); if ($this->getQueryStringFromSip($value) === false) {
throw new CodeException('SIP Parameter ist not allowed to be stored as a regular URL Parameter', ERROR_SIP_NOT_ALLOWED_AS_PARAM);
}
$clientArray[$key] = $value;
break;
default: default:
// Values in SIP should not urlencoded. // Values in SIP should not urlencoded.
$sipArray[$key] = urldecode($value); $sipArray[$key] = urldecode($value);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment