Skip to content
Snippets Groups Projects
Commit 91859949 authored by Carsten Rose's avatar Carsten Rose
Browse files

Link.php: Check paged / Paged that the parameter r, table and form are given... 

Link.php: Check paged / Paged that the parameter r, table and form are given in the right combination.
parent b5741305
No related merge requests found
Hide whitespace changes
Inline Side-by-side
extension/qfq/qfq/Constants.php
+ 8
7
View file @ 91859949
...@@ -177,13 +177,14 @@ const ERROR_IO_CHDIR = 1310; ...@@ -177,13 +177,14 @@ const ERROR_IO_CHDIR = 1310;
//Report //Report
const ERROR_UNKNOWN_LINK_QUALIFIER = 1400; const ERROR_UNKNOWN_LINK_QUALIFIER = 1400;
const ERROR_UNDEFINED_RENDER_CONTROL_COMBINATION = 1401; const ERROR_UNDEFINED_RENDER_CONTROL_COMBINATION = 1401;
const ERROR_MISSING_VALUE = 1402; const ERROR_MISSING_REQUIRED_DELETE_QUALIFIER = 1402;
const ERROR_INVALID_VALUE = 1403; const ERROR_MISSING_VALUE = 1403;
const ERROR_MULTIPLE_DEFINITION = 1404; const ERROR_INVALID_VALUE = 1404;
const ERROR_MULTIPLE_URL_PAGE_MAILTO_DEFINITION = 1405; const ERROR_MULTIPLE_DEFINITION = 1405;
const ERROR_UNKNOWN_TOKEN = 1406; const ERROR_MULTIPLE_URL_PAGE_MAILTO_DEFINITION = 1406;
const ERROR_TOO_FEW_PARAMETER_FOR_SENDMAIL = 1407; const ERROR_UNKNOWN_TOKEN = 1407;
const ERROR_TOO_MANY_PARAMETER = 1408; const ERROR_TOO_FEW_PARAMETER_FOR_SENDMAIL = 1408;
const ERROR_TOO_MANY_PARAMETER = 1409;
// Upload // Upload
const ERROR_UPLOAD = 1500; const ERROR_UPLOAD = 1500;
......
extension/qfq/qfq/report/Link.php
+ 30
8
View file @ 91859949
...@@ -30,6 +30,7 @@ require_once(__DIR__ . '/Define.php'); ...@@ -30,6 +30,7 @@ require_once(__DIR__ . '/Define.php');
require_once(__DIR__ . '/../store/Store.php'); require_once(__DIR__ . '/../store/Store.php');
require_once(__DIR__ . '/../store/Sip.php'); require_once(__DIR__ . '/../store/Sip.php');
require_once(__DIR__ . '/../exceptions/UserReportExtension.php'); require_once(__DIR__ . '/../exceptions/UserReportExtension.php');
require_once(__DIR__ . '/../helper/KeyValueStringParser.php');
/* /*
* u:url * u:url
...@@ -829,7 +830,7 @@ EOF; ...@@ -829,7 +830,7 @@ EOF;
// $vars[NAME_URL] = "dummy"; // $vars[NAME_URL] = "dummy";
} }
// Create 'fake' mode for ajax delete // Create 'fake' mode for ajax/html delete
if ($vars[NAME_DELETE]) { if ($vars[NAME_DELETE]) {
$prefix = "2"; $prefix = "2";
} }
...@@ -1045,20 +1046,41 @@ EOF; ...@@ -1045,20 +1046,41 @@ EOF;
*/ */
private function buildDelete($vars) { private function buildDelete($vars) {
// TODO: zur Zeit auskommentiert damit die Tests laufen. Aktuell nicht klar ob es sinnvoll ist die spezielle
// 'DELETE' Funktionalitet hier an das ICON zu knuepfen. Was ist wenn das Icon benutzt werden soll OHNE die SIP Funktion?
// Vermutlich ist es sonnvoller das `_paged` das Flag setzt. Gibt es / soll es eine andere Moeglichkeit geben, ausser _paged,
// die Delete Funktionalitaet zu trigger?
//
// $vars[NAME_DELETE] = true;
$vars[NAME_GLYPH] = GLYPH_ICON_DELETE; $vars[NAME_GLYPH] = GLYPH_ICON_DELETE;
$vars[NAME_GLYPH_TITLE] = "Delete"; $vars[NAME_GLYPH_TITLE] = "Delete";
$vars[NAME_LINK_CLASS_DEFAULT] = NO_CLASS; $vars[NAME_LINK_CLASS_DEFAULT] = NO_CLASS;
// Minimal check for required parameter.
$this->checkDeleteParam($vars[NAME_URL_PARAM]);
return $vars; return $vars;
} }
/**
* Check that at least SIP_RECORD_ID is given and SIP_TABLE or SIP_FORM.
* This check is only processed for COLUMN_PAGED & COLUMN_PPAGED. Not for COLOUMN_LINK, cause it's not known there.
* In case of missing parameter, throw an exception.
*
* @param $urlParam
* @throws UserReportException in case parameter is missing.
*/
private function checkDeleteParam($urlParam) {
// Fill array 'found' with every given token
$found = KeyValueStringParser::parse($urlParam, '=', '&');
$flagRecordId = isset($found[SIP_RECORD_ID]) && $found[SIP_RECORD_ID] != '' && $found[SIP_RECORD_ID] > 0;
$flagTable = isset($found[SIP_TABLE]) && $found[SIP_TABLE] != '';
$flagForm = isset($found[SIP_FORM]) && $found[SIP_FORM] != '';
if ($flagRecordId && ($flagTable || $flagForm)) {
return;
}
throw new UserReportException ("Missing some qualifier/value for column " . COLUMN_PAGED . '/' . COLUMN_PPAGED . ": " .
SIP_RECORD_ID . ", " . SIP_FORM . " or " . SIP_TABLE, ERROR_MISSING_REQUIRED_DELETE_QUALIFIER);
}
/** /**
* Called by $this->callTable * Called by $this->callTable
* *
......
extension/qfq/tests/phpunit/ReportTest.php
+ 6
10
View file @ 91859949
...@@ -239,10 +239,6 @@ class ReportTest extends AbstractDatabaseTest { ...@@ -239,10 +239,6 @@ class ReportTest extends AbstractDatabaseTest {
$result = $this->report->process("10.sql = SELECT 'p:form&r=123&a=hello&type=5&L=3&final=world|N' AS _page FROM Person ORDER BY id LIMIT 1"); $result = $this->report->process("10.sql = SELECT 'p:form&r=123&a=hello&type=5&L=3&final=world|N' AS _page FROM Person ORDER BY id LIMIT 1");
$this->assertEquals('<a href="index.php?id=form&type=5&L=3&s=badcaffee1234" class="btn btn-default" title="New" ><span class="glyphicon glyphicon-plus" ></span></a>', $result); $this->assertEquals('<a href="index.php?id=form&type=5&L=3&s=badcaffee1234" class="btn btn-default" title="New" ><span class="glyphicon glyphicon-plus" ></span></a>', $result);
// page & Delete
$result = $this->report->process("10.sql = SELECT 'p:form&r=123&a=hello&type=5&L=3&final=world|D' AS _page FROM Person ORDER BY id LIMIT 1");
$this->assertEquals('<a href="index.php?id=form&type=5&L=3&s=badcaffee1234" class="btn btn-default" title="Delete" ><span class="glyphicon glyphicon-trash" ></span></a>', $result);
// page & Help // page & Help
$result = $this->report->process("10.sql = SELECT 'p:form&r=123&a=hello&type=5&L=3&final=world|H' AS _page FROM Person ORDER BY id LIMIT 1"); $result = $this->report->process("10.sql = SELECT 'p:form&r=123&a=hello&type=5&L=3&final=world|H' AS _page FROM Person ORDER BY id LIMIT 1");
$this->assertEquals('<a href="index.php?id=form&type=5&L=3&s=badcaffee1234" class="btn btn-default" title="Help" ><span class="glyphicon glyphicon glyphicon-question-sign" ></span></a>', $result); $this->assertEquals('<a href="index.php?id=form&type=5&L=3&s=badcaffee1234" class="btn btn-default" title="Help" ><span class="glyphicon glyphicon glyphicon-question-sign" ></span></a>', $result);
...@@ -668,7 +664,7 @@ return false;" ...@@ -668,7 +664,7 @@ return false;"
EOF; EOF;
// _paged: incl. alert // _paged: incl. alert
$result = $this->report->process("10.sql = SELECT 'U:table=Person' AS _paged FROM Person ORDER BY id LIMIT 1"); $result = $this->report->process("10.sql = SELECT 'U:table=Person&r=123' AS _paged FROM Person ORDER BY id LIMIT 1");
$this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span></a>', $result); $this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span></a>', $result);
// _paged: other than defaults for the alert. // _paged: other than defaults for the alert.
...@@ -679,11 +675,11 @@ EOF; ...@@ -679,11 +675,11 @@ EOF;
$js = str_replace('timeout: 0', 'timeout: 10000', $js); $js = str_replace('timeout: 0', 'timeout: 10000', $js);
$js = str_replace('modal: true', 'modal: false', $js); $js = str_replace('modal: true', 'modal: false', $js);
$js = str_replace("type: 'warning'", "type: 'success'", $js); $js = str_replace("type: 'warning'", "type: 'success'", $js);
$result = $this->report->process("10.sql = SELECT 'U:table=Person|q:Move to trash?:success:yes:no:10:0' AS _paged FROM Person ORDER BY id LIMIT 1"); $result = $this->report->process("10.sql = SELECT 'U:table=Person&r=123|q:Move to trash?:success:yes:no:10:0' AS _paged FROM Person ORDER BY id LIMIT 1");
$this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span></a>', $result); $this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span></a>', $result);
$result = $this->report->process("10.sql = SELECT 'U:table=Person|q:Move to trash?:success:yes:no:10:0|t:click me' AS _paged FROM Person ORDER BY id LIMIT 1"); $result = $this->report->process("10.sql = SELECT 'U:table=Person&r=123|q:Move to trash?:success:yes:no:10:0|t:click me' AS _paged FROM Person ORDER BY id LIMIT 1");
$this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span> click me</a>', $result); $this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span> click me</a>', $result);
} }
...@@ -707,7 +703,7 @@ return false;" ...@@ -707,7 +703,7 @@ return false;"
EOF; EOF;
// _paged: incl. alert // _paged: incl. alert
$result = $this->report->process("10.sql = SELECT 'table=Person' AS _Paged FROM Person ORDER BY id LIMIT 1"); $result = $this->report->process("10.sql = SELECT 'table=Person&r=123' AS _Paged FROM Person ORDER BY id LIMIT 1");
$this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span></a>', $result); $this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span></a>', $result);
// _paged: other than defaults for the alert. // _paged: other than defaults for the alert.
...@@ -718,11 +714,11 @@ EOF; ...@@ -718,11 +714,11 @@ EOF;
$js = str_replace('timeout: 0', 'timeout: 10000', $js); $js = str_replace('timeout: 0', 'timeout: 10000', $js);
$js = str_replace('modal: true', 'modal: false', $js); $js = str_replace('modal: true', 'modal: false', $js);
$js = str_replace("type: 'warning'", "type: 'success'", $js); $js = str_replace("type: 'warning'", "type: 'success'", $js);
$result = $this->report->process("10.sql = SELECT 'table=Person|||Move to trash?:success:yes:no:10:0' AS _Paged FROM Person ORDER BY id LIMIT 1"); $result = $this->report->process("10.sql = SELECT 'table=Person&r=123|||Move to trash?:success:yes:no:10:0' AS _Paged FROM Person ORDER BY id LIMIT 1");
$this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span></a>', $result); $this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span></a>', $result);
$result = $this->report->process("10.sql = SELECT 'table=Person|click me||Move to trash?:success:yes:no:10:0' AS _Paged FROM Person ORDER BY id LIMIT 1"); $result = $this->report->process("10.sql = SELECT 'table=Person&r=123|click me||Move to trash?:success:yes:no:10:0' AS _Paged FROM Person ORDER BY id LIMIT 1");
$this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span> click me</a>', $result); $this->assertEquals('<a href="' . API_DIR . '/' . API_DELETE_PHP . '?s=badcaffee1234" class="btn btn-default" title="Delete" ' . $js . ' ><span class="glyphicon glyphicon-trash" ></span> click me</a>', $result);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment