Feature #4542 - Attempt to check decimalFormat parameter

extension/qfq/qfq/AbstractBuildForm.php

@@ -1652,7 +1652,7 @@ abstract class AbstractBuildForm {
      *
      * @return array
      */
-    private function getDecimalSize($column) {
+    public function getDecimalInfoFromTable($column) {
         // Get column definition
         $fieldTypeDefinition = $this->store->getVar($column, STORE_TABLE_COLUMN_TYPES);
 

extension/qfq/qfq/Constants.php

@@ -188,6 +188,7 @@ const ERROR_MISSING_FILE_NAME = 1081;
 const ERROR_MAX_FILE_SIZE_TOO_BIG = 1082;
 const ERROR_SMALLER_THAN_MIN = 1083;
 const ERROR_LARGER_THAN_MAX = 1084;
+const ERROR_INVALID_DECIMAL_FORMAT = 1085;
 
 // Subrecord
 const ERROR_SUBRECORD_MISSING_COLUMN_ID = 1100;

extension/qfq/qfq/helper/Sanitize.php

@@ -67,7 +67,7 @@ class Sanitize {
         if ($decimalFormat !== null) {
             if ($sanitizeClass !== SANITIZE_ALLOW_PATTERN && $sanitizeClass !== SANITIZE_ALLOW_DIGIT) {
                 // overwrite pattern
-                $pattern = getDecimalFormatPattern($decimalFormat);
+                $pattern = self::getDecimalFormatPattern($decimalFormat);
             }
         }
 

extension/qfq/qfq/store/FillStoreForm.php

@@ -237,9 +237,28 @@ class FillStoreForm {
                                 $val = Support::unWrapTag('<p>', $val);
                             }
 
+                            $decimalFormat = null;
+                            if (isset($formElement[FE_DECIMAL_FORMAT])) {
+                                // Read decimal format from parameter field
+                                if (preg_match("/^([0-9]*)(,[0-9]+)?$", $formElement[FE_DECIMAL_FORMAT])
+                                && $formElement[FE_DECIMAL_FORMAT] != '') {
+                                    $decimalFormat = explode(',', $formElement[FE_DECIMAL_FORMAT]);
+                                    if ($decimalFormat[0] === '')
+                                        $decimalFormat[0] = 10; // default size
+                                    if (count($decimalFormat) == 1)
+                                        $decimalFormat[1] = 2; // default precision
+                                } else {
+                                    throw new UserFormException("Invalid decimalFormat.", ERROR_INVALID_DECIMAL_FORMAT);
+                                }
+                            } else {
+                                // Get decimal format from column definition
+                                $decimalFormat = AbstractBuildForm::getDecimalInfoFromTable($formElement[FE_NAME]);
+                            }
+
                             // Check only if there is something.
                             if ($val !== '') {
-                                $val = Sanitize::sanitize($val, $formElement[FE_CHECK_TYPE], $formElement[FE_CHECK_PATTERN], SANITIZE_EXCEPTION);
+                                $val = Sanitize::sanitize($val, $formElement[FE_CHECK_TYPE], $formElement[FE_CHECK_PATTERN],
+                                    $decimalFormat, SANITIZE_EXCEPTION);
                                 if ($formElement[FE_ENCODE] === FE_ENCODE_SPECIALCHAR) {
 //                                    $val = htmlspecialchars($val, ENT_QUOTES);
                                     $val = Support::htmlEntityEncodeDecode(MODE_ENCODE, $val);

extension/qfq/qfq/store/Store.php

@@ -478,7 +478,7 @@ class Store {
                     $sanitizeClass = SANITIZE_ALLOW_ALL;
                 }
 
-                return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass, '', SANITIZE_EMPTY_STRING);
+                return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass, '', null, SANITIZE_EMPTY_STRING);
             } else {
                 if ($store == STORE_SIP && (substr($key, 0, $len) == SIP_PREFIX_BASE64)) {
                     $rawVal = base64_decode($rawVal);