Commit a52e56ed authored by Elias Villiger's avatar Elias Villiger
Browse files

Feature #4542 - Attempt to check decimalFormat parameter

parent 317d1ff6
......@@ -1652,7 +1652,7 @@ abstract class AbstractBuildForm {
*
* @return array
*/
private function getDecimalSize($column) {
public function getDecimalInfoFromTable($column) {
// Get column definition
$fieldTypeDefinition = $this->store->getVar($column, STORE_TABLE_COLUMN_TYPES);
......
......@@ -188,6 +188,7 @@ const ERROR_MISSING_FILE_NAME = 1081;
const ERROR_MAX_FILE_SIZE_TOO_BIG = 1082;
const ERROR_SMALLER_THAN_MIN = 1083;
const ERROR_LARGER_THAN_MAX = 1084;
const ERROR_INVALID_DECIMAL_FORMAT = 1085;
// Subrecord
const ERROR_SUBRECORD_MISSING_COLUMN_ID = 1100;
......
......@@ -67,7 +67,7 @@ class Sanitize {
if ($decimalFormat !== null) {
if ($sanitizeClass !== SANITIZE_ALLOW_PATTERN && $sanitizeClass !== SANITIZE_ALLOW_DIGIT) {
// overwrite pattern
$pattern = getDecimalFormatPattern($decimalFormat);
$pattern = self::getDecimalFormatPattern($decimalFormat);
}
}
......
......@@ -237,9 +237,28 @@ class FillStoreForm {
$val = Support::unWrapTag('<p>', $val);
}
$decimalFormat = null;
if (isset($formElement[FE_DECIMAL_FORMAT])) {
// Read decimal format from parameter field
if (preg_match("/^([0-9]*)(,[0-9]+)?$", $formElement[FE_DECIMAL_FORMAT])
&& $formElement[FE_DECIMAL_FORMAT] != '') {
$decimalFormat = explode(',', $formElement[FE_DECIMAL_FORMAT]);
if ($decimalFormat[0] === '')
$decimalFormat[0] = 10; // default size
if (count($decimalFormat) == 1)
$decimalFormat[1] = 2; // default precision
} else {
throw new UserFormException("Invalid decimalFormat.", ERROR_INVALID_DECIMAL_FORMAT);
}
} else {
// Get decimal format from column definition
$decimalFormat = AbstractBuildForm::getDecimalInfoFromTable($formElement[FE_NAME]);
}
// Check only if there is something.
if ($val !== '') {
$val = Sanitize::sanitize($val, $formElement[FE_CHECK_TYPE], $formElement[FE_CHECK_PATTERN], SANITIZE_EXCEPTION);
$val = Sanitize::sanitize($val, $formElement[FE_CHECK_TYPE], $formElement[FE_CHECK_PATTERN],
$decimalFormat, SANITIZE_EXCEPTION);
if ($formElement[FE_ENCODE] === FE_ENCODE_SPECIALCHAR) {
// $val = htmlspecialchars($val, ENT_QUOTES);
$val = Support::htmlEntityEncodeDecode(MODE_ENCODE, $val);
......
......@@ -478,7 +478,7 @@ class Store {
$sanitizeClass = SANITIZE_ALLOW_ALL;
}
return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass, '', SANITIZE_EMPTY_STRING);
return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass, '', null, SANITIZE_EMPTY_STRING);
} else {
if ($store == STORE_SIP && (substr($key, 0, $len) == SIP_PREFIX_BASE64)) {
$rawVal = base64_decode($rawVal);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment