Commit a52e56ed authored by Elias Villiger's avatar Elias Villiger
Browse files

Feature #4542 - Attempt to check decimalFormat parameter

parent 317d1ff6
...@@ -1652,7 +1652,7 @@ abstract class AbstractBuildForm { ...@@ -1652,7 +1652,7 @@ abstract class AbstractBuildForm {
* *
* @return array * @return array
*/ */
private function getDecimalSize($column) { public function getDecimalInfoFromTable($column) {
// Get column definition // Get column definition
$fieldTypeDefinition = $this->store->getVar($column, STORE_TABLE_COLUMN_TYPES); $fieldTypeDefinition = $this->store->getVar($column, STORE_TABLE_COLUMN_TYPES);
......
...@@ -188,6 +188,7 @@ const ERROR_MISSING_FILE_NAME = 1081; ...@@ -188,6 +188,7 @@ const ERROR_MISSING_FILE_NAME = 1081;
const ERROR_MAX_FILE_SIZE_TOO_BIG = 1082; const ERROR_MAX_FILE_SIZE_TOO_BIG = 1082;
const ERROR_SMALLER_THAN_MIN = 1083; const ERROR_SMALLER_THAN_MIN = 1083;
const ERROR_LARGER_THAN_MAX = 1084; const ERROR_LARGER_THAN_MAX = 1084;
const ERROR_INVALID_DECIMAL_FORMAT = 1085;
// Subrecord // Subrecord
const ERROR_SUBRECORD_MISSING_COLUMN_ID = 1100; const ERROR_SUBRECORD_MISSING_COLUMN_ID = 1100;
......
...@@ -67,7 +67,7 @@ class Sanitize { ...@@ -67,7 +67,7 @@ class Sanitize {
if ($decimalFormat !== null) { if ($decimalFormat !== null) {
if ($sanitizeClass !== SANITIZE_ALLOW_PATTERN && $sanitizeClass !== SANITIZE_ALLOW_DIGIT) { if ($sanitizeClass !== SANITIZE_ALLOW_PATTERN && $sanitizeClass !== SANITIZE_ALLOW_DIGIT) {
// overwrite pattern // overwrite pattern
$pattern = getDecimalFormatPattern($decimalFormat); $pattern = self::getDecimalFormatPattern($decimalFormat);
} }
} }
......
...@@ -237,9 +237,28 @@ class FillStoreForm { ...@@ -237,9 +237,28 @@ class FillStoreForm {
$val = Support::unWrapTag('<p>', $val); $val = Support::unWrapTag('<p>', $val);
} }
$decimalFormat = null;
if (isset($formElement[FE_DECIMAL_FORMAT])) {
// Read decimal format from parameter field
if (preg_match("/^([0-9]*)(,[0-9]+)?$", $formElement[FE_DECIMAL_FORMAT])
&& $formElement[FE_DECIMAL_FORMAT] != '') {
$decimalFormat = explode(',', $formElement[FE_DECIMAL_FORMAT]);
if ($decimalFormat[0] === '')
$decimalFormat[0] = 10; // default size
if (count($decimalFormat) == 1)
$decimalFormat[1] = 2; // default precision
} else {
throw new UserFormException("Invalid decimalFormat.", ERROR_INVALID_DECIMAL_FORMAT);
}
} else {
// Get decimal format from column definition
$decimalFormat = AbstractBuildForm::getDecimalInfoFromTable($formElement[FE_NAME]);
}
// Check only if there is something. // Check only if there is something.
if ($val !== '') { if ($val !== '') {
$val = Sanitize::sanitize($val, $formElement[FE_CHECK_TYPE], $formElement[FE_CHECK_PATTERN], SANITIZE_EXCEPTION); $val = Sanitize::sanitize($val, $formElement[FE_CHECK_TYPE], $formElement[FE_CHECK_PATTERN],
$decimalFormat, SANITIZE_EXCEPTION);
if ($formElement[FE_ENCODE] === FE_ENCODE_SPECIALCHAR) { if ($formElement[FE_ENCODE] === FE_ENCODE_SPECIALCHAR) {
// $val = htmlspecialchars($val, ENT_QUOTES); // $val = htmlspecialchars($val, ENT_QUOTES);
$val = Support::htmlEntityEncodeDecode(MODE_ENCODE, $val); $val = Support::htmlEntityEncodeDecode(MODE_ENCODE, $val);
......
...@@ -478,7 +478,7 @@ class Store { ...@@ -478,7 +478,7 @@ class Store {
$sanitizeClass = SANITIZE_ALLOW_ALL; $sanitizeClass = SANITIZE_ALLOW_ALL;
} }
return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass, '', SANITIZE_EMPTY_STRING); return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass, '', null, SANITIZE_EMPTY_STRING);
} else { } else {
if ($store == STORE_SIP && (substr($key, 0, $len) == SIP_PREFIX_BASE64)) { if ($store == STORE_SIP && (substr($key, 0, $len) == SIP_PREFIX_BASE64)) {
$rawVal = base64_decode($rawVal); $rawVal = base64_decode($rawVal);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment