Commit abd4d593 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Merge branch 'B8109EmailFieldIsFilledWith!!email!!AfterDynamicUpdate' into 'master'

Fixes #8109 change email pattern and disable sanitize for FORM_UPDATE

See merge request !137
parents 439ce045 8f49b7c7
Pipeline #1788 passed with stage
in 2 minutes and 4 seconds
......@@ -697,7 +697,8 @@ abstract class AbstractBuildForm {
$storeUse = str_replace(STORE_TABLE_DEFAULT, '', $storeUse); // Remove STORE_DEFAULT
}
// Retrieve value via FSRVD
$value = $this->store->getVar($name, $storeUse, $formElement[FE_CHECK_TYPE], $foundInStore);
$sanitizeClass=($mode == FORM_UPDATE) ? SANITIZE_ALLOW_ALL : $formElement[FE_CHECK_TYPE];
$value = $this->store->getVar($name, $storeUse, $sanitizeClass, $foundInStore);
}
if ($formElement[FE_ENCODE] === FE_ENCODE_SPECIALCHAR) {
......
......@@ -105,7 +105,7 @@ const SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS = 'c';
const PATTERN_ALNUMX = '^[@\-_\.,;: \/\(\)a-zA-Z0-9ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿç]*$';
const PATTERN_DIGIT = '^[\d]*$';
const PATTERN_NUMERICAL = '^[\d.+-]*$';
const PATTERN_EMAIL = '^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$';
const PATTERN_EMAIL = '^([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})?$';
const PATTERN_ALLBUT = '^[^\[\]{}%\\\\#]*$';
const PATTERN_ALL = '.*';
......
......@@ -152,8 +152,8 @@ class BuildFormPlainTest extends AbstractDatabaseTest {
$formElement[FE_CHECK_TYPE] = SANITIZE_ALLOW_EMAIL;
$formElement[FE_CHECK_PATTERN] = '';
$result = $build->buildInput($formElement, 'name:1', '', $json);
$label['123'][API_ELEMENT_ATTRIBUTE]['pattern'] = '^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$';
$this->assertEquals('<input id="123" name="name:1" class="form-control" maxlength="255" type="input" value="" pattern="^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$" data-pattern-error="' . SANITIZE_ALLOW_EMAIL_MESSAGE . '" data-error="Error" data-hidden="no" data-required="no" ><div class="help-block with-errors hidden"></div>', $result);
$label['123'][API_ELEMENT_ATTRIBUTE]['pattern'] = '^([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})?$';
$this->assertEquals('<input id="123" name="name:1" class="form-control" maxlength="255" type="input" value="" pattern="^([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})?$" data-pattern-error="' . SANITIZE_ALLOW_EMAIL_MESSAGE . '" data-error="Error" data-hidden="no" data-required="no" ><div class="help-block with-errors hidden"></div>', $result);
$this->assertEquals(['disabled' => false, FE_MODE_REQUIRED => '', 'form-element' => 'name:1', 'value' => '', API_ELEMENT_UPDATE => $label], $json);
$formElement[FE_CHECK_TYPE] = SANITIZE_ALLOW_ALL;
......
......@@ -28,7 +28,7 @@ class SanitizeTest extends TestCase {
# Check ''
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('!!email!!', Sanitize::sanitize('', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment