Commit b1f352d3 authored by Elias Villiger's avatar Elias Villiger Committed by bbaer
Browse files

Feature #5414 - Checktype auto: extend documentation and rules

parent 7daa6011
......@@ -980,12 +980,28 @@ For QFQ variables and FormElements:
Only in FormElement:
+------------------+------+-------+-----------------------------------------------------------------------------------------+
| **auto** | Form | | Only supported for FormElements. Most suitable checktype is dynamically evaluated based |
| | | | native column definition, the FormElement type, and other info. See below for details. |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
| **email** | Form | Query | [a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,} |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
| **pattern** | Form | | Compares the value against a regexp. |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
Rules for CheckType Auto (by priority):
* TypeAheadSQL or TypeAheadLDAP defined: **alnumx**
* Table definition
* integer type: **digit**
* floating point number: **numerical**
* FE Type
* 'password', 'note': **all**
* 'editor', 'text' and encode = 'specialchar': **all**
* None of the above: **alnumx**
.. _`variable-escape`:
Escape
......@@ -2321,9 +2337,10 @@ Fields:
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
|Encode | 'none', 'specialchar' | With 'specialchar' (default) the chars <>"'& will be encoded to their htmlentity. _`field-encode` |
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
|Check Type | enum('alnumx','digit', | _`field-checktype` |
| | 'numerical','email', | |
| | 'pattern','allbut','all') | |
|Check Type | enum('auto', 'alnumx', | _`sanitize-class` |
| | 'digit', 'numerical', | |
| | 'email', 'pattern', | |
| | 'allbut', 'all') | |
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
|Check Pattern | 'regexp' |_`field-checkpattern`: If $checkType=='pattern': pattern to match |
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
......
......@@ -825,6 +825,19 @@ class Support {
$checkType = false;
$inputType = '';
switch ($formElement[FE_TYPE]) {
case FE_TYPE_PASSWORD:
case FE_TYPE_NOTE:
$checkType = SANITIZE_ALLOW_ALL;
break;
case FE_TYPE_EDITOR:
case FE_TYPE_TEXT:
if ($formElement[FE_ENCODE] === FE_ENCODE_SPECIALCHAR)
$checkType = SANITIZE_ALLOW_ALL;
break;
}
switch ($token) {
case 'tinyint':
case 'smallint':
......@@ -854,20 +867,9 @@ class Support {
$inputType = 'number';
$checkType = SANITIZE_ALLOW_DIGIT;
break;
case 'text':
case 'varchar':
case 'tinytext':
case 'mediumtext':
case 'longtext':
if ($formElement[FE_ENCODE] === FE_ENCODE_SPECIALCHAR)
$checkType = SANITIZE_ALLOW_ALL;
else
$checkType = SANITIZE_ALLOW_ALNUMX;
break;
}
if (!empty($formElement[FE_TYPEAHEAD_SQL])) {
if (!empty($formElement[FE_TYPEAHEAD_SQL]) || !empty($formElement[FE_TYPEAHEAD_LDAP])) {
$inputType = '';
$checkType = SANITIZE_ALLOW_ALNUMX;
}
......@@ -937,7 +939,7 @@ class Support {
$feMaxLength = 10;
break;
case 'datetime':
$feMaxLength = 19;
$feMaxLength = empty($formElement[FE_SHOW_SECONDS]) ? 16 : 19;
break;
case 'time':
$feMaxLength = 8;
......
......@@ -898,19 +898,11 @@ class LinkTest extends \PHPUnit_Framework_TestCase {
// some text, with double ticks inside
$result = $link->renderLink('u:http://example.com|o:hello world "some more text" end');
$this->assertEquals('<a href="http://example.com" title="hello world \\"some more text\\" end" >http://example.com</a>', $result);
// some text, with already escaped double ticks inside
$result = $link->renderLink('u:http://example.com|o:hello world \\"some more text\\" end');
$this->assertEquals('<a href="http://example.com" title="hello world \\"some more text\\" end" >http://example.com</a>', $result);
$this->assertEquals('<a href="http://example.com" title="hello world &quot;some more text&quot; end" >http://example.com</a>', $result);
// some text with single ticks
$result = $link->renderLink('u:http://example.com|o:hello world \'some more text\' end');
$this->assertEquals('<a href="http://example.com" title="hello world \'some more text\' end" >http://example.com</a>', $result);
// some text with already escaped single ticks
$result = $link->renderLink('u:http://example.com|o:hello world \\\'some more text\\\' end');
$this->assertEquals('<a href="http://example.com" title="hello world \\\'some more text\\\' end" >http://example.com</a>', $result);
}
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment