diff --git a/extension/Documentation/Manual.rst b/extension/Documentation/Manual.rst
index a4461b86da7d58f4eec56ed30714dad3ff96ec7f..4c2210ed4f8c0dd4c5f2641afb55fa1925169608 100644
--- a/extension/Documentation/Manual.rst
+++ b/extension/Documentation/Manual.rst
@@ -980,12 +980,28 @@ For QFQ variables and FormElements:
Only in FormElement:
++------------------+------+-------+-----------------------------------------------------------------------------------------+
+| **auto** | Form | | Only supported for FormElements. Most suitable checktype is dynamically evaluated based |
+| | | | native column definition, the FormElement type, and other info. See below for details. |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
| **email** | Form | Query | [a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,} |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
| **pattern** | Form | | Compares the value against a regexp. |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
+
+Rules for CheckType Auto (by priority):
+
+* TypeAheadSQL or TypeAheadLDAP defined: **alnumx**
+* Table definition
+ * integer type: **digit**
+ * floating point number: **numerical**
+* FE Type
+ * 'password', 'note': **all**
+ * 'editor', 'text' and encode = 'specialchar': **all**
+* None of the above: **alnumx**
+
+
.. _`variable-escape`:
Escape
@@ -2321,9 +2337,10 @@ Fields:
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
|Encode | 'none', 'specialchar' | With 'specialchar' (default) the chars <>"'& will be encoded to their htmlentity. _`field-encode` |
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
-|Check Type | enum('alnumx','digit', | _`field-checktype` |
-| | 'numerical','email', | |
-| | 'pattern','allbut','all') | |
+|Check Type | enum('auto', 'alnumx', | _`sanitize-class` |
+| | 'digit', 'numerical', | |
+| | 'email', 'pattern', | |
+| | 'allbut', 'all') | |
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
|Check Pattern | 'regexp' |_`field-checkpattern`: If $checkType=='pattern': pattern to match |
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
diff --git a/extension/qfq/qfq/helper/Support.php b/extension/qfq/qfq/helper/Support.php
index fc484ae1633819f7a0f67e6b258fac07c85513c8..2c7d8c38aa6d990fa490c2f13630b5dcc73a16d4 100644
--- a/extension/qfq/qfq/helper/Support.php
+++ b/extension/qfq/qfq/helper/Support.php
@@ -825,6 +825,19 @@ class Support {
$checkType = false;
$inputType = '';
+ switch ($formElement[FE_TYPE]) {
+ case FE_TYPE_PASSWORD:
+ case FE_TYPE_NOTE:
+ $checkType = SANITIZE_ALLOW_ALL;
+ break;
+
+ case FE_TYPE_EDITOR:
+ case FE_TYPE_TEXT:
+ if ($formElement[FE_ENCODE] === FE_ENCODE_SPECIALCHAR)
+ $checkType = SANITIZE_ALLOW_ALL;
+ break;
+ }
+
switch ($token) {
case 'tinyint':
case 'smallint':
@@ -854,20 +867,9 @@ class Support {
$inputType = 'number';
$checkType = SANITIZE_ALLOW_DIGIT;
break;
-
- case 'text':
- case 'varchar':
- case 'tinytext':
- case 'mediumtext':
- case 'longtext':
- if ($formElement[FE_ENCODE] === FE_ENCODE_SPECIALCHAR)
- $checkType = SANITIZE_ALLOW_ALL;
- else
- $checkType = SANITIZE_ALLOW_ALNUMX;
- break;
}
- if (!empty($formElement[FE_TYPEAHEAD_SQL])) {
+ if (!empty($formElement[FE_TYPEAHEAD_SQL]) || !empty($formElement[FE_TYPEAHEAD_LDAP])) {
$inputType = '';
$checkType = SANITIZE_ALLOW_ALNUMX;
}
@@ -937,7 +939,7 @@ class Support {
$feMaxLength = 10;
break;
case 'datetime':
- $feMaxLength = 19;
+ $feMaxLength = empty($formElement[FE_SHOW_SECONDS]) ? 16 : 19;
break;
case 'time':
$feMaxLength = 8;
diff --git a/extension/qfq/tests/phpunit/LinkTest.php b/extension/qfq/tests/phpunit/LinkTest.php
index 08a114b1327ceeb1e08f00c1d252b5cfd3b5da89..b4854b7dbb8ad400f546ed83d8a02208d620360d 100644
--- a/extension/qfq/tests/phpunit/LinkTest.php
+++ b/extension/qfq/tests/phpunit/LinkTest.php
@@ -898,19 +898,11 @@ class LinkTest extends \PHPUnit_Framework_TestCase {
// some text, with double ticks inside
$result = $link->renderLink('u:http://example.com|o:hello world "some more text" end');
- $this->assertEquals('<a href="http://example.com" title="hello world \\"some more text\\" end" >http://example.com</a>', $result);
-
- // some text, with already escaped double ticks inside
- $result = $link->renderLink('u:http://example.com|o:hello world \\"some more text\\" end');
- $this->assertEquals('<a href="http://example.com" title="hello world \\"some more text\\" end" >http://example.com</a>', $result);
+ $this->assertEquals('<a href="http://example.com" title="hello world "some more text" end" >http://example.com</a>', $result);
// some text with single ticks
$result = $link->renderLink('u:http://example.com|o:hello world \'some more text\' end');
$this->assertEquals('<a href="http://example.com" title="hello world \'some more text\' end" >http://example.com</a>', $result);
-
- // some text with already escaped single ticks
- $result = $link->renderLink('u:http://example.com|o:hello world \\\'some more text\\\' end');
- $this->assertEquals('<a href="http://example.com" title="hello world \\\'some more text\\\' end" >http://example.com</a>', $result);
}
/**