Commit b817140d authored by Carsten  Rose's avatar Carsten Rose
Browse files

Manual.rst: the new escapeDefaultSetting in forms has been changed to 'c' (=config).

DatabaseUpdateData.php, QuickFormQuery.php, formEditor.sql, TestFormEditor.sql: set new escapeDefaultSetting in Schema.
parent d1b203dd
...@@ -523,7 +523,8 @@ To protect the web application the following `escape` types are available: ...@@ -523,7 +523,8 @@ To protect the web application the following `escape` types are available:
* In `config.qfq.ini`_ a global `ESCAPE_TYPE_DEFAULT` can be defined. The configured escape type applies to all substituted * In `config.qfq.ini`_ a global `ESCAPE_TYPE_DEFAULT` can be defined. The configured escape type applies to all substituted
variables, who do not contain a *specific* escape type. variables, who do not contain a *specific* escape type.
* Additionally a `defaultEscapeType` can be defined per `Form` (separate field in the Form Editor). This overwrites the * Additionally a `defaultEscapeType` can be defined per `Form` (separate field in the Form Editor). This overwrites the
global definition of `config.qfq.ini`. global definition of `config.qfq.ini`. By default, every `Form.defaultEscapeType` = 'c' (=config), which means the settin
in `config.qfq.ini`_.
* To suppress a default escape type, define the `escape type` = '-' on the specific variable. E.g.: `{{name:FE:alnumx:-}}`. * To suppress a default escape type, define the `escape type` = '-' on the specific variable. E.g.: `{{name:FE:alnumx:-}}`.
Sanitize class Sanitize class
......
...@@ -442,6 +442,7 @@ const SINGLE_TICK = "'"; ...@@ -442,6 +442,7 @@ const SINGLE_TICK = "'";
const DOUBLE_TICK = '"'; const DOUBLE_TICK = '"';
// TOKEN evaluate // TOKEN evaluate
const TOKEN_ESCAPE_CONFIG = 'c';
const TOKEN_ESCAPE_SINGLE_TICK = 's'; const TOKEN_ESCAPE_SINGLE_TICK = 's';
const TOKEN_ESCAPE_DOUBLE_TICK = 'd'; const TOKEN_ESCAPE_DOUBLE_TICK = 'd';
const TOKEN_ESCAPE_LDAP_FILTER = 'l'; const TOKEN_ESCAPE_LDAP_FILTER = 'l';
......
...@@ -153,10 +153,8 @@ class QuickFormQuery { ...@@ -153,10 +153,8 @@ class QuickFormQuery {
$this->eval = new Evaluate($this->store, $this->db); $this->eval = new Evaluate($this->store, $this->db);
$config = $this->store->getStore(STORE_SYSTEM);
$updateDb = new DatabaseUpdate($this->db); $updateDb = new DatabaseUpdate($this->db);
$updateDb->checkNupdate($config[SYSTEM_DB_SERVER], $config[SYSTEM_DB_USER], $config[SYSTEM_DB_PASSWORD], $config[SYSTEM_DB_NAME]); $updateDb->checkNupdate();
} }
...@@ -665,7 +663,7 @@ class QuickFormQuery { ...@@ -665,7 +663,7 @@ class QuickFormQuery {
$formSpec[F_SUBMIT_BUTTON_TEXT] = ''; $formSpec[F_SUBMIT_BUTTON_TEXT] = '';
} }
if ($formSpec[F_ESCAPE_TYPE_DEFAULT] == '') { if ($formSpec[F_ESCAPE_TYPE_DEFAULT] == TOKEN_ESCAPE_CONFIG) {
$formSpec[F_ESCAPE_TYPE_DEFAULT] = $this->store->getVar(F_ESCAPE_TYPE_DEFAULT, STORE_SYSTEM); $formSpec[F_ESCAPE_TYPE_DEFAULT] = $this->store->getVar(F_ESCAPE_TYPE_DEFAULT, STORE_SYSTEM);
} }
......
...@@ -38,8 +38,8 @@ $UPDATE_ARRAY = array( ...@@ -38,8 +38,8 @@ $UPDATE_ARRAY = array(
"ALTER TABLE `FormElement` ADD `encode` ENUM( 'none', 'specialchar' ) NOT NULL DEFAULT 'specialchar' AFTER `subrecordOption`", "ALTER TABLE `FormElement` ADD `encode` ENUM( 'none', 'specialchar' ) NOT NULL DEFAULT 'specialchar' AFTER `subrecordOption`",
"UPDATE `FormElement` SET encode='none' WHERE class='native' AND type='editor'", "UPDATE `FormElement` SET encode='none' WHERE class='native' AND type='editor'",
"ALTER TABLE `Form` ADD `escapeTypeDefault` ENUM( '', 's - single', 'd - double', 'l - ldap search', 'L - ldap value', 'm - mysqlRealEscapeString', '- none' ) NOT NULL DEFAULT '' AFTER `permitEdit`", "ALTER TABLE `Form` ADD `escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'c' AFTER `permitEdit`",
"UPDATE `Form` SET `escapeTypeDefault`='- none'", "UPDATE `Form` SET `escapeTypeDefault`='-'",
], ],
); );
......
...@@ -9,8 +9,8 @@ CREATE TABLE IF NOT EXISTS `Form` ( ...@@ -9,8 +9,8 @@ CREATE TABLE IF NOT EXISTS `Form` (
`permitNew` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip', `permitNew` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`permitEdit` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip', `permitEdit` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`escapeTypeDefault` ENUM('', 's', 'd', 'l', 'L', 'm', '-') NOT NULL DEFAULT 's', `escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'c',
`render` ENUM('bootstrap', 'table', 'plain') NOT NULL DEFAULT 'bootstrap', `render` ENUM('bootstrap', 'table', 'plain') NOT NULL DEFAULT 'bootstrap',
`requiredParameter` VARCHAR(255) NOT NULL DEFAULT '', `requiredParameter` VARCHAR(255) NOT NULL DEFAULT '',
`showButton` SET('new', 'delete', 'close', 'save') NOT NULL DEFAULT 'new,delete,close,save', `showButton` SET('new', 'delete', 'close', 'save') NOT NULL DEFAULT 'new,delete,close,save',
`multiMode` ENUM('none', 'horizontal', 'vertical') NOT NULL DEFAULT 'none', `multiMode` ENUM('none', 'horizontal', 'vertical') NOT NULL DEFAULT 'none',
...@@ -28,7 +28,7 @@ CREATE TABLE IF NOT EXISTS `Form` ( ...@@ -28,7 +28,7 @@ CREATE TABLE IF NOT EXISTS `Form` (
`parameter` TEXT NOT NULL, `parameter` TEXT NOT NULL,
`deleted` ENUM('yes', 'no') NOT NULL DEFAULT 'no', `deleted` ENUM('yes', 'no') NOT NULL DEFAULT 'no',
`modified` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `modified` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`created` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00', `created` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
...@@ -165,7 +165,7 @@ VALUES ...@@ -165,7 +165,7 @@ VALUES
(1, 'requiredParameter', 'Required Parameter', 'show', 'text', 'all', 'native', 200, 0, 0, '', '', '', '', '', 2, '', '', '', 'specialchar'), (1, 'requiredParameter', 'Required Parameter', 'show', 'text', 'all', 'native', 200, 0, 0, '', '', '', '', '', 2, '', '', '', 'specialchar'),
(1, 'permitNew', 'Permit New', 'show', 'radio', 'all', 'native', 210, 0, 10, '', '', '', '', '', 2, '', '', '', 'specialchar'), (1, 'permitNew', 'Permit New', 'show', 'radio', 'all', 'native', 210, 0, 10, '', '', '', '', '', 2, '', '', '', 'specialchar'),
(1, 'permitEdit', 'Permit Edit', 'show', 'radio', 'all', 'native', 220, 0, 10, '', '', '', '', '', 2, '', '', '', 'specialchar'), (1, 'permitEdit', 'Permit Edit', 'show', 'radio', 'all', 'native', 220, 0, 10, '', '', '', '', '', 2, '', '', '', 'specialchar'),
(1, 'escapeTypeDefault', 'Escape type default', 'show', 'radio', 'all', 'native', 230, 0, 10, '', '', '', '', '', 2, '', '', '', 'specialchar'), (1, 'escapeTypeDefault', 'Escape type default', 'show', 'radio', 'all', 'native', 230, 0, 10, '', '', '', '', 'itemList=c:config,s:single,d:double,l:ldap search,L:ldap value,m:mysql realEscapeString,-:none', 2, '', '', '', 'specialchar'),
(1, 'render', 'Render', 'show', 'radio', 'all', 'native', 240, 0, 3, '', '', '', '', '', 2, '', '', '', 'specialchar'), (1, 'render', 'Render', 'show', 'radio', 'all', 'native', 240, 0, 3, '', '', '', '', '', 2, '', '', '', 'specialchar'),
(1, 'showButton', 'Show button', 'show', 'checkbox', 'all', 'native', 250, 0, 5, '', '', '', '', 'checkBoxMode = multi\norientation=vertical', 2, '', '', '', 'specialchar'), (1, 'showButton', 'Show button', 'show', 'checkbox', 'all', 'native', 250, 0, 5, '', '', '', '', 'checkBoxMode = multi\norientation=vertical', 2, '', '', '', 'specialchar'),
......
...@@ -9,7 +9,7 @@ CREATE TABLE IF NOT EXISTS `Form` ( ...@@ -9,7 +9,7 @@ CREATE TABLE IF NOT EXISTS `Form` (
`permitNew` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip', `permitNew` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`permitEdit` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip', `permitEdit` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`escapeTypeDefault` ENUM('', 's', 'd', 'l', 'L', 'm', '-') NOT NULL DEFAULT 's', `escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'c',
`render` ENUM('plain', 'table', 'bootstrap') NOT NULL DEFAULT 'plain', `render` ENUM('plain', 'table', 'bootstrap') NOT NULL DEFAULT 'plain',
`requiredParameter` VARCHAR(255) NOT NULL DEFAULT '', `requiredParameter` VARCHAR(255) NOT NULL DEFAULT '',
`showButton` SET('new', 'delete') NOT NULL DEFAULT 'new,delete', `showButton` SET('new', 'delete') NOT NULL DEFAULT 'new,delete',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment