Commit b817140d authored by Carsten  Rose's avatar Carsten Rose
Browse files

Manual.rst: the new escapeDefaultSetting in forms has been changed to 'c' (=config).

DatabaseUpdateData.php, QuickFormQuery.php, formEditor.sql, TestFormEditor.sql: set new escapeDefaultSetting in Schema.
parent d1b203dd
......@@ -523,7 +523,8 @@ To protect the web application the following `escape` types are available:
* In `config.qfq.ini`_ a global `ESCAPE_TYPE_DEFAULT` can be defined. The configured escape type applies to all substituted
variables, who do not contain a *specific* escape type.
* Additionally a `defaultEscapeType` can be defined per `Form` (separate field in the Form Editor). This overwrites the
global definition of `config.qfq.ini`.
global definition of `config.qfq.ini`. By default, every `Form.defaultEscapeType` = 'c' (=config), which means the settin
in `config.qfq.ini`_.
* To suppress a default escape type, define the `escape type` = '-' on the specific variable. E.g.: `{{name:FE:alnumx:-}}`.
Sanitize class
......
......@@ -442,6 +442,7 @@ const SINGLE_TICK = "'";
const DOUBLE_TICK = '"';
// TOKEN evaluate
const TOKEN_ESCAPE_CONFIG = 'c';
const TOKEN_ESCAPE_SINGLE_TICK = 's';
const TOKEN_ESCAPE_DOUBLE_TICK = 'd';
const TOKEN_ESCAPE_LDAP_FILTER = 'l';
......
......@@ -153,10 +153,8 @@ class QuickFormQuery {
$this->eval = new Evaluate($this->store, $this->db);
$config = $this->store->getStore(STORE_SYSTEM);
$updateDb = new DatabaseUpdate($this->db);
$updateDb->checkNupdate($config[SYSTEM_DB_SERVER], $config[SYSTEM_DB_USER], $config[SYSTEM_DB_PASSWORD], $config[SYSTEM_DB_NAME]);
$updateDb->checkNupdate();
}
......@@ -665,7 +663,7 @@ class QuickFormQuery {
$formSpec[F_SUBMIT_BUTTON_TEXT] = '';
}
if ($formSpec[F_ESCAPE_TYPE_DEFAULT] == '') {
if ($formSpec[F_ESCAPE_TYPE_DEFAULT] == TOKEN_ESCAPE_CONFIG) {
$formSpec[F_ESCAPE_TYPE_DEFAULT] = $this->store->getVar(F_ESCAPE_TYPE_DEFAULT, STORE_SYSTEM);
}
......
......@@ -38,8 +38,8 @@ $UPDATE_ARRAY = array(
"ALTER TABLE `FormElement` ADD `encode` ENUM( 'none', 'specialchar' ) NOT NULL DEFAULT 'specialchar' AFTER `subrecordOption`",
"UPDATE `FormElement` SET encode='none' WHERE class='native' AND type='editor'",
"ALTER TABLE `Form` ADD `escapeTypeDefault` ENUM( '', 's - single', 'd - double', 'l - ldap search', 'L - ldap value', 'm - mysqlRealEscapeString', '- none' ) NOT NULL DEFAULT '' AFTER `permitEdit`",
"UPDATE `Form` SET `escapeTypeDefault`='- none'",
"ALTER TABLE `Form` ADD `escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'c' AFTER `permitEdit`",
"UPDATE `Form` SET `escapeTypeDefault`='-'",
],
);
......
......@@ -9,7 +9,7 @@ CREATE TABLE IF NOT EXISTS `Form` (
`permitNew` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`permitEdit` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`escapeTypeDefault` ENUM('', 's', 'd', 'l', 'L', 'm', '-') NOT NULL DEFAULT 's',
`escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'c',
`render` ENUM('bootstrap', 'table', 'plain') NOT NULL DEFAULT 'bootstrap',
`requiredParameter` VARCHAR(255) NOT NULL DEFAULT '',
`showButton` SET('new', 'delete', 'close', 'save') NOT NULL DEFAULT 'new,delete,close,save',
......@@ -165,7 +165,7 @@ VALUES
(1, 'requiredParameter', 'Required Parameter', 'show', 'text', 'all', 'native', 200, 0, 0, '', '', '', '', '', 2, '', '', '', 'specialchar'),
(1, 'permitNew', 'Permit New', 'show', 'radio', 'all', 'native', 210, 0, 10, '', '', '', '', '', 2, '', '', '', 'specialchar'),
(1, 'permitEdit', 'Permit Edit', 'show', 'radio', 'all', 'native', 220, 0, 10, '', '', '', '', '', 2, '', '', '', 'specialchar'),
(1, 'escapeTypeDefault', 'Escape type default', 'show', 'radio', 'all', 'native', 230, 0, 10, '', '', '', '', '', 2, '', '', '', 'specialchar'),
(1, 'escapeTypeDefault', 'Escape type default', 'show', 'radio', 'all', 'native', 230, 0, 10, '', '', '', '', 'itemList=c:config,s:single,d:double,l:ldap search,L:ldap value,m:mysql realEscapeString,-:none', 2, '', '', '', 'specialchar'),
(1, 'render', 'Render', 'show', 'radio', 'all', 'native', 240, 0, 3, '', '', '', '', '', 2, '', '', '', 'specialchar'),
(1, 'showButton', 'Show button', 'show', 'checkbox', 'all', 'native', 250, 0, 5, '', '', '', '', 'checkBoxMode = multi\norientation=vertical', 2, '', '', '', 'specialchar'),
......
......@@ -9,7 +9,7 @@ CREATE TABLE IF NOT EXISTS `Form` (
`permitNew` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`permitEdit` ENUM('sip', 'logged_in', 'logged_out', 'always', 'never') NOT NULL DEFAULT 'sip',
`escapeTypeDefault` ENUM('', 's', 'd', 'l', 'L', 'm', '-') NOT NULL DEFAULT 's',
`escapeTypeDefault` VARCHAR(32) NOT NULL DEFAULT 'c',
`render` ENUM('plain', 'table', 'bootstrap') NOT NULL DEFAULT 'plain',
`requiredParameter` VARCHAR(255) NOT NULL DEFAULT '',
`showButton` SET('new', 'delete') NOT NULL DEFAULT 'new,delete',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment