Commit cd98246d authored by Carsten  Rose's avatar Carsten Rose
Browse files

Store: unescape characters submitted by post.

formEditor: fixed typo
parent 149129d2
......@@ -76,6 +76,7 @@ class Save {
$tableColumns = array_keys($this->store->getStore(STORE_TABLE_COLUMN_TYPES));
$clientValues = $this->store->getStore(STORE_CLIENT);
$sipValues = $this->store->getStore(STORE_SIP);
// Iterate over all table.columns. Built an assoc array $newValues.
......
......@@ -160,7 +160,7 @@ class Store {
} catch (\Exception $e) {
throw new qfq\UserException ("Error read file " . QFQ_INI . ": " . $e->getMessage(), ERROR_READ_FILE);
}
self::setVarArray($config, STORE_SYSTEM,true);
self::setVarArray($config, STORE_SYSTEM, true);
}
/**
......@@ -215,6 +215,11 @@ class Store {
// copy GET and POST and SERVER Parameter. Priority: SERVER, POST, GET
$arr = array_merge($_GET, $_POST, $_SERVER);
//TODO: CR - I do not understand why the parameter are escaped?! Remove the backslashes.
foreach ($arr as $key => $val) {
$arr[$key] = stripslashes($val);
}
self::setVarArray($arr, STORE_CLIENT, true);
}
......@@ -389,7 +394,7 @@ class Store {
*/
public static function getStore($store) {
// Check valid Storename
if (!isset(self::$sanatizeStore))
if (!isset(self::$sanatizeStore[$store]))
throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE);
if ($store === STORE_ZERO)
......
......@@ -221,4 +221,4 @@ INSERT INTO FormElement (id, formId, name, label, mode, type, class, ord, size,
VALUES
(200, 3, 'name', 'Name', 'show', 'text', 'native', 10, 50, 255, '', '', '', '', '', '', 0, 'no'),
(201, 3, 'firstName', 'Firstname', 'show', 'text', 'native', 10, 50, 255, '', '', '', '', '', '', 0, 'no');
(201, 3, 'firstname', 'Firstname', 'show', 'text', 'native', 10, 50, 255, '', '', '', '', '', '', 0, 'no');
......@@ -179,6 +179,10 @@ class StoreTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals(false, $this->store->getVar('apple', STORE_RECORD), "Retrieve a value from store.");
}
/**
* @expectedException \qfq\UserException
*
*/
public function testGetStore() {
$this->assertEquals(array(), $this->store->getStore('unknownstore'));
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment