Commit ea3d6806 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Store: check for missing sanitize arg extented to null

Evaluate: parse() and evaluate() will return the last used Store
QuickFormQuery: getFormName() extended to interpret form = {{form}} correctly
Makefile: T# Extension ZIP - config.ini excluded, Documentation included
README.md: adjusted to renamed CSS and JS files: qfq-bs.css, qfq-nin.js
parent 21c39bb0
......@@ -2,7 +2,7 @@ PHPDOC ?= support/pear/phpdoc
JSDOC ?= jsdoc
PKG_VERSION = $(shell awk '/version/ { print $$3 }' extension/ext_emconf.php | sed "s/'//g")
NIGHTLY_DATE = $(shell date '+%Y%m%d')
EXTENSION_CONTENT = Classes Configuration qfq Resources ext_emconf.php ext_localconf.php ext_tables.php config.example.ini
EXTENSION_CONTENT = Classes Configuration Documentation qfq Resources ext_emconf.php ext_localconf.php ext_tables.php config.example.ini
all: archive t3sphinx
......@@ -46,13 +46,13 @@ phpdoc: .phpdocinstall
archive: clean qfq_$(PKG_VERSION).zip
qfq_$(PKG_VERSION).zip:
cd extension; zip -r ../$@ $(EXTENSION_CONTENT)
cd extension; zip -r ../$@ $(EXTENSION_CONTENT) -x config.ini
clean:
rm -f qfq_$(PKG_VERSION).zip
nightly:
rm -f qfq_????????.zip
cd extension; zip -r ../qfq_$(NIGHTLY_DATE) $(EXTENSION_CONTENT)
cd extension; zip -r ../qfq_$(NIGHTLY_DATE) $(EXTENSION_CONTENT) -x config.ini
.PHONY: nightly
......@@ -32,7 +32,7 @@ page.includeCSS {
file2 = typo3conf/ext/qfq/Resources/Public/Css/bootstrap-theme.min.css
file3 = typo3conf/ext/qfq/Resources/Public/Css/jqx.base.css
file4 = typo3conf/ext/qfq/Resources/Public/Css/jqx.darkblue.css
file5 = typo3conf/ext/qfq/Resources/Public/Css/qfq-jqw.css
file5 = typo3conf/ext/qfq/Resources/Public/Css/qfq-bs.css
}
page.includeJS {
......@@ -40,11 +40,11 @@ page.includeJS {
file1 = typo3conf/ext/qfq/Resources/Public/JavaScript/jquery.min.js
file2 = typo3conf/ext/qfq/Resources/Public/JavaScript/bootstrap.min.js
file3 = typo3conf/ext/qfq/Resources/Public/JavaScript/jqx-all.js
file4 = typo3conf/ext/qfq/Resources/Public/JavaScript/qfq-jqw.debug.js
file4 = typo3conf/ext/qfq/Resources/Public/JavaScript/qfq-min.js
}
Usage
-----
* https://wikiit.math.uzh.ch/it/projekt/qfq/qfq-jqwidgets
* typo3conf/ext/qfq/documentation/_make/build/html/index.html
......@@ -60,7 +60,7 @@ class Evaluate {
}
/**
* Recursive evaluation of 'line'.
* Recursive evaluation of 'line'. Constant string, Variables or SQL Query or all of them.
*
* Token to replace have to be enclosed by '{{' and '}}'
*
......@@ -69,7 +69,7 @@ class Evaluate {
* @return array|mixed|null|string
* @throws UserException
*/
public function parse($line, $recursion = 0, &$debugStack = array()) {
public function parse($line, $recursion = 0, &$debugStack = array(), &$foundInStore = '') {
$flagTokenReplaced = false;
if ($recursion > 4) {
......@@ -95,7 +95,7 @@ class Evaluate {
$post = substr($result, $posFirstClose + $this->endDelimiterLength);
$match = substr($result, $posMatchOpen + $this->startDelimiterLength, $posFirstClose - $posMatchOpen - $this->startDelimiterLength);
$evaluated = $this->substitute($match);
$evaluated = $this->substitute($match, $foundInStore);
$debugLocal[] = $debugIndent . "#Replace: '$match'";
// If an array is returned, break everything and return this assoc array.
......@@ -109,7 +109,7 @@ class Evaluate {
// More to substitute in the new evaluated result? Start recursion just with the new result..
if (strpos($evaluated, $this->endDelimiter) !== false) {
$evaluated = $this->parse($evaluated, $recursion + 1, $debugLocal);
$evaluated = $this->parse($evaluated, $recursion + 1, $debugLocal, $foundInStore);
}
$result = $pre . $evaluated . $post;
......@@ -127,8 +127,8 @@ class Evaluate {
/**
* Tries to substitute $token.
* Token might be
* a) fetch from a store. Syntax: 'form', 'form:C', 'form:SC0', 'form:S:ALNUMX'
* b) a SQL statement to fire
* a) a SQL statement to fire
* b) fetch from a store. Syntax: 'form', 'form:C', 'form:SC0', 'form:S:ALNUMX'
* The token have to be _without_ Delimiter '{{' / '}}'
* If neither a) or b) match, return the token itself, surrounded by single ticks, to emphase that substition failed.
*
......@@ -136,7 +136,7 @@ class Evaluate {
* @return array|mixed|null|string
* @throws DbException
*/
public function substitute($token) {
public function substitute($token, &$foundInStore = '') {
$sqlMode = ROW_IMPLODE_ALL;
$token = trim($token);
......@@ -164,7 +164,7 @@ class Evaluate {
// search for value in stores
$value = $this->store->getVar($arr[0], $arr[1], $arr[2]);
$value = $this->store->getVar($arr[0], $arr[1], $arr[2], $foundInStore);
// nothing replaced: put ticks around, to sanitize strings for SQL statements. Nothing to substitute is not a wished situation.
return ($value === false) ? "'" . $token . "'" : $value;
......
......@@ -261,21 +261,40 @@ class QuickFormQuery {
/**
* Get the formName from STORE_TYPO3 (bodytext), STORE_SIP or by STORE_CLIENT (URL).
*
* FORM_LOAD:
* Specified in T3 body text with form=<formname> Returned Store:Typo3
* Specified in T3 body text with form={{form}} ':FSRD' Returned Store:SIP
* Specified in T3 body text with form={{form:C:ALNUMX}} Returned Store:Client
* Specified in T3 body text with form={{SELECT registrationFormName FROM Conference WHERE id={{conferenceId:S0}} }}
* Specified in T3 body text with form={{SELECT registrationFormName FROM Conference WHERE id={{conferenceId:C0:DIGIT}} }}
* Specified in SIP
*
* FORM_SAVE:
* Specified in SIP
*
*
* @param $mode
* @param string $foundInStore
* @return bool|string Formname (Form.name) or FALSE if no formname found.
* @return bool|string Formname (Form.name) or FALSE, if no formname found.
*/
private function getFormName($mode, &$foundInStore = '') {
$dummy = array();
$store = ($mode === FORM_SAVE) ? STORE_SIP : STORE_TYPO3;
$formName = $this->store->getVar(SIP_FORM, $store, '', $foundInStore);
$storeFormName = $this->store->getVar(SIP_FORM, $store, '', $foundInStore);
$formName = $this->eval->parse($storeFormName, 0, $dummy, $foundInStore);
$formName = $this->eval->parse($formName);
// If the formname is '': no formname name.
if ($formName === '')
return false;
// If the formname is surrounded by single ticks: the token (typically 'form') has not been replaced by a value.
if ($formName[0] === "'" && $formName[strlen($formName) - 1] === "'") {
return false;
}
//TODO: das sollte mit Evaluate geparst werden
// if($formName === '{{form}}')
// $formName = $this->store->getVar(SIP_FORM, STORE_SIP . STORE_CLIENT);
return $formName;
}
......@@ -301,7 +320,7 @@ class QuickFormQuery {
if ($sipFound) {
if (($formNameFoundInStore === STORE_CLIENT) || ($recordIdFoundInStore === STORE_CLIENT)) {
throw new UserException("SIP exist but FORM oe RECORD_ID are given by CLIENT.", ERROR_SIP_EXIST_BUT_OTHER_PARAM_GIVEN_BY_CLIENT);
throw new UserException("SIP exist but FORM or RECORD_ID are given by CLIENT.", ERROR_SIP_EXIST_BUT_OTHER_PARAM_GIVEN_BY_CLIENT);
}
}
......
......@@ -272,7 +272,7 @@ class Store {
}
// no sanitizeClass specified: take last/default
if ($sanitizeClass === '') {
if ($sanitizeClass === '' || $sanitizeClass === null) {
$sanitizeClass = isset(self::$sanitizeClass[$key]) ? self::$sanitizeClass[$key] : SANITIZE_DEFAULT;
}
......
......@@ -335,46 +335,6 @@ class BuildFormPlainTest extends AbstractDatabaseTest {
$build->getKeyValueListFromSqlEnumSpec($formElement, $keys, $values);
}
public function ttttestBuildCheckbox() {
// $formElement = [
// 'id' => 123,
// 'formId' => 2,
// 'feIdContainer' => 0,
// 'enabled' => 'yes',
// 'name' => 'type',
// 'label' => 'Type',
// 'mode' => 'show',
// 'class' => 'native',
// 'type' => 'radio',
// 'value' => '',
// 'sql1' => '',
// 'parameter' => '',
// 'debug' => 'no',
// 'deleted' => 'no',
//
// 'size' => '',
// 'maxLength' => '',
// 'tooltip' => '',
// 'placeholder' => '',
// 'checkType' => '',
// 'checkPattern' => '',
//
// 'tabindex' => 0
// ];
$form = array();
$formElement = array();
$this->setFormFormElement($form, $formElement);
$build = new \qfq\BuildFormPlain($form, array(), [$formElement]);
$formElement['checkType'] = 'min|max';
$formElement['checkPattern'] = '';
$result = $build->buildInput($formElement, 'name:1', '');
}
/**
* @throws Exception
*/
......@@ -392,8 +352,6 @@ class BuildFormPlainTest extends AbstractDatabaseTest {
// this is necessary to initialize SIP
$content = $this->form->process();
}
}
class FakeTSFE {
......
......@@ -9,6 +9,8 @@
namespace qfq;
require_once(__DIR__ . '/../../qfq/helper/Support.php');
require_once(__DIR__ . '/../../qfq/BuildFormPlain.php');
require_once(__DIR__ . '/../../qfq/Evaluate.php');
class FakeTSFE {
public $id = 1;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment