Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F775956
in-portal
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Thu, Feb 6, 3:44 PM
Size
3 KB
Mime Type
text/x-diff
Expires
Sat, Feb 8, 3:44 PM (23 h, 37 m)
Engine
blob
Format
Raw Data
Handle
558451
Attached To
rINP In-Portal
in-portal
View Options
Index: branches/5.1.x/core/kernel/utility/formatters/left_formatter.php
===================================================================
--- branches/5.1.x/core/kernel/utility/formatters/left_formatter.php (revision 14321)
+++ branches/5.1.x/core/kernel/utility/formatters/left_formatter.php (revision 14322)
@@ -1,80 +1,80 @@
<?php
/**
* @version $Id$
* @package In-Portal
* @copyright Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
* @license GNU/GPL
* In-Portal is Open Source software.
* This means that this software may have been modified pursuant
* the GNU General Public License, and as distributed it includes
* or is derivative of works licensed under the GNU General Public License
* or other free or open source software licenses.
* See http://www.in-portal.org/license for copyright notices and details.
*/
/**
* Replacement for kOptionsFormatter in case if options
* should be selected from database. Use this formatter
* only in case if formatter attached field is in edit form.
*
* For usage in grid just use LEFT JOIN clause to table
* where requested options are located.
*/
class kLEFTFormatter extends kFormatter {
function Format($value, $field_name, &$object, $format=null)
{
if ( is_null($value) ) return '';
$options = $object->GetFieldOptions($field_name);
if ( isset($format) ) $options['format'] = $format;
if( !isset($options['options'][$value]) )
{
// required option is not defined in config => query for it
$db =& $this->Application->GetADODBConnection();
- $sql = sprintf($options['left_sql'],$options['left_title_field'],$options['left_key_field'],$value);
+ $sql = sprintf($options['left_sql'],$options['left_title_field'],$options['left_key_field'], $db->escape($value));
$options['options'][$value] = $db->GetOne($sql);
if ($options['options'][$value] === false) return $value;
}
return $options['options'][$value];
}
/**
* Parse value from form submit
*
* @param mixed $value
* @param string $field_name
* @param kDBItem $object
* @return mixed
*/
function Parse($value, $field_name, &$object)
{
if ($value == '') return NULL;
$options = $object->GetFieldOptions($field_name);
$found = isset($options['options']) ? array_search($value, $options['options']) : false;
if ($found !== false) {
// requested option found among field options
return $found;
}
// requested option is not found in field options -> query for it
$db =& $this->Application->GetADODBConnection();
- $sql = sprintf($options['left_sql'], $options['left_key_field'], $options['left_title_field'], $value);
+ $sql = sprintf($options['left_sql'], $options['left_key_field'], $options['left_title_field'], $db->escape($value));
$found = $db->GetOne($sql);
if ($found !== false) {
// option successfully retrieved from db -> cache it
$options['options'][$found] = $value;
}
$skip_errors = array_key_exists('skip_errors', $options) && $options['skip_errors'];
if ($found === false && !$skip_errors) {
// option not found at all -> return not formatted value & set error
$object->SetError($field_name, 'invalid_option', 'la_error_InvalidOption');
return $value;
}
return $found;
}
}
\ No newline at end of file
Event Timeline
Log In to Comment