diff --git a/etemplate/inc/class.boetemplate.inc.php b/etemplate/inc/class.boetemplate.inc.php index 43d7844031..16fe0e58c9 100644 --- a/etemplate/inc/class.boetemplate.inc.php +++ b/etemplate/inc/class.boetemplate.inc.php @@ -127,6 +127,14 @@ class boetemplate extends soetemplate return $result; } + /** + * Regular expression matching a PHP variable in a string, eg. + * + * "replies[$row][reply_message]" should only match $row + * "delete[$row_cont[path]]" should match $row_cont[path] + */ + const PHP_VAR_PREG = '\$[A-Za-z0-9_]+(\[[A-Za-z0-9_]+\])*'; + /** * allows a few variables (eg. row-number) to be used in field-names * @@ -171,7 +179,7 @@ class boetemplate extends soetemplate // check if name is enclosed in single quotes as argument eg. to an event handler or // used as name for a button like "delete[$row_cont[something]]" --> quote contained quotes (' or ") - if (in_array($name[$pos_var-1],array('[',"'")) && preg_match('/[\'\[](\$[A-Za-z0-9_\[\]]+)[\'\]]+/',$name,$matches)) + if (in_array($name[$pos_var-1],array('[',"'")) && preg_match('/[\'\[]('.self::PHP_VAR_PREG.')[\'\]]+/',$name,$matches)) { eval('$value = '.$matches[1].';'); if (is_array($value) && $name[$pos_var-1] == "'") // arrays are only supported for ' @@ -189,22 +197,22 @@ class boetemplate extends soetemplate $name = str_replace($matches[1],$value,$name); } } - // check if name is assigned in an url --> urlendcode contained & as %26, as egw::link - if ($name[$pos_var-1] == '=' && preg_match('/&([A-Za-z0-9_\[\]]+)=(\$[A-Za-z0-9_\[\]]+)/',$name,$matches)) + // check if name is assigned in an url --> urlendcode contained & as %26, as egw::link explodes it on & + if ($name[$pos_var-1] == '=' && preg_match('/[&?]([A-Za-z0-9_]+(\[[A-Za-z0-9_]+\])*)=('.self::PHP_VAR_PREG.')/',$name,$matches)) { - eval('$value = '.$matches[2].';'); + eval('$value = '.$matches[3].';'); if (is_array($value)) // works only reasonable, if get-parameter uses array notation, eg. &file[]=$cont[filenames] { foreach($value as &$val) { $val = str_replace('&',urlencode('&'),$val); } - $name = str_replace($matches[2],implode('&'.$matches[1].'=',$value),$name); + $name = str_replace($matches[3],implode('&'.$matches[1].'=',$value),$name); } else { $value = str_replace('&',urlencode('&'),$value); - $name = str_replace($matches[2],$value,$name); + $name = str_replace($matches[3],$value,$name); } } eval('$name = "'.str_replace('"','\\"',$name).'";'); diff --git a/etemplate/inc/class.etemplate.inc.php b/etemplate/inc/class.etemplate.inc.php index 0df3c7910c..8f0e98e797 100644 --- a/etemplate/inc/class.etemplate.inc.php +++ b/etemplate/inc/class.etemplate.inc.php @@ -1374,7 +1374,7 @@ class etemplate extends boetemplate { $onclick = ($onclick ? preg_replace('/^return(.*);$/','if (\\1) ',$onclick) : ''). (((string)$cell['onchange'] === '1' || $img) ? - 'return submitit('.self::$name_form.",'".str_replace(array('"','\''),array('"','\\\''),$form_name)."');" : $cell['onchange']).'; return false;'; + 'return submitit('.self::$name_form.",'".$form_name."');" : $cell['onchange']).'; return false;'; if (!html::$netscape4 && substr($img,-1) == '%' && is_numeric($percent = substr($img,0,-1))) {