refining regular expressesion for PHP variables (replies[$row][reply_message] returned more then $row) and removed quoting from submitit call in button, as quotes in vars get quoted double

This commit is contained in:
Ralf Becker 2010-05-12 07:50:13 +00:00
parent fb04a535b6
commit 55f5a80a5e
2 changed files with 15 additions and 7 deletions

View File

@ -127,6 +127,14 @@ class boetemplate extends soetemplate
return $result; return $result;
} }
/**
* Regular expression matching a PHP variable in a string, eg.
*
* "replies[$row][reply_message]" should only match $row
* "delete[$row_cont[path]]" should match $row_cont[path]
*/
const PHP_VAR_PREG = '\$[A-Za-z0-9_]+(\[[A-Za-z0-9_]+\])*';
/** /**
* allows a few variables (eg. row-number) to be used in field-names * allows a few variables (eg. row-number) to be used in field-names
* *
@ -171,7 +179,7 @@ class boetemplate extends soetemplate
// check if name is enclosed in single quotes as argument eg. to an event handler or // check if name is enclosed in single quotes as argument eg. to an event handler or
// used as name for a button like "delete[$row_cont[something]]" --> quote contained quotes (' or ") // used as name for a button like "delete[$row_cont[something]]" --> quote contained quotes (' or ")
if (in_array($name[$pos_var-1],array('[',"'")) && preg_match('/[\'\[](\$[A-Za-z0-9_\[\]]+)[\'\]]+/',$name,$matches)) if (in_array($name[$pos_var-1],array('[',"'")) && preg_match('/[\'\[]('.self::PHP_VAR_PREG.')[\'\]]+/',$name,$matches))
{ {
eval('$value = '.$matches[1].';'); eval('$value = '.$matches[1].';');
if (is_array($value) && $name[$pos_var-1] == "'") // arrays are only supported for ' if (is_array($value) && $name[$pos_var-1] == "'") // arrays are only supported for '
@ -189,22 +197,22 @@ class boetemplate extends soetemplate
$name = str_replace($matches[1],$value,$name); $name = str_replace($matches[1],$value,$name);
} }
} }
// check if name is assigned in an url --> urlendcode contained & as %26, as egw::link // check if name is assigned in an url --> urlendcode contained & as %26, as egw::link explodes it on &
if ($name[$pos_var-1] == '=' && preg_match('/&([A-Za-z0-9_\[\]]+)=(\$[A-Za-z0-9_\[\]]+)/',$name,$matches)) if ($name[$pos_var-1] == '=' && preg_match('/[&?]([A-Za-z0-9_]+(\[[A-Za-z0-9_]+\])*)=('.self::PHP_VAR_PREG.')/',$name,$matches))
{ {
eval('$value = '.$matches[2].';'); eval('$value = '.$matches[3].';');
if (is_array($value)) // works only reasonable, if get-parameter uses array notation, eg. &file[]=$cont[filenames] if (is_array($value)) // works only reasonable, if get-parameter uses array notation, eg. &file[]=$cont[filenames]
{ {
foreach($value as &$val) foreach($value as &$val)
{ {
$val = str_replace('&',urlencode('&'),$val); $val = str_replace('&',urlencode('&'),$val);
} }
$name = str_replace($matches[2],implode('&'.$matches[1].'=',$value),$name); $name = str_replace($matches[3],implode('&'.$matches[1].'=',$value),$name);
} }
else else
{ {
$value = str_replace('&',urlencode('&'),$value); $value = str_replace('&',urlencode('&'),$value);
$name = str_replace($matches[2],$value,$name); $name = str_replace($matches[3],$value,$name);
} }
} }
eval('$name = "'.str_replace('"','\\"',$name).'";'); eval('$name = "'.str_replace('"','\\"',$name).'";');

View File

@ -1374,7 +1374,7 @@ class etemplate extends boetemplate
{ {
$onclick = ($onclick ? preg_replace('/^return(.*);$/','if (\\1) ',$onclick) : ''). $onclick = ($onclick ? preg_replace('/^return(.*);$/','if (\\1) ',$onclick) : '').
(((string)$cell['onchange'] === '1' || $img) ? (((string)$cell['onchange'] === '1' || $img) ?
'return submitit('.self::$name_form.",'".str_replace(array('"','\''),array('&quot','\\\''),$form_name)."');" : $cell['onchange']).'; return false;'; 'return submitit('.self::$name_form.",'".$form_name."');" : $cell['onchange']).'; return false;';
if (!html::$netscape4 && substr($img,-1) == '%' && is_numeric($percent = substr($img,0,-1))) if (!html::$netscape4 && substr($img,-1) == '%' && is_numeric($percent = substr($img,0,-1)))
{ {