extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-30 03:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Some more quoting (and unquoting) of quotes in variable used eg. as

Browse Source 
button names: eg. "delete[$row_cont[path]]" with path containing " or '
- they need to get quoted for correct html markup
- etemplate_request::set_to_process() need to use unquoted version, as
  this is how it get returned in $_POST
This commit is contained in:
Ralf Becker 2010-05-11 14:52:45 +00:00
parent b161002ab4
commit 2d0c33bb90
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etemplate/inc/class.boetemplate.inc.php
View File

@ -169,11 +169,12 @@ class boetemplate extends soetemplate
$row_cont = $cont[$row]; $row_cont = $cont[$row];
$col_row_cont = $cont[$col.$row]; $col_row_cont = $cont[$col.$row];
// check if name is enclosed in single quotes as argument eg. to an event handler --> quote contained quotes (' or ") // check if name is enclosed in single quotes as argument eg. to an event handler or
if ($name[$pos_var-1] == "'" && preg_match('/\'(\$[A-Za-z0-9_\[\]]+)\'/',$name,$matches)) // used as name for a button like "delete[$row_cont[something]]" --> quote contained quotes (' or ")
if (in_array($name[$pos_var-1],array('[',"'")) && preg_match('/[\'\[](\$[A-Za-z0-9_\[\]]+)[\'\]]+/',$name,$matches))
{ {
eval('$value = '.$matches[1].';'); eval('$value = '.$matches[1].';');
if (is_array($value)) if (is_array($value) && $name[$pos_var-1] == "'") // arrays are only supported for '
{ {
foreach($value as &$val) foreach($value as &$val)
{ {

6
etemplate/inc/class.etemplate_request.inc.php
View File

@ -198,6 +198,9 @@ class etemplate_request
//echo '<p>'.__METHOD__."($form_name,$type,".array2string($data).")</p>\n"; //echo '<p>'.__METHOD__."($form_name,$type,".array2string($data).")</p>\n";
$data['type'] = $type; $data['type'] = $type;
// unquote single and double quotes, as this is how they get returned in $_POST
$form_name = str_replace(array('\\\'','&quot;'),array('\'','"'),$form_name);
$this->data['to_process'][$form_name] = $data; $this->data['to_process'][$form_name] = $data;
$this->data_modified = true; $this->data_modified = true;
} }
@ -215,6 +218,9 @@ class etemplate_request
//echo '<p>'.__METHOD__."($form_name,$attribute,$value,$add_to_array)</p>\n"; //echo '<p>'.__METHOD__."($form_name,$attribute,$value,$add_to_array)</p>\n";
if (!$form_name) return; if (!$form_name) return;
// unquote single and double quotes, as this is how they get returned in $_POST
$form_name = str_replace(array('\\\'','&quot;'),array('\'','"'),$form_name);
if ($add_to_array) if ($add_to_array)
{ {
$this->data['to_process'][$form_name][$attribute][] = $value; $this->data['to_process'][$form_name][$attribute][] = $value;