diff --git a/etemplate/inc/class.boetemplate.inc.php b/etemplate/inc/class.boetemplate.inc.php index 94750d4012..3648e7a60e 100644 --- a/etemplate/inc/class.boetemplate.inc.php +++ b/etemplate/inc/class.boetemplate.inc.php @@ -166,7 +166,7 @@ class boetemplate extends soetemplate $row_cont = $cont[$row]; $col_row_cont = $cont[$col.$row]; - eval('$name = "'.$name.'";'); + eval('$name = "'.addslashes($name).'";'); } if ($is_index_in_content) { @@ -684,6 +684,50 @@ class boetemplate extends soetemplate return $extra['widgets']; } + /** + * Split a $delimiter-separated options string, which can contain parts with delimiters enclosed in $enclosure + * + * Examples: + * - csv_split('"1,2,3",2,3') === array('1,2,3','2','3') + * - csv_split('1,2,3',2) === array('1','2,3') + * - csv_split('"1,2,3",2,3',2) === array('1,2,3','2,3') + * + * @param string $str + * @param int $num=null in how many parts to split maximal, parts over this number end up (unseparated) in the last part + * @param string $delimiter=',' + * @param string $enclosure='"' + * @return array + */ + static function csv_split($str,$num=null,$delimiter=',',$enclosure='"') + { + if (strpos($str,$enclosure) === false) + { + return explode($delimiter,$str,$num); // no need to run this more expensive code + } + $parts = explode($delimiter,$str); + for($n = 0; isset($parts[$n]); ++$n) + { + $part =& $parts[$n]; + if ($part[0] === $enclosure) + { + while (isset($parts[$n+1]) && substr($part,-1) !== $enclosure) + { + $part .= $delimiter.$parts[++$n]; + unset($parts[$n]); + } + $part = substr($part,1,-1); + } + } + $parts = array_values($parts); // renumber the parts (in case we had to concat them) + + if ($num > 0 && count($parts) > $num) + { + $parts[$num-1] = implode($delimiter,array_slice($parts,$num-1,count($parts)-$num+1)); + $parts = array_slice($parts,0,$num); + } + return $parts; + } + /** * generated a file-name from an eTemplates, name, template(-set) and lang * @@ -926,4 +970,4 @@ if (!function_exists('set_cell_attribute_helper')) } } // just in case someone still uses the old var -$GLOBALS['egw_info']['flags']['etemplate']['loop'] =& boetemplate::$loop; \ No newline at end of file +$GLOBALS['egw_info']['flags']['etemplate']['loop'] =& boetemplate::$loop; diff --git a/etemplate/inc/class.etemplate.inc.php b/etemplate/inc/class.etemplate.inc.php index 8e69ba5bd2..66b47d8c5a 100644 --- a/etemplate/inc/class.etemplate.inc.php +++ b/etemplate/inc/class.etemplate.inc.php @@ -1176,7 +1176,7 @@ class etemplate extends boetemplate $set_val = 1; $unset_val = 0; if (!empty($cell_options)) { - list($set_val,$unset_val,$ro_true,$ro_false) = explode(',',$cell_options); + list($set_val,$unset_val,$ro_true,$ro_false) = self::csv_split($cell_options); if (!$set_val && !$unset_val) $set_val = 1; $value = $value == $set_val; } @@ -1216,7 +1216,7 @@ class etemplate extends boetemplate } break; case 'radio': // size: value if checked, readonly set, readonly unset - list($set_val,$ro_true,$ro_false) = explode(',',$cell_options); + list($set_val,$ro_true,$ro_false) = self::csv_split($cell_options); $set_val = $this->expand_name($set_val,$show_c,$show_row,$content['.c'],$content['.row'],$content); if ($value == $set_val)