* Filemanager/eTemplate: fix for MyStylite bug #2495: deleting files containing [ as first char deletes whole directory

added encoding of square brackets in eTemplate and improved etemplate_bo::(get|set|isset|unset)_array() to split indexes at ][ and not just [
--> needs to be "back"-ported to eTemplate2 to!!!
This commit is contained in:
Ralf Becker 2011-11-09 14:32:07 +00:00
parent b0a22dae6a
commit b4bfa392b2
2 changed files with 19 additions and 6 deletions

View File

@ -195,7 +195,7 @@ class boetemplate extends soetemplate
} }
else else
{ {
$value = str_replace(array("'",'"'),array('\\\'','"'),$value); $value = str_replace(array("'",'"','[',']'),array('\\\'','"','[',']'),$value);
$name = str_replace(array('{'.$matches[1].'}',$matches[1]),$value,$name); $name = str_replace(array('{'.$matches[1].'}',$matches[1]),$value,$name);
} }
} }
@ -576,7 +576,10 @@ class boetemplate extends soetemplate
*/ */
static function isset_array($arr,$idx) static function isset_array($arr,$idx)
{ {
$idxs = explode('[',str_replace(']','',$idx)); if (count($idxs = explode('[', $idx, 2)) > 1)
{
$idxs = array_merge(array($idxs[0]), explode('][', substr($idxs[1],0,-1)));
}
$last_idx = array_pop($idxs); $last_idx = array_pop($idxs);
$pos = &$arr; $pos = &$arr;
foreach($idxs as $idx) foreach($idxs as $idx)
@ -603,7 +606,10 @@ class boetemplate extends soetemplate
*/ */
static function set_array(&$arr,$idx,$val) static function set_array(&$arr,$idx,$val)
{ {
$idxs = explode('[',str_replace(']','',$idx)); if (count($idxs = explode('[', $idx, 2)) > 1)
{
$idxs = array_merge(array($idxs[0]), explode('][', substr($idxs[1],0,-1)));
}
$pos = &$arr; $pos = &$arr;
foreach($idxs as $idx) foreach($idxs as $idx)
{ {
@ -634,7 +640,10 @@ class boetemplate extends soetemplate
} }
if (is_object($idx)) return false; // given an error in php5.2 if (is_object($idx)) return false; // given an error in php5.2
$idxs = explode('[',str_replace(']','',$idx)); if (count($idxs = explode('[', $idx, 2)) > 1)
{
$idxs = array_merge(array($idxs[0]), explode('][', substr($idxs[1],0,-1)));
}
$pos = &$arr; $pos = &$arr;
foreach($idxs as $idx) foreach($idxs as $idx)
{ {
@ -663,7 +672,10 @@ class boetemplate extends soetemplate
{ {
throw new egw_exception_assertion_failed(__METHOD__."(\$arr,'$idx') \$arr is no array!"); throw new egw_exception_assertion_failed(__METHOD__."(\$arr,'$idx') \$arr is no array!");
} }
$idxs = explode('[',str_replace(']','',$idx)); if (count($idxs = explode('[', $idx, 2)) > 1)
{
$idxs = array_merge(array($idxs[0]), explode('][', substr($idxs[1],0,-1)));
}
$last_idx = array_pop($idxs); $last_idx = array_pop($idxs);
$pos = &$arr; $pos = &$arr;
foreach($idxs as $idx) foreach($idxs as $idx)

View File

@ -1,6 +1,6 @@
<?php <?php
/** /**
* eGroupWare - EditableTemplates - HTML User Interface * EGroupware - EditableTemplates - HTML User Interface
* *
* @link http://www.egroupware.org * @link http://www.egroupware.org
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
@ -2189,6 +2189,7 @@ class etemplate extends boetemplate
{ {
$attr = array(); $attr = array();
} }
$form_name = str_replace(array('&#x5B;','&#x5D;'), array('[',']'), $form_name);
$value = etemplate::get_array($content_in,$form_name,True,$GLOBALS['egw_info']['flags']['currentapp'] == 'etemplate' ? false : true ); $value = etemplate::get_array($content_in,$form_name,True,$GLOBALS['egw_info']['flags']['currentapp'] == 'etemplate' ? false : true );
// The comment below does only aplay to normal posts, not for xajax. Files are not supported anyway by xajax atm. // The comment below does only aplay to normal posts, not for xajax. Files are not supported anyway by xajax atm.
// not checked checboxes are not returned in HTML and file is in $_FILES and not in $content_in // not checked checboxes are not returned in HTML and file is in $_FILES and not in $content_in