forked from extern/egroupware
Some more quoting (and unquoting) of quotes in variable used eg. as
button names: eg. "delete[$row_cont[path]]" with path containing " or ' - they need to get quoted for correct html markup - etemplate_request::set_to_process() need to use unquoted version, as this is how it get returned in $_POST
This commit is contained in:
parent
b161002ab4
commit
2d0c33bb90
@ -169,11 +169,12 @@ class boetemplate extends soetemplate
|
|||||||
$row_cont = $cont[$row];
|
$row_cont = $cont[$row];
|
||||||
$col_row_cont = $cont[$col.$row];
|
$col_row_cont = $cont[$col.$row];
|
||||||
|
|
||||||
// check if name is enclosed in single quotes as argument eg. to an event handler --> quote contained quotes (' or ")
|
// check if name is enclosed in single quotes as argument eg. to an event handler or
|
||||||
if ($name[$pos_var-1] == "'" && preg_match('/\'(\$[A-Za-z0-9_\[\]]+)\'/',$name,$matches))
|
// used as name for a button like "delete[$row_cont[something]]" --> quote contained quotes (' or ")
|
||||||
|
if (in_array($name[$pos_var-1],array('[',"'")) && preg_match('/[\'\[](\$[A-Za-z0-9_\[\]]+)[\'\]]+/',$name,$matches))
|
||||||
{
|
{
|
||||||
eval('$value = '.$matches[1].';');
|
eval('$value = '.$matches[1].';');
|
||||||
if (is_array($value))
|
if (is_array($value) && $name[$pos_var-1] == "'") // arrays are only supported for '
|
||||||
{
|
{
|
||||||
foreach($value as &$val)
|
foreach($value as &$val)
|
||||||
{
|
{
|
||||||
|
@ -198,6 +198,9 @@ class etemplate_request
|
|||||||
//echo '<p>'.__METHOD__."($form_name,$type,".array2string($data).")</p>\n";
|
//echo '<p>'.__METHOD__."($form_name,$type,".array2string($data).")</p>\n";
|
||||||
$data['type'] = $type;
|
$data['type'] = $type;
|
||||||
|
|
||||||
|
// unquote single and double quotes, as this is how they get returned in $_POST
|
||||||
|
$form_name = str_replace(array('\\\'','"'),array('\'','"'),$form_name);
|
||||||
|
|
||||||
$this->data['to_process'][$form_name] = $data;
|
$this->data['to_process'][$form_name] = $data;
|
||||||
$this->data_modified = true;
|
$this->data_modified = true;
|
||||||
}
|
}
|
||||||
@ -215,6 +218,9 @@ class etemplate_request
|
|||||||
//echo '<p>'.__METHOD__."($form_name,$attribute,$value,$add_to_array)</p>\n";
|
//echo '<p>'.__METHOD__."($form_name,$attribute,$value,$add_to_array)</p>\n";
|
||||||
if (!$form_name) return;
|
if (!$form_name) return;
|
||||||
|
|
||||||
|
// unquote single and double quotes, as this is how they get returned in $_POST
|
||||||
|
$form_name = str_replace(array('\\\'','"'),array('\'','"'),$form_name);
|
||||||
|
|
||||||
if ($add_to_array)
|
if ($add_to_array)
|
||||||
{
|
{
|
||||||
$this->data['to_process'][$form_name][$attribute][] = $value;
|
$this->data['to_process'][$form_name][$attribute][] = $value;
|
||||||
|
Loading…
Reference in New Issue
Block a user