function validate_s_config_group_item($group_id, $id, $keyid, $value) { if (strlen($group_id) > 0 && strlen($id) > 0 && strlen($keyid) > 0) { $query = "SELECT type, subtype FROM s_config_group_item WHERE group_id = '{$group_id}' AND id = '{$id}' "; if (is_numeric($keyid)) { $query .= " AND (type = 'array' OR keyid = '{$keyid}') "; } else { $query .= " AND keyid = '{$keyid}' "; } $query .= "LIMIT 0,1"; $result = db_query($query); if ($result && db_num_rows($result) > 0) { $found = db_fetch_assoc($result); $value = trim($value); // will not directly validate an array, but instead the subtype of the array. if ($found['type'] == 'array') { // by default its text if (strlen($found['subtype']) == 0) { $found['subtype'] = 'text'; } if ($found['subtype'] == 'usertype') { $found['type'] = 'usertype'; } else { if ($found['subtype'] == 'number') { $found['type'] = 'number'; } else { $found['type'] = 'text'; } } } switch ($found['type']) { case 'boolean': $value = strtoupper($value); if ($value == 'TRUE' || $value == 'FALSE') { return $value; } else { return 'FALSE'; } case 'email': if (is_valid_email_addr($value)) { return $value; } else { return FALSE; } case 'number': // filter out any non-numeric characters, but pass the rest in. $value = remove_illegal_chars($value, expand_chars_exp('0-9')); if (strlen($value) > 0) { return $value; } else { return FALSE; } case 'datemask': // TODO: Provide a date-mask filter return $value; case 'language': if (is_exists_language($value)) { return $value; } else { return FALSE; } case 'theme': if (is_exists_theme($value)) { return $value; } else { return FALSE; } case 'export': if (strlen($value) == 0 || is_export_plugin($value)) { return $value; } else { return FALSE; } case 'value_select': if (strlen($found['subtype']) > 0) { $options_r = explode(',', $found['subtype']); } if (!is_array($options_r) || in_array($value, $options_r) !== FALSE) { return $value; } else { return FALSE; } //case 'readonly': // return $value; //case 'text': //case 'password': //case 'textarea': // return addslashes(replace_newlines(trim($value))); //case 'readonly': // return $value; //case 'text': //case 'password': //case 'textarea': // return addslashes(replace_newlines(trim($value))); default: return addslashes(replace_newlines(trim($value))); } //switch db_free_result($result); } else { return FALSE; } } //else return FALSE; }
function filter_item_input_field($item_attribute_type_r, $value) { // FALSE is not understood as a value, but it means it is not found, so // set to NULL which is pretty much the same thing. if ($value === FALSE) { return NULL; } if (!is_array($value)) { $tmpval = trim($value); unset($value); if (strlen($tmpval) > 0) { // only support text type for now if ($item_attribute_type_r['input_type'] == 'text' && $item_attribute_type_r['multi_attribute_ind'] == 'Y') { $value = explode("\n", replace_newlines($tmpval)); } else { $value[] = $tmpval; } } else { return NULL; } } for ($i = 0; $i < count($value); $i++) { $value[$i] = trim(replace_newlines($value[$i])); if ($item_attribute_type_r['lookup_attribute_ind'] != 'Y' && strlen($value[$i]) > 0) { // Now we have to work out how to parse the input_type switch ($item_attribute_type_r['input_type']) { case 'hidden': case 'readonly': case 'text': case 'password': case 'textarea': $value[$i] = strip_tags($value[$i]); break; case 'htmlarea': $value[$i] = strip_tags($value[$i], '<' . implode('><', get_opendb_config_var('widgets', 'legal_html_tags')) . '>'); break; case 'check_boxes': // deprecated // deprecated case 'vertical_check_boxes': // deprecated // deprecated case 'horizontal_check_boxes': // deprecated // deprecated case 'radio_group': // deprecated // deprecated case 'vertical_radio_group': // deprecated // deprecated case 'horizontal_radio_group': // deprecated // deprecated case 'simple_checkbox': case 'checkbox': case 'radio_grid': case 'checkbox_grid': case 'single_select': case 'multi_select': case 'value_radio_grid': case 'value_select': // do nothing break; case 'url': // do nothing break; case 'email': // do nothing break; case 'datetime': $components = get_timestamp_components_for_datetime($value[$i], $item_attribute_type_r['input_type_arg1']); if ($components !== FALSE) { // This is the 'YYYYMMDDHH24MISS' mask. $value[$i] = str_pad($components['year'], 4, '0', STR_PAD_LEFT) . str_pad($components['month'], 2, '0', STR_PAD_LEFT) . str_pad($components['day'], 2, '0', STR_PAD_LEFT) . str_pad($components['hour'], 2, '0', STR_PAD_LEFT) . str_pad($components['minute'], 2, '0', STR_PAD_LEFT) . str_pad($components['second'], 2, '0', STR_PAD_LEFT); } break; case 'number': $value[$i] = remove_illegal_chars($value[$i], expand_chars_exp('0-9')); break; case 'filtered': $value[$i] = remove_illegal_chars($value[$i], expand_chars_exp($item_attribute_type_r['input_type_arg3'])); break; default: // do nothing break; } } } if ($item_attribute_type_r['lookup_attribute_ind'] == 'Y' || $item_attribute_type_r['multi_attribute_ind'] == 'Y') { return $value; } else { return $value[0]; } }