/** * Filtering hook to update markups setting * @param array $aValue * @return void */ protected function renderFilterMarkup(&$aValue) { if (isset($aValue["#filterrendered"])) { if ($aValue["#filterrendered"]) { return; } } if (!isset($aValue["#id"])) { $aValue["#id"] = "id_" . FlexiStringUtil::createRandomPassword(15); } //TODO general markup filter for security $aValue["#filterrendered"] = true; }
public static function parseSQLKey($sKey, $sValue, $bStatementValue = false) { $bDebug = false; $result = ""; $aParam = array(); $aCond = explode(":", $sKey); //default $sType = "and"; $sOperator = ""; $bHasParam = true; if (is_numeric($sKey)) { //is condition without field name return array("type" => $sType, "sql" => "(" . $sValue . ")", "param" => array()); } else { if (count($aCond) == 1) { $sField = $sKey; $sOperator = "="; $sType = "and"; //not :s } else { if (count($aCond) == 2) { if ($bDebug) { echo __METHOD__ . ":Is 2 condition<br/>\n"; } if (strtolower($aCond[0]) == "and" || strtolower($aCond[0]) == "or") { $sType = $aCond[0]; $sField = $aCond[1]; if ($bDebug) { echo __METHOD__ . ":with type cond<br/>\n"; } $sOperator = "="; } else { $sField = $aCond[0]; $sOperator = $aCond[1]; if ($bDebug) { echo __METHOD__ . ":without type condition<br/>\n"; } } //2condition } else { if (count($aCond) >= 3) { if ($bDebug) { echo __METHOD__ . ":Is 3 condition<br/>\n"; } if (strtolower($aCond[0]) == "and" || strtolower($aCond[0]) == "or") { $sType = $aCond[0]; $sField = $aCond[1]; $sOperator = $aCond[2]; if ($bDebug) { echo __METHOD__ . ":with type<br/>\n"; } } else { $sField = $aCond[0]; $sOperator = $aCond[1]; if ($bDebug) { echo __METHOD__ . ":without type<br/>\n"; } //wats up with aCond[2]? todo... } } } } } //3condition or more if ($bDebug) { echo __METHOD__ . ":result type: " . $sType . "<br/>\n"; } //$sParamName = ":" . $sField . FlexiStringUtil::createRandomPassword(4); $sParamName = ":" . preg_replace("/[^a-zA-Z0-9_]/", "_", $sField) . FlexiStringUtil::createRandomPassword(4); switch (strtolower(trim($sOperator))) { case "in": //we are hardcoding value into it, // direct sql injection $bHasParam = false; if (is_array($sValue)) { $sSQLValue = self::getSQLValue($sValue); } else { $sSQLValue = $sValue; //expect statement in there } $sSQL = $sField . " " . $sOperator . " (" . $sSQLValue . ")"; break; case "isnull": case "is null": $sSQL = $sField . " IS NULL"; break; case "isnotnull": case "is not null": $sSQL = $sField . " IS NOT NULL"; break; default: $sSQL = $sField . " " . $sOperator . " " . $sParamName; } if ($bHasParam) { $aParam[$sParamName] = $sValue; } return array("type" => $sType, "sql" => $sSQL, "param" => $aParam); }
public function getFieldInput(FlexiTableFieldObject $oField, $oRow) { $sName = $oField->getName(); $aResult = array("#name" => $this->getFieldInputName($sName), "#id" => $this->getFieldInputName($sName) . "_" . FlexiStringUtil::createRandomPassword(8), "#title" => $oField->label, "#required" => $oField->cannull == 1 ? false : true, "#default_value" => $oField->getPHPDefaultValue(), "#dbfield" => $sName, "#insert" => $oField->caninsert, "#update" => $oField->canupdate); switch ($oField->type) { case "string": case "int": case "tinyint": case "smallint": case "mediumint": case "bigint": case "money": case "decimal": case "double": case "email": $aResult["#type"] = "textfield.raw"; break; case "html": $aResult["#type"] = "html.raw"; break; case "text": $aResult["#type"] = "textarea.raw"; break; case "select-text": case "select-tinyint": case "select-smallint": case "select-bigint": case "select-mediumint": case "select-enum": case "select-int": case "select-char": $aResult["#type"] = "select.raw"; $aResult["#options"] = $oField->getOptions(); break; case "check-char": case "check-varchar": case "check-text": $aResult["#type"] = "checkboxes.raw"; $aResult["#options"] = $oField->getOptions(); $aResult["#multiple"] = true; break; case "json": $aResult["#type"] = "textarea.raw"; break; case "date": $aResult["#type"] = "date.raw"; break; case "datetime": $aResult["#type"] = "datetime.raw"; break; case "timestamp": case "timestamp-int": $aResult["#type"] = "datetime.raw"; break; case "monthyear": $aResult["#type"] = "datemonthyear.raw"; break; case "file-varchar": case "file-text": $aResult["#type"] = "file.raw"; $aResult["#savepath"] = $oField->savepath; break; case "image-varchar": case "image-text": $aResult["#type"] = "image.raw"; $aResult["#maximagewidth"] = $this->iMaxImageWidth; $aResult["#savepath"] = $oField->savepath; break; case "multiimage-text": $aResult["#type"] = "multiimage.raw"; $aResult["#maximagewidth"] = $this->iMaxImageWidth; $aResult["#savepath"] = $oField->savepath; $aResult["#uploadcount"] = $oField->uploadcount; $aResult["#uploadseparator"] = $oField->uploadseparator; break; case "hidden": $aResult["#type"] = "hidden.raw"; break; case "html-tiny": $aResult["#type"] = "html.raw"; break; default: throw new Exception("Unsupported type: " . $oField->type); } if (!empty($oField->formsize)) { if (substr($oField->type, 0, 4) == "html" || substr($oField->type, 0, 4) == "text" || substr($oField->type, 0, 4) == "json") { $aSize = explode(",", $oField->formsize); $aResult["#cols"] = $aSize[0]; if (count($aSize) >= 2) { $aResult["#rows"] = $aSize[1]; } } else { //default $aResult["#size"] = $oField->formsize; } } else { } if (isset($oRow[$sName])) { $sValue = $oRow[$sName]; switch ($oField->type) { case "date": case "datetime": //dont need this as actual value is already hidden if ($sValue == "0000-00-00" || $sValue == "0000-00-00 00:00:00") { $sValue = ""; } break; case "timestamp": if (empty($sValue)) { $sValue = ""; } else { $sValue = date("Y-m-d H:i:s", $sValue); } breal; case "check-char": case "check-varchar": case "check-text": $sValue = empty($sValue) ? array() : explode($oField->uploadseparator, $sValue); break; } //switch $aResult["#value"] = $sValue; } return $aResult; }
public function preSave() { $this->Extend->verifycode = FlexiStringUtil::createRandomPassword(10); $this->Extend->verified = 0; }
/** * Save upload file * @param String $sFormName * @param String $sMovePath: path to move, null for not moving, * @param String $sPrefix : prefix of name * @param String $sSuffix: suffix of name * @param int $iRandomNameSize: length of random name to generate, 0 for using only $sPrefix+sSuffix as file name * @return false / array("status:bool", "path:String", "size:number", "type(extension):String") */ public static function doUploadFile($sFormName, $sMovePath = "", $sPrefix = "", $sSuffix = "", $iRandomNameSize = 10) { if (!self::getIsUploaded($sFormName)) { return array("status" => false); } $sTempFile = $_FILES[$sFormName]['tmp_name']; $aInfo = pathinfo($_FILES[$sFormName]["name"]); $aReturn = array("status" => false, "path" => $sTempFile, "size" => filesize($sTempFile), "type" => $aInfo["extension"]); $aReturn["path"] = $sMovePath . "/" . $sPrefix . ($iRandomNameSize > 0 ? FlexiStringUtil::createRandomPassword($iRandomNameSize) : "") . $sSuffix . "." . $aInfo["extension"]; return self::_doUploadFile($sFormName, $aReturn["path"]); }