/**
* Filtering hook to update markups setting
* @param array $aValue
* @return void
*/
protected function renderFilterMarkup(&$aValue)
{
if (isset($aValue["#filterrendered"])) {
if ($aValue["#filterrendered"]) {
return;
}
}
if (!isset($aValue["#id"])) {
$aValue["#id"] = "id_" . FlexiStringUtil::createRandomPassword(15);
}
//TODO general markup filter for security
$aValue["#filterrendered"] = true;
}
public static function parseSQLKey($sKey, $sValue, $bStatementValue = false)
{
$bDebug = false;
$result = "";
$aParam = array();
$aCond = explode(":", $sKey);
//default
$sType = "and";
$sOperator = "";
$bHasParam = true;
if (is_numeric($sKey)) {
//is condition without field name
return array("type" => $sType, "sql" => "(" . $sValue . ")", "param" => array());
} else {
if (count($aCond) == 1) {
$sField = $sKey;
$sOperator = "=";
$sType = "and";
//not :s
} else {
if (count($aCond) == 2) {
if ($bDebug) {
echo __METHOD__ . ":Is 2 condition<br/>\n";
}
if (strtolower($aCond[0]) == "and" || strtolower($aCond[0]) == "or") {
$sType = $aCond[0];
$sField = $aCond[1];
if ($bDebug) {
echo __METHOD__ . ":with type cond<br/>\n";
}
$sOperator = "=";
} else {
$sField = $aCond[0];
$sOperator = $aCond[1];
if ($bDebug) {
echo __METHOD__ . ":without type condition<br/>\n";
}
}
//2condition
} else {
if (count($aCond) >= 3) {
if ($bDebug) {
echo __METHOD__ . ":Is 3 condition<br/>\n";
}
if (strtolower($aCond[0]) == "and" || strtolower($aCond[0]) == "or") {
$sType = $aCond[0];
$sField = $aCond[1];
$sOperator = $aCond[2];
if ($bDebug) {
echo __METHOD__ . ":with type<br/>\n";
}
} else {
$sField = $aCond[0];
$sOperator = $aCond[1];
if ($bDebug) {
echo __METHOD__ . ":without type<br/>\n";
}
//wats up with aCond[2]? todo...
}
}
}
}
}
//3condition or more
if ($bDebug) {
echo __METHOD__ . ":result type: " . $sType . "<br/>\n";
}
//$sParamName = ":" . $sField . FlexiStringUtil::createRandomPassword(4);
$sParamName = ":" . preg_replace("/[^a-zA-Z0-9_]/", "_", $sField) . FlexiStringUtil::createRandomPassword(4);
switch (strtolower(trim($sOperator))) {
case "in":
//we are hardcoding value into it,
// direct sql injection
$bHasParam = false;
if (is_array($sValue)) {
$sSQLValue = self::getSQLValue($sValue);
} else {
$sSQLValue = $sValue;
//expect statement in there
}
$sSQL = $sField . " " . $sOperator . " (" . $sSQLValue . ")";
break;
case "isnull":
case "is null":
$sSQL = $sField . " IS NULL";
break;
case "isnotnull":
case "is not null":
$sSQL = $sField . " IS NOT NULL";
break;
default:
$sSQL = $sField . " " . $sOperator . " " . $sParamName;
}
if ($bHasParam) {
$aParam[$sParamName] = $sValue;
}
return array("type" => $sType, "sql" => $sSQL, "param" => $aParam);
}
public function getFieldInput(FlexiTableFieldObject $oField, $oRow)
{
$sName = $oField->getName();
$aResult = array("#name" => $this->getFieldInputName($sName), "#id" => $this->getFieldInputName($sName) . "_" . FlexiStringUtil::createRandomPassword(8), "#title" => $oField->label, "#required" => $oField->cannull == 1 ? false : true, "#default_value" => $oField->getPHPDefaultValue(), "#dbfield" => $sName, "#insert" => $oField->caninsert, "#update" => $oField->canupdate);
switch ($oField->type) {
case "string":
case "int":
case "tinyint":
case "smallint":
case "mediumint":
case "bigint":
case "money":
case "decimal":
case "double":
case "email":
$aResult["#type"] = "textfield.raw";
break;
case "html":
$aResult["#type"] = "html.raw";
break;
case "text":
$aResult["#type"] = "textarea.raw";
break;
case "select-text":
case "select-tinyint":
case "select-smallint":
case "select-bigint":
case "select-mediumint":
case "select-enum":
case "select-int":
case "select-char":
$aResult["#type"] = "select.raw";
$aResult["#options"] = $oField->getOptions();
break;
case "check-char":
case "check-varchar":
case "check-text":
$aResult["#type"] = "checkboxes.raw";
$aResult["#options"] = $oField->getOptions();
$aResult["#multiple"] = true;
break;
case "json":
$aResult["#type"] = "textarea.raw";
break;
case "date":
$aResult["#type"] = "date.raw";
break;
case "datetime":
$aResult["#type"] = "datetime.raw";
break;
case "timestamp":
case "timestamp-int":
$aResult["#type"] = "datetime.raw";
break;
case "monthyear":
$aResult["#type"] = "datemonthyear.raw";
break;
case "file-varchar":
case "file-text":
$aResult["#type"] = "file.raw";
$aResult["#savepath"] = $oField->savepath;
break;
case "image-varchar":
case "image-text":
$aResult["#type"] = "image.raw";
$aResult["#maximagewidth"] = $this->iMaxImageWidth;
$aResult["#savepath"] = $oField->savepath;
break;
case "multiimage-text":
$aResult["#type"] = "multiimage.raw";
$aResult["#maximagewidth"] = $this->iMaxImageWidth;
$aResult["#savepath"] = $oField->savepath;
$aResult["#uploadcount"] = $oField->uploadcount;
$aResult["#uploadseparator"] = $oField->uploadseparator;
break;
case "hidden":
$aResult["#type"] = "hidden.raw";
break;
case "html-tiny":
$aResult["#type"] = "html.raw";
break;
default:
throw new Exception("Unsupported type: " . $oField->type);
}
if (!empty($oField->formsize)) {
if (substr($oField->type, 0, 4) == "html" || substr($oField->type, 0, 4) == "text" || substr($oField->type, 0, 4) == "json") {
$aSize = explode(",", $oField->formsize);
$aResult["#cols"] = $aSize[0];
if (count($aSize) >= 2) {
$aResult["#rows"] = $aSize[1];
}
} else {
//default
$aResult["#size"] = $oField->formsize;
}
} else {
}
if (isset($oRow[$sName])) {
$sValue = $oRow[$sName];
switch ($oField->type) {
case "date":
case "datetime":
//dont need this as actual value is already hidden
if ($sValue == "0000-00-00" || $sValue == "0000-00-00 00:00:00") {
$sValue = "";
}
break;
case "timestamp":
if (empty($sValue)) {
$sValue = "";
} else {
$sValue = date("Y-m-d H:i:s", $sValue);
}
breal;
case "check-char":
case "check-varchar":
case "check-text":
$sValue = empty($sValue) ? array() : explode($oField->uploadseparator, $sValue);
break;
}
//switch
$aResult["#value"] = $sValue;
}
return $aResult;
}
public function preSave()
{
$this->Extend->verifycode = FlexiStringUtil::createRandomPassword(10);
$this->Extend->verified = 0;
}
/**
* Save upload file
* @param String $sFormName
* @param String $sMovePath: path to move, null for not moving,
* @param String $sPrefix : prefix of name
* @param String $sSuffix: suffix of name
* @param int $iRandomNameSize: length of random name to generate, 0 for using only $sPrefix+sSuffix as file name
* @return false / array("status:bool", "path:String", "size:number", "type(extension):String")
*/
public static function doUploadFile($sFormName, $sMovePath = "", $sPrefix = "", $sSuffix = "", $iRandomNameSize = 10)
{
if (!self::getIsUploaded($sFormName)) {
return array("status" => false);
}
$sTempFile = $_FILES[$sFormName]['tmp_name'];
$aInfo = pathinfo($_FILES[$sFormName]["name"]);
$aReturn = array("status" => false, "path" => $sTempFile, "size" => filesize($sTempFile), "type" => $aInfo["extension"]);
$aReturn["path"] = $sMovePath . "/" . $sPrefix . ($iRandomNameSize > 0 ? FlexiStringUtil::createRandomPassword($iRandomNameSize) : "") . $sSuffix . "." . $aInfo["extension"];
return self::_doUploadFile($sFormName, $aReturn["path"]);
}
