function prepDataForWrite($element, $ele, $entry_id = null, $subformBlankCounter = null) { global $myts; if (!$myts) { $myts =& MyTextSanitizer::getInstance(); } $ele_type = $element->getVar('ele_type'); $ele_value = $element->getVar('ele_value'); $ele_id = $element->getVar('ele_id'); switch ($ele_type) { case 'text': // if $ele_value[3] is 1 (default is 0) then treat this as a numerical field if ($ele_value[3] and $ele != "{ID}" and $ele != "{SEQUENCE}") { $value = ereg_replace('[^0-9.-]+', '', $ele); } else { $value = $ele; } if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = $myts->htmlSpecialChars($value); break; case 'textarea': $value = $ele; if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = $myts->htmlSpecialChars($value); break; case 'areamodif': $value = $myts->stripSlashesGPC($ele); break; case 'radio': $value = ''; $opt_count = 1; while ($v = each($ele_value)) { if ($opt_count == $ele) { $otherValue = checkOther($v['key'], $ele_id, $entry_id, $subformBlankCounter); if ($otherValue !== false) { if ($subformBlankCounter !== null) { $GLOBALS['formulize_other'][$ele_id]['blanks'][$subformBlankCounter] = $otherValue; } else { $GLOBALS['formulize_other'][$ele_id][$entry_id] = $otherValue; } } $msg .= $myts->stripSlashesGPC($v['key']) . '<br>'; if (get_magic_quotes_gpc()) { $v['key'] = stripslashes($v['key']); } $v['key'] = $myts->htmlSpecialChars($v['key']); $value = $v['key']; } $opt_count++; } // if a value was received that was out of range if ($ele >= $opt_count) { // get the out of range value from the hidden values that were passed back $value = $myts->htmlSpecialChars($_POST['formulize_hoorv_' . $ele_id . '_' . $ele]); } break; case 'yn': $value = $ele; break; case 'checkbox': $value = ''; $opt_count = 1; $numberOfSelectionsFound = 0; while ($v = each($ele_value)) { // it's always an array, right?! if (is_array($ele)) { if (in_array($opt_count, $ele)) { $numberOfSelectionsFound++; $otherValue = checkOther($v['key'], $ele_id, $entry_id, $subformBlankCounter); if ($otherValue !== false) { if ($subformBlankCounter !== null) { $GLOBALS['formulize_other'][$ele_id]['blanks'][$subformBlankCounter] = $otherValue; } else { $GLOBALS['formulize_other'][$ele_id][$entry_id] = $otherValue; } } if (get_magic_quotes_gpc()) { $v['key'] = stripslashes($v['key']); } $v['key'] = $myts->htmlSpecialChars($v['key']); $value = $value . '*=+*:' . $v['key']; } $opt_count++; } } // if a value was received that was out of range. in this case we are assuming that if there are more values passed back than selections found in the valid options for the element, then there are out-of-range values we want to preserve while ($numberOfSelectionsFound < count($ele) and $opt_count < 1000) { // keep looking for more values. get them out of the hiddenOutOfRange info if (in_array($opt_count, $ele)) { $value = $value . '*=+*:' . $myts->htmlSpecialChars($_POST['formulize_hoorv_' . $ele_id . '_' . $opt_count]); $numberOfSelectionsFound++; } $opt_count++; } break; case 'select': // handle the new possible default value -- sept 7 2007 if ($ele_value[0] == 1 and $ele == "none") { // none is the flag for the "Choose an option" default value $value = "{WRITEASNULL}"; // this flag is used to terminate processing of this value break; } if (is_string($ele) and substr($ele, 0, 9) == "newvalue:") { // need to add a new entry to the underlying source form if this is a link // need to add an option to the option list for the element list, if this is not a link. // check for the value first, in case we are handling a series of quick ajax requests for new elements, in which a new value is being sent with all of them. We don't want to write the new value once per request! $newValue = substr($ele, 9); if ($element->isLinked) { $boxproperties = explode("#*=:*", $ele_value[2]); $sourceHandle = $boxproperties[1]; $dataHandler = new formulizeDataHandler($boxproperties[0]); // 0 key is the source fid $newEntryId = $dataHandler->findFirstEntryWithValue($sourceHandle, $newValue); // check if this value has been written already, if so, use that ID if (!$newEntryId) { $newEntryId = formulize_writeEntry(array($sourceHandle => $newValue)); } $value = $newEntryId; } else { $value = $newValue; $element_handler = xoops_getmodulehandler('elements', 'formulize'); if (!isset($ele_value[2][$newValue])) { $ele_value[2][$newValue] = 0; // create new key in ele_value[2] for this new option, set to 0 to indicate it's not selected by default in new entries $element->setVar('ele_value', $ele_value); $element_handler->insert($element); } } break; } // section to handle linked select boxes differently from others $ele_value_from_object = $element->getVar('ele_value'); // if we've got a formlink, then handle it here if (is_string($ele_value_from_object[2]) and strstr($ele_value_from_object[2], "#*=:*")) { if (is_array($ele)) { $startWhatWasSelected = true; foreach ($ele as $whatwasselected) { if (!is_numeric($whatwasselected)) { continue; } if ($startWhatWasSelected) { $value = ","; $startWhatWasSelected = false; } $value .= $whatwasselected . ","; } } elseif (is_numeric($ele)) { $value = $ele; } else { $value = ""; } break; } else { $value = ''; // The following code block is a replacement for the previous method for reading a select box which didn't work reliably -- jwe 7/26/04 $temparraykeys = array_keys($ele_value[2]); // ADDED June 18 2005 to handle pulling in usernames for the user's group(s) -- updated for real live use September 6 2006 if ($temparraykeys[0] === "{FULLNAMES}" or $temparraykeys[0] === "{USERNAMES}") { if (is_array($ele)) { $value = ""; foreach ($ele as $auid) { $value .= "*=+*:" . $auid; } } else { $value = $ele; } break; } // THIS REALLY OLD CODE IS HARD TO READ. HERE'S A GLOSS // ele_value[2] is all the options that make up this element. The values passed back from the form will be numbers indicating which value was selected. First value is 0 for a multi-selection box, and 1 for a single selection box. // Subsequent values are one number higher and so on all the way to the end. Five values in a multiple selection box, the numbers are 0, 1, 2, 3, 4. // masterentlistjwe and entrycounterjwe will be the same!! There's these array_keys calls here, which result basically in a list of numbers being created, keysPassedBack, and that list is going to start at 0 and go up to whatever the last value is. It always starts at zero, even if the list is a single selection list. entrycounterjwe will also always start at zero. // After that, we basically just loop through all the possible places, 0 through n, that the user might have selected, and we check if they did. // The check lines are if ($whattheuserselected == $masterentlistjwe) and $ele == ($masterentlistjwe+1). note the +1 to make this work for single selection boxes where the numbers start at 1 instead of 0. // This is all further complicated by the fact that we're grabbing values from $entriesPassedBack, which is just the list of options in the form, so that we can populate the ultimate $value that is going to be written to the database. $entriesPassedBack = array_keys($ele_value[2]); $keysPassedBack = array_keys($entriesPassedBack); $entrycounterjwe = 0; $numberOfSelectionsFound = 0; foreach ($keysPassedBack as $masterentlistjwe) { if (is_array($ele)) { if (in_array($masterentlistjwe, $ele)) { if (get_magic_quotes_gpc()) { $entriesPassedBack[$entrycounterjwe] = stripslashes($entriesPassedBack[$entrycounterjwe]); } $entriesPassedBack[$entrycounterjwe] = $myts->htmlSpecialChars($entriesPassedBack[$entrycounterjwe]); $value = $value . "*=+*:" . $entriesPassedBack[$entrycounterjwe]; $numberOfSelectionsFound++; } $entrycounterjwe++; } else { // plus 1 because single entry select boxes start their option lists at 1. if ($ele == $masterentlistjwe + 1) { if (get_magic_quotes_gpc()) { $entriesPassedBack[$entrycounterjwe] = stripslashes($entriesPassedBack[$entrycounterjwe]); } $entriesPassedBack[$entrycounterjwe] = $myts->htmlSpecialChars($entriesPassedBack[$entrycounterjwe]); $value = $entriesPassedBack[$entrycounterjwe]; } $entrycounterjwe++; } } // handle out of range values that are in the DB, added March 2 2008 by jwe if (is_array($ele)) { // if a value was received that was out of range. in this case we are assuming that if there are more values passed back than selections found in the valid options for the element, then there are out-of-range values we want to preserve while ($numberOfSelectionsFound < count($ele) and $entrycounterjwe < 1000) { // keep looking for more values. get them out of the hiddenOutOfRange info if (in_array($entrycounterjwe, $ele)) { $value = $value . '*=+*:' . $myts->htmlSpecialChars($_POST['formulize_hoorv_' . $ele_id . '_' . $entrycounterjwe]); $numberOfSelectionsFound++; } $entrycounterjwe++; } } else { // if a value was received that was out of range. added by jwe March 2 2008 (note that unlike with radio buttons, we need to check only for greater than, due to the +1 (starting at 1) that happens with single option selectboxes if ($ele > $entrycounterjwe) { // get the out of range value from the hidden values that were passed back $value = $myts->htmlSpecialChars($_POST['formulize_hoorv_' . $ele_id . '_' . $ele]); } } } // end of if that checks for a linked select box. break; case 'date': $timestamp = strtotime($ele); if ($ele != _DATE_DEFAULT and $ele != "" and $timestamp !== false) { // $timestamp !== false should catch everything by itself? under some circumstance not yet figured out, the other checks could be useful? $ele = date("Y-m-d", $timestamp); } else { $ele = "{WRITEASNULL}"; // forget about this date element and go on to the next element in the form } $value = '' . $ele; break; case 'sep': $value = $myts->stripSlashesGPC($ele); break; case 'colorpick': $value = $ele; break; default: if (file_exists(XOOPS_ROOT_PATH . "/modules/formulize/class/" . $ele_type . "Element.php")) { $customTypeHandler = xoops_getmodulehandler($ele_type . "Element", 'formulize'); $value = $customTypeHandler->prepareDataForSaving($ele, $element); } } return $value; }
function prepareDataForSaving($value, $element) { global $myts; $myts =& MyTextSanitizer::getInstance(); $ele_value = $element->getVar('ele_value'); $ele_id = $element->getVar('ele_id'); $ele = $value; $value = ''; $opt_count = 1; $numberOfSelectionsFound = 0; while ($v = each($ele_value)) { if (is_array($ele)) { // it's always an array...right?! if (in_array($opt_count, $ele)) { $numberOfSelectionsFound++; $GLOBALS['formulize_other'][$ele_id] = checkOther($v['key'], $ele_id); if (get_magic_quotes_gpc()) { $v['key'] = stripslashes($v['key']); } $v['key'] = $myts->htmlSpecialChars($v['key']); $value = $value . '*=+*:' . $v['key']; } } $opt_count++; } while ($numberOfSelectionsFound < count($ele) and $opt_count < 1000) { // if a value was received that was out of range...added by jwe March 2 2008...in this case we are assuming that if there are more values passed back than selections found in the valid options for the element, then there are out-of-range values we want to preserve if (in_array($opt_count, $ele)) { // keep looking for more values...get them out of the hiddenOutOfRange info $value = $value . '*=+*:' . $myts->htmlSpecialChars($_POST['formulize_hoorv_' . $ele_id . '_' . $opt_count]); $numberOfSelectionsFound++; } $opt_count++; } return formulize_db_escape($value); // strictly speaking, formulize will already escape all values it writes to the database, but it's always a good habit to never trust what the user is sending you! }
function prepareDataForSaving($value, $element) { global $myts; $myts =& MyTextSanitizer::getInstance(); $ele_value = $element->getVar('ele_value'); $ele_id = $element->getVar('ele_id'); $ele = $value; $value = ''; $opt_count = 1; while ($v = each($ele_value)) { if ($opt_count == $ele) { $GLOBALS['formulize_other'][$ele_id] = checkOther($v['key'], $ele_id); $msg .= $myts->stripSlashesGPC($v['key']) . '<br>'; if (get_magic_quotes_gpc()) { $v['key'] = stripslashes($v['key']); } $v['key'] = $myts->htmlSpecialChars($v['key']); $value = $v['key']; } $opt_count++; } if ($ele >= $opt_count) { // if a value was received that was out of range...added by jwe March 2 2008 $value = $myts->htmlSpecialChars($_POST['formulize_hoorv_' . $ele_id . '_' . $ele]); // get the out of range value from the hidden values that were passed back } return formulize_db_escape($value); // strictly speaking, formulize will already escape all values it writes to the database, but it's always a good habit to never trust what the user is sending you! }