示例#1
0
 function buildControl($value, $mode, $fieldNum = 0, $validate, $additionalCtrlParams, $data)
 {
     parent::buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data);
     $disp = "";
     $strfilename = "";
     if ($mode == MODE_EDIT || $mode == MODE_INLINE_EDIT) {
         $value = db_stripslashesbinary($value);
         $itype = SupposeImageType($value);
         if ($itype) {
             if ($this->pageObject->pSetEdit->showThumbnail($this->field)) {
                 $disp = "<a target=_blank";
                 $disp .= " href=\"imager.php?table=" . GetTableURL($this->pageObject->tName) . "&" . $this->iquery . "&rndVal=" . rand(0, 32768) . "\" class='zoombox'>";
                 $disp .= "<img id=\"image_" . GoodFieldName($this->field) . "_" . $this->id . "\" name=\"" . $this->cfield . "\" border=0";
                 if ($this->is508) {
                     $disp .= " alt=\"Image from DB\"";
                 }
                 $disp .= " src=\"imager.php?table=" . GetTableURL($this->pageObject->tName) . "&field=" . rawurlencode($this->pageObject->pSetEdit->getStrThumbnail($this->field)) . "&alt=" . rawurlencode($this->field) . $this->keylink . "&rndVal=" . rand(0, 32768) . "\">";
                 $disp .= "</a>";
             } else {
                 $disp = '<img id="image_' . GoodFieldName($this->field) . '_' . $this->id . '" name="' . $this->cfield . '"';
                 if ($this->is508) {
                     $disp .= ' alt="Image from DB"';
                 }
                 $disp .= ' border=0 src="imager.php?table=' . GetTableURL($this->pageObject->tName) . '&' . $this->iquery . "&src=1&rndVal=" . rand(0, 32768) . '">';
             }
         } else {
             if (strlen($value)) {
                 $disp = '<img id="image_' . GoodFieldName($this->field) . '_' . $this->id . '" name="' . $this->cfield . '" border=0 ';
                 if ($this->is508) {
                     $disp .= ' alt="file"';
                 }
                 $disp .= ' src="images/file.gif">';
             } else {
                 $disp = '<img id="image_' . GoodFieldName($this->field) . '_' . $this->id . '" name="' . $this->cfield . '" border="0"';
                 if ($this->is508) {
                     $disp .= ' alt=" "';
                 }
                 $disp .= ' src="images/no_image.gif">';
             }
         }
         //	filename
         if ($this->format == EDIT_FORMAT_DATABASE_FILE && !$itype && strlen($value)) {
             if (!($filename = @$data[$this->pageObject->pSetEdit->getFilenameField($this->field)])) {
                 $filename = "file.bin";
             }
             $disp = '<a href="getfile.php?table=' . GetTableURL($this->pageObject->tName) . '&filename=' . htmlspecialchars($filename) . '&' . $this->iquery . '".>' . $disp . '</a>';
         }
         //	filename edit
         if ($this->format == EDIT_FORMAT_DATABASE_FILE && $this->pageObject->pSetEdit->getFilenameField($this->field)) {
             if (!($filename = @$data[$this->pageObject->pSetEdit->getFilenameField($this->field)])) {
                 $filename = "";
             }
             if ($mode == MODE_INLINE_EDIT) {
                 $strfilename = '<br><label for="filename_' . $this->cfieldname . '">' . "Filename" . '</label>&nbsp;&nbsp;<input type="text" ' . $this->inputStyle . ' id="filename_' . $this->cfieldname . '" name="filename_' . $this->cfieldname . '" size="20" maxlength="50" value="' . htmlspecialchars($filename) . '">';
             } else {
                 $strfilename = '<br><label for="filename_' . $this->cfieldname . '">' . "Filename" . '</label>&nbsp;&nbsp;<input type="text" ' . $this->inputStyle . ' id="filename_' . $this->cfieldname . '" name="filename_' . $this->cfieldname . '" size="20" maxlength="50" value="' . htmlspecialchars($filename) . '">';
             }
         }
         $strtype = '<br><input id="' . $this->ctype . '_keep" type="Radio" name="' . $this->ctype . '" value="file0" checked>' . "Keep";
         if (strlen($value) && !$this->pageObject->pSetEdit->isRequired($this->field)) {
             $strtype .= '<input id="' . $this->ctype . '_delete" type="Radio" name="' . $this->ctype . '" value="file1">' . "Delete";
         }
         $strtype .= '<input id="' . $this->ctype . '_update" type="Radio" name="' . $this->ctype . '" value="file2">' . "Update";
     } else {
         //	if Add mode
         $strtype = '<input id="' . $this->ctype . '" type="hidden" name="' . $this->ctype . '" value="file2">';
         if ($this->format == EDIT_FORMAT_DATABASE_FILE && $this->pageObject->pSetEdit->getFilenameField($this->field)) {
             $strfilename = '<br><label for="filename_' . $this->cfieldname . '">' . "Filename" . '</label>&nbsp;&nbsp;<input type="text" ' . $this->inputStyle . ' id="filename_' . $this->cfieldname . '" name="filename_' . $this->cfieldname . '" size="20" maxlength="50">';
         }
     }
     if ($mode == MODE_INLINE_EDIT && $this->format == EDIT_FORMAT_DATABASE_FILE) {
         $disp = "";
     }
     echo $disp . $strtype;
     if ($mode == MODE_EDIT || $mode == MODE_INLINE_EDIT) {
         echo '<br>';
     }
     echo '<input type="File" ' . $this->inputStyle . ' id="' . $this->cfield . '" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $this->is508 ? 'alt="' . $this->strLabel . '" ' : '') . ' name="' . $this->cfield . '" >' . $strfilename;
     echo '<input type="Hidden" id="notempty_' . $this->cfieldname . '" value="' . (strlen($value) ? 1 : 0) . '">';
     $this->buildControlEnd($validate);
 }
示例#2
0
function GetImageFromDB($gQuery, $forPDF = false, $params = array())
{
    global $conn;
    if (!$forPDF) {
        $table = postvalue("table");
        $strTableName = GetTableByShort($table);
        $settings = new ProjectSettings($strTableName);
        if (!checkTableName($table)) {
            return '';
        }
        //include("include/".$table."_variables.php");
        @ini_set("display_errors", "1");
        @ini_set("display_startup_errors", "1");
        if (!isLogged() || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) {
            header("Location: login.php");
            return;
        }
        $field = postvalue("field");
        if (!$settings->checkFieldPermissions($field)) {
            return DisplayNoImage();
        }
        //	construct sql
        $keysArr = $settings->getTableKeys();
        $keys = array();
        foreach ($keysArr as $ind => $k) {
            $keys[$k] = postvalue("key" . ($ind + 1));
        }
    } else {
        $table = @$params["table"];
        $strTableName = GetTableByShort($table);
        if (!checkTableName($table)) {
            exit(0);
        }
        $settings = new ProjectSettings($strTableName);
        $field = @$params["field"];
        //	construct sql
        $keysArr = $settings->getTableKeys();
        $keys = array();
        foreach ($keysArr as $ind => $k) {
            $keys[$k] = @$params["key" . ($ind + 1)];
        }
    }
    if (!$gQuery->HasGroupBy()) {
        // Do not select any fields except current (image) field.
        // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
        // Just don't do anything in that case.
        $gQuery->RemoveAllFieldsExcept($settings->getFieldIndex($field));
    }
    $where = KeyWhere($keys);
    $sql = $gQuery->gSQLWhere($where);
    $rs = db_query($sql, $conn);
    if ($forPDF) {
        if ($rs && ($data = db_fetch_array($rs))) {
            return $data[$field];
        }
    } else {
        if (!$rs || !($data = db_fetch_array($rs))) {
            return DisplayNoImage();
        }
        if (postvalue('src') == 1 && strlen($data[$field]) > 51200) {
            $value = myfile_get_contents('images/icons/jpg.png');
        } else {
            $value = db_stripslashesbinary($data[$field]);
        }
        if (!$value) {
            if (postvalue("alt")) {
                $value = db_stripslashesbinary($data[postvalue("alt")]);
                if (!$value) {
                    return DisplayNoImage();
                }
            } else {
                return DisplayNoImage();
            }
        }
        $itype = SupposeImageType($value);
        if (!$itype) {
            return DisplayFile();
        }
        if (!isset($pdf)) {
            header("Content-Type: " . $itype);
            header("Cache-Control: private");
            SendContentLength(strlen_bin($value));
        }
        echoBinary($value);
        return '';
    }
}
示例#3
0
     } else {
         $keys[$tKeys[$i]] = postvalue("key" . ($i + 1));
     }
 }
 $strWhereClause = KeyWhere($keys);
 $queryObj = $pSet->getQueryObject();
 if ($queryObj->HasGroupBy()) {
     // Do not select any fields except current (file) field.
     // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
     // Just don't do anything in that case.
     $queryObj->RemoveAllFieldsExcept($pSet->getFieldIndex($field));
 }
 $rs = db_query($queryObj->gSQLWhere($strWhereClause), $conn);
 if ($isDBFile) {
     if ($rs && ($data = db_fetch_array($rs))) {
         $value = db_stripslashesbinary($data[$field]);
     }
 } else {
     $cipherer = new RunnerCipherer($strTableName, $pSet);
     $row = $cipherer->DecryptFetchedArray($rs);
     if (!is_null($row)) {
         $filesArray = my_json_decode($row[$field]);
         if (!is_array($filesArray) || count($filesArray) == 0) {
             if ($row[$field] == "") {
                 $filesArray = array();
             } else {
                 $uploadedFile = $upload_handler->get_file_object($row[$field]);
                 if (is_null($uploadedFile)) {
                     $filesArray = array();
                 } else {
                     $filesArray = array(my_json_decode(my_json_encode($uploadedFile)));
示例#4
0
		else
			$value=0;
		$strkeywhere.=$value;
	}
}

$strSQL = $rpt_array['sql'] . " WHERE ". $strkeywhere;

$rs = db_query($strSQL,$conn);


if(!$rs || !($data=db_fetch_array($rs)))
  return DisplayNoImage();


$value=db_stripslashesbinary($data[GoodFieldName($table.".".$field)]);
if(!$value)
{
	return DisplayNoImage();
}

$itype=SupposeImageType($value);
if($itype)
	header("Content-Type: ".$itype);
else
	return DisplayFile();
echoBinary($value);
return;


?>
function BuildEditControl($field, $value, $format, $edit, $fieldNum = 0, $id = "", $validate, $additionalCtrlParams, &$pageObj)
{
    global $rs, $data, $strTableName, $filenamelist, $keys, $locale_info, $jscode;
    $inputStyle = 'style="';
    $inputStyle .= $additionalCtrlParams['style'] ? $additionalCtrlParams['style'] : '';
    //$inputStyle .= ($additionalCtrlParams['hidden'] ? 'display: none;' : '');
    $inputStyle .= '"';
    $cfieldname = GoodFieldName($field) . "_" . $id;
    $cfield = "value_" . GoodFieldName($field) . "_" . $id;
    $ctype = "type_" . GoodFieldName($field) . "_" . $id;
    $is508 = isEnableSection508();
    $strLabel = Label($field);
    if ($fieldNum) {
        $cfield = "value" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id;
        $ctype = "type" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id;
    }
    $type = GetFieldType($field);
    $arr = "";
    $iquery = "field=" . rawurlencode($field);
    $keylink = "";
    $arrKeys = GetTableKeys($strTableName);
    for ($j = 0; $j < count($arrKeys); $j++) {
        $keylink .= "&key" . ($j + 1) . "=" . rawurlencode($data[$arrKeys[$j]]);
    }
    $iquery .= $keylink;
    $isHidden = isset($additionalCtrlParams['hidden']) && $additionalCtrlParams['hidden'];
    echo '<span id="edit' . $id . '_' . GoodFieldName($field) . '_' . $fieldNum . '" class="runner-nowrap"' . ($isHidden ? ' style="display:none"' : '') . '">';
    if ($format == EDIT_FORMAT_FILE && $edit == MODE_SEARCH) {
        $format = "";
    }
    if ($format == EDIT_FORMAT_TEXT_FIELD) {
        if (IsDateFieldType($type)) {
            echo '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="date' . EDIT_DATE_SIMPLE . '">' . GetDateEdit($field, $value, 0, $fieldNum, $edit, $id, $pageObj);
        } else {
            if ($edit == MODE_SEARCH) {
                echo '<input id="' . $cfield . '" ' . $inputStyle . ' type="text" autocomplete="off" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($value) . '">';
            } else {
                echo '<input id="' . $cfield . '" ' . $inputStyle . ' type="text" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($value) . '">';
            }
        }
    } else {
        if ($format == EDIT_FORMAT_TIME) {
            echo '<input id="' . $ctype . '" ' . $inputStyle . ' type="hidden" name="' . $ctype . '" value="time">';
            $arr_number = parsenumbers((string) $value);
            if (count($arr_number) == 6) {
                $value = mysprintf("%d:%02d:%02d", array($arr_number[3], $arr_number[4], $arr_number[5]));
            }
            $timeAttrs = GetFieldData($strTableName, $field, "FormatTimeAttrs", array());
            if (count($timeAttrs)) {
                if ($timeAttrs["useTimePicker"]) {
                    $convention = $timeAttrs["hours"];
                    $loc = getLacaleAmPmForTimePicker($convention, true);
                    $tpVal = getValForTimePicker($type, $value, $loc['locale']);
                    echo '<input type="text" ' . $inputStyle . ' name="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'id="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($tpVal['val']) . '">';
                    echo '&nbsp;';
                    echo '<img class="runner-imgclock" src="images/clock.gif" alt="Time" border="0" style="margin:4px 0 0 6px; visibility: hidden;" id="trigger-test-' . $cfield . '" />';
                } else {
                    echo '<input id="' . $cfield . '" ' . $inputStyle . ' type="text" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($value) . '">';
                }
            }
        } else {
            if ($format == EDIT_FORMAT_TEXT_AREA) {
                $nWidth = GetNCols($field);
                $nHeight = GetNRows($field);
                if (UseRTE($field)) {
                    $value = RTESafe($value);
                } else {
                    echo '<textarea id="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" style="';
                    if (!isMobile()) {
                        echo "width: " . $nWidth . "px;";
                    }
                    echo 'height: ' . $nHeight . 'px;">' . htmlspecialchars($value) . '</textarea>';
                }
            } else {
                if ($format == EDIT_FORMAT_PASSWORD) {
                    echo '<input ' . $inputStyle . ' id="' . $cfield . '" type="Password" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . GetEditParams($field) . ' value="' . htmlspecialchars($value) . '">';
                } else {
                    if ($format == EDIT_FORMAT_DATE) {
                        echo '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="date' . DateEditType($field) . '">' . GetDateEdit($field, $value, DateEditType($field), $fieldNum, $edit, $id, $pageObj);
                    } else {
                        if ($format == EDIT_FORMAT_RADIO) {
                            BuildRadioControl($field, $value, $fieldNum, $id, $edit);
                        } else {
                            if ($format == EDIT_FORMAT_CHECKBOX) {
                                if ($edit == MODE_ADD || $edit == MODE_INLINE_ADD || $edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) {
                                    $checked = "";
                                    if ($value && $value != 0) {
                                        $checked = " checked";
                                    }
                                    echo '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="checkbox">';
                                    echo '<input id="' . $cfield . '" type="Checkbox" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '" ' . $checked . '>';
                                } else {
                                    echo '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="checkbox">';
                                    echo '<select id="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . '">';
                                    $val = array("", "on", "off");
                                    $show = array("", "True", "False");
                                    foreach ($val as $i => $v) {
                                        $sel = "";
                                        if ($value === $v) {
                                            $sel = " selected";
                                        }
                                        echo '<option value="' . $v . '"' . $sel . '>' . $show[$i] . '</option>';
                                    }
                                    echo "</select>";
                                }
                            } else {
                                if ($format == EDIT_FORMAT_DATABASE_IMAGE || $format == EDIT_FORMAT_DATABASE_FILE) {
                                    $disp = "";
                                    $strfilename = "";
                                    //$onchangefile="";
                                    if ($edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) {
                                        $value = db_stripslashesbinary($value);
                                        $itype = SupposeImageType($value);
                                        $thumbnailed = false;
                                        $thumbfield = "";
                                        if ($itype) {
                                            if ($thumbnailed) {
                                                $disp = "<a ";
                                                if (IsUseiBox($field, $strTableName)) {
                                                    $disp .= " rel='ibox'";
                                                } else {
                                                    $disp .= " target=_blank";
                                                }
                                                $disp .= " href=\"imager.php?table=" . GetTableURL($strTableName) . "&" . $iquery . "&rndVal=" . rand(0, 32768) . "\">";
                                                $disp .= "<img id=\"image_" . GoodFieldName($field) . "_" . $id . "\" name=\"" . $cfield . "\" border=0";
                                                if (isEnableSection508()) {
                                                    $disp .= " alt=\"Image from DB\"";
                                                }
                                                $disp .= " src=\"imager.php?table=" . GetTableURL($strTableName) . "&field=" . rawurlencode($thumbfield) . "&alt=" . rawurlencode($field) . $keylink . "&rndVal=" . rand(0, 32768) . "\">";
                                                $disp .= "</a>";
                                            } else {
                                                $disp = '<img id="image_' . GoodFieldName($field) . '_' . $id . '" name="' . $cfield . '"';
                                                if (isEnableSection508()) {
                                                    $disp .= ' alt="Image from DB"';
                                                }
                                                $disp .= ' border=0 src="imager.php?table=' . GetTableURL($strTableName) . '&' . $iquery . "&rndVal=" . rand(0, 32768) . '">';
                                            }
                                        } else {
                                            if (strlen($value)) {
                                                $disp = '<img id="image_' . GoodFieldName($field) . '_' . $id . '" name="' . $cfield . '" border=0 ';
                                                if (isEnableSection508()) {
                                                    $disp .= ' alt="file"';
                                                }
                                                $disp .= ' src="images/file.gif">';
                                            } else {
                                                $disp = '<img id="image_' . GoodFieldName($field) . '_' . $id . '" name="' . $cfield . '" border="0"';
                                                if (isEnableSection508()) {
                                                    $disp .= ' alt=" "';
                                                }
                                                $disp .= ' src="images/no_image.gif">';
                                            }
                                        }
                                        //	filename
                                        if ($format == EDIT_FORMAT_DATABASE_FILE && !$itype && strlen($value)) {
                                            if (!($filename = @$data[GetFilenameField($field)])) {
                                                $filename = "file.bin";
                                            }
                                            $disp = '<a href="getfile.php?table=' . GetTableURL($strTableName) . '&filename=' . htmlspecialchars($filename) . '&' . $iquery . '".>' . $disp . '</a>';
                                        }
                                        //	filename edit
                                        if ($format == EDIT_FORMAT_DATABASE_FILE && GetFilenameField($field)) {
                                            if (!($filename = @$data[GetFilenameField($field)])) {
                                                $filename = "";
                                            }
                                            if ($edit == MODE_INLINE_EDIT) {
                                                $strfilename = '<br><label for="filename_' . $cfieldname . '">' . mlang_message("FILENAME") . '</label>&nbsp;&nbsp;<input type="text" ' . $inputStyle . ' id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="20" maxlength="50" value="' . htmlspecialchars($filename) . '">';
                                            } else {
                                                $strfilename = '<br><label for="filename_' . $cfieldname . '">' . mlang_message("FILENAME") . '</label>&nbsp;&nbsp;<input type="text" ' . $inputStyle . ' id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="20" maxlength="50" value="' . htmlspecialchars($filename) . '">';
                                            }
                                        }
                                        $strtype = '<br><input id="' . $ctype . '_keep" type="Radio" name="' . $ctype . '" value="file0" checked>' . mlang_message("KEEP");
                                        if ((strlen($value) || $edit == MODE_INLINE_EDIT) && !IsRequired($field)) {
                                            $strtype .= '<input id="' . $ctype . '_delete" type="Radio" name="' . $ctype . '" value="file1">' . mlang_message("DELETE");
                                        }
                                        $strtype .= '<input id="' . $ctype . '_update" type="Radio" name="' . $ctype . '" value="file2">' . mlang_message("UPDATE");
                                    } else {
                                        //	if Add mode
                                        $strtype = '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="file2">';
                                        if ($format == EDIT_FORMAT_DATABASE_FILE && GetFilenameField($field)) {
                                            $strfilename = '<br><label for="filename_' . $cfieldname . '">' . mlang_message("FILENAME") . '</label>&nbsp;&nbsp;<input type="text" ' . $inputStyle . ' id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="20" maxlength="50">';
                                        }
                                    }
                                    if ($edit == MODE_INLINE_EDIT && $format == EDIT_FORMAT_DATABASE_FILE) {
                                        $disp = "";
                                    }
                                    echo $disp . $strtype;
                                    if ($edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) {
                                        echo '<br>';
                                    }
                                    echo '<input type="File" ' . $inputStyle . ' id="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . ' name="' . $cfield . '" >' . $strfilename;
                                    echo '<input type="Hidden" id="notempty_' . $cfieldname . '" value="' . (strlen($value) ? 1 : 0) . '">';
                                } else {
                                    if ($format == EDIT_FORMAT_LOOKUP_WIZARD) {
                                        BuildSelectControl($field, $value, $fieldNum, $edit, $id, $additionalCtrlParams, $pageObj);
                                    } else {
                                        if ($format == EDIT_FORMAT_HIDDEN) {
                                            echo '<input id="' . $cfield . '" type="Hidden" name="' . $cfield . '" value="' . htmlspecialchars($value) . '">';
                                        } else {
                                            if ($format == EDIT_FORMAT_READONLY) {
                                                echo '<input id="' . $cfield . '" type="Hidden" name="' . $cfield . '" value="' . htmlspecialchars($value) . '">';
                                            } else {
                                                if ($format == EDIT_FORMAT_FILE) {
                                                    $disp = "";
                                                    $strfilename = "";
                                                    $function = "";
                                                    if ($edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) {
                                                        //	show current file
                                                        if (ViewFormat($field) == FORMAT_FILE || ViewFormat($field) == FORMAT_FILE_IMAGE) {
                                                            $disp = GetData($data, $field, ViewFormat($field)) . "<br>";
                                                        }
                                                        $filename = $value;
                                                        //	filename edit
                                                        $filename_size = 30;
                                                        if (UseTimestamp($field)) {
                                                            $filename_size = 50;
                                                        }
                                                        $strfilename = '<input type=hidden name="filenameHidden_' . $cfieldname . '" value="' . htmlspecialchars($filename) . '"><br>' . mlang_message("FILENAME") . '&nbsp;&nbsp;<input type="text" style="background-color:gainsboro" disabled id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="' . $filename_size . '" maxlength="100" value="' . htmlspecialchars($filename) . '">';
                                                        if ($edit == MODE_INLINE_EDIT) {
                                                            $strtype = '<br><input id="' . $ctype . '_keep" type="Radio" name="' . $ctype . '" value="upload0" checked class="runner-uploadtype">' . mlang_message("KEEP");
                                                        } else {
                                                            $strtype = '<br><input id="' . $ctype . '_keep" type="Radio" name="' . $ctype . '" value="upload0" checked class="runner-uploadtype">' . mlang_message("KEEP");
                                                        }
                                                        if ((strlen($value) || $edit == MODE_INLINE_EDIT) && !IsRequired($field)) {
                                                            $strtype .= '<input id="' . $ctype . '_delete" type="Radio" name="' . $ctype . '" value="upload1" class="runner-uploadtype">' . mlang_message("DELETE");
                                                        }
                                                        $strtype .= '<input id="' . $ctype . '_update" type="Radio" name="' . $ctype . '" value="upload2" class="runner-uploadtype">' . mlang_message("UPDATE");
                                                    } else {
                                                        //	if Adding record
                                                        $filename_size = 30;
                                                        if (UseTimestamp($field)) {
                                                            $filename_size = 50;
                                                        }
                                                        $strtype = '<input id="' . $ctype . '" type="hidden" name="' . $ctype . '" value="upload2">';
                                                        $strfilename = '<br>' . mlang_message("FILENAME") . '&nbsp;&nbsp;<input type="text" id="filename_' . $cfieldname . '" name="filename_' . $cfieldname . '" size="' . $filename_size . '" maxlength="100">';
                                                    }
                                                    echo $disp . $strtype . $function;
                                                    if ($edit == MODE_EDIT || $edit == MODE_INLINE_EDIT) {
                                                        echo '<br>';
                                                    }
                                                    echo '<input type="File" id="' . $cfield . '" ' . (($edit == MODE_INLINE_EDIT || $edit == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . ' name="' . $cfield . '" >' . $strfilename;
                                                    echo '<input type="Hidden" id="notempty_' . $cfieldname . '" value="' . (strlen($value) ? 1 : 0) . '">';
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    if (count($validate['basicValidate']) && array_search('IsRequired', $validate['basicValidate']) !== false) {
        echo '&nbsp;<font color="red">*</font></span>';
    } else {
        echo '</span>';
    }
}
示例#6
0
 public function get()
 {
     $file_name = isset($_REQUEST['file']) ? basename(db_stripslashesbinary($_REQUEST['file']), "") : null;
     if ($file_name) {
         $info = $this->get_file_object($file_name);
     } else {
         $info = $this->get_file_objects();
     }
     header('Content-type: application/json');
     echo my_json_encode($info);
 }
示例#7
0
function trim_file_name($name, $type, $index, $obj)
{
    // Remove path information and dots around the filename, to prevent uploading
    // into different directories or replacing hidden system files.
    // Also remove control characters and spaces (\x00..\x20) around the filename:
    $file_name = trim(basename(db_stripslashesbinary($name), ""));
    // Add missing file extension for known image types:
    if (strpos($file_name, '.') === false && preg_match('/^image\\/(gif|jpe?g|png)/', $type, $matches)) {
        $file_name .= '.' . $matches[1];
    }
    while (isset($_SESSION["mupload_" . $obj->formStamp][$file_name])) {
        $file_name = upcount_name($file_name);
    }
    return $file_name;
}