public function build($obj_build_exclude = array()) { global $APP; global $hf_parameters_given; parent::build($obj_build_exclude); $this->obj_hfp_vcs = array(); $hfp_vcs = new hfp_vcs(); $all_constraints = $hfp_vcs->get_from_hashrange($this->id); if (is_array($all_constraints)) { foreach ($all_constraints as $each_constraint) { $a_hfp_vcs = new hfp_vcs(); $a_hfp_vcs->set($each_constraint); $a_hfp_vcs->build(); $this->obj_hfp_vcs[] = $a_hfp_vcs; } } $hfp_name = $this->parameter_name; // hf parameter given $_POSTGET = array(); foreach ($_GET as $GK => $GV) { $_POSTGET[$GK] = $GV; } foreach ($_POST as $PK => $PV) { $_POSTGET[$PK] = $PV; } if (isset($_POSTGET[$hfp_name]) && intval($this->int_immutable) == 0) { if (intval($this->int_preserve_encode) == 0) { $this->value = $_POSTGET[$hfp_name]; } else { if (urlencode($_POSTGET[$hfp_name]) != $_POSTGET[$hfp_name]) { $this->value = urlencode($_POSTGET[$hfp_name]); } else { $this->value = $_POSTGET[$hfp_name]; } } $hf_parameters_given = true; $mode_short = false; } else { // hf parameter value not given // or hf parameter is immutable (will always have default value) // only in edit mode, does "user id" make any sense :( if (false) { $this->value = "123"; } else { $default_value = $this->obj_default_value->body; $this->value = $default_value; if (intval($this->int_preserve_encode) == 0) { $this->value = urldecode($default_value); } else { $this->value = $default_value; } } } // hf parameter given in arguments if (is_secret($this->keyword)) { $this->printable_value = "*****"; } else { $this->printable_value = $this->value; } // get value constraints $parameter_constraints = $this->obj_hfp_vcs; $validated_value = ""; if (count($parameter_constraints) > 0) { if (isset($this->value)) { $fstr = "" . $this->value . ""; if (strlen($fstr) > 0) { for ($fstri = 0; $fstri < strlen($fstr); $fstri++) { $character = substr($fstr, $fstri, 1); $bMatch = false; $bEnforceRules = false; if (is_array($parameter_constraints)) { foreach ($parameter_constraints as $parameter_constraint) { // 1 allow alphanumeric // 2 allow spaces // 3 allow numbers // 4 allow alphabetic characters // 5 allow the following special characters: if ($parameter_constraint->id_constraint_type == "allow-alphanum") { $bEnforceRules = true; // allow alphanumeric if (ctype_alnum($character)) { $bMatch = true; } else { $bMatch = false; } } else { if ($parameter_constraint->id_constraint_type == 'allow-space') { $bEnforceRules = true; // allow spaces if ($character == " ") { $bMatch = true; } } else { if ($parameter_constraint->id_constraint_type == 'allow-num') { $bEnforceRules = true; // allow numbers if (is_numeric($character)) { $bMatch = true; } } else { if ($parameter_constraint->id_constraint_type == 'allow-alpha') { $bEnforceRules = true; // allow alphabetic if (ctype_alpha($character)) { $bMatch = true; } } else { if ($parameter_constraint->id_constraint_type == 'allow-special') { $bEnforceRules = true; // allow the following characters $ctxt = $parameter_constraint->obj_constraint_text->body; for ($i = 0; $i < strlen($ctxt); $i++) { $ctxc = substr($ctxt, $i, 1); if ($character == $ctxc) { $bMatch = true; break; } } } } } } } if ($bMatch) { break; } } // end foreach (each constraint on parameter) } // end if (is array) if ($bMatch || !$bEnforceRules) { $validated_value = $validated_value . $character; } } // foreach (each character in value) $this->value = $validated_value; } // end if (string longer than 0 length) } // end if (hf parameter value isset) } else { $validated_value = $this->value; } $bMatches = true; if (is_array($parameter_constraints)) { foreach ($parameter_constraints as $parameter_constraint) { // 5 disallowed string // 6 must match regular expression if ($parameter_constraint->id_constraint_type == 'disallowed-str') { // 5 disallowed string if (strpos($validated_value, $parameter_constraint->obj_constraint_text->body) !== false) { $bMatches = false; } } else { if ($parameter_constraint->id_constraint_type == 'match-regex') { // 6 must match regular expression if (preg_match($parameter_constraint->obj_constraint_text->body, $validated_value) == 0) { $bMatches = false; } } } // end if (constraint type) if (!$bMatches) { break; } } // foreach (parameter constraint) } // end if (count param constraints) if (!$bMatches) { // hf parameter value not given // only in edit mode does "user id" make any sense :( if (false) { $this->value = "123"; } else { if (intval($this->int_preserve_encode) == 0) { $this->value = urldecode($this->obj_default_value->body); } else { $this->value = $this->obj_default_value->body; } } } // end if (constraint types 5 or 6 failed validation) - restore default values }
echo "</b>"; echo "<input{$readonly_flag} type='text' name='parameter_name' value='" . htmlspecialchars($hf_parameter->parameter_name) . "' style='background-color:" . rcolor() . ";width:400;'/>"; echo "<ul>"; echo getTranslation("Keyword", $settings); echo "<textarea{$readonly_flag} type='text' name='keyword' rows='1' style='background-color:" . rcolor() . ";width:400;'/>" . str_replace("<", "<", $hf_parameter->keyword) . "</textarea>"; echo getTranslation("Default Value", $settings); if (intval($hf_parameter->int_preserve_encode) == 0) { echo "<br/>"; echo "(<a href='url.php' target='_new'>urlencode()</a>'d, " . getTranslation("please", $settings) . ")"; } if ($printed_def != urldecode($printed_def)) { echo " "; echo getTranslation("Value Given", $settings); echo ": "; } if (is_secret($hf_parameter->keyword)) { echo "<input type='password' {$readonly_flag} name='str_default_value' style='background-color:" . rcolor() . ";width:400;' rows='1' value='" . htmlspecialchars($hf_parameter->value, ENT_QUOTES) . "'/>"; } else { echo "<textarea{$readonly_flag} type='text' name='str_default_value' style='background-color:" . rcolor() . ";width:400;' rows='1'>" . str_replace("<", "<", $printed_def) . "</textarea>"; } if ($printed_def != urldecode($printed_def)) { $not_decode = ""; if (intval($hf_parameter->int_preserve_encode) == 1) { $not_decode = getTranslation("NOT", $settings) . " "; } echo "<ul>"; echo "<font color='red'>" . $not_decode; echo getTranslation("Decoded To", $settings); echo ": " . htmlspecialchars(urldecode($printed_def)) . "</font> "; echo "</ul>"; }