From 00147e6e1c71488fbb779eb5cd008efb9d1faba9 Mon Sep 17 00:00:00 2001 From: Cameron Date: Wed, 9 Dec 2020 12:07:07 -0800 Subject: [PATCH] Fixes #4288 - Checkboxes not saving correctly from usersettings.php --- e107_admin/users_extended.php | 1289 +------------------------ e107_handlers/user_extended_class.php | 4 +- 2 files changed, 4 insertions(+), 1289 deletions(-) diff --git a/e107_admin/users_extended.php b/e107_admin/users_extended.php index 0d9d3091a..9aa073303 100755 --- a/e107_admin/users_extended.php +++ b/e107_admin/users_extended.php @@ -1114,7 +1114,7 @@ e107::js('footer-inline', js()); { return $new_data; } - +/* public function afterCreate($new_data, $old_data, $id) { // do something @@ -1141,7 +1141,7 @@ e107::js('footer-inline', js()); public function onUpdateError($new_data, $old_data, $id) { // do something - } + }*/ @@ -1172,1289 +1172,4 @@ e107::js('footer-inline', js()); -// -------------------------------------- Old Code -------------------------------------- - - - - - -$e_sub_cat = 'user_extended'; - -$curtype = '1'; -require_once("auth.php"); -$ue = new e107_user_extended; -$user = new users_ext; - -$frm = e107::getForm(); -$mes = e107::getMessage(); -$tp = e107::getParser(); - -require_once(e_HANDLER.'user_extended_class.php'); -require_once(e_HANDLER.'userclass_class.php'); - - - -$message = ''; -$message_type = E_MESSAGE_SUCCESS; - -if (e_QUERY) -{ - $tmp = explode(".", e_QUERY); - $action = $tp->filter($tmp[0]); - $sub_action = varset($tmp[1],''); - $sub_action = $tp->filter($sub_action); - $id = varset($tmp[2],0); - unset($tmp); -} - -// TODO $_POST['up_x'] check for the evil IE -$tmp = isset($_POST['up']) ? $tp->filter($_POST['up']) : false; - -if (is_array($tmp)) -{ - $tmp = array_values($tmp); - $qs = explode(".", $tmp[0]); - $_id = intval($qs[0]); - $_order = intval($qs[1]); - $_parent = intval($qs[2]); - if (($_id > 0) && ($_order > 0) /*&& ($_parent > 0)*/) - { - $sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order+1 WHERE user_extended_struct_type > 0 AND user_extended_struct_parent = {$_parent} AND user_extended_struct_order ='".($_order-1)."'"); - $sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order-1 WHERE user_extended_struct_type > 0 AND user_extended_struct_parent = {$_parent} AND user_extended_struct_id='".$_id."'"); - e107::getLog()->add('EUF_01',$_id.', '.$_order.', '.$_parent,E_LOG_INFORMATIVE,''); - e107::getCache()->clear_sys('user_extended_struct', true); - } -} - -// TODO $_POST['down_x'] check for the evil IE -$tmp = isset($_POST['down']) ? $tp->filter($_POST['down']) : false; - -if (is_array($tmp)) -{ - $tmp = array_values($tmp); - $qs = explode(".", $tmp[0]); - $_id = intval($qs[0]); - $_order = intval($qs[1]); - $_parent = intval($qs[2]); - if (($_id > 0) && ($_order > 0)/* && ($_parent > 0)*/) - { - $sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order-1 WHERE user_extended_struct_type > 0 AND user_extended_struct_parent = {$_parent} AND user_extended_struct_order='".($_order+1)."'"); - $sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order+1 WHERE user_extended_struct_type > 0 AND user_extended_struct_parent = {$_parent} AND user_extended_struct_id='".$_id."'"); - e107::getLog()->add('EUF_02',$_id.', '.$_order.', '.$_parent,E_LOG_INFORMATIVE,''); - e107::getCache()->clear_sys('user_extended_struct', true); - } -} - - -if (isset($_POST['catup_x']) || isset($_POST['catup'])) -{ - $qs = explode(".", $_POST['id']); - $_id = intval($qs[0]); - $_order = intval($qs[1]); - if (($_id > 0) && ($_order > 0)) - { - $sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order+1 WHERE user_extended_struct_type = 0 AND user_extended_struct_order='".($_order-1)."'"); - $sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order-1 WHERE user_extended_struct_type = 0 AND user_extended_struct_id='".$_id."'"); - e107::getLog()->add('EUF_03',$_id.', '.$_order,E_LOG_INFORMATIVE,''); - e107::getCache()->clear_sys('user_extended_struct', true); - } -} - - -if (isset($_POST['catdown_x']) || isset($_POST['catdown'])) -{ - $qs = explode(".", $_POST['id']); - $_id = intval($qs[0]); - $_order = intval($qs[1]); - if (($_id > 0) && ($_order > 0)) - { - $sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order-1 WHERE user_extended_struct_type = 0 AND user_extended_struct_order='".($_order+1)."'"); - $sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order+1 WHERE user_extended_struct_type = 0 AND user_extended_struct_id='".$_id."'"); - e107::getLog()->add('EUF_04',$_id.', '.$_order,E_LOG_INFORMATIVE,''); - e107::getCache()->clear_sys('user_extended_struct', true); - } -} - - - -if (isset($_POST['add_field'])) -{ - $ue_field_name = str_replace(' ','_',trim($_POST['user_field'])); // Replace space with underscore - better security - if (preg_match('#^\w+$#',$ue_field_name) === 1) // Check for allowed characters, finite field length - { - if($_POST['user_type']==EUF_DB_FIELD) - { - $_POST['user_values'] = array( - $tp->filter($_POST['table_db']), - $tp->filter($_POST['field_id']), - $tp->filter($_POST['field_value']), - $tp->filter($_POST['field_order']), - ); - } - - if(!empty($_POST['sort_user_values'])) - { - sort($_POST['user_values']); - } - - $new_values = $user->make_delimited($_POST['user_values']); - $new_parms = $tp->toDB($_POST['user_include']."^,^".$_POST['user_regex']."^,^".$_POST['user_regexfail']."^,^".$_POST['user_hide']); - -// Check to see if its a reserved field name before adding to database - if ($ue->user_extended_reserved($ue_field_name)) - { // Reserved field name - $message = "[user_".$tp->toHTML($ue_field_name)."] ".EXTLAN_74; - $message_type = E_MESSAGE_ERROR; - } - else - { - - $result = $mes->addAuto($ue->user_extended_add($ue_field_name, $tp->toDB($_POST['user_text']), intval($_POST['user_type']), $new_parms, $new_values, $tp->toDB($_POST['user_default']), intval($_POST['user_required']), intval($_POST['user_read']), intval($_POST['user_write']), intval($_POST['user_applicable']), 0, intval($_POST['user_parent'])), 'insert', EXTLAN_29, false, false); - - // $result = $mes->addAuto($ue->user_extended_add($ue_field_name, $tp->toDB($_POST['user_text']), intval($_POST['user_type']), $new_parms, $new_values, $tp->toDB($_POST['user_default']), intval($_POST['user_required']), intval($_POST['user_read']), intval($_POST['user_write']), intval($_POST['user_applicable']), 0, intval($_POST['user_parent'])), 'insert', EXTLAN_29, false, false); - if(!$result) - { - $message = EXTLAN_75; - $message_type = E_MESSAGE_INFO; - } - else - { - e107::getLog()->add('EUF_05',$ue_field_name.'[!br!]'.$tp->toDB($_POST['user_text']).'[!br!]'.intval($_POST['user_type']),E_LOG_INFORMATIVE,''); - e107::getCache()->clear_sys('user_extended_struct', true); - } - } - } - else - { - $message = EXTLAN_76." : ".$tp->toHTML($ue_field_name); - $message_type = E_MESSAGE_ERROR; - } -} - - -if (isset($_POST['update_field'])) -{ - if($_POST['user_type']==EUF_DB_FIELD) - { - $_POST['user_values'] = array( - $tp->filter($_POST['table_db']), - $tp->filter($_POST['field_id']), - $tp->filter($_POST['field_value']), - $tp->filter($_POST['field_order']), - ); - } - - if(!empty($_POST['sort_user_values'])) - { - sort($_POST['user_values']); - } - - $upd_values = $user->make_delimited($_POST['user_values']); - $upd_parms = $tp->toDB($_POST['user_include']."^,^".$_POST['user_regex']."^,^".$_POST['user_regexfail']."^,^".$_POST['user_hide']); - $result = $mes->addAuto($ue->user_extended_modify($sub_action, $tp->toDB($_POST['user_field']), $tp->toDB($_POST['user_text']), intval($_POST['user_type']), $upd_parms, $upd_values, $tp->toDB($_POST['user_default']), intval($_POST['user_required']), intval($_POST['user_read']), intval($_POST['user_write']), intval($_POST['user_applicable']), intval($_POST['user_parent'])), 'update', EXTLAN_29, false, false); - if($result) - { - e107::getLog()->add('EUF_06',$tp->toDB($_POST['user_field']).'[!br!]'.$tp->toDB($_POST['user_text']).'[!br!]'.intval($_POST['user_type']),E_LOG_INFORMATIVE,''); - e107::getCache()->clear_sys('user_extended_struct', true); - } -} - - -if (isset($_POST['update_category'])) -{ - if (preg_match('#^[\w\s]+$#', $_POST['user_field']) === 1) // Check for allowed characters - { - $name = trim($tp->toDB($_POST['user_field'])); - $result = $mes->addAuto( - $sql->db_Update( - "user_extended_struct", - "user_extended_struct_name = '{$name}', user_extended_struct_text='".$tp->toDB($_POST['user_text'])."', user_extended_struct_read = '".intval($_POST['user_read'])."', user_extended_struct_write = '".intval($_POST['user_write'])."', user_extended_struct_applicable = '".intval($_POST['user_applicable'])."' WHERE user_extended_struct_id = '{$sub_action}'"), - 'update', - EXTLAN_43, - false, - false - ); - if($result) - { - e107::getLog()->add('EUF_09',$name,E_LOG_INFORMATIVE,''); - e107::getCache()->clear_sys('user_extended_struct', true); - } - } - else - { - $message = EXTLAN_80; - $message_type = E_MESSAGE_ERROR; - } -} - - -if (isset($_POST['add_category'])) -{ - if (preg_match('#^[\w\s]+$#', $_POST['user_field']) === 1) // Check for allowed characters - { - $name = $tp->toDB($_POST['user_field']); - $result = $mes->addAuto($sql->db_Insert("user_extended_struct","'0', '{$name}', '".$tp->toDB($_POST['user_text'])."', 0, '', '', '', '".intval($_POST['user_read'])."', '".intval($_POST['user_write'])."', '0', '0', '".intval($_POST['user_applicable'])."', '0', '0'"), 'insert', EXTLAN_40, false, false); - if($result) - { - e107::getLog()->add('EUF_08',$name,E_LOG_INFORMATIVE,''); - e107::getCache()->clear_sys('user_extended_struct', true); - } - } - else - { - $message = EXTLAN_80; - $message_type = E_MESSAGE_ERROR; - } -} - - -// Delete category -if (varset($_POST['eu_action'],'') == "delcat") -{ - list($_id, $_name) = explode(",",$_POST['key']); - if (count($ue->user_extended_get_fields($_id)) > 0) - { - $message = EXTLAN_77; - $message_type = E_MESSAGE_INFO; - } - elseif($ue->user_extended_remove($_id, $_name)) - { - e107::getLog()->add('EUF_10',$_id.', '.$_name,E_LOG_INFORMATIVE,''); - $message = EXTLAN_41; - e107::getCache()->clear_sys('user_extended_struct', true); - } -} - -if(isset($_POST['activate'])) -{ - $message .= $user->field_activate(); -} - -if(isset($_POST['deactivate'])) -{ - $message .= $user->field_deactivate(); -} - - - -/*if($sql->select("user_extended_struct","DISTINCT(user_extended_struct_parent)")) -{ - $plist = $sql->db_getList(); - foreach($plist as $_p) - { - $o = 0; - if($sql->select("user_extended_struct", "user_extended_struct_id", "user_extended_struct_parent = {$_p['user_extended_struct_parent']} && user_extended_struct_type != 0 ORDER BY user_extended_struct_order ASC")) - { - $_list = $sql->db_getList(); - foreach($_list as $r) - { - $sql->db_Update("user_extended_struct", "user_extended_struct_order = '{$o}' WHERE user_extended_struct_id = {$r['user_extended_struct_id']}"); - $o++; - } - } - } -}*/ - - -if($message) -{ - $emessage = eMessage::getInstance(); - $emessage->add($message, $message_type); -} - - -if(isset($_POST['table_db']) && !$_POST['add_field'] && !$_POST['update_field']) -{ - $action = "continue"; - $current['user_extended_struct_name'] = $tp->filter($_POST['user_field']); - $current['user_extended_struct_parms'] = $tp->filter($_POST['user_include']."^,^".$_POST['user_regex']."^,^".$_POST['user_regexfail']."^,^".$_POST['user_hide']); - $current['user_extended_struct_text'] = $tp->filter($_POST['user_text']); - $current['user_extended_struct_type'] = $tp->filter($_POST['user_type']); - $user->show_extended($current); -} - - - - - -if ($action == "editext") -{ - if($sql->select('user_extended_struct','*',"user_extended_struct_id = '{$sub_action}'")) - { - $tmp = $sql->fetch(); - $user->show_extended($tmp); - } - else - { - $user->show_extended('new'); - } -} - -if($action == 'pre') -{ - $user->show_predefined(); -} - -if($action == 'cat') -{ - if(is_numeric($sub_action)) - { - if($sql->select('user_extended_struct','*',"user_extended_struct_id = '{$sub_action}'")) - { - $tmp = $sql->fetch(); - } - } - $user->show_categories($tmp); -} - -require_once("footer.php"); - -class users_ext -{ - protected $catList; - protected $catNums; - - function __construct() - { - global $action,$ue; - - if (varset($_POST['eudel'],'')) - { - foreach(array_keys($_POST['eudel']) as $name) - { - $this->delete_extended($name); - } - } - - $this->catList = $ue->user_extended_get_categories(); - $this->catList[0][0] = array('user_extended_struct_name' => EXTLAN_36); - $this->catNums = array_keys($this->catList); - - if($action == 'cat' && !empty($_POST)) - { - $this->reorderItems(); - } - - if (!e_QUERY || $action == 'main') - { - // moved here for better performance - if(!empty($_POST)) - { - $this->reorderItems(); - } - $this->showExtendedList(); - } - - } - - function reorderItems() - { - $sql = e107::getDb(); - if($sql->select("user_extended_struct","DISTINCT(user_extended_struct_parent)")) - { - $plist = $sql->db_getList(); - foreach($plist as $_p) - { - $o = 0; - if($sql->select("user_extended_struct", "user_extended_struct_id", "user_extended_struct_parent = {$_p['user_extended_struct_parent']} && user_extended_struct_type != 0 ORDER BY user_extended_struct_order ASC")) - { - $_list = $sql->db_getList(); - foreach($_list as $r) - { - $sql->db_Update("user_extended_struct", "user_extended_struct_order = '{$o}' WHERE user_extended_struct_id = {$r['user_extended_struct_id']}"); - $o++; - } - } - } - e107::getCache()->clear_sys('user_extended_struct', true); - } - } - - - - function delete_extended($_name) - { - $ue = e107::getUserExt(); - $log = e107::getAdminLog(); - $mes = e107::getMessage(); - - if ($ue->user_extended_remove($_name, $_name)) - { - $log->add('EUF_07',$_name, E_LOG_INFORMATIVE); - $mes->addSuccess(LAN_DELETED." [".$_name."]"); - e107::getCache()->clear_sys('user_extended_struct', true); - } - else - { - $mes->addError(LAN_ERROR." [".$_name."]"); - } - } - - function showExtendedList() - { - global $curtype, $mySQLdefaultdb, $action, $sub_action; - - $ue = e107::getUserExt(); - $frm = e107::getForm(); - $ns = e107::getRender(); - $sql = e107::getDb(); - $tp = e107::getParser(); - - $extendedList = $ue->user_extended_get_fields(); - - $emessage = e107::getMessage(); - $text = $emessage->render(); - - $mode = 'show'; - $text .= " - -
- - - - - - - - - - - - - - - - - - "; - - foreach($this->catNums as $cn) - { - - $i=0; - $category_name = $this->catList[$cn][0]['user_extended_struct_name']; - - if(vartrue($extendedList[$cn])) // Show current extended fields - { - foreach($extendedList[$cn] as $ext) - { - - $name = $ext['user_extended_struct_name']; - $fname = "user_".$name; - - $id = $ext['user_extended_struct_id']; - - $uVal = str_replace(chr(1), "", $ext['user_extended_struct_default']); // Is this right? - $text .= " - - - - - - - - - - - - - "; - $i++; - } - } - elseif($cn == 0) - { - $text .= " - - - - "; - } - - } - - //Show add/edit form - $text .= " -
".EXTLAN_1."".EXTLAN_79."".EXTLAN_2."".EXTLAN_44."".EXTLAN_4."".EXTLAN_5."".EXTLAN_6."".EXTLAN_7."".EXTLAN_8."
{$ext['user_extended_struct_name']}".$tp->toHTML(deftrue($ext['user_extended_struct_text'], $ext['user_extended_struct_text']), FALSE, "defs")."".$ue->user_extended_edit($ext,$uVal)."".$category_name."".($ext['user_extended_struct_required'] == 1 ? LAN_YES : LAN_NO)."".r_userclass_name($ext['user_extended_struct_applicable'])."".r_userclass_name($ext['user_extended_struct_read'])."".r_userclass_name($ext['user_extended_struct_write']).""; - - if($i > 0) - { - $text .= ""; - } - if($i <= count($extendedList[$cn])-2) - { - $text .= ""; - } - $text .= " - - - ".ADMIN_EDIT_ICON." - ".$frm->submit_image('eudel['.$name.']',$id, 'delete', LAN_DELETE.' [ ID: '.$id.' ]', array('class' => 'action delete btn btn-default'.$delcls)); - - // ." - $text .= "
".EXTLAN_28."
"; - - $ns->tablerender(EXTLAN_9, $text); - - - } - - function show_extended($current = null) // Show Add fields List. - { - global $ue, $curtype,$mySQLdefaultdb, $action, $sub_action; - - $sql = e107::getDb(); - $frm = e107::getForm(); - $ns = e107::getRender(); - $tp = e107::getParser(); - - - if($current == 'new') - { - $mode = 'new'; - $current = array(); - $current_include = ''; - $current_regex = ''; - $current_regexfail = ''; - $current_hide = ''; - } - else - { // Editing existing definition - $mode = 'edit'; - list($current_include, $current_regex, $current_regexfail, $current_hide) = explode("^,^",$current['user_extended_struct_parms']); - } - - $text = " -
-
"; - - $text .= " - - - - - - - - - - - - - - - "; - - $text .= " - - "; - - - - $text .= " - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "; - - $text .= " -
".EXTLAN_10.":user_"; - if(is_array($current) && varset($current['user_extended_struct_name'])) - { - $text .= $current['user_extended_struct_name']." - - "; - } - else - { - $text .= " - - "; - } - $text .= " -
".EXTLAN_11." -
".EXTLAN_12.": -
- ".EXTLAN_13." -
".EXTLAN_14." - -
".EXTLAN_3.""; - // Start of Values --------------------------------- - - $val_hide = ($current['user_extended_struct_type'] != 4) ? "visible" : "none"; - - $text .= "
\n"; - $text .= "
\n"; - $curVals = explode(",",varset($current['user_extended_struct_values'])); - if(count($curVals) == 0) - { - $curVals[]=''; - } - $i=0; - foreach($curVals as $v){ - $id = $i ? "" : " id='value_line'"; - $i++; - $text .= " - -
"; - } - $text .= " -
- -
".EXTLAN_17." - - -
".$frm->checkbox('sort_user_values',1, false, "Sort values")."
- -
"; -// End of Values. -------------------------------------- - - - - - $db_hide = ($current['user_extended_struct_type'] == 4) ? "block" : "none"; - - // Ajax URL for "Table" dropdown. - $ajaxGetTableSrc = e_SELF . '?mode=ajax&action=changeTable'; - - $text .= "
"; - $text .= ""; - if($_POST['table_db'] || $curVals[0]) - { - // Field ID - $text .= ""; - - } - $text .= "
"; - $text .= EXTLAN_62 . ""; - $text .= "
".EXTLAN_63."
"; - // Field Value - $text .= EXTLAN_64."
"; - - $text .= LAN_ORDER."
"; -// --------------------------------------------------------- - - - - - - - $text .= " -
".EXTLAN_16." - -
".EXTLAN_15." -
- ".EXTLAN_51."
-
".EXTLAN_52." -
- ".EXTLAN_53."
-
".EXTLAN_54." -
- ".EXTLAN_55."
-
".EXTLAN_44." - - -
".EXTLAN_18.""; - /* - $text .= " - "; - */ - - $_r = array('0' => EXTLAN_65, '1' => EXTLAN_66, '2' => EXTLAN_67); - - $text .= $frm->select('user_required',$_r, varset($current['user_extended_struct_required'],1),'size=xxlarge'); - - $text .= " - -
- ".EXTLAN_19." -
".EXTLAN_5." - ".r_userclass("user_applicable", varset($current['user_extended_struct_applicable'],253), 'off', 'member, admin, main, classes, nobody')."
".EXTLAN_20." -
".EXTLAN_6." - ".r_userclass("user_read", varset($current['user_extended_struct_read']), 'off', 'public, member, admin, main, readonly, classes')."
".EXTLAN_22." -
".EXTLAN_7." - ".r_userclass("user_write", varset($current['user_extended_struct_write']), 'off', 'member, admin, main, classes')."
".EXTLAN_21." -
".EXTLAN_49." - - -
".EXTLAN_50." -
-
- "; - -// if ((!is_array($current) || $action == "continue") && $sub_action == "") - if ((($mode == 'new') || $action == "continue") && $sub_action == "") - { - $text .= $frm->admin_button('add_field', EXTLAN_23); - } - else - { - $text .= $frm->admin_button('update_field', EXTLAN_24,'update'). - $frm->admin_button('cancel', EXTLAN_33,'cancel'); - } - - - $text .= "
-
- "; - - // $text .= ""; - $emessage = e107::getMessage(); - $ns->tablerender(EXTLAN_9.SEP.LAN_ADD,$emessage->render().$text); - } - - - function show_categories($current) - { - global $sql, $ns, $ue, $frm; - - $text = "
"; - $text .= " - - - - - - - - - - - - - - - "; - $catList = $ue->user_extended_get_categories(FALSE); - if(count($catList)) - { - // Show current categories - $i=0; - foreach($catList as $ext) - { - if ($ext['user_extended_struct_order'] != $i) - { - $ext['user_extended_struct_order'] = $i; - $xID=$ext['user_extended_struct_id']; - $sql->db_Update("user_extended_struct", "user_extended_struct_order=$i WHERE user_extended_struct_type = 0 AND user_extended_struct_id=$xID"); - } - - $text .= " - - - - - - - - - - "; - $i++; - } - } - else - { - $text .= " - - - - "; - } - - //Show add/edit form - $text .= " -
".EXTLAN_1."".EXTLAN_79."".EXTLAN_5."".EXTLAN_6."".EXTLAN_7." ".EXTLAN_8."
{$ext['user_extended_struct_name']}".deftrue($ext['user_extended_struct_text'], $ext['user_extended_struct_text'])."".r_userclass_name($ext['user_extended_struct_applicable'])."".r_userclass_name($ext['user_extended_struct_read'])."".r_userclass_name($ext['user_extended_struct_write'])." -
-
- - "; - if($i > 0) - { - $text .= " - - "; - } - if($i <= count($catList)-2) - { - $text .= ""; - } - $text .= " -
-
- 		-
-
- - - ".ADMIN_EDIT_ICON." - -
-
-
".EXTLAN_37."
-
- "; - $text .= "

- - - - - "; - - $text .= " - - - - - - - - - - - - - - - - - - - - - - - - - -
".EXTLAN_38.": - -
".EXTLAN_11." -
".EXTLAN_31.": - -
".EXTLAN_32." -
".EXTLAN_5." - ".r_userclass("user_applicable", $current['user_extended_struct_applicable'], 'off', 'member, admin, classes')."
".EXTLAN_20." -
".EXTLAN_6." - ".r_userclass("user_read", $current['user_extended_struct_read'], 'off', 'public, member, admin, classes, readonly')."
".EXTLAN_22." -
".EXTLAN_7." - ".r_userclass("user_write", $current['user_extended_struct_write'], 'off', 'member, admin, classes')."
".EXTLAN_21." -
"; - - - $text .= "
"; - - if (!is_array($current)) - { - $text .= $frm->admin_button('add_category', EXTLAN_39); - } - else - { - $text .= $frm->admin_button('update_category', EXTLAN_42,'update'). - $frm->admin_button('cancel', EXTLAN_33); - } - // ======= end added by Cam. - $text .= "
"; - $emessage = e107::getMessage(); - $ns->tablerender(EXTLAN_9.SEP.LAN_CATEGORIES, $emessage->render().$text); - } - - - function show_options($action) - { - if ($action == "") - { - $action = "main"; - } - $var['main']['text'] = EXTLAN_34; - $var['main']['link'] = e_SELF; - - $var['pre']['text'] = EXTLAN_45; - $var['pre']['link'] = e_SELF."?pre"; - - $var['editext']['text'] = EXTLAN_81; - $var['editext']['link'] = e_SELF."?editext"; - - $var['cat']['text'] = EXTLAN_35; - $var['cat']['link'] = e_SELF."?cat"; - - - - show_admin_menu(EXTLAN_9, $action, $var); - } - - - - - - - function make_delimited($var) - { - global $tp; - foreach($var as $k => $v) - { - $var[$k] = $tp->toDB(trim($v)); - $var[$k] = str_replace(",", "[E_COMMA]", $var[$k]); - if($var[$k] == "") - { - unset($var[$k]); - } - } - $ret = implode(",", $var); - return $ret; - } - - - function show_predefined() - { - global $ue; - $frm = e107::getForm(); - $ns = e107::getRender(); - $tp = e107::getParser(); - $sql = e107::getDb(); - - - // Get list of current extended fields - $curList = $ue->user_extended_get_fieldlist(); - foreach($curList as $c) - { - $curNames[] = $c['user_extended_struct_name']; - } - - //Get list of predefined fields. - $preList = $ue->parse_extended_xml('getfile'); - ksort($preList); - - $txt = " -
- - - - - - - - - - - - - - - - - - - - "; - - foreach($preList as $k=>$a) - { - if($k !='version') // don't know why this is appearing in the array. - { - $active = (in_array($a['name'], $curNames)) ? TRUE : FALSE; - $txt .= $this->show_predefined_field($a,$active); - } - } - - $txt .= "
".UE_LAN_21."".EXTLAN_79."".EXTLAN_2."".UE_LAN_22."".EXTLAN_57."".LAN_OPTIONS."
"; - - $emessage = e107::getMessage(); - - $ns->tablerender(EXTLAN_9.SEP.EXTLAN_56,$emessage->render(). $txt); - - } - - - function show_predefined_field($var, $active) - { - global $tp,$ue, $frm; - static $head_shown; - $txt = ""; - - - foreach($var as $key=>$val) // convert predefined xml to default array format - { - $var['user_extended_struct_'.$key] = $val; - } - - $var['user_extended_struct_type'] = $ue->typeArray[$var['user_extended_struct_type']]; - $var['user_extended_struct_parms'] = $var['include_text']; - - $txt .= " - - {$var['user_extended_struct_name']} - ".constant(strtoupper($var['user_extended_struct_text'])."_DESC")." - ".$ue->user_extended_edit($var,$uVal)." - ".$tp->toHTML($var['type'], false, 'defs')." - ".($active ? ADMIN_TRUE_ICON : " ")." - "; - // $txt .= constant("UE_LAN_".strtoupper($var['text'])."DESC")."
"; - // foreach($showlist as $f) - // { - // if($var[$f] != "" && $f != 'type' && $f !='text') - // { - // $txt .= "{$f}: ".$tp->toHTML($var[$f], false, 'defs')."
"; - // } - // } - $val = (!$active) ? EXTLAN_59 : EXTLAN_60; - $type = (!$active) ? 'activate' : 'deactivate'; - $style = (!$active) ? 'other' : 'delete'; - - $txt .= " - "; - $txt .= $frm->admin_button($type."[".$var['user_extended_struct_name']."]", $val, $style ); - $txt .= " - "; - return $txt; - } - - - function field_activate() - { - global $ue, $ns, $tp, $admin_log; - $ret = ""; - $preList = $ue->parse_extended_xml('getfile'); - $tmp = $preList; - - foreach(array_keys($_POST['activate']) as $f) - { - - $tmp[$f]['parms'] = $tp->toDB($tmp[$f]['parms']); - if($ue->user_extended_add($tmp[$f])) - { - $ret .= EXTLAN_68." $f ".EXTLAN_69."
"; - - if ($tmp[$f]['type']=="db field") - { - if (is_readable(e_CORE.'sql/extended_'.$f.'.php')) - { - $ret .= ($this->process_sql($f)) ? LAN_CREATED." user_extended_{$f}
" : LAN_CREATED_FAILED." user_extended_{$f}
"; - } - else - { - $ret .= str_replace('[x]',e_CORE.'sql/extended_'.$f.'.php',EXTLAN_78); - } - } - } - else - { - $ret .= EXTLAN_70." $f ".EXTLAN_71."
"; - } - } - e107::getLog()->add('EUF_11',implode(', ',$_POST['activate']),E_LOG_INFORMATIVE,''); - return $ret; - } - - - function field_deactivate() - { - - $tp = e107::getParser(); - $sql = e107::getDb(); - $ue = e107::getUserExt(); - - $ret = ""; - foreach(array_keys($_POST['deactivate']) as $f) - { - $f = $tp->filter($f); - - if($ue->user_extended_remove($f, $f)) - { - $ret .= EXTLAN_68." $f ".EXTLAN_72."
"; - if(is_readable(e_CORE."sql/extended_".$f.".php")) - { - $ret .= ($sql->gen("DROP TABLE ".MPREFIX."user_extended_".$f)) ? LAN_DELETED." user_extended_".$f."
" : LAN_DELETED_FAILED." user_extended_".$f."
"; - } - } - else - { - $ret .= EXTLAN_70." $f ".EXTLAN_73."
"; - } - } - e107::getLog()->add('EUF_12',implode(', ',$_POST['deactivate']),E_LOG_INFORMATIVE,''); - - return $ret; - } - - - function process_sql($f) - { - global $sql; - $filename = e_CORE."sql/extended_".$f.".php"; - $fd = fopen ($filename, "r"); - $sql_data = fread($fd, filesize($filename)); - fclose ($fd); - - $search[0] = "CREATE TABLE "; $replace[0] = "CREATE TABLE ".MPREFIX; - $search[1] = "INSERT INTO "; $replace[1] = "INSERT INTO ".MPREFIX; - - preg_match_all("/create(.*?)myisam;/si", $sql_data, $creation); - foreach($creation[0] as $tab){ - $query = str_replace($search,$replace,$tab); - if(!$sql->gen($query)){ - $error = TRUE; - } - } - - preg_match_all("/insert(.*?);/si", $sql_data, $inserts); - foreach($inserts[0] as $ins){ - $qry = str_replace($search,$replace,$ins); - if(!$sql->gen($qry)){ - $error = TRUE; - } - } - - return ($error) ? FALSE : TRUE; - - } -}// end class diff --git a/e107_handlers/user_extended_class.php b/e107_handlers/user_extended_class.php index ce0d55c74..41891d45c 100644 --- a/e107_handlers/user_extended_class.php +++ b/e107_handlers/user_extended_class.php @@ -420,7 +420,7 @@ class e107_user_extended case EUF_PREFIELD: case EUF_ADDON: - $arr[$field] = filter_var($value,FILTER_SANITIZE_STRING); + $arr[$field] = e107::getParser()->filter($value); break; case EUF_RICHTEXTAREA : // rich textarea (using WYSIWYG editor) @@ -1173,7 +1173,7 @@ class e107_user_extended /** * @param bool|false $no_cache - * @return bool + * @return bool|array */ function parse_extended_xml($no_cache = false) {