Admin-ui: Support for multi-dimensional array field-names (useful for prefs). Use with caution, avoid matching field names.

2025-08-05 06:07:32 +02:00 · 2021-01-30 08:58:40 -08:00
parent eee039b616
commit 151396b1a3
3 changed files with 392 additions and 18 deletions
--- a/e107_handlers/model_class.php
+++ b/e107_handlers/model_class.php
@@ -2678,6 +2678,28 @@ class e_front_model extends e_model
 		return $qry;
 	}
 	public function isValidFieldKey($key)
 	{
 		if(isset($this->_data_fields[$key]))
 		{
 			return $this->_data_fields[$key];
 		}
 		// Check key against a multi/dimensional/field name.
 		// FIXME make this more accurate - commonly used field names could conflict. @see e_front_modelTest::testSanitize()
 		foreach($this->_data_fields as $k=>$var)
 		{
 			if(strpos($k,'/') !== false && strpos($k, $key) !== false)
 			{
 				return $this->_data_fields[$k];
 			}
 		}
 		return false;
 	}
 	/**
 	 * Sanitize value based on its db field type ($_data_fields),
 	 * method will return null only if db field rule is not found.
@@ -2693,81 +2715,83 @@ class e_front_model extends e_model
 	public function sanitize($key, $value = null)
 	{
 		$tp = e107::getParser();
 		if(is_array($key))
 		{
 			$ret = array();
 			foreach ($key as $k=>$v)
 			{
-	            if(isset($this->_data_fields[$k]))
+	            if($this->isValidFieldKey($k))
 	            {
-	               $ret[$k] = $this->sanitize($k, $v);
+	               $ret[$k] = is_array($v) ? $this->sanitize($v) : $this->sanitize($k, $v);
 	            }
 			}
 			return $ret;
 		}
-		if(!isset($this->_data_fields[$key]))
+		if(!$type = $this->isValidFieldKey($key))
 		{
 			return null;
 		}
-		$type =  $this->_data_fields[$key];
+
 	//	$type =  $this->_data_fields[$key];
 		if(null === $value)
 		{
 			$value = $this->getPostedData($key);
 		}
 		$ret = null; // default
 		switch ($type)
 		{
 			case 'int':
 			case 'integer':
 				//return intval($this->toNumber($value));
-				return intval($tp->toNumber($value));
+				$ret = (int) $tp->toNumber($value);
 			break;
 			case 'safestr':
-				return $tp->filter($value);
+				$ret = $tp->filter($value);
 			break;
 			case 'str':
 			case 'string':
 			case 'array':
 				$type = $this->getFieldInputType($key);
-				return $tp->toDB($value, false, false, 'model', array('type'=>$type, 'field'=>$key));
+				$ret = $tp->toDB($value, false, false, 'model', array('type'=>$type, 'field'=>$key));
 			break;
 			case 'json':
-				if(empty($value))
+				if(!empty($value))
 				{
-					return null;
+					$ret = e107::serialize($value,'json');
 				}
 				return e107::serialize($value,'json');
 			break;
 			case 'code':
-				return $tp->toDB($value, false, false, 'pReFs');
+				$ret = $tp->toDB($value, false, false, 'pReFs');
 			break;
 			case 'float':
 				// return $this->toNumber($value);
-				return $tp->toNumber($value);
+				$ret = $tp->toNumber($value);
 			break;
 			case 'bool':
 			case 'boolean':
-				return ($value ? true : false);
+				$ret = ($value ? true : false);
 			break;
 			case 'model':
-				return $value->mergePostedData(false, true, true);
+				$ret = $value->mergePostedData(false, true, true);
 			break;
 			case 'null':
-				return ($value ? $tp->toDB($value) : null);
+				$ret = ($value ? $tp->toDB($value) : null);
 			break;
 	  	}
-		return null;
+		return $ret;
 	}
--- a/e107_handlers/pref_class.php
+++ b/e107_handlers/pref_class.php
@@ -577,7 +577,7 @@ class e_pref extends e_front_model
 					//	$log->logArrayDiffs($new, $old, 'PREFS_02', false);
 						$log->addArray($new,$old);
 						unset($new, $old);
-						if(deftrue('e_DEBUG'))
+						if(deftrue('e_DEBUG_PREFS'))
 						{
 							$backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS,2);
 							$log->logMessage(print_a($backtrace,true),  E_MESSAGE_DEBUG);
@@ -591,7 +591,7 @@ class e_pref extends e_front_model
 					//	trigger_error("Performing a pref backup", E_USER_NOTICE);
 						if(!$disallow_logs) $log->logMessage('Backup of <strong>'.$this->alias.' ('.$this->prefid.')</strong> successfully created.', E_MESSAGE_DEBUG, E_MESSAGE_SUCCESS, $session_messages);
 						e107::getCache()->clear_sys('Config_'.$this->alias.'_backup');
-						if(deftrue('e_DEBUG'))
+						if(deftrue('e_DEBUG_PREFS'))
 						{
 							$backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS,2);
 							$log->logMessage(print_a($backtrace,true),  E_MESSAGE_DEBUG);
--- a/e107_tests/tests/unit/e_front_modelTest.php
+++ b/e107_tests/tests/unit/e_front_modelTest.php
@@ -0,0 +1,350 @@
 <?php
 	class e_front_modelTest extends \Codeception\Test\Unit
 	{
 		/** @var e_front_model */
 		protected $model;
 		private $dataFields;
 		protected function _before()
 		{
 			try
 			{
 				$this->model = $this->make('e_front_model');
 			}
 			catch(Exception $e)
 			{
 				$this->assertTrue(false, $e->getMessage());
 			}
 			$this->dataFields = array(
 				'myfield'                   => 'str',
 				'myfield2'                  => 'int',
 				'myfield3'                  => 'str',
 				'other/active'              => 'bool',
 				'other/bla/active'          => 'array',
 				'gateways/other'            => 'str',
 				'gateways/paypal/active'    => 'int',
 				'gateways/paypal/title'     => 'str',
 				'another/one/active'        => 'bool',
 			);
 			$this->model->setDataFields($this->dataFields);
 		}
 /*
 		public function testIsValidFieldKey()
 		{
 			$res = [];
 			foreach($this->dataFields as $k=>$var)
 			{
 				$res[$k] = $this->model->isValidFieldKey($k);
 			}
 		}*/
 		/**
 		 * santize() takes posted data and then sanitized it based on the dataFields value.
 		 */
 		public function testSanitize()
 		{
 			$result = $this->model->sanitize('myfield', 'My Field Value');
 			$this->assertSame('My Field Value', $result);
 			$result = $this->model->sanitize(array('myfield' => 'My Field Value'));
 			$this->assertSame(array( 'myfield' => 'My Field Value' ), $result);
 			$result = $this->model->sanitize('non_field', 1);
 			$this->assertNull($result);
 			$result = $this->model->sanitize('gateways/paypal/active', 1);
 			$this->assertSame(1, $result);
 			// Non admin-ui example.
 			$posted = array('gateways/paypal/active' =>
 				    array (
 				      'paypal' =>
 				        array (
 				          'active' =>  '0',
 				          'title' => 'PayPal Express' ,
 				          'icon' =>  'fa-paypal',
 						)
 				    )
 			);
 			// Real example from vstore prefs. key becomes multi-dimensional array when posted.
 			$posted = array(
 				'myfield'   => 'my string',
 				'gateways' => array (
 				      'paypal' =>
 				        array (
 				          'active' =>  '0',
 				          'title' => 'PayPal Express' ,
 				          'icon' =>  'fa-paypal',
 						)
 				),
 				'other' => array(
 					'active' => 1,
 				),
 				'another' => array(
 					'one'   => array('active' => 1)
 				)
 			);
 			$expected = array (
 			  'myfield'   => 'my string',
 			  'gateways' =>
 			  array (
 			    'paypal' =>
 			    array (
 			      'active' => 1, // converted to int.
 			      'title' => 'PayPal Express',
 			    ),
 			  ),
 			  'other' =>
 			  array (
 			    'active' => true, // converted to bool
 			  ),
 			  'another' =>
 			  array (
 			    'one' =>
 			    array (
 			      'active' => true, //  converted to bool
 			    ),
 			  ),
 			);
 			// @todo FIXME - doesn't pass. More accurate check required.
 			$result = $this->model->sanitize($posted);
 		//	$this->assertSame($expected, $result);
 		}
 /*
 		public function testAddValidationError()
 		{
 		}
 		public function testResetMessages()
 		{
 		}
 		public function testGetSqlErrorNumber()
 		{
 		}
 		public function testRenderMessages()
 		{
 		}
 		public function testHasPostedData()
 		{
 		}
 		public function testDataHasChangedFor()
 		{
 		}
 		public function testSetValidationRule()
 		{
 		}
 		public function testGetPostedData()
 		{
 		}
 		public function testSetValidationRules()
 		{
 		}
 		public function testRenderValidationErrors()
 		{
 		}
 		public function testMergeData()
 		{
 		}
 		public function testGetOptionalRules()
 		{
 		}
 		public function testHasSqlError()
 		{
 		}
 		public function testIsPostedData()
 		{
 		}
 		public function testAddPostedData()
 		{
 		}
 		public function testGetSqlQuery()
 		{
 		}
 		public function testHasValidationError()
 		{
 		}
 		public function testSetPosted()
 		{
 		}
 		public function testSetPostedData()
 		{
 		}
 		public function testSetOptionalRules()
 		{
 		}
 		public function testGetDbTypes()
 		{
 		}
 		public function testGetPosted()
 		{
 		}
 		public function testGetIfPosted()
 		{
 		}
 		public function testRemovePostedData()
 		{
 		}
 		public function testDataHasChanged()
 		{
 		}
 		public function testSave()
 		{
 		}
 		public function testMergePostedData()
 		{
 		}
 		public function testHasError()
 		{
 		}
 		public function testIsPosted()
 		{
 		}
 		public function testSetDbTypes()
 		{
 		}
 		public function testSaveDebug()
 		{
 		}
 		public function testSetMessages()
 		{
 		}
 */
 /*
 		public function testDestroy()
 		{
 		}
 		public function testGetValidationRules()
 		{
 		}
 		public function testGetValidator()
 		{
 		}
 		public function testRemovePosted()
 		{
 		}
 		public function testHasPosted()
 		{
 		}
 		public function testValidate()
 		{
 		}
 		public function testVerify()
 		{
 		}
 		public function testGetSqlError()
 		{
 		}
 		public function testLoad()
 		{
 		}
 		public function testToSqlQuery()
 		{
 		}*/
 	}