various e_model and UI fixes and improvements, fixed e_SIGNUP/LOGIN constants

2025-08-01 20:30:39 +02:00 · 2010-12-27 12:38:14 +00:00
parent 0b40d1d839
commit 528325aafd
4 changed files with 99 additions and 19 deletions
--- a/e107_handlers/admin_ui.php
+++ b/e107_handlers/admin_ui.php
@@ -1035,7 +1035,7 @@ class e_admin_dispatcher
 		if($this->adminMenu)
 		{
 			reset($this->adminMenu);
-			list($mode, $action) = explode('/', key($this->adminMenu), 2);
+			list($mode, $action) = explode('/', key($this->adminMenu), 3);
 		}
 		else
 		{
@@ -1303,10 +1303,13 @@ class e_admin_dispatcher
 	{
 		$tp = e107::getParser();
 		$var = array();
-
+		$selected = false;
 		foreach($this->adminMenu as $key => $val)
 		{
-			$tmp = explode('/', trim($key, '/'), 2);
+			$tmp = explode('/', trim($key, '/'), 3);
 			// custom 'selected' check
 			if(isset($val['selected']) && $val['selected']) $selected = $val['selected'] === true ? $key : $val['selected'];
 			foreach ($val as $k=>$v)
 			{
@@ -1322,6 +1325,11 @@ class e_admin_dispatcher
 						$v = $tp->replaceConstants($v, 'abs').'?mode='.$tmp[0].'&amp;action='.$tmp[1];
 					break;
 					case 'uri':
 						$k2 = 'link';
 						$v = $tp->replaceConstants($v, 'abs');
 					break;
 					default:
 						$k2 = $k;
 					break;
@@ -1352,7 +1360,7 @@ class e_admin_dispatcher
 		}
 		$request = $this->getRequest();
-		$selected = $request->getMode().'/'.$request->getAction();
+		if(!$selected) $selected = $request->getMode().'/'.$request->getAction();
 		$selected = vartrue($this->adminMenuAliases[$selected], $selected);
 		return e_admin_menu($this->menuTitle, $selected, $var);
 	}
@@ -2010,6 +2018,12 @@ class e_admin_controller_ui extends e_admin_controller
 	 */
 	protected $listOrder = null;
 	/**
 	 * Structure same as TreeModel parameters used for building the load() SQL
 	 * @var additional SQL to be applied when auto-building the list query
 	 */
 	protected $listQrySql = array();
 	/**
 	 * @var boolean
 	 */
@@ -2949,7 +2963,14 @@ class e_admin_controller_ui extends e_admin_controller
 		if($raw)
 		{
-			$rawData = array('joinWhere' => $jwhere, 'filter' => $filter, 'filterFrom' => $filterFrom, 'search' => $searchQry, 'tableFromName' => $tableFrom);
+			$rawData = array(
 				'joinWhere' => $jwhere, 
 				'filter' => $filter, 
 				'listQrySql' => $this->listQrySql,
 				'filterFrom' => $filterFrom, 
 				'search' => $searchQry, 
 				'tableFromName' => $tableFrom,
 			);
 			$rawData['tableFrom'] = $tableSFieldsArr;
 			$rawData['joinsFrom'] = $tableSJoinArr;
 			$rawData['joins'] = $joins;
@@ -2972,6 +2993,19 @@ class e_admin_controller_ui extends e_admin_controller
 			$searchQry[] = " ( ".implode(" OR ",$filter)." ) ";
 		}
 		// more user added sql
 		if(isset($this->listQrySql['db_where']) && $this->listQrySql['db_where'])
 		{
 			if(is_array($this->listQrySql['db_where']))
 			{
 				$searchQry[] = implode(" AND ", $this->listQrySql['db_where']);
 			}
 			else
 			{
 				$searchQry[] = $this->listQrySql['db_where'];
 			}
 		}
 		// where query
 		if(count($searchQry) > 0)
 		{
@@ -3702,6 +3736,9 @@ class e_admin_ui extends e_admin_controller_ui
 			}
 		}
 		// don't touch it if already exists
 		if($this->_model) return $this;
 		// default model
 		$this->_model = new e_admin_model();
 		$this->_model->setModelTable($this->table)
--- a/e107_handlers/e107_class.php
+++ b/e107_handlers/e107_class.php
@@ -2247,9 +2247,6 @@ class e107
 		unset($requestUrl, $requestUri);
 		// END request uri/url detection, XSS protection
 		define('e_SIGNUP', e_BASE.(file_exists(e_BASE.'customsignup.php') ? 'customsignup.php' : 'signup.php'));
 		define('e_LOGIN', e_BASE.(file_exists(e_BASE.'customlogin.php') ? 'customlogin.php' : 'login.php'));
 		// e_SELF has the full HTML path
 		$inAdminDir = FALSE;
 		$isPluginDir = strpos(e_SELF,'/'.$PLUGINS_DIRECTORY) !== FALSE;		// True if we're in a plugin
@@ -2286,6 +2283,10 @@ class e107
 		define('SITEURLBASE', $this->HTTP_SCHEME.'://'.$_SERVER['HTTP_HOST']);
 		define('SITEURL', SITEURLBASE.e_HTTP);
 		// login/signup
 		define('e_SIGNUP', SITEURL.(file_exists(e_BASE.'customsignup.php') ? 'customsignup.php' : 'signup.php'));
 		define('e_LOGIN', SITEURL.(file_exists(e_BASE.'customlogin.php') ? 'customlogin.php' : 'login.php'));
 		return $this;
 	}
--- a/e107_handlers/form_handler.php
+++ b/e107_handlers/form_handler.php
@@ -313,10 +313,13 @@ class e_form
 	{
 		if(!is_array($options)) parse_str($options, $options);
 		$label_fld = str_replace('_', '-', $name_fld).'-upicker-lable';
 		//'.$this->text($id_fld, $default_id, 10, array('id' => false, 'readonly'=>true, 'class'=>'tbox number')).'
 		$ret = '
 		<div class="e-autocomplete-c">
 			'.$this->text($name_fld, $default_name, 150, array('id' => false, 'readonly' => vartrue($options['readonly']) ? true : false)).'
 			<span id="'.$label_fld.'" class="'.($default_id ? 'success' : 'warning').'">Id #'.((int) $default_id).'</span>
 			'.$this->hidden($id_fld, $default_id, array('id' => false)).'
 				<span class="indicator" style="display: none;">
 					<img src="'.e_IMAGE_ABS.'generic/loading_16.gif" class="icon action S16" alt="Loading..." />
@@ -343,10 +346,17 @@ class e_form
 					  frequency: 0.5,
 					  afterUpdateElement: function(txt, li) {
 					  	if(!\$(li)) return;
 					  	var elnext = el.next('input[name={$id_fld}]'),
 					  		ellab = \$('{$label_fld}');
 					  	if(\$(li).id) {
-							el.next('input[name={$id_fld}]').value = parseInt(\$(li).id);
+							elnext.value = parseInt(\$(li).id);
 						} else {
-							el.next('input[name={$id_fld}]').value = 0
+							elnext.value = 0
 						}
 						if(ellab)
 						{
 							ellab.removeClassName('warning').removeClassName('success');
 							ellab.addClassName((elnext.value ? 'success' : 'warning')).update('Id #' + elnext.value);
 						}
 					  },
 					  indicator:  el.next('span.indicator'),
@@ -519,6 +529,7 @@ class e_form
 		foreach ($elements as $value => $label)
 		{
 			$label = defset($label, $label);
 			$text[] = $this->radio($name, $value, $checked == $value)."".$this->label($label, $name, $value).(isset($help[$value]) ? "<div class='field-help'>".$help[$value]."</div>" : '');
 		}
 		if(!$multi_line)
@@ -1234,6 +1245,7 @@ class e_form
 		switch($attributes['type'])
 		{
 			case 'number':
 				if(!$value) $value = '0';
 				if($parms)
 				{
 					if(!isset($parms['sep'])) $value = number_format($value, $parms['decimals']);
@@ -1303,6 +1315,17 @@ class e_form
 				$value = ($value ? vartrue($parms['pre']).defset($value, $value).vartrue($parms['post']) : '');
 			break;
 			case 'radio':
 				if($parms && is_array($parms)) // FIXME - add support for multi-level arrays (option groups)
 				{
 					$value = vartrue($parms['pre']).vartrue($parms[$value]).vartrue($parms['post']);
 					break;
 				}
 				if(!is_array($attributes['writeParms'])) parse_str($attributes['writeParms'], $attributes['writeParms']);
 				$value = vartrue($parms['pre']).vartrue($parms[$value]).vartrue($parms['post']);
 			break;
 			case 'text':
 				if(vartrue($parms['truncate']))
@@ -1429,6 +1452,7 @@ class e_form
 				$ttl = '';
 				if(vartrue($parms['link']))
 				{
 					// previously set - real parameters are idField && nameField
 					$id = vartrue($parms['__idval']);
 					if($value && !is_numeric($value))
 					{
@@ -1559,6 +1583,7 @@ class e_form
 				unset($parms['maxlength']);
 				if(!vartrue($parms['size'])) $parms['size'] = 15;
 				if(!vartrue($parms['class'])) $parms['class'] = 'tbox number';
 				if(!$value) $value = '0';
 				return vartrue($parms['pre']).$this->text($key, $value, $maxlength, $parms).vartrue($parms['post']);
 			break;
@@ -1681,6 +1706,14 @@ class e_form
 				return vartrue($eloptions['pre']).$this->selectbox($key, $parms, $value, $eloptions).vartrue($eloptions['post']);
 			break;
 			case 'radio':
 				// TODO - more options (multi-line, help)
 				/*$eloptions  = vartrue($parms['__options'], array());
 				if(is_string($eloptions)) parse_str($eloptions, $eloptions);
 				unset($parms['__options']);*/
 				return vartrue($eloptions['pre']).$this->radio_multi($key, $parms, $value, false).vartrue($eloptions['post']);
 			break;
 			case 'userclass':
 			case 'userclasses':
 				$uc_options = vartrue($parms['classlist'], 'public,guest,nobody,member,classes,admin,main'); // defaults to 'public,guest,nobody,member,classes' (userclass handler)
@@ -1711,7 +1744,7 @@ class e_form
 				if(!is_array($value))
 				{
-					$value = get_user_data($value);
+					$value = $value ? e107::getSystemUser($value, true)->getUserData() : array();// get_user_data($value);
 				}
 				$colname = vartrue($parms['nameType'], 'user_name');
@@ -1988,6 +2021,7 @@ class e_form
 		// required fields - model definition
 		$model_required = $model->getValidationRules();
 		$required_help = false;
 		$hidden_fields = array();
 		foreach($fdata['fields'] as $key => $att)
 		{
 			// convert aliases - not supported in edit mod
@@ -2034,6 +2068,11 @@ class e_form
 					}
 				}
 				if('hidden' === $att['type'])
 				{
 					$hidden_fields[] = $this->renderElement($keyName, $model->getIfPosted($valPath), $att, varset($model_required[$key], array()));
 					continue;
 				}
 				$text .= "
 					<tr>
 						<td class='label'>
@@ -2058,6 +2097,7 @@ class e_form
 		$text .= "
 					</tbody>
 				</table>
 				".implode("\n", $hidden_fields)."
 				".$required_help."
 				".vartrue($fdata['table_post'])."
 				<div class='buttons-bar center'>
--- a/e107_handlers/model_class.php
+++ b/e107_handlers/model_class.php
@@ -2099,11 +2099,13 @@ class e_front_model extends e_model
 			}
 		}
 		$tp = e107::getParser();
    	foreach ($data as $field => $dt)
    	{
    		// get values form validated array when possible
    		// we need it because of advanced validation methods e.g. 'compare'
-    		if(isset($valid_data[$field])) $dt = $valid_data[$field];
+    		// FIX - security issue, toDb required
    		if(isset($valid_data[$field])) $dt = $tp->toDb($valid_data[$field]);
    		$this->setData($field, $dt, $strict)
    			->removePostedData($field);