Index: branches/5.3.x/core/admin_templates/import/import_start.tpl
===================================================================
diff -u -r15584 -r16111
--- branches/5.3.x/core/admin_templates/import/import_start.tpl (.../import_start.tpl) (revision 15584)
+++ branches/5.3.x/core/admin_templates/import/import_start.tpl (.../import_start.tpl) (revision 16111)
@@ -3,7 +3,7 @@
-
+
@@ -49,4 +49,4 @@
" />
" />
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/content/content_eh.php
===================================================================
diff -u -r15974 -r16111
--- branches/5.3.x/core/units/content/content_eh.php (.../content_eh.php) (revision 15974)
+++ branches/5.3.x/core/units/content/content_eh.php (.../content_eh.php) (revision 16111)
@@ -1,6 +1,6 @@
SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
$updated = $object->Update();
if ( $updated ) {
@@ -270,4 +271,4 @@
return Array(&$object, &$revision);
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/admin_templates/config/config_search_edit.tpl
===================================================================
diff -u -r15677 -r16111
--- branches/5.3.x/core/admin_templates/config/config_search_edit.tpl (.../config_search_edit.tpl) (revision 15677)
+++ branches/5.3.x/core/admin_templates/config/config_search_edit.tpl (.../config_search_edit.tpl) (revision 16111)
@@ -2,7 +2,7 @@
-
+
Index: branches/5.3.x/core/units/theme_files/theme_file_eh.php
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/units/theme_files/theme_file_eh.php (.../theme_file_eh.php) (revision 15483)
+++ branches/5.3.x/core/units/theme_files/theme_file_eh.php (.../theme_file_eh.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->GetVar( $event->getPrefixSpecial(true) );
if ($items_info) {
list ($id, $field_values) = each($items_info);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
$object->setID($id);
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
}
$status = $object->Validate();
@@ -230,4 +231,4 @@
echo 'FAILED';
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/kernel/utility/debugger/debugger.js
===================================================================
diff -u -r15977 -r16111
--- branches/5.3.x/core/kernel/utility/debugger/debugger.js (.../debugger.js) (revision 15977)
+++ branches/5.3.x/core/kernel/utility/debugger/debugger.js (.../debugger.js) (revision 16111)
@@ -173,7 +173,7 @@
var $span = document.createElement('SPAN');
$span.style.position = 'absolute';
- $span.style.zIndex= 99;
+ $span.style.zIndex = 1499999;
$span.style.top = '0px';
$span.style.left = '0px';
$span.id = 'debug_toolbar_span';
@@ -379,8 +379,8 @@
Debugger.prototype.StopEvent = function($e) {
$e = ($e) ? $e : event;
- $e.cancelBubble = true;
- if ($e.stopPropagation) $e.stopPropagation();
+ $e.returnValue = false;
+ if ($e.preventDefault) $e.preventDefault();
}
Debugger.prototype.Filter = function() {
@@ -640,4 +640,4 @@
}
}
return [curleft,curtop];
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/kernel/db/dbitem.php
===================================================================
diff -u -r15938 -r16111
--- branches/5.3.x/core/kernel/db/dbitem.php (.../dbitem.php) (revision 15938)
+++ branches/5.3.x/core/kernel/db/dbitem.php (.../dbitem.php) (revision 16111)
@@ -1,6 +1,6 @@
getRequestProtectedFields($hash);
+
if ( $skip_fields ) {
$set_fields = array_diff($set_fields, $skip_fields);
}
@@ -319,23 +319,43 @@
}
/**
+ * Returns fields, that are not allowed to be changed from request.
+ *
+ * @param array $fields_hash Fields hash.
+ *
+ * @return array
+ */
+ protected function getRequestProtectedFields(array $fields_hash)
+ {
+ // by default don't allow changing ID or foreign key from request
+ $config = $this->getUnitConfig();
+
+ $fields = Array ();
+ $fields[] = $config->getIDField();
+
+ $parent_prefix = $config->getParentPrefix();
+
+ if ( $parent_prefix && $this->isLoaded() && !$this->Application->isAdmin ) {
+ // don't allow changing foreign key of existing item from request
+ $fields[] = $config->getForeignKey($parent_prefix);
+ }
+
+ return $fields;
+ }
+
+ /**
* Sets object fields from $hash array
* @param Array $hash
- * @param Array|null $skip_fields
* @param Array|null $set_fields
* @return void
* @access public
*/
- public function SetDBFieldsFromHash($hash, $skip_fields = Array (), $set_fields = Array ())
+ public function SetDBFieldsFromHash($hash, $set_fields = Array ())
{
if ( !$set_fields ) {
$set_fields = array_keys($hash);
}
- if ( $skip_fields ) {
- $set_fields = array_diff($set_fields, $skip_fields);
- }
-
$set_fields = array_intersect($set_fields, array_keys($this->Fields));
foreach ($set_fields as $field_name) {
@@ -431,6 +451,7 @@
if ($field_values) {
$this->FieldValues = array_merge($this->FieldValues, $field_values);
$this->OriginalFieldValues = $this->FieldValues;
+ $this->Loaded = true;
}
else {
return $this->Clear();
@@ -443,7 +464,6 @@
$this->UpdateFormattersSubFields(); // used for updating separate virtual date/time fields from DB timestamp (for example)
$this->raiseEvent('OnAfterItemLoad', $this->GetID());
- $this->Loaded = true;
return true;
}
@@ -614,11 +634,34 @@
$this->Application->RemoveVar($var_name);
}
else {
- $this->Application->StoreVar($var_name, serialize($pending_actions));
+ $this->Application->StoreVar($var_name, serialize($this->sortPendingActions($pending_actions)));
}
}
/**
+ * Sorts pending actions the way, that `delete` action will come before other actions.
+ *
+ * @param array $pending_actions Pending actions.
+ *
+ * @return array
+ */
+ protected function sortPendingActions(array $pending_actions)
+ {
+ usort($pending_actions, array($this, 'comparePendingActions'));
+
+ return $pending_actions;
+ }
+
+ protected function comparePendingActions($pending_action_a, $pending_action_b)
+ {
+ if ( $pending_action_a['action'] == $pending_action_b['action'] ) {
+ return 0;
+ }
+
+ return $pending_action_a['action'] == 'delete' ? -1 : 1;
+ }
+
+ /**
* Allows to skip certain fields from getting into sql queries
*
* @param string $field_name
@@ -727,15 +770,7 @@
$this->saveCustomFields();
$this->raiseEvent('OnAfterItemUpdate');
- if ( !isset($update_fields) ) {
- $this->OriginalFieldValues = $this->FieldValues;
- }
- else {
- foreach ($update_fields as $update_field) {
- $this->OriginalFieldValues[$update_field] = $this->FieldValues[$update_field];
- }
- }
-
+ // Preserve OriginalFieldValues during recursive Update() method calls.
$this->Loaded = true;
if ( !$this->IsTempTable() ) {
@@ -920,6 +955,8 @@
// insert into temp table (id is not auto-increment field)
$insert_id = $this->FieldValues[$this->IDField];
}
+
+ $temp_id = $this->GetID();
$this->setID($insert_id);
$this->OriginalFieldValues = $this->FieldValues;
@@ -938,7 +975,7 @@
$this->setTempID();
}
- $this->raiseEvent('OnAfterItemCreate');
+ $this->raiseEvent('OnAfterItemCreate', null, array('temp_id' => $temp_id));
$this->Loaded = true;
return true;
@@ -1569,4 +1606,4 @@
return $merge_with;
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/admin_templates/export/export_progress.tpl
===================================================================
diff -u -r15974 -r16111
--- branches/5.3.x/core/admin_templates/export/export_progress.tpl (.../export_progress.tpl) (revision 15974)
+++ branches/5.3.x/core/admin_templates/export/export_progress.tpl (.../export_progress.tpl) (revision 16111)
@@ -1,7 +1,7 @@
-
+
@@ -32,4 +32,4 @@
$QueueProcessor = new AjaxProgressBar(action_url);
-
\ No newline at end of file
+
Index: branches/5.3.x/core/admin_templates/reviews/reviews_tab.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/reviews/reviews_tab.tpl (.../reviews_tab.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/reviews/reviews_tab.tpl (.../reviews_tab.tpl) (revision 16111)
@@ -39,5 +39,5 @@
-
-
\ No newline at end of file
+
+
Index: branches/5.3.x/core/units/admin/admin_events_handler.php
===================================================================
diff -u -r15957 -r16111
--- branches/5.3.x/core/units/admin/admin_events_handler.php (.../admin_events_handler.php) (revision 15957)
+++ branches/5.3.x/core/units/admin/admin_events_handler.php (.../admin_events_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
'column:la_fld_Id', 'filter_block' => 'grid_range_filter', 'width' => 80);
+ if ( $field_info['Field'] == 'Id' ) {
+ $grid_col_options = Array ('filter_block' => 'grid_range_filter', 'width' => 80);
+ }
+ else {
+ $grid_col_options = Array ('title' => 'column:la_fld_Id', 'filter_block' => 'grid_range_filter', 'width' => 80);
+ }
}
else {
$grid_col_options = Array ('filter_block' => 'grid_like_filter');
@@ -638,8 +643,10 @@
$object = $event->getObject(Array ('skip_autoload' => true));
/* @var $object kDBItem */
+ $object->setID(0);
$field_values = $this->getSubmittedFields($event);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
$event->redirect = false;
$result = 'required';
@@ -1378,21 +1385,27 @@
}
if ( is_array($var) ) {
- $ret .= 'Array (';
+ $ret .= 'array(';
$prepend = $expand ? "\n" . str_repeat("\t", $level + 1) : '';
foreach ($var as $key => $value) {
array_push($this->parentPath, $key);
- $ret .= $prepend . (is_string($key) ? "'" . $key . "'" : $key) . ' => ' . $this->decorate($value, $level + 1) . ', ';
+ $ret .= $prepend . (is_string($key) ? "'" . $key . "'" : $key) . ' => ' . $this->decorate($value, $level + 1);
+ $ret .= ',' . ($expand ? '' : ' ');
array_pop($this->parentPath);
}
$prepend = $expand ? "\n" . str_repeat("\t", $level) : '';
- $ret = rtrim($ret, ', ') . $prepend . ')';
+
+ if ( !$expand ) {
+ $ret = rtrim($ret, ', ');
+ }
+
+ $ret .= $prepend . ')';
}
else {
if ( is_null($var) ) {
- $ret = 'NULL';
+ $ret = 'null';
}
elseif ( is_string($var) ) {
$ret = "'" . $var . "'";
@@ -1404,4 +1417,4 @@
return $ret;
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/units/helpers/deployment_helper.php
===================================================================
diff -u -r16094 -r16111
--- branches/5.3.x/core/units/helpers/deployment_helper.php (.../deployment_helper.php) (revision 16094)
+++ branches/5.3.x/core/units/helpers/deployment_helper.php (.../deployment_helper.php) (revision 16111)
@@ -1,6 +1,6 @@
dryRun ) {
- $this->exportLanguagePack();
+ try {
+ if ( $this->dryRun ) {
+ $this->exportLanguagePack();
+ }
+ else {
+ $this->importLanguagePack();
+ }
}
- else {
- $this->importLanguagePack();
+ catch ( Exception $e ) {
+ echo $this->colorText('Failed with Module "' . $module_name . '".', 'red', true) . PHP_EOL . PHP_EOL;
+
+ return false;
}
echo $this->colorText('Done with Module "' . $module_name . '".', 'green', true) . PHP_EOL . PHP_EOL;
@@ -509,29 +516,29 @@
$this->initLog($revision);
- foreach ( $sqls as $sql ) {
- if ( substr($sql, 0, 1) == '#' ) {
- // output comment as is
- echo $this->toLog($this->colorText($sql, 'purple'));
+ try {
+ foreach ( $sqls as $sql ) {
+ if ( substr($sql, 0, 1) == '#' ) {
+ // output comment as is
+ echo $this->toLog($this->colorText($sql, 'purple'));
- continue;
- }
- elseif ( $sql ) {
- echo $this->toLog($this->shortenQuery($sql), false);
- $this->Conn->Query($sql);
-
- if ( $this->Conn->hasError() ) {
- // consider revisions with errors applied
- $this->saveLog(ModuleDeploymentLog::STATUS_ERROR);
-
- return false;
+ continue;
}
- else {
+ elseif ( $sql ) {
+ echo $this->toLog($this->shortenQuery($sql), false);
+ $this->Conn->Query($sql);
+
$this->displayStatus('OK (' . $this->Conn->getAffectedRows() . ')', true, true);
}
}
}
+ catch ( Exception $e ) {
+ // consider revisions with errors applied
+ $this->saveLog(ModuleDeploymentLog::STATUS_ERROR);
+ return false;
+ }
+
$this->saveLog(ModuleDeploymentLog::STATUS_SUCCESS);
}
@@ -606,7 +613,8 @@
* @param string $msg Error message.
* @param string $sql SQL query, that raised an error.
*
- * @return boolean
+ * @return void
+ * @throws Exception When SQL error happens.
*/
public function handleSqlError($code, $msg, $sql)
{
@@ -618,7 +626,7 @@
$this->out('Please execute rest of SQLs in this Revision by hand and run deployment script again.', true);
- return true;
+ throw new Exception($msg, $code);
}
/**
Index: branches/5.3.x/core/kernel/db/cat_event_handler.php
===================================================================
diff -u -r15938 -r16111
--- branches/5.3.x/core/kernel/db/cat_event_handler.php (.../cat_event_handler.php) (revision 15938)
+++ branches/5.3.x/core/kernel/db/cat_event_handler.php (.../cat_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
redirect = false;
$search_table = TABLE_PREFIX.'ses_'.$this->Application->GetSID().'_'.TABLE_PREFIX.'Search';
- $keywords = htmlspecialchars_decode( trim($this->Application->GetVar('keywords')) );
+ $keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
$query_object = $this->Application->recallObject('HTTPQuery');
/* @var $query_object kHTTPQuery */
@@ -1671,14 +1671,14 @@
$condition = '';
switch ($record['FieldType']) {
case 'select':
- $keywords[$field] = htmlspecialchars_decode( $keywords[$field] );
+ $keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]);
if ($keywords[$field]) {
$condition = sprintf($condition_patterns['is'], $field_name, $this->Conn->qstr( $keywords[$field] ));
}
break;
case 'multiselect':
- $keywords[$field] = htmlspecialchars_decode( $keywords[$field] );
+ $keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]);
if ($keywords[$field]) {
$condition = Array ();
$values = explode('|', substr($keywords[$field], 1, -1));
@@ -1690,7 +1690,7 @@
break;
case 'text':
- $keywords[$field] = htmlspecialchars_decode( $keywords[$field] );
+ $keywords[$field] = $this->Application->unescapeRequestVariable($keywords[$field]);
if (mb_strlen($keywords[$field]) >= $this->Application->ConfigValue('Search_MinKeyword_Length')) {
$highlight_keywords[] = $keywords[$field];
@@ -1960,8 +1960,6 @@
$export_object = $this->Application->recallObject('CatItemExportHelper');
/* @var $export_object kCatDBItemExportHelper */
- $event = new kEvent($event->getPrefixSpecial().':OnDummy');
-
$action_method = 'perform'.ucfirst($event->Special);
$field_values = $export_object->$action_method($event);
@@ -2027,8 +2025,7 @@
$object = $event->getObject();
/* @var $object kCatDBItem */
- $has_image_info = $object->GetDBField('ImageAlt') && ($object->GetDBField('ThumbnailImage') || $object->GetDBField('FullImage'));
- if ( !$has_image_info ) {
+ if ( !$object->GetDBField('ThumbnailImage') && !$object->GetDBField('FullImage') ) {
return ;
}
@@ -2047,7 +2044,9 @@
$image->SetDBField('ResourceId', $object->GetDBField('ResourceId'));
}
- $image->SetDBField('AltName', $object->GetDBField('ImageAlt'));
+ if ( $object->GetDBField('ImageAlt') ) {
+ $image->SetDBField('AltName', $object->GetDBField('ImageAlt'));
+ }
if ( $object->GetDBField('ThumbnailImage') ) {
$thumbnail_field = $this->isURL($object->GetDBField('ThumbnailImage')) ? 'ThumbUrl' : 'ThumbPath';
@@ -2152,7 +2151,10 @@
$object = $event->getObject(Array ('skip_autoload' => true));
/* @var $object kDBItem */
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->setID($id);
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
+
$field_values['ImportFilename'] = $object->GetDBField('ImportFilename'); //if upload formatter has renamed the file during moving !!!
$field_values['ImportSource'] = 2;
$field_values['ImportLocalFilename'] = $object->GetDBField('ImportFilename');
@@ -2536,7 +2538,7 @@
$cloned_ids = $temp_handler->CloneItems($event->Prefix, $event->Special, Array($original_id), NULL, NULL, NULL, true);
$object->Load($cloned_ids[0]);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
// 1a. delete record from CategoryItems (about cloned item) that was automatically created during call of Create method of kCatDBItem
@@ -2558,7 +2560,7 @@
}
else {
// 2. user has pending copy of live item -> just update field values
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
}
@@ -2567,7 +2569,7 @@
}
else {
// 3. already editing pending copy -> just update field values
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
}
@@ -2759,9 +2761,6 @@
if ( !$sort_by ) {
$this->Application->SetVar('sort_by', 'Relevance,desc|' . $default_sorting);
}
- elseif ( strpos($sort_by, 'Relevance,') !== false ) {
- $this->Application->SetVar('sort_by', $sort_by . '|' . $default_sorting);
- }
}
else {
$sorting_settings = $this->getListSetting($event, 'Sortings');
@@ -2770,9 +2769,6 @@
if ( !$sort_by ) {
$event->setEventParam('sort_by', 'Relevance,desc|' . $default_sorting);
}
- elseif ( strpos($sort_by, 'Relevance,') !== false ) {
- $event->setEventParam('sort_by', $sort_by . '|' . $default_sorting);
- }
}
$this->_removeForcedSortings($event);
@@ -3102,4 +3098,4 @@
$object->SetDBField('ResourceId', $this->Application->NextResourceId());
}
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/admin_templates/reviews/review_direct_edit.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/reviews/review_direct_edit.tpl (.../review_direct_edit.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/reviews/review_direct_edit.tpl (.../review_direct_edit.tpl) (revision 16111)
@@ -2,7 +2,7 @@
-
+
@@ -48,4 +48,4 @@
-
\ No newline at end of file
+
Index: branches/5.3.x/core/admin_templates/promo_block_groups/promo_block_group_list.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/promo_block_groups/promo_block_group_list.tpl (.../promo_block_group_list.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/promo_block_groups/promo_block_group_list.tpl (.../promo_block_group_list.tpl) (revision 16111)
@@ -56,7 +56,7 @@
-
+
Index: branches/5.3.x/core/units/categories/categories_event_handler.php
===================================================================
diff -u -r15938 -r16111
--- branches/5.3.x/core/units/categories/categories_event_handler.php (.../categories_event_handler.php) (revision 15938)
+++ branches/5.3.x/core/units/categories/categories_event_handler.php (.../categories_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
status = kEvent::erSTOP;
- $string = htmlspecialchars_decode($this->Application->GetVar('preview_content'));
+ $string = $this->Application->unescapeRequestVariable($this->Application->GetVar('preview_content'));
$category_helper = $this->Application->recallObject('CategoryHelper');
/* @var $category_helper CategoryHelper */
@@ -2466,7 +2466,7 @@
$event->redirect = false;
$search_table = TABLE_PREFIX.'ses_'.$this->Application->GetSID().'_'.TABLE_PREFIX.'Search';
- $keywords = htmlspecialchars_decode( trim($this->Application->GetVar('keywords')) );
+ $keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
$query_object = $this->Application->recallObject('HTTPQuery');
/* @var $query_object kHTTPQuery */
@@ -3153,4 +3153,4 @@
$object->SetDBField('ResourceId', 0); // this will reset it
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/units/forms/form_submissions/form_submissions_eh.php
===================================================================
diff -u -r15938 -r16111
--- branches/5.3.x/core/units/forms/form_submissions/form_submissions_eh.php (.../form_submissions_eh.php) (revision 15938)
+++ branches/5.3.x/core/units/forms/form_submissions/form_submissions_eh.php (.../form_submissions_eh.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->recallObject('theme.current');
/* @var $theme kDBItem */
- $template = htmlspecialchars_decode($this->Application->GetVar('success_template')); // kHTTPQuery do kUtil::escape() on everything on Front-End
+ $template = $this->Application->unescapeRequestVariable($this->Application->GetVar('success_template'));
$alias_template = $theme->GetField('TemplateAliases', $template);
$event->redirect = $alias_template ? $alias_template : $template;
@@ -541,4 +541,4 @@
}
}
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/kernel/db/dblist.php
===================================================================
diff -u -r15902 -r16111
--- branches/5.3.x/core/kernel/db/dblist.php (.../dblist.php) (revision 15902)
+++ branches/5.3.x/core/kernel/db/dblist.php (.../dblist.php) (revision 16111)
@@ -1,6 +1,6 @@
Records = $this->Conn->Query($sql);
if (!$this->Records && ($this->Page > 1)) {
- // no records & page > 1, show 404 page
- trigger_error('Unknown page ' . $this->Page . ' in ' . $this->getPrefixSpecial() . ' list, leading to "404 Not Found"', E_USER_NOTICE);
-
- $this->Application->UrlManager->show404();
+ if ( $this->Application->isAdmin ) {
+ // no records & page > 1, try to reset to 1st page (works only when list in not counted before)
+ $this->Application->StoreVar($this->getPrefixSpecial() . '_Page', 1, true);
+ $this->SetPage(1);
+ $this->Query($force);
+ }
+ else {
+ // no records & page > 1, show 404 page
+ trigger_error('Unknown page ' . $this->Page . ' in ' . $this->getPrefixSpecial() . ' list, leading to "404 Not Found"', E_USER_NOTICE);
+ $this->Application->UrlManager->show404();
+ }
}
$this->SelectedCount = count($this->Records);
@@ -697,7 +704,7 @@
if ( $for_counting ) {
$usage_string = $where . '|' . $having . '|' . $order . '|' . $group . '|' . $keep_clause;
- $optimizer = new LeftJoinOptimizer($q, str_replace('%1$s', $this->TableName, $usage_string));
+ $optimizer = new LeftJoinOptimizer($q, $this->replaceModePrefix( str_replace('%1$s', $this->TableName, $usage_string) ));
$q = $optimizer->simplify();
}
@@ -745,7 +752,12 @@
$where = $this->Application->makeClass('kMultipleFilter');
/* @var $where kMultipleFilter */
- $where->addFilter('system_where', $this->WhereFilter[self::FLT_SYSTEM] );
+ if ( $for_counting ) {
+ $where->addFilter('system_where', $this->extractCalculatedFields($this->WhereFilter[self::FLT_SYSTEM]->getSQL()) );
+ }
+ else {
+ $where->addFilter('system_where', $this->WhereFilter[self::FLT_SYSTEM] );
+ }
if (!$system_filters_only) {
$where->addFilter('view_where', $this->WhereFilter[self::FLT_VIEW] );
@@ -1653,7 +1665,7 @@
*/
private function parseJoins()
{
- if ( !preg_match_all('/LEFT\s+JOIN\s+(.*?|.*?\s+AS\s+.*?|.*?\s+.*?)\s+ON\s+(.*?\n|.*?$)/i', $this->sql, $regs) ) {
+ if ( !preg_match_all('/LEFT\s+JOIN\s+(.*?|.*?\s+AS\s+.*?|.*?\s+.*?)\s+ON\s+(.*?\n|.*?$)/si', $this->sql, $regs) ) {
$this->joins = Array ();
}
@@ -1758,4 +1770,4 @@
{
return preg_match('/(`' . $escaped_alias . '`|' . $escaped_alias . ')\./', $string);
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/kernel/db/db_event_handler.php
===================================================================
diff -u -r16002 -r16111
--- branches/5.3.x/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 16002)
+++ branches/5.3.x/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
getUnitConfig();
-
- $fields = Array ();
- $fields[] = $config->getIDField();
-
- $parent_prefix = $config->getParentPrefix();
-
- if ( $parent_prefix && !$this->Application->isAdmin ) {
- $fields[] = $config->getForeignKey($parent_prefix);
- }
-
- return $fields;
- }
-
- /**
* Removes any information about current/selected ids
* from Application variables and Session
*
@@ -1573,7 +1549,8 @@
}
list($id, $field_values) = each($items_info);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->setID($id);
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
$this->customProcessing($event, 'before');
@@ -1588,7 +1565,6 @@
$event->redirect = false;
$event->status = kEvent::erFAIL;
$this->Application->SetVar($event->getPrefixSpecial() . '_SaveEvent', 'OnCreate');
- $object->setID($id);
}
/**
@@ -1627,7 +1603,7 @@
if ( $items_info ) {
foreach ($items_info as $id => $field_values) {
$object->Load($id);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
$this->customProcessing($event, 'before');
@@ -2203,8 +2179,9 @@
$object = $event->getObject( Array('skip_autoload' => true) );
/* @var $object kDBItem */
+ $object->setID(0);
$field_values = $this->getSubmittedFields($event);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
$this->customProcessing($event, 'before');
@@ -2215,7 +2192,6 @@
else {
$event->status = kEvent::erFAIL;
$event->redirect = false;
- $object->setID(0);
}
}
@@ -2636,6 +2612,11 @@
$file_helper = $this->Application->recallObject('FileHelper');
/* @var $file_helper FileHelper */
+ if ( !file_exists($data['file']) ) {
+ // file removal was requested too
+ continue;
+ }
+
$old_name = basename($data['file']);
$new_name = $file_helper->ensureUniqueFilename(dirname($data['file']), kUtil::removeTempExtension($old_name));
rename($data['file'], dirname($data['file']) . '/' . $new_name);
@@ -3280,7 +3261,7 @@
list ($id, $field_values) = each($items_info);
$object->Load($id);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
$object->setID($id);
@@ -3464,4 +3445,4 @@
{
$event->setEventParam('constrain_info', Array ('', ''));
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/units/helpers/file_helper.php
===================================================================
diff -u -r15999 -r16111
--- branches/5.3.x/core/units/helpers/file_helper.php (.../file_helper.php) (revision 15999)
+++ branches/5.3.x/core/units/helpers/file_helper.php (.../file_helper.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->recallObject('ListHelper');
/* @var $list_helper ListHelper */
Index: branches/5.3.x/core/kernel/application.php
===================================================================
diff -u -r15999 -r16111
--- branches/5.3.x/core/kernel/application.php (.../application.php) (revision 15999)
+++ branches/5.3.x/core/kernel/application.php (.../application.php) (revision 16111)
@@ -1,6 +1,6 @@
HttpQuery->unescapeRequestVariable($value);
+ }
+
+ /**
* Returns variable passed to the script as $type
*
* @param string $name Name of variable to retrieve
@@ -2724,14 +2738,16 @@
*/
public function ApplicationDie($message = '')
{
- $message = ob_get_clean() . $message;
+ while ( ob_get_level() ) {
+ ob_end_clean();
+ }
if ( $this->isDebugMode() ) {
$message .= $this->Debugger->printReport(true);
}
- echo $this->UseOutputCompression() ? gzencode($message, DBG_COMPRESSION_LEVEL) : $message;
- exit;
+ $this->HTML = $message;
+ $this->_outputPage();
}
/**
@@ -3057,4 +3073,4 @@
{
return $this->HttpQuery->getClientIp();
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/admin_templates/users/user_selector.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/users/user_selector.tpl (.../user_selector.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/users/user_selector.tpl (.../user_selector.tpl) (revision 16111)
@@ -29,6 +29,8 @@
set_hidden_field('remove_specials[u.group]', 1);
submit_event('', 'OnProcessSelected');
}
+
+ var $user_logins = {};
@@ -49,4 +51,4 @@
// Grids['u'].DblClick = function() {return false};
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/config_search/config_search_event_handler.php
===================================================================
diff -u -r15698 -r16111
--- branches/5.3.x/core/units/config_search/config_search_event_handler.php (.../config_search_event_handler.php) (revision 15698)
+++ branches/5.3.x/core/units/config_search/config_search_event_handler.php (.../config_search_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
Conn->GetOne($sql);
+ // TODO: maybe this should be SetDBFieldsFromHash instead, because all data comes from inside.
$object->SetFieldsFromHash($cf_search);
+ $event->setEventParam('form_data', $cf_search);
$object->SetDBField('CustomFieldId', $custom_id);
if ( $object->isLoaded() ) {
@@ -152,4 +154,4 @@
$object->Create();
}
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/units/forms/form_fields/form_fields_config.php
===================================================================
diff -u -r15659 -r16111
--- branches/5.3.x/core/units/forms/form_fields/form_fields_config.php (.../form_fields_config.php) (revision 15659)
+++ branches/5.3.x/core/units/forms/form_fields/form_fields_config.php (.../form_fields_config.php) (revision 16111)
@@ -1,6 +1,6 @@
Array (
+ 'Value' => Array ('type' => 'string', 'default' => ''),
'DirectOptions' => Array ('type' => 'string', 'default' => ''),
),
Index: branches/5.3.x/core/admin_templates/submissions/submissions_list.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/submissions/submissions_list.tpl (.../submissions_list.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/submissions/submissions_list.tpl (.../submissions_list.tpl) (revision 16111)
@@ -1,6 +1,6 @@
-
+
@@ -64,4 +64,4 @@
Grids['formsubs'].SetDependantToolbarButtons( new Array('edit','delete') );
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/helpers/curl_helper.php
===================================================================
diff -u -r15974 -r16111
--- branches/5.3.x/core/units/helpers/curl_helper.php (.../curl_helper.php) (revision 15974)
+++ branches/5.3.x/core/units/helpers/curl_helper.php (.../curl_helper.php) (revision 16111)
@@ -1,6 +1,6 @@
lastErrorCode = 0;
+ $this->lastErrorMsg = '';
+ $this->lastHTTPCode = 0;
+ $this->lastRedirectCount = 0;
+ }
+
+ /**
* Sets CURL options (adds to options set before)
*
* @param Array $options_hash
@@ -190,6 +203,7 @@
// hardcoded options
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_REFERER => PROTOCOL.SERVER_NAME,
+ CURLOPT_MAXREDIRS => 5,
// don't verify SSL certificates
CURLOPT_SSL_VERIFYPEER => false,
@@ -276,11 +290,13 @@
* Sets request method to be used in next request
*
* @param int $request_method
+ *
+ * @throws InvalidArgumentException When invalid request method given.
*/
public function SetRequestMethod($request_method)
{
- if ($request_method != self::REQUEST_METHOD_GET || $request_method != self::REQUEST_METHOD_POST) {
- throw new Exception('Method "' . __METHOD__ . '": Invalid $request_method parameter value');
+ if ($request_method != self::REQUEST_METHOD_GET && $request_method != self::REQUEST_METHOD_POST) {
+ throw new InvalidArgumentException('Method "' . __METHOD__ . '": Invalid $request_method parameter value');
}
$this->requestMethod = $request_method;
@@ -390,6 +406,7 @@
*/
protected function _sendRequest()
{
+ $this->resetLastInfo();
curl_setopt($this->connectionID, CURLOPT_RETURNTRANSFER, true);
if ( $this->followLocation ) {
@@ -425,6 +442,10 @@
$url = trim(array_pop($regs));
$url_parsed = parse_url($url);
+ if ( $this->lastRedirectCount == $this->options[CURLOPT_MAXREDIRS] ) {
+ return $this->setError(CURLE_TOO_MANY_REDIRECTS, 'Maximum (' . $this->options[CURLOPT_MAXREDIRS] . ') redirects followed');
+ }
+
if ( isset($url_parsed) ) {
curl_setopt($this->connectionID, CURLOPT_URL, $url);
$this->lastRedirectCount++;
@@ -439,6 +460,22 @@
}
/**
+ * Sets error manually.
+ *
+ * @param integer $code Code.
+ * @param string $message Message.
+ *
+ * @return boolean
+ */
+ protected function setError($code, $message)
+ {
+ $this->lastErrorCode = $code;
+ $this->lastErrorMsg = $message;
+
+ return false;
+ }
+
+ /**
* Returns various info about request made
*
* @param int $info_type
@@ -476,8 +513,12 @@
*/
public function Finalize($close_connection = true)
{
- $this->lastErrorCode = curl_errno($this->connectionID);
- $this->lastErrorMsg = curl_error($this->connectionID);
+ if ( $this->lastErrorCode == 0 ) {
+ // error not set manually -> get it from curl
+ $this->lastErrorCode = curl_errno($this->connectionID);
+ $this->lastErrorMsg = curl_error($this->connectionID);
+ }
+
$this->lastHTTPCode = $this->getInfo(CURLINFO_HTTP_CODE);
if ( $close_connection ) {
@@ -525,4 +566,4 @@
return ($this->lastHTTPCode == 200) || ($this->lastHTTPCode >= 300 && $this->lastHTTPCode < 310);
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/units/categories/categories_tag_processor.php
===================================================================
diff -u -r15980 -r16111
--- branches/5.3.x/core/units/categories/categories_tag_processor.php (.../categories_tag_processor.php) (revision 15980)
+++ branches/5.3.x/core/units/categories/categories_tag_processor.php (.../categories_tag_processor.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->GetVar('keywords')));
-
+ $keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
if ( !$keywords ) {
return '';
}
@@ -2284,4 +2283,4 @@
return $this->Application->ParseBlock($block_params);
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/units/helpers/brackets_helper.php
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/units/helpers/brackets_helper.php (.../brackets_helper.php) (revision 15483)
+++ branches/5.3.x/core/units/helpers/brackets_helper.php (.../brackets_helper.php) (revision 16111)
@@ -1,6 +1,6 @@
Load($item_id);
- $object->SetFieldsFromHash($values/*, $this->getRequestProtectedFields($values)*/);
+ $object->SetFieldsFromHash($values);
if (!$object->Validate()) {
unset($stored_ids[array_search($item_id, $stored_ids)]);
$event->redirect = false;
@@ -288,7 +288,7 @@
}
else {
$object->Clear();
- $object->SetFieldsFromHash($values/*, $this->getRequestProtectedFields($values)*/);
+ $object->SetFieldsFromHash($values);
$object->SetDBField($linked_info['ForeignKey'], $linked_info['ParentId']);
if ($object->Create()) {
@@ -473,4 +473,4 @@
}
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/kernel/utility/formatters/password_formatter.php
===================================================================
diff -u -r15677 -r16111
--- branches/5.3.x/core/kernel/utility/formatters/password_formatter.php (.../password_formatter.php) (revision 15677)
+++ branches/5.3.x/core/kernel/utility/formatters/password_formatter.php (.../password_formatter.php) (revision 16111)
@@ -1,6 +1,6 @@
GetFieldOption($password_field, 'min_length', false, $min_length);
if ( mb_strlen($new_password) < $min_length ) {
- $error_msg = '+' . sprintf($this->Application->Phrase($phrase_error_prefix . '_passwords_too_short'), $min_length); // + -> not phrase
+ $error_msg = '+' . sprintf($this->Application->Phrase($phrase_error_prefix . '_passwords_too_short', false), $min_length); // + -> not phrase
$object->SetError($password_field, 'passwords_min_length', $error_msg);
}
}
@@ -334,4 +334,4 @@
// if empty salt, assume, that it's not passed at all
return $password;
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/admin/system_presets/simple/users_u.php
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/admin/system_presets/simple/users_u.php (.../users_u.php) (revision 15483)
+++ branches/5.3.x/admin/system_presets/simple/users_u.php (.../users_u.php) (revision 16111)
@@ -82,7 +82,7 @@
// fields to make required
$required_fields = Array (
- /*'PortalUserId',*/ 'Username', /*'Password', 'FirstName', 'LastName', 'Company', */'Email', /*'CreatedOn',
+ /*'PortalUserId', 'Username', 'Password', 'FirstName', 'LastName', 'Company', */'Email', /*'CreatedOn',
'Phone', 'Fax', 'Street', 'Street2', 'City', 'State' , 'Zip', 'Country', 'ResourceId', 'Status', 'EmailVerified',
'Modified', 'dob', 'tz', 'IPAddress', 'IsBanned', 'PwResetConfirm', 'PwRequestTime', 'FrontLanguage',
'AdminLanguage', 'IPRestrictions',*/
Index: branches/5.3.x/core/units/helpers/upload_helper.php
===================================================================
diff -u -r16002 -r16111
--- branches/5.3.x/core/units/helpers/upload_helper.php (.../upload_helper.php) (revision 16002)
+++ branches/5.3.x/core/units/helpers/upload_helper.php (.../upload_helper.php) (revision 16111)
@@ -61,9 +61,7 @@
throw new kUploaderException('File size exceeds allowed limit.', 413);
}
- if ( !$this->Application->isAdmin ) {
- $value = array_map('htmlspecialchars_decode', $value);
- }
+ $value = $this->Application->HttpQuery->unescapeRequestVariable($value);
$tmp_path = WRITEABLE . '/tmp/';
$filename = $this->getUploadedFilename() . '.tmp';
@@ -316,11 +314,8 @@
protected function getSafeFilename()
{
$filename = $this->Application->GetVar('file');
+ $filename = $this->Application->unescapeRequestVariable($filename);
- if ( !$this->Application->isAdmin ) {
- $filename = htmlspecialchars_decode($filename);
- }
-
if ( (strpos($filename, '../') !== false) || (trim($filename) !== $filename) ) {
// when relative paths or special chars are found template names from url, then it's hacking attempt
return false;
Index: branches/5.3.x/core/units/helpers/cat_dbitem_export_helper.php
===================================================================
diff -u -r15698 -r16111
--- branches/5.3.x/core/units/helpers/cat_dbitem_export_helper.php (.../cat_dbitem_export_helper.php) (revision 15698)
+++ branches/5.3.x/core/units/helpers/cat_dbitem_export_helper.php (.../cat_dbitem_export_helper.php) (revision 16111)
@@ -1,6 +1,6 @@
CheckFolder(EXPORT_PATH);
- if ($event->Special == 'export') {
- $write_mode = ($this->exportOptions['start_from'] == 0) ? 'w' : 'a';
- $this->filePointer = fopen($this->getExportFilename(), $write_mode);
+ if ( $event->Special == 'export' ) {
+ $first_step = $this->exportOptions['start_from'] == 0;
+ $this->filePointer = fopen($this->getExportFilename(), $first_step ? 'w' : 'r+');
+
+ if ( !$first_step ) {
+ fseek($this->filePointer, 0, SEEK_END);
+ }
}
else {
$this->filePointer = fopen($this->getImportFilename(), 'r');
- }
- // skip UTF-8 BOM Modifier
- $first_chars = fread($this->filePointer, 3);
- if (bin2hex($first_chars) != 'efbbbf') {
- fseek($this->filePointer, 0);
+ // skip UTF-8 BOM Modifier
+ $first_chars = fread($this->filePointer, 3);
+ if ( bin2hex($first_chars) != 'efbbbf' ) {
+ fseek($this->filePointer, 0);
+ }
}
}
Index: branches/5.3.x/core/kernel/nparser/nparser.php
===================================================================
diff -u -r15911 -r16111
--- branches/5.3.x/core/kernel/nparser/nparser.php (.../nparser.php) (revision 15911)
+++ branches/5.3.x/core/kernel/nparser/nparser.php (.../nparser.php) (revision 16111)
@@ -1,6 +1,6 @@
Conn->qstr($page_cache_key) . '
WHERE ' . $page->IDField . ' = ' . $page->GetID();
$this->Conn->Query($sql);
-
- // increment serial, because we issue direct sql above!
- $this->Application->incrementCacheSerial('c');
- $this->Application->incrementCacheSerial('c', $page->GetID());
}
}
Index: branches/5.3.x/core/units/helpers/user_helper.php
===================================================================
diff -u -r15928 -r16111
--- branches/5.3.x/core/units/helpers/user_helper.php (.../user_helper.php) (revision 15928)
+++ branches/5.3.x/core/units/helpers/user_helper.php (.../user_helper.php) (revision 16111)
@@ -1,6 +1,6 @@
getUserObject();
- $this->Application->removeObject($object->getPrefixSpecial());
- $this->Application->StoreVar('user_id', $user_id);
$this->Application->SetVar('u.current_id', $user_id);
+
+ if ( !$this->Application->isAdmin ) {
+ // needed for "profile edit", "registration" forms ON FRONT ONLY
+ $this->Application->SetVar('u_id', $user_id);
+ }
+
+ $this->Application->StoreVar('user_id', $user_id);
$this->Application->Session->SetField('PortalUserId', $user_id);
if ($user_id != USER_ROOT) {
@@ -482,7 +487,11 @@
// merge back url params, because they were ignored if this was "external:" url
$vars = array_merge($vars, $this->getRedirectParams($vars['pass'], 'pass'));
- $template = $vars['t'];
+ if ( $template != 'index' ) {
+ // The 'index.html' becomes '', which in turn leads to current page instead of 'index.html'.
+ $template = $vars['t'];
+ }
+
unset($vars['is_virtual'], $vars['t']);
$this->event->redirect = $template;
Index: branches/5.3.x/core/units/images/image_tag_processor.php
===================================================================
diff -u -r15902 -r16111
--- branches/5.3.x/core/units/images/image_tag_processor.php (.../image_tag_processor.php) (revision 15902)
+++ branches/5.3.x/core/units/images/image_tag_processor.php (.../image_tag_processor.php) (revision 16111)
@@ -1,6 +1,6 @@
SetDBField('Url', $parent_item->GetDBField('FullUrl'));
- $object->SetDBFieldsFromHash($parent_item->GetFieldValues(), null, Array('AltName', 'SameImages', 'LocalThumb', 'ThumbPath', 'ThumbUrl', 'LocalImage', 'LocalPath'));
+ $object->SetDBFieldsFromHash($parent_item->GetFieldValues(), Array('AltName', 'SameImages', 'LocalThumb', 'ThumbPath', 'ThumbUrl', 'LocalImage', 'LocalPath'));
if (!$object->GetDBField('AltName')) {
$object->SetDBField('AltName', $this->getItemTitle($parent_item));
@@ -330,7 +330,7 @@
$crop = $this->SelectParam($params, 'Crop,crop');
if ($crop) {
- if (strpos($crop, ';') === false) {
+ if (strpos($crop, '|') === false) {
$crop = 'c|c';
}
@@ -401,7 +401,7 @@
// TODO: change to urlToPath usage later
// relative url (we add sort of does
- return FULL_PATH . '/' . mb_substr(THEMES_PATH, 1) . '/' . rawurldecode($path);
+ return FULL_PATH . '/' . mb_substr(THEMES_PATH, 1) . '/' . kUtil::unescape($path, kUtil::ESCAPE_URL);
}
/**
@@ -501,4 +501,4 @@
return parent::SaveWarning($params);
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/units/translator/translator_event_handler.php
===================================================================
diff -u -r15902 -r16111
--- branches/5.3.x/core/units/translator/translator_event_handler.php (.../translator_event_handler.php) (revision 15902)
+++ branches/5.3.x/core/units/translator/translator_event_handler.php (.../translator_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
getSubmittedFields($event);
- $translator->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $translator->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
list($obj_prefix, $field) = $this->getPrefixAndField($event);
@@ -179,4 +179,4 @@
$event->redirect = false;
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/admin_templates/config/config_search.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/config/config_search.tpl (.../config_search.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/config/config_search.tpl (.../config_search.tpl) (revision 16111)
@@ -1,6 +1,6 @@
-
+
@@ -139,4 +139,4 @@
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/helpers/navigation_bar.php
===================================================================
diff -u -r15698 -r16111
--- branches/5.3.x/core/units/helpers/navigation_bar.php (.../navigation_bar.php) (revision 15698)
+++ branches/5.3.x/core/units/helpers/navigation_bar.php (.../navigation_bar.php) (revision 16111)
@@ -1,6 +1,6 @@
_getCurrentCategoryId();
- if ( isset($this->_params['shift']) && $this->_params['shift'] ) {
- array_splice($category_path, 0, $this->_params['shift']);
- }
-
$category_helper = $this->Application->recallObject('CategoryHelper');
/* @var $category_helper CategoryHelper */
@@ -226,7 +222,7 @@
$no_current = isset($this->_params['no_current']) && $this->_params['no_current'];
$backup_category_id = $this->Application->GetVar('c_id');
- foreach ($category_path as $category_id => $category_name) {
+ foreach ($this->shiftCategoryPath($category_path) as $category_id => $category_name) {
$block_params['cat_id'] = $category_id;
$block_params['cat_name'] = $block_params['title'] = $category_name;
@@ -257,6 +253,22 @@
}
/**
+ * Shift category path.
+ *
+ * @param array $category_path Category path.
+ *
+ * @return array
+ */
+ protected function shiftCategoryPath(array $category_path)
+ {
+ if ( isset($this->_params['shift']) && $this->_params['shift'] ) {
+ return array_slice($category_path, $this->_params['shift'], null, true);
+ }
+
+ return $category_path;
+ }
+
+ /**
* Returns given category's parent path as array of id=>name elements
*
* @return Array
@@ -366,4 +378,4 @@
return '';
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/units/phrases/phrases_event_handler.php
===================================================================
diff -u -r15928 -r16111
--- branches/5.3.x/core/units/phrases/phrases_event_handler.php (.../phrases_event_handler.php) (revision 15928)
+++ branches/5.3.x/core/units/phrases/phrases_event_handler.php (.../phrases_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->isAdmin && $this->Application->isDebugMode(false) && kUtil::constOn('DBG_PHRASES') ) {
- $allow_events = Array ('OnCreate', 'OnUpdate');
+ $allow_events = Array ('OnCreate', 'OnCreateAjax', 'OnUpdate', 'OnUpdateAjax');
if ( in_array($event->Name, $allow_events) ) {
return true;
@@ -251,6 +251,21 @@
}
/**
+ * Processes items create from ajax request
+ *
+ * @param kEvent $event
+ * @return void
+ * @access protected
+ */
+ protected function OnCreateAjax(kEvent $event)
+ {
+ $ajax_form_helper = $this->Application->recallObject('AjaxFormHelper');
+ /* @var $ajax_form_helper AjaxFormHelper */
+
+ $ajax_form_helper->transitEvent($event, 'OnCreate');
+ }
+
+ /**
* Redirects to original template after phrase is being update
*
* @param kEvent $event
@@ -267,6 +282,21 @@
}
/**
+ * Processes items update from ajax request
+ *
+ * @param kEvent $event
+ * @return void
+ * @access protected
+ */
+ protected function OnUpdateAjax(kEvent $event)
+ {
+ $ajax_form_helper = $this->Application->recallObject('AjaxFormHelper');
+ /* @var $ajax_form_helper AjaxFormHelper */
+
+ $ajax_form_helper->transitEvent($event, 'OnUpdate');
+ }
+
+ /**
* Returns to original template after phrase adding/editing
*
* @param kEvent $event
@@ -560,4 +590,4 @@
$ml_helper->updateTranslationState($event);
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/admin_templates/categories/category_path.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/categories/category_path.tpl (.../category_path.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/categories/category_path.tpl (.../category_path.tpl) (revision 16111)
@@ -2,7 +2,7 @@
-
+
@@ -12,4 +12,4 @@
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/users/users_event_handler.php
===================================================================
diff -u -r15986 -r16111
--- branches/5.3.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 15986)
+++ branches/5.3.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->isAdmin ) {
- $fields = array_merge($fields, Array ('UserType', 'Status', 'EmailVerified', 'IsBanned'));
- }
-
- return $fields;
- }
-
- /**
* Builds item (loads if needed)
*
* Pattern: Prototype Manager
@@ -282,8 +262,7 @@
$object = $event->getObject( Array ('form_name' => 'login') );
/* @var $object kDBItem */
- $field_values = $this->getSubmittedFields($event);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($this->getSubmittedFields($event));
$username = $object->GetDBField('UserLogin');
$password = $object->GetDBField('UserPassword');
$remember_login = $object->GetDBField('UserRememberLogin') == 1;
@@ -318,7 +297,7 @@
$ajax_form_helper = $this->Application->recallObject('AjaxFormHelper');
/* @var $ajax_form_helper AjaxFormHelper */
- $ajax_form_helper->transitEvent($event, 'OnLogin'); //, Array ('do_refresh' => 1));
+ $ajax_form_helper->transitEvent($event, 'OnLogin');
}
/**
@@ -432,7 +411,7 @@
$this->Application->SetVar($event->getPrefixSpecial(true), Array ($object->GetID() => $field_values));
}
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
$status = $object->isLoaded() ? $object->Update() : $object->Create();
@@ -656,8 +635,7 @@
$object = $event->getObject( Array ('form_name' => 'recommend') );
/* @var $object kDBItem */
- $field_values = $this->getSubmittedFields($event);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($this->getSubmittedFields($event));
if ( !$object->ValidateField('RecommendEmail') ) {
$event->status = kEvent::erFAIL;
@@ -703,8 +681,10 @@
$object->Load($id);
}
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
$object->setID($id);
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
+
$object->Validate();
}
@@ -726,8 +706,7 @@
$object = $event->getObject( Array ('form_name' => 'subscription') );
/* @var $object UsersItem */
- $field_values = $this->getSubmittedFields($event);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($this->getSubmittedFields($event));
if ( !$object->ValidateField('SubscriberEmail') ) {
$event->status = kEvent::erFAIL;
@@ -867,8 +846,7 @@
$object = $event->getObject( Array ('form_name' => 'forgot_password') );
/* @var $object kDBItem */
- $field_values = $this->getSubmittedFields($event);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($this->getSubmittedFields($event));
$user = $this->Application->recallObject('u.tmp', null, Array ('skip_autoload' => true));
/* @var $user UsersItem */
@@ -904,7 +882,7 @@
if ( strlen($email_or_username) ) {
$object->SetError('ForgotLogin', $found ? 'reset_denied' : ($is_email ? 'unknown_email' : 'unknown_username'));
- }
+ }
if ( !$object->ValidateField('ForgotLogin') ) {
$event->status = kEvent::erFAIL;
@@ -1109,9 +1087,11 @@
$object = $event->getObject( Array ('skip_autoload' => true) );
/* @var $object kDBItem */
- $object->setID($id);
$object->IgnoreValidation = true;
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+
+ $object->setID($id);
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
}
/**
@@ -1175,6 +1155,10 @@
// this way we can have 2+ objects stating with same special, e.g. "u.login-sidebox" and "u.login-main"
return USER_GUEST;
}
+ elseif ( preg_match('/^(update|delete)/', $event->Special) ) {
+ // This way we can have 2+ objects stating with same special, e.g. "u.update-sidebox" and "u.update-profile".
+ return $this->Application->RecallVar('user_id');
+ }
return parent::getPassedID($event);
}
@@ -1220,8 +1204,10 @@
$this->RemoveRequiredFields($object);
$object->SetDBField('RootPassword', $this->Application->ConfigValue('RootPass'));
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+
$object->setID(-1);
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
if ( $object->Validate() ) {
// validation on, password match too
@@ -1237,10 +1223,11 @@
}
}
else {
- $object =& $event->getObject();
- /* @var $object kDBItem */
+ /** @var kDBItem $object */
+ $object = $event->getObject();
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
if ( !$object->Update() ) {
$event->status = kEvent::erFAIL;
Index: branches/5.3.x/core/admin_templates/catalog/catalog_counters.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/catalog/catalog_counters.tpl (.../catalog_counters.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/catalog/catalog_counters.tpl (.../catalog_counters.tpl) (revision 16111)
@@ -19,11 +19,11 @@
set_window_title( RemoveTranslationLink(document.getElementById('blue_bar').innerHTML, false).replace(/(<[^<]+>)/g, '').replace(/\s+/g, ' ').trim() );
-
+
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/selectors/selectors_event_handler.php
===================================================================
diff -u -r15698 -r16111
--- branches/5.3.x/core/units/selectors/selectors_event_handler.php (.../selectors_event_handler.php) (revision 15698)
+++ branches/5.3.x/core/units/selectors/selectors_event_handler.php (.../selectors_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
Load($parent_id);
}
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->setID(0);
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
$object->Create();
$this->Application->SetVar($event->getPrefixSpecial() . '_id', $object->GetID());
}
else {
$object->Load($id);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
$object->Update();
}
}
@@ -429,7 +432,9 @@
/* @var $object SelectorsItem */
$field_values = $this->getSubmittedFields($event);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
+
$object->ResetStyle();
$event->SetRedirectParam('pass', 'all,' . $event->getPrefixSpecial());
@@ -454,4 +459,4 @@
}
}
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/units/helpers/country_states_helper.php
===================================================================
diff -u -r15698 -r16111
--- branches/5.3.x/core/units/helpers/country_states_helper.php (.../country_states_helper.php) (revision 15698)
+++ branches/5.3.x/core/units/helpers/country_states_helper.php (.../country_states_helper.php) (revision 16111)
@@ -1,6 +1,6 @@
currentLanguage = $this->Application->Phrases->LanguageId;
+ $this->primaryLanguage = $this->Application->GetDefaultLanguageId();
+ }
+
+ /**
* Returns countries, that have states
*
* @return Array
@@ -58,33 +85,19 @@
*/
function PopulateStates($event, $state_field, $country_field)
{
- static $cache = Array ();
-
$object = $event->getObject();
/* @var $object kDBItem */
$country_iso = $object->GetDBField($country_field);
- if (!$country_iso) {
- return ;
- }
-
- if (!array_key_exists($country_iso, $cache)) {
- $states = $this->getStates($country_iso);
-
- if ( !$states ) {
+ if ( !$country_iso ) {
return;
}
- $cache[$country_iso] = $states;
- }
-
$field_options = $object->GetFieldOptions($state_field);
-
- $field_options['options'] = $cache[$country_iso];
+ $field_options['options'] = $this->getStates($country_iso);
$field_options['options'][''] = '';
-
- $object->SetFieldOptions($state_field, $field_options);
+ $object->SetFieldOptions($state_field, $field_options, $object->isVirtualField($state_field));
}
/**
@@ -101,16 +114,21 @@
return Array ();
}
- // don't use GetVar('m_lang') since it's always equals to default language on editing form in admin
- $current_language = $this->Application->Phrases->LanguageId;
- $primary_language = $this->Application->GetDefaultLanguageId();
+ $cache_key = 'country_states[%CountryStateSerial%]';
+ $cache_key .= ':PL=' . $this->primaryLanguage . ':CL=' . $this->currentLanguage . ':ISO=' . $country_iso;
+ $states = $this->Application->getCache($cache_key);
- $sql = 'SELECT IF(l' . $current_language . '_Name = "", l' . $primary_language . '_Name, l' . $current_language . '_Name) AS Name, IsoCode
+ if ( $states === false ) {
+ $sql = 'SELECT IF(l' . $this->currentLanguage . '_Name = "", l' . $this->primaryLanguage . '_Name, l' . $this->currentLanguage . '_Name) AS Name, IsoCode
FROM ' . $this->Application->getUnitConfig('country-state')->getTableName() . '
WHERE (Type = ' . DESTINATION_TYPE_STATE . ') AND (StateCountryId = ' . $country_id . ')
ORDER BY Name ASC';
+ $states = $this->Conn->GetCol($sql, 'IsoCode');
- return $this->Conn->GetCol($sql, 'IsoCode');
+ $this->Application->setCache($cache_key, $states);
+ }
+
+ return $states;
}
/**
@@ -129,10 +147,6 @@
$table_name = $this->Application->getUnitConfig('country-state')->getTableName();
$country_id = $this->getCountryStateId($country_iso, DESTINATION_TYPE_COUNTRY);
- // don't use GetVar('m_lang') since it's always equals to default language on editing form in admin
- $current_language = $this->Application->Phrases->LanguageId;
- $primary_language = $this->Application->GetDefaultLanguageId();
-
$sql = 'SELECT IsoCode
FROM ' . $table_name . '
WHERE (Type = ' . DESTINATION_TYPE_STATE . ') AND (StateCountryId = %1$s) AND
@@ -141,7 +155,7 @@
)';
$state_name = trim(mb_strtoupper($state_name));
- $sql = sprintf($sql, $country_id, $this->Conn->qstr($state_name), $current_language, $primary_language);
+ $sql = sprintf($sql, $country_id, $this->Conn->qstr($state_name), $this->currentLanguage, $this->primaryLanguage);
return $this->Conn->GetOne($sql);
}
@@ -192,12 +206,19 @@
function getCountryStateId($iso_code, $type)
{
$config = $this->Application->getUnitConfig('country-state');
+ $cache_key = 'country_state_id[%CountryStateSerial%]:ISO=' . $iso_code . ';Type=' . $type;
+ $id = $this->Application->getCache($cache_key);
- $sql = 'SELECT ' . $config->getIDField() . '
- FROM ' . $config->getTableName() . '
- WHERE (Type = ' . $type . ') AND (IsoCode = ' . $this->Conn->qstr($iso_code) . ')';
+ if ( $id === false ) {
+ $sql = 'SELECT ' . $config->getIDField() . '
+ FROM ' . $config->getTableName() . '
+ WHERE (Type = ' . $type . ') AND (IsoCode = ' . $this->Conn->qstr($iso_code) . ')';
+ $id = (int)$this->Conn->GetOne($sql);
- return (int)$this->Conn->GetOne($sql);
+ $this->Application->setCache($cache_key, $id);
+ }
+
+ return $id;
}
/**
@@ -222,4 +243,4 @@
return $this->Conn->GetOne($sql);
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/admin_templates/submissions/submission_view.tpl
===================================================================
diff -u -r15902 -r16111
--- branches/5.3.x/core/admin_templates/submissions/submission_view.tpl (.../submission_view.tpl) (revision 15902)
+++ branches/5.3.x/core/admin_templates/submissions/submission_view.tpl (.../submission_view.tpl) (revision 16111)
@@ -1,7 +1,7 @@
-
+
@@ -220,4 +220,4 @@
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/helpers/form_submission_helper.php
===================================================================
diff -u -r15902 -r16111
--- branches/5.3.x/core/units/helpers/form_submission_helper.php (.../form_submission_helper.php) (revision 15902)
+++ branches/5.3.x/core/units/helpers/form_submission_helper.php (.../form_submission_helper.php) (revision 16111)
@@ -1,6 +1,6 @@
SelectParam($params, 'prev_page_split_render_as,prev_page_split_block');
if ( $prev_block_params['name'] ) {
+ $this->Application->SetVar($this->getPrefixSpecial() . '_Page', $prev_block_params['page']);
$o .= $this->Application->ParseBlock($prev_block_params);
}
}
@@ -1447,7 +1448,7 @@
$prev_block_params['name'] = $this->SelectParam($params, 'prev_page_render_as,block_prev_page,prev_page_block');
if ( $prev_block_params['name'] ) {
- $this->Application->SetVar($this->getPrefixSpecial() . '_Page', $current_page - 1);
+ $this->Application->SetVar($this->getPrefixSpecial() . '_Page', $prev_block_params['page']);
$o .= $this->Application->ParseBlock($prev_block_params);
}
}
@@ -1483,7 +1484,7 @@
$block_params['name'] = $block;
$block_params['page'] = $i;
- $this->Application->SetVar($this->getPrefixSpecial() . '_Page', $i);
+ $this->Application->SetVar($this->getPrefixSpecial() . '_Page', $block_params['page']);
$o .= $this->Application->ParseBlock($block_params);
if ( $this->SelectParam($params, 'separator_render_as,block_separator') && $i < $split_end ) {
@@ -1497,7 +1498,7 @@
$next_block_params['name'] = $this->SelectParam($params, 'next_page_render_as,block_next_page,next_page_block');
if ( $next_block_params['name'] ) {
- $this->Application->SetVar($this->getPrefixSpecial() . '_Page', $current_page + 1);
+ $this->Application->SetVar($this->getPrefixSpecial() . '_Page', $next_block_params['page']);
$o .= $this->Application->ParseBlock($next_block_params);
}
@@ -1506,6 +1507,7 @@
$next_block_params['name'] = $this->SelectParam($params, 'next_page_split_render_as,next_page_split_block');
if ( $next_block_params['name'] ) {
+ $this->Application->SetVar($this->getPrefixSpecial() . '_Page', $next_block_params['page']);
$o .= $this->Application->ParseBlock($next_block_params);
}
}
Index: branches/5.3.x/core/units/languages/languages_event_handler.php
===================================================================
diff -u -r15928 -r16111
--- branches/5.3.x/core/units/languages/languages_event_handler.php (.../languages_event_handler.php) (revision 15928)
+++ branches/5.3.x/core/units/languages/languages_event_handler.php (.../languages_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
setID($id);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
if (!$object->Validate()) {
$event->status = kEvent::erFAIL;
@@ -614,7 +615,8 @@
/* @var $object kDBItem */
$object->setID($id);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
if ( !$object->Validate() ) {
$event->status = kEvent::erFAIL;
@@ -791,4 +793,4 @@
}
}
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/install/upgrades.sql
===================================================================
diff -u -r16045 -r16111
--- branches/5.3.x/core/install/upgrades.sql (.../upgrades.sql) (revision 16045)
+++ branches/5.3.x/core/install/upgrades.sql (.../upgrades.sql) (revision 16111)
@@ -2908,6 +2908,8 @@
SET Module = 'Core'
WHERE PhraseKey = 'LA_SECTION_FILE';
+# ===== v 5.2.1 =====
+
# ===== v 5.3.0-B1 =====
ALTER TABLE ScheduledTasks ADD Settings TEXT NULL;
ALTER TABLE Themes ADD ImageResizeRules TEXT NULL;
Index: branches/5.3.x/core/admin_templates/custom_fields/custom_fields_edit.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/custom_fields/custom_fields_edit.tpl (.../custom_fields_edit.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/custom_fields/custom_fields_edit.tpl (.../custom_fields_edit.tpl) (revision 16111)
@@ -1,7 +1,7 @@
-
+
Index: branches/5.3.x/core/admin_templates/config/config_general.tpl
===================================================================
diff -u -r15677 -r16111
--- branches/5.3.x/core/admin_templates/config/config_general.tpl (.../config_general.tpl) (revision 15677)
+++ branches/5.3.x/core/admin_templates/config/config_general.tpl (.../config_general.tpl) (revision 16111)
@@ -1,6 +1,6 @@
-
+
@@ -177,4 +177,4 @@
-
\ No newline at end of file
+
Index: branches/5.3.x/core/kernel/processors/main_processor.php
===================================================================
diff -u -r15999 -r16111
--- branches/5.3.x/core/kernel/processors/main_processor.php (.../main_processor.php) (revision 15999)
+++ branches/5.3.x/core/kernel/processors/main_processor.php (.../main_processor.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->GetVar($regs[1], Array ());
- array_unshift_ref($function_params, $ret);
+ $ret = $this->Application->GetVar($regs[1], array());
+ kUtil::array_unshift_ref($function_params, $ret);
- return call_user_func_array('getArrayValue', $function_params);
+ $ret = call_user_func_array('getArrayValue', $function_params);
}
else {
$ret = $this->Application->GetVar($name, '');
}
- if (array_key_exists('no_html_escape', $params) && $params['no_html_escape']) {
- return htmlspecialchars_decode($ret);
+ if ( array_key_exists('no_html_escape', $params) && $params['no_html_escape'] ) {
+ return $this->Application->isAdmin ? $ret : kUtil::unescape($ret, kUtil::ESCAPE_HTML);
}
- return $ret;
+ return kUtil::escape($ret, kUtil::ESCAPE_HTML);
}
/**
Index: branches/5.3.x/core/admin_templates/head.tpl
===================================================================
diff -u -r15974 -r16111
--- branches/5.3.x/core/admin_templates/head.tpl (.../head.tpl) (revision 15974)
+++ branches/5.3.x/core/admin_templates/head.tpl (.../head.tpl) (revision 16111)
@@ -110,7 +110,7 @@
}
function change_password() {
- getFrame('main').set_hidden_field('u_id', );
+ getFrame('main').set_hidden_field('u_id', );
open_popup('u', '', 'users/root_edit_password');
@@ -122,4 +122,4 @@
$FrameResizer = new FrameResizer('', '', window.parent, '', );
$FrameResizer.InitControls($FrameResizer);
$FrameResizer.SetStatus(01);
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/thesaurus/thesaurus_eh.php
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/units/thesaurus/thesaurus_eh.php (.../thesaurus_eh.php) (revision 15483)
+++ branches/5.3.x/core/units/thesaurus/thesaurus_eh.php (.../thesaurus_eh.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->isAdminUser ) {
- $keywords = htmlspecialchars_decode(trim($this->Application->GetVar('keywords')));
+ $keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
$object->addFilter('search_filter', '%1$s.SearchTerm LIKE ' . $this->Conn->qstr($keywords) . ' OR %1$s.SearchTerm LIKE ' . $this->Conn->qstr($keywords . '_'));
}
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/admin_templates/custom_fields/custom_fields_list.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/custom_fields/custom_fields_list.tpl (.../custom_fields_list.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/custom_fields/custom_fields_list.tpl (.../custom_fields_list.tpl) (revision 16111)
@@ -1,6 +1,6 @@
-
+
@@ -89,4 +89,4 @@
Grids['cf'].SetDependantToolbarButtons( new Array('edit','delete', 'clone', 'move_down', 'move_up') );
-
\ No newline at end of file
+
Index: branches/5.3.x/core/admin_templates/config/config_universal.tpl
===================================================================
diff -u -r15677 -r16111
--- branches/5.3.x/core/admin_templates/config/config_universal.tpl (.../config_universal.tpl) (revision 15677)
+++ branches/5.3.x/core/admin_templates/config/config_universal.tpl (.../config_universal.tpl) (revision 16111)
@@ -1,7 +1,7 @@
-
+
@@ -148,4 +148,4 @@
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/users/users_item.php
===================================================================
diff -u -r15938 -r16111
--- branches/5.3.x/core/units/users/users_item.php (.../users_item.php) (revision 15938)
+++ branches/5.3.x/core/units/users/users_item.php (.../users_item.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->isAdmin ) {
+ $fields = array_merge($fields, Array ('UserType', 'Status', 'EmailVerified', 'IsBanned'));
+ }
+
+ return $fields;
+ }
+ }
Index: branches/5.3.x/core/units/configuration/configuration_event_handler.php
===================================================================
diff -u -r15999 -r16111
--- branches/5.3.x/core/units/configuration/configuration_event_handler.php (.../configuration_event_handler.php) (revision 15999)
+++ branches/5.3.x/core/units/configuration/configuration_event_handler.php (.../configuration_event_handler.php) (revision 16111)
@@ -1,6 +1,6 @@
$field_values) {
$object->Clear(); // clear validation errors from previous variable
$object->Load($id);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
if ( !$object->Update($id) ) {
@@ -560,4 +560,4 @@
$fields['ModuleOwner']['options'] = $options;
$config->setFields($fields);
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/units/forms/forms/forms_eh.php
===================================================================
diff -u -r15938 -r16111
--- branches/5.3.x/core/units/forms/forms/forms_eh.php (.../forms_eh.php) (revision 15938)
+++ branches/5.3.x/core/units/forms/forms/forms_eh.php (.../forms_eh.php) (revision 16111)
@@ -1,6 +1,6 @@
SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
$event->setEventParam('form_data', $field_values);
if ( $object->Validate() ) {
@@ -628,4 +628,4 @@
return $reply->Create();
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/kernel/nparser/template_cache.php
===================================================================
diff -u -r15928 -r16111
--- branches/5.3.x/core/kernel/nparser/template_cache.php (.../template_cache.php) (revision 15928)
+++ branches/5.3.x/core/kernel/nparser/template_cache.php (.../template_cache.php) (revision 16111)
@@ -1,6 +1,6 @@
GetRealFilename(strtolower($filename));
+ $real_file = $this->GetRealFilename($filename);
if ( substr($real_file, -4) != '.tpl' ) {
// add ".tpl" file extension, when not specified in template name
$real_file .= '.tpl';
@@ -290,4 +290,4 @@
return false;
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/kernel/utility/formatters/formatter.php
===================================================================
diff -u -r15902 -r16111
--- branches/5.3.x/core/kernel/utility/formatters/formatter.php (.../formatter.php) (revision 15902)
+++ branches/5.3.x/core/kernel/utility/formatters/formatter.php (.../formatter.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->isAdmin && isset($options['allow_html']) && $options['allow_html'] ) {
- // this allows to revert kUtil::escape() call for each field submitted on Front-End
- $value = htmlspecialchars_decode($value);
+ if ( isset($options['allow_html']) && $options['allow_html'] ) {
+ $value = $this->Application->unescapeRequestVariable($value);
}
return $value;
@@ -300,4 +299,4 @@
return isset($options['sample_value']) ? $options['sample_value'] : '';
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/units/helpers/image_helper.php
===================================================================
diff -u -r15975 -r16111
--- branches/5.3.x/core/units/helpers/image_helper.php (.../image_helper.php) (revision 15975)
+++ branches/5.3.x/core/units/helpers/image_helper.php (.../image_helper.php) (revision 16111)
@@ -1,6 +1,6 @@
0 || $params['max_height'] > 0) {
@@ -750,4 +750,4 @@
return $this->Application->prefixRegistred($prefix);
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/kernel/globals.php
===================================================================
diff -u -r15988 -r16111
--- branches/5.3.x/core/kernel/globals.php (.../globals.php) (revision 15988)
+++ branches/5.3.x/core/kernel/globals.php (.../globals.php) (revision 16111)
@@ -1,6 +1,6 @@
$field_value) {
- // replaces an enclosure with two enclosures
- $data[$field_index] = str_replace($enclosure, $enclosure.$enclosure, $field_value);
+ ob_start();
+ $fp = fopen('php://output', 'w');
+ fputcsv($fp, $data, $delimiter, $enclosure);
+ fclose($fp);
+ $ret = ob_get_clean();
+
+ if ( $recordSeparator != "\n" ) {
+ return substr($ret, 0, -1) . $recordSeparator;
}
- $line = $enclosure.implode($enclosure.$delimiter.$enclosure, $data).$enclosure.$recordSeparator;
- $line = preg_replace('/'.preg_quote($enclosure, '/').'([0-9\.]+)'.preg_quote($enclosure, '/').'/', '$1', $line);
-
- return $line;
+ return $ret;
}
/**
@@ -863,6 +865,64 @@
throw new InvalidArgumentException(sprintf('Unknown escape strategy "%s"', $strategy));
}
+ /**
+ * Unescapes a string.
+ *
+ * @param string $text Text to unescape.
+ * @param string $strategy Escape strategy.
+ *
+ * @return string
+ * @throws InvalidArgumentException When unknown escape strategy is given.
+ */
+ public static function unescape($text, $strategy = null)
+ {
+ if ( !isset($strategy) ) {
+ $strategy = self::$escapeStrategy;
+ }
+
+ if ( strpos($strategy, '+') !== false ) {
+ $previous_strategy = '';
+ $strategies = explode('+', $strategy);
+
+ foreach ($strategies as $current_strategy) {
+ // apply default strategy
+ if ( $current_strategy == '' ) {
+ $current_strategy = self::$escapeStrategy;
+ }
+
+ // don't double-unescape
+ if ( $current_strategy != $previous_strategy ) {
+ $text = self::unescape($text, $current_strategy);
+ $previous_strategy = $current_strategy;
+ }
+ }
+
+ return $text;
+ }
+
+ if ( $strategy == self::ESCAPE_HTML ) {
+ return htmlspecialchars_decode($text, ENT_QUOTES);
+ }
+
+ if ( $strategy == self::ESCAPE_JS ) {
+ // TODO: consider using "stripcslashes", because "stripslashes" isn't really for JavaScript unescaping (according to docs)
+ $text = str_replace("", '', $text);
+ $text = str_replace(array('\r', '\n'), array("\r", "\n"), $text);
+ $text = stripslashes($text);
+
+ return $text;
+ }
+
+ if ( $strategy == self::ESCAPE_URL ) {
+ return rawurldecode($text);
+ }
+
+ if ( $strategy == self::ESCAPE_RAW ) {
+ return $text;
+ }
+
+ throw new InvalidArgumentException(sprintf('Unknown escape strategy "%s"', $strategy));
+ }
}
/**
@@ -1008,4 +1068,4 @@
return $res;
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/kernel/utility/http_query.php
===================================================================
diff -u -r15999 -r16111
--- branches/5.3.x/core/kernel/utility/http_query.php (.../http_query.php) (revision 15999)
+++ branches/5.3.x/core/kernel/utility/http_query.php (.../http_query.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->isAdmin ) {
+ return $value;
+ }
+
+ // This allows to revert kUtil::escape() call for each field submitted on front-end.
+ if ( is_array($value) ) {
+ foreach ( $value as $param_name => $param_value ) {
+ $value[$param_name] = $this->unescapeRequestVariable($param_value);
+ }
+
+ return $value;
+ }
+
+ return kUtil::unescape($value, kUtil::ESCAPE_HTML);
+ }
+
+ /**
* Returns all $_GET array excluding system parameters, that are not allowed to be passed through generated urls
*
* @param bool $access_error Method is called during no_permission, require login, session expiration link preparation
@@ -758,4 +784,4 @@
return $headers;
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/admin_templates/submissions/submission_log_edit.tpl
===================================================================
diff -u -r15677 -r16111
--- branches/5.3.x/core/admin_templates/submissions/submission_log_edit.tpl (.../submission_log_edit.tpl) (revision 15677)
+++ branches/5.3.x/core/admin_templates/submissions/submission_log_edit.tpl (.../submission_log_edit.tpl) (revision 16111)
@@ -2,7 +2,7 @@
-
+
@@ -131,4 +131,4 @@
-
\ No newline at end of file
+
Index: branches/5.3.x/core/kernel/utility/email.php
===================================================================
diff -u -r15944 -r16111
--- branches/5.3.x/core/kernel/utility/email.php (.../email.php) (revision 15944)
+++ branches/5.3.x/core/kernel/utility/email.php (.../email.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->Parser->Params; // backup parser params
$this->Application->Parser->SetParams($this->params);
- $text = $this->Application->Parser->Parse($this->_normalizeLineEndings($text), 'email_template');
+ $template_name = 'et_' . $this->emailTemplate->GetID() . '_' . crc32($text);
+ $text = $this->Application->Parser->Parse($this->_normalizeLineEndings($text), $template_name);
$this->Application->Parser->SetParams($parser_params); // restore parser params
$category_helper = $this->Application->recallObject('CategoryHelper');
Index: branches/5.3.x/core/kernel/db/cat_dbitem.php
===================================================================
diff -u -r15986 -r16111
--- branches/5.3.x/core/kernel/db/cat_dbitem.php (.../cat_dbitem.php) (revision 15986)
+++ branches/5.3.x/core/kernel/db/cat_dbitem.php (.../cat_dbitem.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->GetTempName($ci_table, 'prefix:' . $this->Prefix);
}
- // ensures, that CategoryId calculated field has primary category id in it
- $keys_hash = Array (
- $this->IDField => $this->ID,
- '`' . $ci_table . '`.`PrimaryCat`' => 1
- );
+ if ( $this->Application->isAdmin ) {
+ // When coping new item from temp table, where no CategoryItems record present yet.
+ return parent::GetKeyClause($method, $keys_hash) . ' ORDER BY `' . $ci_table . '`.PrimaryCat DESC';
+ }
+ else {
+ // Ensures, that CategoryId calculated field has primary category id in it.
+ $keys_hash = Array (
+ $this->IDField => $this->ID,
+ '`' . $ci_table . '`.`PrimaryCat`' => 1
+ );
+ }
}
return parent::GetKeyClause($method, $keys_hash);
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/admin_templates/categories/permissions_tab.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/categories/permissions_tab.tpl (.../permissions_tab.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/categories/permissions_tab.tpl (.../permissions_tab.tpl) (revision 16111)
@@ -5,8 +5,8 @@
if ($request_visible) {
- document.getElementById('_div').setAttribute('group_id', );
- maximizeElement( jq('#_div') );
+ document.getElementById('_div').setAttribute('group_id', );
+ maximizeElement( jq('#_div') );
}
@@ -74,4 +74,4 @@
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/users/users_tag_processor.php
===================================================================
diff -u -r15928 -r16111
--- branches/5.3.x/core/units/users/users_tag_processor.php (.../users_tag_processor.php) (revision 15928)
+++ branches/5.3.x/core/units/users/users_tag_processor.php (.../users_tag_processor.php) (revision 16111)
@@ -1,6 +1,6 @@
SetFieldsFromHash($fields_hash);
+ $user->SetDBFieldsFromHash($fields_hash);
$user->SetDBField('PwResetConfirm', '');
$user->SetDBField('PwRequestTime_date', NULL);
$user->SetDBField('PwRequestTime_time', NULL);
@@ -374,4 +374,4 @@
return $object->GetDBField('Email') ? $object->GetDBField('Email') : $object->GetDBField('Username');
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/admin_templates/catalog_tab.tpl
===================================================================
diff -u -r15974 -r16111
--- branches/5.3.x/core/admin_templates/catalog_tab.tpl (.../catalog_tab.tpl) (revision 15974)
+++ branches/5.3.x/core/admin_templates/catalog_tab.tpl (.../catalog_tab.tpl) (revision 16111)
@@ -35,7 +35,7 @@
// substitute form action, like from was created from here
document.getElementById('categories_form').action = '';
$Catalog.setItemCount('', '');
- $Catalog.setCurrentCategory('', );
+ $Catalog.setCurrentCategory('', );
$Catalog.saveSearch('', '', '');
@@ -92,4 +92,4 @@
-
\ No newline at end of file
+
Index: branches/5.3.x/core/admin_templates/submissions/submission_edit_logs.tpl
===================================================================
diff -u -r15483 -r16111
--- branches/5.3.x/core/admin_templates/submissions/submission_edit_logs.tpl (.../submission_edit_logs.tpl) (revision 15483)
+++ branches/5.3.x/core/admin_templates/submissions/submission_edit_logs.tpl (.../submission_edit_logs.tpl) (revision 16111)
@@ -1,7 +1,7 @@
-
+
@@ -146,4 +146,4 @@
Grids['submission-log'].SetDependantToolbarButtons( new Array('edit','delete', 'resend') );
-
\ No newline at end of file
+
Index: branches/5.3.x/core/kernel/utility/formatters/upload_formatter.php
===================================================================
diff -u -r15974 -r16111
--- branches/5.3.x/core/kernel/utility/formatters/upload_formatter.php (.../upload_formatter.php) (revision 15974)
+++ branches/5.3.x/core/kernel/utility/formatters/upload_formatter.php (.../upload_formatter.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->isAdmin ) {
- // this allows to revert kUtil::escape() call for each field submitted on front-end
- $value = is_array($value) ? array_map('htmlspecialchars_decode', $value) : htmlspecialchars_decode($value);
- }
-
+ $value = $this->Application->HttpQuery->unescapeRequestVariable($value);
$options = $object->GetFieldOptions($field_name);
if ( getArrayValue($options, 'upload_dir') ) {
@@ -458,7 +454,7 @@
try {
return $image_helper->ResizeImage($file_path, $format);
}
- catch ( \RuntimeException $e ) {
+ catch ( RuntimeException $e ) {
// error, during image resize -> return empty string
return '';
}
@@ -628,4 +624,4 @@
return parent::GetFormatted($value, $field_name, $object, $format);
}
-}
\ No newline at end of file
+}
Index: branches/5.3.x/core/units/thesaurus/thesaurus_tp.php
===================================================================
diff -u -r15698 -r16111
--- branches/5.3.x/core/units/thesaurus/thesaurus_tp.php (.../thesaurus_tp.php) (revision 15698)
+++ branches/5.3.x/core/units/thesaurus/thesaurus_tp.php (.../thesaurus_tp.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->GetVar('keywords')) );
+ $keywords = $this->Application->unescapeRequestVariable(trim($this->Application->GetVar('keywords')));
$table_name = $this->getUnitConfig()->getTableName();
$sql = 'SELECT *
Index: branches/5.3.x/core/admin_templates/config/config_edit.tpl
===================================================================
diff -u -r15988 -r16111
--- branches/5.3.x/core/admin_templates/config/config_edit.tpl (.../config_edit.tpl) (revision 15988)
+++ branches/5.3.x/core/admin_templates/config/config_edit.tpl (.../config_edit.tpl) (revision 16111)
@@ -1,7 +1,7 @@
-
+
@@ -97,4 +97,4 @@
});
-
\ No newline at end of file
+
Index: branches/5.3.x/core/units/helpers/ajax_form_helper.php
===================================================================
diff -u -r15974 -r16111
--- branches/5.3.x/core/units/helpers/ajax_form_helper.php (.../ajax_form_helper.php) (revision 15974)
+++ branches/5.3.x/core/units/helpers/ajax_form_helper.php (.../ajax_form_helper.php) (revision 16111)
@@ -134,6 +134,10 @@
}
else {
if ( !isset($params['redirect_to']) && ($event->redirect === true || strlen($event->redirect) > 0) ) {
+ if ( $event->redirect === true ) {
+ $event->redirect = '';
+ }
+
$params['redirect_to'] = $this->Application->HREF($event->redirect, '', $event->getRedirectParams(), $event->redirectScript);
}
@@ -144,4 +148,4 @@
return $params['status'] == 'OK';
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/index.php
===================================================================
diff -u -r15907 -r16111
--- branches/5.3.x/index.php (.../index.php) (revision 15907)
+++ branches/5.3.x/index.php (.../index.php) (revision 16111)
@@ -1,6 +1,6 @@
$field_values) {
$object->setID($id);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
$load_keys = Array (
'FormSubmissionId' => $object->GetDBField('FormSubmissionId'),
@@ -624,7 +625,8 @@
if ($items_info) {
foreach ($items_info as $id => $field_values) {
$object->setID($id);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
$load_keys = Array (
'FormSubmissionId' => $object->GetDBField('FormSubmissionId'),
@@ -661,7 +663,9 @@
if ($items_info) {
foreach ($items_info as $id => $field_values) {
$object->setID($id);
- $object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+ $object->SetFieldsFromHash($field_values);
+ $event->setEventParam('form_data', $field_values);
+
$object->SetDBField('DraftId', 0);
$load_keys = Array (
@@ -683,4 +687,4 @@
$this->Application->SetVar($event->getPrefixSpecial() . '_SaveEvent', 'OnCreate');
$event->redirect = false;
}
- }
\ No newline at end of file
+ }
Index: branches/5.3.x/core/units/user_profile/user_profile_eh.php
===================================================================
diff -u -r15698 -r16111
--- branches/5.3.x/core/units/user_profile/user_profile_eh.php (.../user_profile_eh.php) (revision 15698)
+++ branches/5.3.x/core/units/user_profile/user_profile_eh.php (.../user_profile_eh.php) (revision 16111)
@@ -1,6 +1,6 @@
Application->StorePersistentVar($variable_name, htmlspecialchars_decode($variable_value));
+ $this->Application->StorePersistentVar($variable_name, $this->Application->unescapeRequestVariable($variable_value));
}
}
@@ -90,4 +90,4 @@
}
}
}
- }
\ No newline at end of file
+ }