diff options
| author | Stanislav-Wolski <stanislau.wolski@gmail.com> | 2012-05-28 17:29:54 +0300 |
|---|---|---|
| committer | Stanislav-Wolski <stanislau.wolski@gmail.com> | 2012-05-28 17:29:54 +0300 |
| commit | f412231c95a2d54a1061b597b4032227e5e0bdb5 (patch) | |
| tree | 0a4b388edebba591e6fd19dbe1cea2f7978d7294 /codebase/base_connector.php | |
| parent | 6c5b0c64092ad095d55412b5765c14bd121b508c (diff) | |
| download | connector-php-f412231c95a2d54a1061b597b4032227e5e0bdb5.zip connector-php-f412231c95a2d54a1061b597b4032227e5e0bdb5.tar.gz connector-php-f412231c95a2d54a1061b597b4032227e5e0bdb5.tar.bz2 | |
[add] csrf defense and render_array functionality
Diffstat (limited to 'codebase/base_connector.php')
| -rw-r--r-- | codebase/base_connector.php | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/codebase/base_connector.php b/codebase/base_connector.php index 2c924a9..6f66ef8 100644 --- a/codebase/base_connector.php +++ b/codebase/base_connector.php @@ -327,6 +327,7 @@ class Connector { "data_class"=>$data_type, "render_class"=>$render_type ); + $this->attributes = array(); $this->config = new DataConfig(); $this->request = new DataRequestConfig(); @@ -361,6 +362,11 @@ class Connector { } + protected $attributes; + public function add_top_attribute($name, $string){ + $this->attributes[$name] = $string; + } + //model is a class, which will be used for all data operations //we expect that it has next methods get, update, insert, delete //if method was not defined - we will use default logic @@ -421,6 +427,12 @@ class Connector { return $this->render(); } + public function render_array($data, $id, $fields, $extra=false, $relation_id=false){ + $this->configure("-",$id,$fields,$extra,$relation_id); + $this->sql = new ArrayDBDataWrapper($data, null); + return $this->render(); + } + public function render_complex_sql($sql,$id,$fields,$extra=false,$relation_id=false){ $this->config->init($id,$fields,$extra,$relation_id); $this->request->parse_sql($sql, true); @@ -475,9 +487,11 @@ class Connector { $this->sql = new ArrayDBDataWrapper(); $result = new ArrayQueryWrapper(call_user_func(array($this->model, "get"), $this->request)); $this->output_as_xml($result); - } else + } else { $this->output_as_xml($this->get_resource()); } + + } } $this->end_run(); } @@ -557,6 +571,9 @@ class Connector { $this->request->set_filter($this->resolve_parameter($k),$v); } + $key = ConnectorSecurity::checkCSRF($this->editing); + if ($key !== "") + $this->add_top_attribute("dhx_security", $key); } @@ -679,7 +696,11 @@ class Connector { /*! renders self as xml, starting part */ protected function xml_start(){ - return "<data>"; + $attributes = ""; + foreach($this->attributes as $k=>$v) + $attributes .= " ".$k."='".$v."'"; + + return "<data".$attributes.">"; } /*! renders self as xml, ending part */ |