diff options
| author | Stanislau Wolski <stanislau.wolski@gmail.com> | 2013-02-05 12:37:08 -0800 |
|---|---|---|
| committer | Stanislau Wolski <stanislau.wolski@gmail.com> | 2013-02-05 12:37:08 -0800 |
| commit | e31493999641e1b538c62b313fd6d7eb7fa2f74f (patch) | |
| tree | 40eceebc3be251ddb819a33550606429e01f6e23 /codebase | |
| parent | 2b095bc184f2db05f9895db11c270c95361296e7 (diff) | |
| download | connector-php-e31493999641e1b538c62b313fd6d7eb7fa2f74f.zip connector-php-e31493999641e1b538c62b313fd6d7eb7fa2f74f.tar.gz connector-php-e31493999641e1b538c62b313fd6d7eb7fa2f74f.tar.bz2 | |
[update] flexible var naming
Diffstat (limited to 'codebase')
| -rw-r--r-- | codebase/base_connector.php | 13 | ||||
| -rw-r--r-- | codebase/convert.php | 6 | ||||
| -rw-r--r-- | codebase/db_common.php | 4 | ||||
| -rw-r--r-- | codebase/xss_filter.php | 13 |
4 files changed, 22 insertions, 14 deletions
diff --git a/codebase/base_connector.php b/codebase/base_connector.php index 97e8ac0..b42b811 100644 --- a/codebase/base_connector.php +++ b/codebase/base_connector.php @@ -288,6 +288,9 @@ class Connector { protected $encoding="utf-8";//!< assigned encoding (UTF-8 by default) protected $editing=false;//!< flag of edit mode ( response for dataprocessor ) + public static $filter_var="dhx_filter"; + public static $sort_var="dhx_sort"; + public $model=false; private $updating=false;//!< flag of update mode ( response for data-update ) @@ -586,21 +589,21 @@ class Connector { $this->request->set_user($_GET["dhx_user"]); } - if (isset($_GET["dhx_sort"])) - foreach($_GET["dhx_sort"] as $k => $v){ + if (isset($_GET[Connector::$sort_var])) + foreach($_GET[Connector::$sort_var] as $k => $v){ $k = $this->safe_field_name($k); $this->request->set_sort($this->resolve_parameter($k),$v); } - if (isset($_GET["dhx_filter"])) - foreach($_GET["dhx_filter"] as $k => $v){ + if (isset($_GET[Connector::$sort_var])) + foreach($_GET[Connector::$filter_var] as $k => $v){ $k = $this->safe_field_name($k); $this->request->set_filter($this->resolve_parameter($k),$v); } $key = ConnectorSecurity::checkCSRF($this->editing); if ($key !== "") - $this->add_top_attribute("dhx_security", $key); + $this->add_top_attribute(ConnectorSecurity::$security_var, $key); } diff --git a/codebase/convert.php b/codebase/convert.php index 59e85ab..f24922c 100644 --- a/codebase/convert.php +++ b/codebase/convert.php @@ -41,6 +41,10 @@ class ConvertService{ } public function convert($conn, $out){ + $str_out = str_replace("<rows>","<rows profile='color'>", $out); + $str_out = str_replace("<head>","<head><columns>", $str_out); + $str_out = str_replace("</head>","</columns></head>", $str_out); + if ($this->type == "pdf") header("Content-type: application/pdf"); else @@ -50,7 +54,7 @@ class ConvertService{ curl_setopt($handle, CURLOPT_POST, true); curl_setopt($handle, CURLOPT_HEADER, false); curl_setopt($handle, CURLOPT_RETURNTRANSFER, true); - curl_setopt($handle, CURLOPT_POSTFIELDS, "grid_xml=".urlencode(str_replace("<rows>","<rows profile='color'>", $out))); + curl_setopt($handle, CURLOPT_POSTFIELDS, "grid_xml=".urlencode($str_out)); $out->reset(); diff --git a/codebase/db_common.php b/codebase/db_common.php index 8929631..5690093 100644 --- a/codebase/db_common.php +++ b/codebase/db_common.php @@ -800,7 +800,7 @@ abstract class DBDataWrapper extends DataWrapper{ $sql.=implode(",",$temp)." WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'"; //if we have limited set - set constraints - $where=$this->build_where($request->get_filters(),$request->get_relation()); + $where=$this->build_where($request->get_filters()); if ($where) $sql.=" AND (".$where.")"; return $sql; @@ -820,7 +820,7 @@ abstract class DBDataWrapper extends DataWrapper{ $sql.=" WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'"; //if we have limited set - set constraints - $where=$this->build_where($request->get_filters(),$request->get_relation()); + $where=$this->build_where($request->get_filters()); if ($where) $sql.=" AND (".$where.")"; return $sql; diff --git a/codebase/xss_filter.php b/codebase/xss_filter.php index b02d878..c80c7d2 100644 --- a/codebase/xss_filter.php +++ b/codebase/xss_filter.php @@ -143,6 +143,7 @@ define("DHX_SECURITY_TRUSTED", 3); class ConnectorSecurity{ static public $xss = DHX_SECURITY_SAFETEXT; static public $security_key = false; + static public $security_var = "dhx_security"; static private $filterClass = null; static function filter($value, $mode = false){ @@ -174,21 +175,21 @@ class ConnectorSecurity{ if (ConnectorSecurity::$security_key){ if ($edit=== true){ - if (!isset($_POST['dhx_security'])) + if (!isset($_POST[ConnectorSecurity::$security_var])) return ConnectorSecurity::CSRF_detected(); - $master_key = $_SESSION['dhx_security']; - $update_key = $_POST['dhx_security']; + $master_key = $_SESSION[ConnectorSecurity::$security_var]; + $update_key = $_POST[ConnectorSecurity::$security_var]; if ($master_key != $update_key) return ConnectorSecurity::CSRF_detected(); return ""; } //data loading - if (!array_key_exists("dhx_security",$_SESSION)){ - $_SESSION["dhx_security"] = md5(uniqid()); + if (!array_key_exists(ConnectorSecurity::$security_var,$_SESSION)){ + $_SESSION[ConnectorSecurity::$security_var] = md5(uniqid()); } - return $_SESSION["dhx_security"]; + return $_SESSION[ConnectorSecurity::$security_var]; } return ""; |