diff options
Diffstat (limited to 'codebase/data_connector.php')
| -rw-r--r-- | codebase/data_connector.php | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/codebase/data_connector.php b/codebase/data_connector.php index 36cafa0..ac76c74 100644 --- a/codebase/data_connector.php +++ b/codebase/data_connector.php @@ -9,8 +9,13 @@ class CommonDataProcessor extends DataProcessor{ protected function get_post_values($ids){ if (isset($_GET['action'])){ $data = array(); - if (isset($_POST["id"])) - $data[$_POST["id"]] = $_POST; + if (isset($_POST["id"])){ + $dataset = array(); + foreach($_POST as $key=>$value) + $dataset[$key] = ConnectorSecurity::filter($value); + + $data[$_POST["id"]] = $dataset; + } else $data["dummy_id"] = $_POST; return $data; @@ -90,9 +95,13 @@ class DataConnector extends Connector{ public function __construct($res,$type=false,$item_type=false,$data_type=false,$render_type=false){ if (!$item_type) $item_type="CommonDataItem"; if (!$data_type) $data_type="CommonDataProcessor"; - $section = array(); + + $this->sections = array(); + $this->attributes = array(); + if (!$render_type) $render_type="RenderStrategy"; parent::__construct($res,$type,$item_type,$data_type,$render_type); + } protected $sections; @@ -100,6 +109,11 @@ class DataConnector extends Connector{ $this->sections[$name] = $string; } + protected $attributes; + public function add_top_attribute($name, $string){ + $this->attributes[$name] = $string; + } + protected function parse_request_mode(){ //do nothing, at least for now } @@ -130,12 +144,20 @@ class DataConnector extends Connector{ if (isset($_GET["start"]) && isset($_GET["count"])) $this->request->set_limit($_GET["start"],$_GET["count"]); + + $key = ConnectorSecurity::checkCSRF($this->editing); + if ($key !== "") + $this->add_top_attribute("dhx_security", $key); } /*! renders self as xml, starting part */ protected function xml_start(){ - $start = "<data>"; + $start = "<data"; + foreach($this->attributes as $k=>$v) + $start .= " ".$k."='".$v."'"; + $start.= ">"; + foreach($this->sections as $k=>$v) $start .= "<".$k.">".$v."</".$k.">\n"; return $start; |