summaryrefslogtreecommitdiffstats
path: root/codebase
diff options
context:
space:
mode:
Diffstat (limited to 'codebase')
-rw-r--r--codebase/base_connector.php18
-rw-r--r--codebase/convert.php6
-rw-r--r--codebase/crosslink_connector.php4
-rw-r--r--codebase/data_connector.php3
-rw-r--r--codebase/dataprocessor.php2
-rw-r--r--codebase/db_common.php8
-rw-r--r--codebase/db_phpcake.php7
-rw-r--r--codebase/xss_filter.php18
8 files changed, 43 insertions, 23 deletions
diff --git a/codebase/base_connector.php b/codebase/base_connector.php
index ab11cb5..ac25b00 100644
--- a/codebase/base_connector.php
+++ b/codebase/base_connector.php
@@ -288,6 +288,9 @@ class Connector {
protected $encoding="utf-8";//!< assigned encoding (UTF-8 by default)
protected $editing=false;//!< flag of edit mode ( response for dataprocessor )
+ public static $filter_var="dhx_filter";
+ public static $sort_var="dhx_sort";
+
public $model=false;
private $updating=false;//!< flag of update mode ( response for data-update )
@@ -590,21 +593,21 @@ class Connector {
$this->request->set_user($_GET["dhx_user"]);
}
- if (isset($_GET["dhx_sort"]))
- foreach($_GET["dhx_sort"] as $k => $v){
+ if (isset($_GET[Connector::$sort_var]))
+ foreach($_GET[Connector::$sort_var] as $k => $v){
$k = $this->safe_field_name($k);
$this->request->set_sort($this->resolve_parameter($k),$v);
}
- if (isset($_GET["dhx_filter"]))
- foreach($_GET["dhx_filter"] as $k => $v){
+ if (isset($_GET[Connector::$sort_var]))
+ foreach($_GET[Connector::$filter_var] as $k => $v){
$k = $this->safe_field_name($k);
$this->request->set_filter($this->resolve_parameter($k),$v);
}
$key = ConnectorSecurity::checkCSRF($this->editing);
if ($key !== "")
- $this->add_top_attribute("dhx_security", $key);
+ $this->add_top_attribute(ConnectorSecurity::$security_var, $key);
}
@@ -750,7 +753,10 @@ class Connector {
*/
protected function xml_end(){
$this->fill_collections();
- return $this->extra_output."</data>";
+ if (isset($this->extra_output))
+ return $this->extra_output."</data>";
+ else
+ return "</data>";
}
protected function fill_collections($list=""){
diff --git a/codebase/convert.php b/codebase/convert.php
index 59e85ab..f24922c 100644
--- a/codebase/convert.php
+++ b/codebase/convert.php
@@ -41,6 +41,10 @@ class ConvertService{
}
public function convert($conn, $out){
+ $str_out = str_replace("<rows>","<rows profile='color'>", $out);
+ $str_out = str_replace("<head>","<head><columns>", $str_out);
+ $str_out = str_replace("</head>","</columns></head>", $str_out);
+
if ($this->type == "pdf")
header("Content-type: application/pdf");
else
@@ -50,7 +54,7 @@ class ConvertService{
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_HEADER, false);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($handle, CURLOPT_POSTFIELDS, "grid_xml=".urlencode(str_replace("<rows>","<rows profile='color'>", $out)));
+ curl_setopt($handle, CURLOPT_POSTFIELDS, "grid_xml=".urlencode($str_out));
$out->reset();
diff --git a/codebase/crosslink_connector.php b/codebase/crosslink_connector.php
index d6df689..22ad83d 100644
--- a/codebase/crosslink_connector.php
+++ b/codebase/crosslink_connector.php
@@ -109,6 +109,10 @@ class CrossOptionsConnector extends Connector{
$this->link->delete($master_key);
break;
case "updated":
+ //cross link options not loaded yet, so we can skip update
+ if (!array_key_exists($this->link_name, $action->get_data()))
+ break;
+ //else, delete old options and continue in insert section to add new values
$this->link->delete($master_key);
case "inserted":
for ($i=0; $i < sizeof($link_key); $i++)
diff --git a/codebase/data_connector.php b/codebase/data_connector.php
index cf52597..caa5369 100644
--- a/codebase/data_connector.php
+++ b/codebase/data_connector.php
@@ -113,9 +113,6 @@ class DataConnector extends Connector{
$this->sections[$name] = $string;
}
- protected function parse_request_mode(){
- //do nothing, at least for now
- }
//parse GET scoope, all operations with incoming request must be done here
protected function parse_request(){
diff --git a/codebase/dataprocessor.php b/codebase/dataprocessor.php
index 74852e2..be18eba 100644
--- a/codebase/dataprocessor.php
+++ b/codebase/dataprocessor.php
@@ -220,7 +220,7 @@ class DataProcessor{
}
$this->connector->event->trigger("after".$mode,$action);
- $this->config = $old_config;
+ $this->config->copy($old_config);
}
/*! output xml response for dataprocessor
diff --git a/codebase/db_common.php b/codebase/db_common.php
index 19365f3..76748e7 100644
--- a/codebase/db_common.php
+++ b/codebase/db_common.php
@@ -195,7 +195,9 @@ class DataRequestConfig{
name of source table
*/
public function set_source($value){
- $this->source=trim($value);
+ if (is_string($value))
+ $value = trim($value);
+ $this->source = $value;
if (!$this->source) throw new Exception("Source of data can't be empty");
}
/*! sets data limits
@@ -800,7 +802,7 @@ abstract class DBDataWrapper extends DataWrapper{
$sql.=implode(",",$temp)." WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'";
//if we have limited set - set constraints
- $where=$this->build_where($request->get_filters(),$request->get_relation());
+ $where=$this->build_where($request->get_filters());
if ($where) $sql.=" AND (".$where.")";
return $sql;
@@ -820,7 +822,7 @@ abstract class DBDataWrapper extends DataWrapper{
$sql.=" WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'";
//if we have limited set - set constraints
- $where=$this->build_where($request->get_filters(),$request->get_relation());
+ $where=$this->build_where($request->get_filters());
if ($where) $sql.=" AND (".$where.")";
return $sql;
diff --git a/codebase/db_phpcake.php b/codebase/db_phpcake.php
index 980c9c3..97d94eb 100644
--- a/codebase/db_phpcake.php
+++ b/codebase/db_phpcake.php
@@ -13,7 +13,12 @@ if you plan to use it for Oracle - use Oracle connection type instead
**/
class PHPCakeDBDataWrapper extends ArrayDBDataWrapper{
public function select($sql){
- $res = $this->connection->find("all");
+ $source = $sql->get_source();
+ if (is_array($source)) //result of find
+ $res = $source;
+ else
+ $res = $this->connection->find("all");
+
if (sizeof($res)){
$name = get_class($this->connection);
$temp = array();
diff --git a/codebase/xss_filter.php b/codebase/xss_filter.php
index b02d878..ed0a309 100644
--- a/codebase/xss_filter.php
+++ b/codebase/xss_filter.php
@@ -143,6 +143,7 @@ define("DHX_SECURITY_TRUSTED", 3);
class ConnectorSecurity{
static public $xss = DHX_SECURITY_SAFETEXT;
static public $security_key = false;
+ static public $security_var = "dhx_security";
static private $filterClass = null;
static function filter($value, $mode = false){
@@ -170,25 +171,26 @@ class ConnectorSecurity{
die();
}
static function checkCSRF($edit){
- if(!isset($_SESSION)) @session_start();
-
if (ConnectorSecurity::$security_key){
+ if (!isset($_SESSION))
+ @session_start();
+
if ($edit=== true){
- if (!isset($_POST['dhx_security']))
+ if (!isset($_POST[ConnectorSecurity::$security_var]))
return ConnectorSecurity::CSRF_detected();
- $master_key = $_SESSION['dhx_security'];
- $update_key = $_POST['dhx_security'];
+ $master_key = $_SESSION[ConnectorSecurity::$security_var];
+ $update_key = $_POST[ConnectorSecurity::$security_var];
if ($master_key != $update_key)
return ConnectorSecurity::CSRF_detected();
return "";
}
//data loading
- if (!array_key_exists("dhx_security",$_SESSION)){
- $_SESSION["dhx_security"] = md5(uniqid());
+ if (!array_key_exists(ConnectorSecurity::$security_var,$_SESSION)){
+ $_SESSION[ConnectorSecurity::$security_var] = md5(uniqid());
}
- return $_SESSION["dhx_security"];
+ return $_SESSION[ConnectorSecurity::$security_var];
}
return "";
generated by cgit v1.1 at 2025-05-11 07:28:02 +0000