summaryrefslogtreecommitdiffstats
path: root/codebase
diff options
context:
space:
mode:
Diffstat (limited to 'codebase')
-rw-r--r--codebase/base_connector.php52
-rw-r--r--codebase/connector.js11
-rw-r--r--codebase/convert.php6
-rw-r--r--codebase/crosslink_connector.php4
-rw-r--r--codebase/data_connector.php28
-rw-r--r--codebase/dataprocessor.php14
-rw-r--r--codebase/dataview_connector.php1
-rw-r--r--codebase/db_common.php84
-rw-r--r--codebase/db_phpcake.php7
-rw-r--r--codebase/gantt_connector.php150
-rw-r--r--codebase/strategy.php8
-rw-r--r--codebase/xss_filter.php18
12 files changed, 230 insertions, 153 deletions
diff --git a/codebase/base_connector.php b/codebase/base_connector.php
index ab11cb5..3a30eb2 100644
--- a/codebase/base_connector.php
+++ b/codebase/base_connector.php
@@ -288,6 +288,9 @@ class Connector {
protected $encoding="utf-8";//!< assigned encoding (UTF-8 by default)
protected $editing=false;//!< flag of edit mode ( response for dataprocessor )
+ public static $filter_var="dhx_filter";
+ public static $sort_var="dhx_sort";
+
public $model=false;
private $updating=false;//!< flag of update mode ( response for data-update )
@@ -309,7 +312,8 @@ class Connector {
protected $filters;
protected $sorts;
protected $mix;
-
+ protected $order = false;
+
/*! constructor
Here initilization of all Masters occurs, execution timer initialized
@@ -590,22 +594,26 @@ class Connector {
$this->request->set_user($_GET["dhx_user"]);
}
- if (isset($_GET["dhx_sort"]))
- foreach($_GET["dhx_sort"] as $k => $v){
+ if (isset($_GET[Connector::$sort_var]))
+ foreach($_GET[Connector::$sort_var] as $k => $v){
$k = $this->safe_field_name($k);
$this->request->set_sort($this->resolve_parameter($k),$v);
}
- if (isset($_GET["dhx_filter"]))
- foreach($_GET["dhx_filter"] as $k => $v){
+ if (isset($_GET[Connector::$filter_var]))
+ foreach($_GET[Connector::$filter_var] as $k => $v){
$k = $this->safe_field_name($k);
- $this->request->set_filter($this->resolve_parameter($k),$v);
+ if ($v !== "")
+ $this->request->set_filter($this->resolve_parameter($k),$v);
}
+ $this->check_csrf();
+ }
+
+ protected function check_csrf(){
$key = ConnectorSecurity::checkCSRF($this->editing);
if ($key !== "")
- $this->add_top_attribute("dhx_security", $key);
-
+ $this->add_top_attribute(ConnectorSecurity::$security_var, $key);
}
/*! convert incoming request name to the actual DB name
@@ -701,7 +709,23 @@ class Connector {
*/
public function dynamic_loading($count){
$this->dload=$count;
- }
+ }
+
+ /*! enable or disable data reordering
+
+ @param name
+ name of field, which will be used for order storing, optional
+ by default 'sortorder' field will be used
+ */
+ public function enable_order($name = true){
+ if ($name === true)
+ $name = "sortorder";
+
+ $this->sort($name);
+ $this->access->allow("order");
+ $this->request->set_order($name);
+ $this->order = $name;
+ }
/*! enable logging
@@ -750,7 +774,10 @@ class Connector {
*/
protected function xml_end(){
$this->fill_collections();
- return $this->extra_output."</data>";
+ if (isset($this->extra_output))
+ return $this->extra_output."</data>";
+ else
+ return "</data>";
}
protected function fill_collections($list=""){
@@ -897,6 +924,11 @@ class OptionsConnector extends Connector{
$res = $this->sql->select($this->request);
return $this->render_set($res);
}
+
+ public function render_save(){
+ $this->config->remove_field($this->config->id["name"]);
+ parent::render();
+ }
}
diff --git a/codebase/connector.js b/codebase/connector.js
index 69c5a02..0ee9648 100644
--- a/codebase/connector.js
+++ b/codebase/connector.js
@@ -83,7 +83,7 @@ if (window.dhtmlXGridObject && !dhtmlXGridObject.prototype._init_point_connector
if (!this._colls_loaded && this.cellType){
var ar=[];
for (var i=0; i < this.cellType.length; i++)
- if (this.cellType[i].indexOf("co")==0 || this._con_f_used[i]==2) ar.push(i);
+ if (this.cellType[i].indexOf("co")==0 || this.cellType[i].indexOf("clist")==0 || this._con_f_used[i]==2) ar.push(i);
if (ar.length)
arguments[0]+=(arguments[0].indexOf("?")!=-1?"&":"?")+"connector=true&dhx_colls="+ar.join(",");
}
@@ -120,8 +120,13 @@ if (window.dhtmlXGridObject && !dhtmlXGridObject.prototype._init_point_connector
} else
v[v.length]=val;
}
- if (opts.length)
- combo.addOption(opts);
+ if (opts.length){
+ if (combo)
+ combo.addOption(opts);
+ } else if (v.length && !combo)
+ if (this.registerCList)
+ this.registerCList(f*1, v);
+
if (this._con_f_used[f*1])
this._con_f_used[f*1]=v;
diff --git a/codebase/convert.php b/codebase/convert.php
index 59e85ab..f24922c 100644
--- a/codebase/convert.php
+++ b/codebase/convert.php
@@ -41,6 +41,10 @@ class ConvertService{
}
public function convert($conn, $out){
+ $str_out = str_replace("<rows>","<rows profile='color'>", $out);
+ $str_out = str_replace("<head>","<head><columns>", $str_out);
+ $str_out = str_replace("</head>","</columns></head>", $str_out);
+
if ($this->type == "pdf")
header("Content-type: application/pdf");
else
@@ -50,7 +54,7 @@ class ConvertService{
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_HEADER, false);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($handle, CURLOPT_POSTFIELDS, "grid_xml=".urlencode(str_replace("<rows>","<rows profile='color'>", $out)));
+ curl_setopt($handle, CURLOPT_POSTFIELDS, "grid_xml=".urlencode($str_out));
$out->reset();
diff --git a/codebase/crosslink_connector.php b/codebase/crosslink_connector.php
index d6df689..22ad83d 100644
--- a/codebase/crosslink_connector.php
+++ b/codebase/crosslink_connector.php
@@ -109,6 +109,10 @@ class CrossOptionsConnector extends Connector{
$this->link->delete($master_key);
break;
case "updated":
+ //cross link options not loaded yet, so we can skip update
+ if (!array_key_exists($this->link_name, $action->get_data()))
+ break;
+ //else, delete old options and continue in insert section to add new values
$this->link->delete($master_key);
case "inserted":
for ($i=0; $i < sizeof($link_key); $i++)
diff --git a/codebase/data_connector.php b/codebase/data_connector.php
index e6786b9..deaf7d8 100644
--- a/codebase/data_connector.php
+++ b/codebase/data_connector.php
@@ -114,7 +114,10 @@ class DataConnector extends Connector{
}
protected function parse_request_mode(){
- //do nothing, at least for now
+ if (isset($_GET['action']) && $_GET["action"] != "get")
+ $this->editing = true;
+ else
+ parent::parse_request_mode();
}
//parse GET scoope, all operations with incoming request must be done here
@@ -134,10 +137,10 @@ class DataConnector extends Connector{
//data saving
$this->editing = true;
}
+ parent::check_csrf();
} else {
if (isset($_GET['editing']) && isset($_POST['ids']))
$this->editing = true;
-
parent::parse_request();
}
@@ -149,7 +152,10 @@ class DataConnector extends Connector{
/*! renders self as xml, starting part
*/
protected function xml_start(){
- $start = parent::xml_start();
+ $start = "<data";
+ foreach($this->attributes as $k=>$v)
+ $start .= " ".$k."='".$v."'";
+ $start.= ">";
foreach($this->sections as $k=>$v)
$start .= "<".$k.">".$v."</".$k.">\n";
@@ -195,7 +201,7 @@ class JSONDataConnector extends DataConnector{
$name = $k;
$option="\"{$name}\":[";
if (!is_string($this->options[$name]))
- $option.=substr($this->options[$name]->render(),0,-2);
+ $option.=substr(json_encode($this->options[$name]->render()),1,-1);
else
$option.=$this->options[$name];
$option.="]";
@@ -304,6 +310,10 @@ class JSONOptionsConnector extends JSONDataConnector{
$res = $this->sql->select($this->request);
return $this->render_set($res);
}
+
+ public function render_save(){
+ parent::render();
+ }
}
@@ -394,7 +404,11 @@ class TreeDataConnector extends DataConnector{
/*! renders self as xml, starting part
*/
protected function xml_start(){
- return "<data parent='".$this->request->get_relation()."'>";
+ $attributes = " parent='".$this->request->get_relation()."' ";
+ foreach($this->attributes as $k=>$v)
+ $attributes .= " ".$k."='".$v."'";
+
+ return "<data".$attributes.">";
}
}
@@ -420,6 +434,10 @@ class JSONTreeDataConnector extends TreeDataConnector{
if (!empty($this->options))
$data["collections"] = $this->options;
+
+ foreach($this->attributes as $k=>$v)
+ $data[$k] = $v;
+
$data = json_encode($data);
// return as string
diff --git a/codebase/dataprocessor.php b/codebase/dataprocessor.php
index 74852e2..98ea63a 100644
--- a/codebase/dataprocessor.php
+++ b/codebase/dataprocessor.php
@@ -160,12 +160,15 @@ class DataProcessor{
$mode = $this->status_to_mode($action->get_status());
if (!$this->connector->access->check($mode)){
- LogMaster::log("Access control: {$operation} operation blocked");
+ LogMaster::log("Access control: {$mode} operation blocked");
$action->error();
} else {
$check = $this->connector->event->trigger("beforeProcessing",$action);
if (!$action->is_ready())
$this->check_exts($action,$mode);
+ if ($mode == "insert" && $action->get_status() != "error" && $action->get_status() != "invalid")
+ $this->connector->sql->new_record_order($action, $this->request);
+
$check = $this->connector->event->trigger("afterProcessing",$action);
}
@@ -178,13 +181,14 @@ class DataProcessor{
if ($this->connector->sql->is_record_transaction()){
if ($action->get_status()=="error" || $action->get_status()=="invalid")
- $this->connector->sql->rollback_transaction();
+ $this->connector->sql->rollback_transaction();
else
- $this->connector->sql->commit_transaction();
+ $this->connector->sql->commit_transaction();
}
-
+
return $action;
}
+
/*! check if some event intercepts processing, send data to DataWrapper in other case
@param action
@@ -220,7 +224,7 @@ class DataProcessor{
}
$this->connector->event->trigger("after".$mode,$action);
- $this->config = $old_config;
+ $this->config->copy($old_config);
}
/*! output xml response for dataprocessor
diff --git a/codebase/dataview_connector.php b/codebase/dataview_connector.php
index 41b7387..fe2c9fd 100644
--- a/codebase/dataview_connector.php
+++ b/codebase/dataview_connector.php
@@ -60,7 +60,6 @@ class DataViewConnector extends Connector{
foreach($this->attributes as $k=>$v)
$attributes .= " ".$k."='".$v."'";
- $start.= ">";
if ($this->dload){
if ($pos=$this->request->get_start())
return "<data pos='".$pos."'".$attributes.">";
diff --git a/codebase/db_common.php b/codebase/db_common.php
index 19365f3..4fe5f77 100644
--- a/codebase/db_common.php
+++ b/codebase/db_common.php
@@ -14,6 +14,7 @@ class DataRequestConfig{
private $start; //!< start of requested data
private $count; //!< length of requested data
+ private $order = false;
private $user;
private $version;
@@ -83,6 +84,12 @@ class DataRequestConfig{
}
+ public function get_order(){
+ return $this->order;
+ }
+ public function set_order($order){
+ $this->order = $order;
+ }
public function get_user(){
return $this->user;
}
@@ -195,7 +202,9 @@ class DataRequestConfig{
name of source table
*/
public function set_source($value){
- $this->source=trim($value);
+ if (is_string($value))
+ $value = trim($value);
+ $this->source = $value;
if (!$this->source) throw new Exception("Source of data can't be empty");
}
/*! sets data limits
@@ -640,6 +649,73 @@ abstract class DBDataWrapper extends DataWrapper{
return $str;
}
+ public function new_record_order($action, $source){
+ $order = $source->get_order();
+ if ($order){
+ $table = $source->get_source();
+ $id = $this->config->id["db_name"];
+ $idvalue = $action->get_new_id();
+
+ $max = $this->queryOne("SELECT MAX($order) as dhx_maxvalue FROM $table");
+ $dhx_maxvalue = $max["dhx_maxvalue"] + 1;
+
+ $this->query("UPDATE $table SET $order = $dhx_maxvalue WHERE $id = $idvalue");
+ }
+ }
+
+ public function order($data, $source){
+ //id of moved item
+ $id1 = $this->escape($data->get_value("id"));
+ //id of target item
+ $target = $data->get_value("target");
+ if (strpos($target, "next:") !== false){
+ $dropnext = true;
+ $id2 = str_replace("next:", "", $target);
+ } else {
+ $id2 = $target;
+ }
+ $id2 = $this->escape($id2);
+
+
+ //for tree like components we need to limit out queries to the affected branch only
+ $relation_select = $relation_update = $relation_sql_out = $relation_sql = "";
+ if ($this->config->relation_id["name"]){
+ $relation = $data->get_value($this->config->relation_id["name"]);
+ if ($relation !== false && $relation !== ""){
+ $relation_sql = " ".$this->config->relation_id["db_name"]." = '".$this->escape($relation)."' AND ";
+ $relation_select = $this->config->relation_id["db_name"]." as dhx_parent, ";
+ $relation_update = " ".$this->config->relation_id["db_name"]." = '".$this->escape($relation)."', ";
+ }
+ }
+
+
+ $name = $source->get_order();
+ $table = $source->get_source();
+ $idkey = $this->config->id["db_name"];
+
+ $source = $this->queryOne("select $relation_select $name as dhx_index from $table where $idkey = '$id1'");
+ $source_index = $source["dhx_index"] ? $source["dhx_index"] : 0;
+ if ($relation_sql)
+ $relation_sql_out = " ".$this->config->relation_id["db_name"]." = '".$this->escape($source["dhx_parent"])."' AND ";
+
+ $this->query("update $table set $name = $name - 1 where $relation_sql_out $name >= $source_index");
+
+ if ($id2 !== ""){
+ $target = $this->queryOne("select $name as dhx_index from $table where $idkey = '$id2'");
+ $target_index = $target["dhx_index"];
+ if (!$target_index)
+ $target_index = 0;
+ if ($dropnext)
+ $target_index += 1;
+ $this->query("update $table set $name = $name + 1 where $relation_sql $name >= $target_index");
+ } else {
+ $target = $this->queryOne("select max($name) as dhx_index from $table");
+ $target_index = ($target["dhx_index"] ? $target["dhx_index"] : 0)+1;
+ }
+
+ $this->query("update $table set $relation_update $name = $target_index where $idkey = '$id1'");
+ }
+
public function insert($data,$source){
$sql=$this->insert_query($data,$source);
$this->query($sql);
@@ -724,7 +800,7 @@ abstract class DBDataWrapper extends DataWrapper{
else
array_push($sql,$this->escape_name($rules[$i]["name"])." ".$rules[$i]["operation"]." '".$this->escape($rules[$i]["value"])."'");
}
- if ($relation!==false)
+ if ($relation !== false && $relation !== "")
array_push($sql,$this->escape_name($this->config->relation_id["db_name"])." = '".$this->escape($relation)."'");
return implode(" AND ",$sql);
}
@@ -800,7 +876,7 @@ abstract class DBDataWrapper extends DataWrapper{
$sql.=implode(",",$temp)." WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'";
//if we have limited set - set constraints
- $where=$this->build_where($request->get_filters(),$request->get_relation());
+ $where=$this->build_where($request->get_filters());
if ($where) $sql.=" AND (".$where.")";
return $sql;
@@ -820,7 +896,7 @@ abstract class DBDataWrapper extends DataWrapper{
$sql.=" WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'";
//if we have limited set - set constraints
- $where=$this->build_where($request->get_filters(),$request->get_relation());
+ $where=$this->build_where($request->get_filters());
if ($where) $sql.=" AND (".$where.")";
return $sql;
diff --git a/codebase/db_phpcake.php b/codebase/db_phpcake.php
index 980c9c3..97d94eb 100644
--- a/codebase/db_phpcake.php
+++ b/codebase/db_phpcake.php
@@ -13,7 +13,12 @@ if you plan to use it for Oracle - use Oracle connection type instead
**/
class PHPCakeDBDataWrapper extends ArrayDBDataWrapper{
public function select($sql){
- $res = $this->connection->find("all");
+ $source = $sql->get_source();
+ if (is_array($source)) //result of find
+ $res = $source;
+ else
+ $res = $this->connection->find("all");
+
if (sizeof($res)){
$name = get_class($this->connection);
$temp = array();
diff --git a/codebase/gantt_connector.php b/codebase/gantt_connector.php
index 46c580b..ee41125 100644
--- a/codebase/gantt_connector.php
+++ b/codebase/gantt_connector.php
@@ -10,8 +10,6 @@ require_once("data_connector.php");
**/
class GanttDataItem extends DataItem{
- public static $open = null;
-
/*! return self as XML string
*/
function to_xml(){
@@ -28,8 +26,6 @@ class GanttDataItem extends DataItem{
if ($this->userdata !== false)
foreach ($this->userdata as $key => $value)
$str.="<".$key."><![CDATA[".$value."]]></".$key.">";
- if (GanttDataItem::$open !== null)
- $str.="<open>".GanttDataItem::$open."</open>";
return $str."</task>";
}
@@ -42,7 +38,6 @@ class GanttConnector extends Connector{
protected $extra_output="";//!< extra info which need to be sent to client side
protected $options=array();//!< hash of OptionsConnector
- protected $links_mode = false;
/*! assign options collection to the column
@@ -82,15 +77,15 @@ class GanttConnector extends Connector{
if (!$data_type) $data_type="GanttDataProcessor";
if (!$render_type) $render_type="RenderStrategy";
parent::__construct($res,$type,$item_type,$data_type,$render_type);
+
+ $this->event->attach("afterDelete", array($this, "delete_related_links"));
+ $this->event->attach("afterOrder", array($this, "order_set_parent"));
}
//parse GET scoope, all operations with incoming request must be done here
function parse_request(){
parent::parse_request();
- if (isset($_GET["gantt_mode"]) && $_GET["gantt_mode"] == "links")
- $this->links_mode = true;
-
if (count($this->config->text)){
if (isset($_GET["to"]))
$this->request->set_filter($this->config->text[0]["name"],$_GET["to"],"<");
@@ -99,13 +94,43 @@ class GanttConnector extends Connector{
}
}
- public function openAll($mode = true) {
- GanttDataItem::$open = $mode;
+ function order_set_parent($action){
+ $value = $action->get_id();
+ $parent = $action->get_value("parent");
+
+ $table = $this->request->get_source();
+ $id = $this->config->id["db_name"];
+
+ $this->sql->query("UPDATE $table SET parent = $parent WHERE $id = $value");
+ }
+
+ function delete_related_links($action){
+ if (isset($this->options["links"])){
+ $links = $this->options["links"];
+ $value = $this->sql->escape($action->get_id());
+ $table = $links->get_request()->get_source();
+
+ $this->sql->query("DELETE FROM $table WHERE source = '$value'");
+ $this->sql->query("DELETE FROM $table WHERE target = '$value'");
+ }
+ }
+
+ /*! render self
+ process commands, output requested data as XML
+ */
+ public function render(){
+ if (!$this->as_string){
+ if (isset($_GET["gantt_mode"]) && $_GET["gantt_mode"] == "links")
+ if (isset($this->options["links"]))
+ return $this->options["links"]->render_save();
+ }
+
+ return parent::render();
}
public function render_links($table,$id="",$fields=false,$extra=false,$relation_id=false) {
- $links = new GanttLinksConnector($this->get_connection(),$this->names["db_class"]);
- $links->render_table($table,$id,$fields,$extra);
+ $links = new OptionsConnector($this->get_connection(),$this->names["db_class"]);
+ $links->render_table($table,$id,$id.",".$fields,$extra);
$this->set_options("links", $links);
}
}
@@ -114,16 +139,8 @@ class GanttConnector extends Connector{
**/
class GanttDataProcessor extends DataProcessor{
function name_data($data){
- if ($data=="start_date")
- return $this->config->text[0]["db_name"];
if ($data=="id")
return $this->config->id["db_name"];
- if ($data=="duration" && $this->config->text[1]["name"] == "duration")
- return $this->config->text[1]["db_name"];
- if ($data=="end_date" && $this->config->text[1]["name"] == "end_date")
- return $this->config->text[1]["db_name"];
- if ($data=="text")
- return $this->config->text[2]["db_name"];
return $data;
}
@@ -145,9 +162,7 @@ class JSONGanttDataItem extends GanttDataItem{
$extra = $this->config->text[$i]["name"];
$obj[$extra]=$this->data[$extra];
}
- if (GanttDataItem::$open !== null)
- $obj['open'] = GanttDataItem::$open;
-
+
if ($this->userdata !== false)
foreach ($this->userdata as $key => $value)
$obj[$key]=$value;
@@ -252,99 +267,12 @@ class JSONGanttConnector extends GanttConnector {
}
public function render_links($table,$id="",$fields=false,$extra=false,$relation_id=false) {
- $links = new JSONGanttLinksConnector($this->get_connection(),$this->names["db_class"]);
+ $links = new JSONOptionsConnector($this->get_connection(),$this->names["db_class"]);
$links->render_table($table,$id,$fields,$extra);
$this->set_options("links", $links);
}
-
-
- /*! render self
- process commands, output requested data as XML
- */
- public function render(){
- $this->event->trigger("onInit", $this);
- EventMaster::trigger_static("connectorInit",$this);
-
- if (!$this->as_string)
- $this->parse_request();
- $this->set_relation();
-
- if ($this->live_update !== false && $this->updating!==false) {
- $this->live_update->get_updates();
- } else {
- if ($this->editing){
- if ($this->links_mode && isset($this->options["links"])) {
- $this->options["links"]->save();
- } else {
- $dp = new $this->names["data_class"]($this,$this->config,$this->request);
- $dp->process($this->config,$this->request);
- }
- } else {
- if (!$this->access->check("read")){
- LogMaster::log("Access control: read operation blocked");
- echo "Access denied";
- die();
- }
- $wrap = new SortInterface($this->request);
- $this->apply_sorts($wrap);
- $this->event->trigger("beforeSort",$wrap);
- $wrap->store();
-
- $wrap = new FilterInterface($this->request);
- $this->apply_filters($wrap);
- $this->event->trigger("beforeFilter",$wrap);
- $wrap->store();
-
- if ($this->model && method_exists($this->model, "get")){
- $this->sql = new ArrayDBDataWrapper();
- $result = new ArrayQueryWrapper(call_user_func(array($this->model, "get"), $this->request));
- $out = $this->output_as_xml($result);
- } else {
- $out = $this->output_as_xml($this->get_resource());
-
- if ($out !== null) return $out;
- }
-
- }
- }
- $this->end_run();
- }
}
-class GanttLinksConnector extends OptionsConnector {
- public function render(){
- if (!$this->init_flag){
- $this->init_flag=true;
- return "";
- }
-
- $res = $this->sql->select($this->request);
- return $this->render_set($res);
- }
-
- public function save() {
- $dp = new $this->names["data_class"]($this,$this->config,$this->request);
- $dp->process($this->config,$this->request);
- }
-}
-
-
-class JSONGanttLinksConnector extends JSONOptionsConnector {
- public function render(){
- if (!$this->init_flag){
- $this->init_flag=true;
- return "";
- }
-
- $res = $this->sql->select($this->request);
- return $this->render_set($res);
- }
-
- public function save() {
- $dp = new $this->names["data_class"]($this,$this->config,$this->request);
- $dp->process($this->config,$this->request);
- }
-}
?> \ No newline at end of file
diff --git a/codebase/strategy.php b/codebase/strategy.php
index 47582a5..f9a106f 100644
--- a/codebase/strategy.php
+++ b/codebase/strategy.php
@@ -46,7 +46,7 @@ class RenderStrategy {
protected function simple_mix($mix, $data) {
// get mix details
for ($i = 0; $i < count($mix); $i++)
- $data[$mix[$i]["name"]] = is_string($mix[$i]["value"]) ? $mix[$i]["value"] : "";
+ $data[$mix[$i]["name"]] = is_object($mix[$i]["value"]) ? "" : $mix[$i]["value"];
return $data;
}
@@ -169,7 +169,7 @@ class TreeRenderStrategy extends RenderStrategy {
$output.=$data->to_xml_start();
if ($data->has_kids()===-1 || ( $data->has_kids()==true && !$dload)){
$sub_request = new DataRequestConfig($conn->get_request());
- $sub_request->set_fieldset(implode(",",$config_copy->db_names_list($conn->sql)));
+ //$sub_request->set_fieldset(implode(",",$config_copy->db_names_list($conn->sql)));
$sub_request->set_relation($data->get_id());
$output.=$this->render_set($conn->sql->select($sub_request), $name, $dload, $sep, $config_copy, $mix);
}
@@ -223,9 +223,9 @@ class JSONTreeRenderStrategy extends TreeRenderStrategy {
$record = $data->to_xml_start();
if ($data->has_kids()===-1 || ( $data->has_kids()==true && !$dload)){
$sub_request = new DataRequestConfig($conn->get_request());
- $sub_request->set_fieldset(implode(",",$config_copy->db_names_list($conn->sql)));
+ //$sub_request->set_fieldset(implode(",",$config_copy->db_names_list($conn->sql)));
$sub_request->set_relation($data->get_id());
- $sub_request->set_filters(array());
+ //$sub_request->set_filters(array());
$temp = $this->render_set($conn->sql->select($sub_request), $name, $dload, $sep, $config_copy, $mix);
if (sizeof($temp))
$record["data"] = $temp;
diff --git a/codebase/xss_filter.php b/codebase/xss_filter.php
index b02d878..ed0a309 100644
--- a/codebase/xss_filter.php
+++ b/codebase/xss_filter.php
@@ -143,6 +143,7 @@ define("DHX_SECURITY_TRUSTED", 3);
class ConnectorSecurity{
static public $xss = DHX_SECURITY_SAFETEXT;
static public $security_key = false;
+ static public $security_var = "dhx_security";
static private $filterClass = null;
static function filter($value, $mode = false){
@@ -170,25 +171,26 @@ class ConnectorSecurity{
die();
}
static function checkCSRF($edit){
- if(!isset($_SESSION)) @session_start();
-
if (ConnectorSecurity::$security_key){
+ if (!isset($_SESSION))
+ @session_start();
+
if ($edit=== true){
- if (!isset($_POST['dhx_security']))
+ if (!isset($_POST[ConnectorSecurity::$security_var]))
return ConnectorSecurity::CSRF_detected();
- $master_key = $_SESSION['dhx_security'];
- $update_key = $_POST['dhx_security'];
+ $master_key = $_SESSION[ConnectorSecurity::$security_var];
+ $update_key = $_POST[ConnectorSecurity::$security_var];
if ($master_key != $update_key)
return ConnectorSecurity::CSRF_detected();
return "";
}
//data loading
- if (!array_key_exists("dhx_security",$_SESSION)){
- $_SESSION["dhx_security"] = md5(uniqid());
+ if (!array_key_exists(ConnectorSecurity::$security_var,$_SESSION)){
+ $_SESSION[ConnectorSecurity::$security_var] = md5(uniqid());
}
- return $_SESSION["dhx_security"];
+ return $_SESSION[ConnectorSecurity::$security_var];
}
return "";
generated by cgit v1.1 at 2025-06-10 08:34:52 +0000