Commit b825ca34bbb1784b77706c68a0b9d24cde067b82
1 parent
096f1d3a
- add more validation to field-editing.
- add sanity check to user editing to allow max_sessions = 0 git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4841 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
2 changed files
with
17 additions
and
4 deletions
plugins/ktcore/admin/documentFields.php
| ... | ... | @@ -199,7 +199,7 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher { |
| 199 | 199 | |
| 200 | 200 | // {{{ do_editField |
| 201 | 201 | function do_editField() { |
| 202 | - $this->oPage->setBreadcrumbDetails(_("edit field")); | |
| 202 | + $this->oPage->setBreadcrumbDetails(_("Edit field")); | |
| 203 | 203 | $oTemplating =& KTTemplating::getSingleton(); |
| 204 | 204 | $oTemplate =& $oTemplating->loadTemplate('ktcore/metadata/editField'); |
| 205 | 205 | $oFieldset =& KTFieldset::get($_REQUEST['fFieldsetId']); |
| ... | ... | @@ -231,8 +231,21 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher { |
| 231 | 231 | $oFieldset =& KTFieldset::get($_REQUEST['fFieldsetId']); |
| 232 | 232 | $oField =& DocumentField::get($_REQUEST['fFieldId']); |
| 233 | 233 | |
| 234 | + $aErrorOptions = array( | |
| 235 | + 'redirect_to' => array('editField','fFieldsetId=' . $oFieldset->getId() . '&fFieldId=' . $oField->getId()), | |
| 236 | + ); | |
| 237 | + | |
| 238 | + $sName = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'name'), | |
| 239 | + KTUtil::meldOptions($aErrorOptions, array('message' => "You must provide a name"))); | |
| 240 | + if ($sName != $oField->getName()) { | |
| 241 | + $sName = $this->oValidator->validateEntityName("DocumentField", "field", KTUtil::arrayGet($_REQUEST, 'name'), $aErrorOptions); | |
| 242 | + } | |
| 243 | + | |
| 244 | + $sDescription = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'description'), | |
| 245 | + KTUtil::meldOptions($aErrorOptions, array('message' => "You must provide a description"))); | |
| 246 | + | |
| 234 | 247 | $oField->setName($_REQUEST['name']); |
| 235 | - $oField->setDescription($_REQUEST['description']); | |
| 248 | + $oField->setDescription($sDescription); | |
| 236 | 249 | $res = $oField->update(); |
| 237 | 250 | if (PEAR::isError($res) || ($res === false)) { |
| 238 | 251 | $this->errorRedirectTo('editField', _('Could not save field changes'), 'fFieldsetId=' . $oFieldset->getId() . '&fFieldId=' . $oField->getId()); | ... | ... |
plugins/ktcore/admin/userManagement.php
| ... | ... | @@ -321,7 +321,7 @@ class KTUserAdminDispatcher extends KTAdminDispatcher { |
| 321 | 321 | |
| 322 | 322 | $mobile_number = KTUtil::arrayGet($_REQUEST, 'mobile_number'); |
| 323 | 323 | |
| 324 | - $max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3'); | |
| 324 | + $max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3', false); | |
| 325 | 325 | |
| 326 | 326 | // FIXME more validation would be useful. |
| 327 | 327 | // validated and ready.. |
| ... | ... | @@ -368,7 +368,7 @@ class KTUserAdminDispatcher extends KTAdminDispatcher { |
| 368 | 368 | $email_notifications = KTUtil::arrayGet($_REQUEST, 'email_notifications', false); |
| 369 | 369 | if ($email_notifications !== false) $email_notifications = true; |
| 370 | 370 | $mobile_number = KTUtil::arrayGet($_REQUEST, 'mobile_number'); |
| 371 | - $max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3'); | |
| 371 | + $max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3', false); | |
| 372 | 372 | // FIXME check for numeric max_sessions... db-error else? |
| 373 | 373 | $password = KTUtil::arrayGet($_REQUEST, 'password'); |
| 374 | 374 | $confirm_password = KTUtil::arrayGet($_REQUEST, 'confirm_password'); | ... | ... |