- add more validation to field-editing.

- add sanity check to user editing to allow max_sessions = 0 git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4841 c91229c3-7414-0410-bfa2-8a42b809f60b

- add more validation to field-editing.
- add sanity check to user editing to allow max_sessions = 0 git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4841 c91229c3-7414-0410-bfa2-8a42b809f60b
bshuttle
1 parent 096f1d3a
Showing 2 changed files with 17 additions and 4 deletions
plugins/ktcore/admin/documentFields.php
plugins/ktcore/admin/userManagement.php
@@ -199,7 +199,7 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher {
     // {{{ do_editField
     function do_editField() {
-        $this->oPage->setBreadcrumbDetails(_("edit field"));
+        $this->oPage->setBreadcrumbDetails(_("Edit field"));
         $oTemplating =& KTTemplating::getSingleton();
         $oTemplate =& $oTemplating->loadTemplate('ktcore/metadata/editField');
         $oFieldset =& KTFieldset::get($_REQUEST['fFieldsetId']);
@@ -231,8 +231,21 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher {
         $oFieldset =& KTFieldset::get($_REQUEST['fFieldsetId']);
         $oField =& DocumentField::get($_REQUEST['fFieldId']);
+		$aErrorOptions = array(
+			'redirect_to' => array('editField','fFieldsetId=' . $oFieldset->getId() . '&fFieldId=' . $oField->getId()),
+		);	
+		
+		$sName = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'name'), 
+			KTUtil::meldOptions($aErrorOptions, array('message' => "You must provide a name")));
+		if ($sName != $oField->getName()) { 
+		    $sName = $this->oValidator->validateEntityName("DocumentField", "field", KTUtil::arrayGet($_REQUEST, 'name'), $aErrorOptions);
+		}		
+			
+		$sDescription = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'description'), 
+			KTUtil::meldOptions($aErrorOptions, array('message' => "You must provide a description")));
+
         $oField->setName($_REQUEST['name']);
-        $oField->setDescription($_REQUEST['description']);
+        $oField->setDescription($sDescription);
         $res = $oField->update();
         if (PEAR::isError($res) || ($res === false)) {
             $this->errorRedirectTo('editField', _('Could not save field changes'), 'fFieldsetId=' . $oFieldset->getId() . '&fFieldId=' . $oField->getId());
@@ -321,7 +321,7 @@ class KTUserAdminDispatcher extends KTAdminDispatcher {
         $mobile_number = KTUtil::arrayGet($_REQUEST, 'mobile_number');
-        $max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3');
+        $max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3', false);
         // FIXME more validation would be useful.
         // validated and ready..
@@ -368,7 +368,7 @@ class KTUserAdminDispatcher extends KTAdminDispatcher {
         $email_notifications = KTUtil::arrayGet($_REQUEST, 'email_notifications', false);
         if ($email_notifications !== false) $email_notifications = true;
         $mobile_number = KTUtil::arrayGet($_REQUEST, 'mobile_number');
-        $max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3');
+        $max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3', false);
         // FIXME check for numeric max_sessions... db-error else?
         $password = KTUtil::arrayGet($_REQUEST, 'password');
         $confirm_password = KTUtil::arrayGet($_REQUEST, 'confirm_password');