Get open php tags into new derived vals, new form procs, and custom b…

…utton code (#500)
jegelstaff · May 8, 2024 · 622e217 · 622e217
1 parent 6554ca8
commit 622e217
Show file tree

Hide file tree

Showing 5 changed files with 147 additions and 125 deletions.
diff --git a/modules/formulize/admin/element.php b/modules/formulize/admin/element.php
@@ -209,7 +209,7 @@
             $ele_value[2] = isset($formulizeConfig['number_prefix']) ? $formulizeConfig['number_prefix'] : '';
             $ele_value[3] = isset($formulizeConfig['number_decimalsep']) ? $formulizeConfig['number_decimalsep'] : '.';
             $ele_value[4] = isset($formulizeConfig['number_sep']) ? $formulizeConfig['number_sep'] : ',';
-						$ele_value[5] = "<?php\n";
+						$ele_value[0] = "<?php\n";
             break;
         case "subform":
             $ele_value[2] = 0;

diff --git a/modules/formulize/admin/formindex.php b/modules/formulize/admin/formindex.php
@@ -49,17 +49,6 @@
 include_once XOOPS_ROOT_PATH."/modules/formulize/class/forms.php"; // form class
 include_once XOOPS_ROOT_PATH."/modules/formulize/include/extract.php";
 include_once XOOPS_ROOT_PATH."/modules/formulize/include/functions.php";
-include_once XOOPS_ROOT_PATH.'/class/xoopsform/grouppermform.php'; // Classe permissions
-$module_id = $xoopsModule->getVar('mid'); // recupere le numero id du module
-
-$n = 0;
-$m = 0;
-include_once XOOPS_ROOT_PATH."/class/xoopstree.php";
-include_once XOOPS_ROOT_PATH."/class/xoopslists.php";
-include_once XOOPS_ROOT_PATH."/include/xoopscodes.php";
-include_once XOOPS_ROOT_PATH."/class/module.errorhandler.php";
-$myts =& MyTextSanitizer::getInstance();
-$eh = new ErrorHandler;
 
 // this functions runs the SQL and returns false if it failed, also outputs error message to screen
 // returns the result object of the query if it was successful
@@ -80,28 +69,6 @@ function formulize_DBPatchCheckSQL($sql, &$needsPatch) {
 // database patch logic for 4.0 and higher
 function patch40() {
 
-    $module_handler = xoops_gethandler('module');
-    $formulizeModule = $module_handler->getByDirname("formulize");
-    $metadata = $formulizeModule->getInfo();
-    $versionNumber = $metadata['version'];
-
-    // CHECK THAT THEY ARE AT 3.1 LEVEL, IF NOT, LINK TO PATCH31
-    // Check for ele_handle being 255 in formulize table
-    global $xoopsDB;
-    // note very odd use of LIKE as a clause of its own in SHOW statements, very strange, but that's what MySQL does
-    $fieldStateSQL = "SHOW COLUMNS FROM " . $xoopsDB->prefix("formulize") ." LIKE 'ele_handle'";
-    if (!$fieldStateRes = $xoopsDB->queryF($fieldStateSQL)) {
-        print "Error: could not determine if your Formulize database structure is up to date.  Please contact <a href=\"mailto:info@formulize.org\">info@formulize.org</a> for assistance.<br>\n";
-        return false;
-    }
-    $fieldStateData = $xoopsDB->fetchArray($fieldStateRes);
-    $dataType = $fieldStateData['Type'];
-    if ($dataType != "varchar(255)") {
-        print "<h1>Your database schema is out of date.  You must run \"patch31\" before running the current patch.</h1>\n";
-        print "<p><a href=\"" . XOOPS_URL . "/modules/formulize/admin/formindex.php?op=patch31\">Click here to run \"patch31\".</a></p>\n";
-        return;
-    }
-
     /* ======================================
      * We must check here for the latest change, so we can tell the user whether they need to update or not!!
      * We set needsPatch = false, and the alter to true if a patch is necessary
@@ -114,18 +81,23 @@ function patch40() {
      *
      * IN ADDITION TO THE UPDATE HERE, THE mysql.sql FILE MUST BE UPDATED WITH THE REQUIRED CHANGES SO NEW INSTALLATIONS ARE UP TO DATE
      *
-     * IT IS ALSO CRITICAL THAT THE PATCH PROCESS CAN BE RUN OVER AND OVER AGAIN NON-DESTRUCTIVELY
-     *
-     * ====================================== */
-
+     * IT IS ALSO CRITICAL THAT THE PATCH PROCESS CAN BE RUN OVER AND OVER AGAIN NON-DESTRUCTIVELY */
 
     $checkThisTable = 'formulize_screen_template';
-	$checkThisField = 'viewentryscreen';
-	$checkThisProperty = '';
-	$checkPropertyForValue = '';
+		$checkThisField = 'viewentryscreen';
+		$checkThisProperty = '';
+		$checkPropertyForValue = '';
 
-    $needsPatch = false;
+		/*
+		* ====================================== */
 
+		global $xoopsDB;
+    $module_handler = xoops_gethandler('module');
+    $formulizeModule = $module_handler->getByDirname("formulize");
+    $metadata = $formulizeModule->getInfo();
+    $versionNumber = $metadata['version'];
+
+    $needsPatch = false;
     $tableCheckSql = "SELECT 1 FROM information_schema.tables WHERE table_schema = '".SDATA_DB_NAME."' AND table_name = '".$xoopsDB->prefix(formulize_db_escape($checkThisTable)) ."'";
     $tableCheckRes = formulize_DBPatchCheckSQL($tableCheckSql, $needsPatch); // may modify needsPatch!
     if ($tableCheckRes AND !$needsPatch AND $checkThisField) { // table was found, and we're looking for a field in it
@@ -688,6 +660,41 @@ function patch40() {
 					exit("Error detecting procedures that need opening PHP tags. SQL dump:<br>".$formProceduresNeedingOpeningPHPTagsSQL."<br>".$xoopsDB->error()."<br>Please contact <a href=mailto:info@formulize.org>info@formulize.org</a> for assistance.");
 				}
 
+				// Same operation on the custom button effects
+				$customButtonsNeedingOpeningPHPTagsSQL = "SELECT `sid`, `customactions` FROM ".$xoopsDB->prefix('formulize_screen_listofentries')." WHERE customactions LIKE '%\"custom_code\";%' OR customactions LIKE '%\"custom_html\";%'";
+				if($res = $xoopsDB->query($customButtonsNeedingOpeningPHPTagsSQL)) {
+					// loop through the results...
+					while($record = $xoopsDB->fetchArray($res)) {
+						// for each record that was returned from the DB, decode the button stuff and check if the custom_html or custom_code has an opening tag
+						$customActions = unserialize($record['customactions']);
+						foreach($customActions as $actionId=>$actionSettings) {
+							foreach($actionSettings as $effectId=>$effectSettings) {
+								if(!is_numeric($effectId)) { continue; } // ugly, effects are all numeric keys, other keys at same level are strings for other metadata
+								switch($actionSettings['applyto']) {
+									case 'custom_html':
+										if(substr($effectSettings['html'], 0, 5) != '<?php') {
+											$customActions[$actionId][$effectId]['html'] = "<?php\n".$effectSettings['html']; // assign update to the source array
+										}
+										break;
+									case 'custom_code':
+										if(substr($effectSettings['code'], 0, 5) != '<?php') {
+											$customActions[$actionId][$effectId]['code'] = "<?php\n".$effectSettings['code']; // assign update to the source array
+										}
+										break;
+								}
+							}
+						}
+						$customActions = serialize($customActions);
+						// update the database with the new code for the relevant custom buttons
+						$updateCustomButtonsSQL = "UPDATE ".$xoopsDB->prefix('formulize_screen_listofentries')." SET `customactions` = ".$xoopsDB->quoteString($customActions)." WHERE sid = ".$record['sid'];
+						if(!$updateProcRes = $xoopsDB->query($updateCustomButtonsSQL)) {
+							print "Notice: could not add opening PHP tag to the code in the custom buttons on screen ".$record['sid']." with the SQL:<br>".str_replace('<', '&lt;',$updateCustomButtonsSQL)."<br>".$xoopsDB->error()."<br>This is not a critical error. You can add the tag yourself at the top of the code, if you want the editor to provide highlighting. For more information contact <a href=mailto:info@formulize.org>info@formulize.org</a>.<br>";
+						}
+					}
+				} else {
+					exit("Error detecting custom buttons that need opening PHP tags. SQL dump:<br>".$customButtonsNeedingOpeningPHPTagsSQL."<br>".$xoopsDB->error()."<br>Please contact <a href=mailto:info@formulize.org>info@formulize.org</a> for assistance.");
+				}
+
         global $xoopsConfig;
         $themeSql = 'UPDATE '.$xoopsDB->prefix('formulize_screen').' SET theme = "'.$xoopsConfig['theme_set'].'" WHERE theme = ""';
         if(!$res = $xoopsDB->query($themeSql)) {

diff --git a/modules/formulize/class/forms.php b/modules/formulize/class/forms.php
@@ -264,22 +264,30 @@ protected function custom_edit_check_filename() {
 
 		public function on_before_save() {
 				// this function exists only because otherwise xoops automatically converts \n (which is stored in the database) to <br />
-				return $this->vars['on_before_save']['value'];
+				$value = $this->vars['on_before_save']['value'];
+				$value = $value ? $value : "<?php\n";
+				return $value;
 		}
 
 		public function on_after_save() {
 				// this function exists only because otherwise xoops automatically converts \n (which is stored in the database) to <br />
-				return $this->vars['on_after_save']['value'];
+				$value = $this->vars['on_after_save']['value'];
+				$value = $value ? $value : "<?php\n";
+				return $value;
 		}
 
 		public function on_delete() {
 			// this function exists only because otherwise xoops automatically converts \n (which is stored in the database) to <br />
-			return $this->vars['on_delete']['value'];
+			$value = $this->vars['on_delete']['value'];
+			$value = $value ? $value : "<?php\n";
+			return $value;
 		}
 
 		public function custom_edit_check() {
 				// this function exists only because otherwise xoops automatically converts \n (which is stored in the database) to <br />
-				return $this->vars['custom_edit_check']['value'];
+				$value = $this->vars['custom_edit_check']['value'];
+				$value = $value ? $value : "<?php\n";
+				return $value;
 		}
 
     private function cache_on_before_save_code() {
@@ -671,6 +679,11 @@ function insert(&$formObject, $force=false) {
 						break;
 				}
 
+				$on_before_save = trim($on_before_save) != "<?php" ? $on_before_save : "";
+				$on_after_save = trim($on_after_save) != "<?php" ? $on_after_save : "";
+				$on_delete = trim($on_delete) != "<?php" ? $on_beforeon_delete_save : "";
+				$custom_edit_check = trim($custom_edit_check) != "<?php" ? $custom_edit_check : "";
+
                 if($formObject->isNew() || empty($id_form)) {
                     $sql = "INSERT INTO ".$this->db->prefix("formulize_id") . " (`desc_form`, `singleentry`, `tableform`, ".
                         "`defaultform`, `defaultlist`, `menutext`, `form_handle`, `store_revisions`, `on_before_save`, ".

diff --git a/modules/formulize/include/entriesdisplay.php b/modules/formulize/include/entriesdisplay.php
@@ -3779,7 +3779,7 @@ function processCustomButton($caid, $thisCustomAction, $entry_id="", $entry="")
 		foreach($caHTML as $key=>$thisHTML) {
 			if(!isset($cachedCAHTML[$key])) {
                 ob_start();
-                eval($thisHTML);
+                eval(removeOpeningPHPTag($thisHTML));
  				$cachedCAHTML[$key] = ob_get_clean();
 			}
 			$allHTML .= $cachedCAHTML[$key];
@@ -3818,7 +3818,7 @@ function processButtonValue($buttonValue, $entry_id) {
     $formulize_lvoverride = false;
     if(strstr($buttonValue, "\$value")) {
 			  $value = '';
-        eval($buttonValue);
+        eval(removeOpeningPHPTag($buttonValue));
         $valueToWrite = $value;
     }
     $GLOBALS['formulize_lvoverride'] = $formulize_lvoverride; // kludgy way to pass it back when we might need to listen for it in writeElementValue!
@@ -3859,7 +3859,7 @@ function processClickedCustomButton($clickedElements, $clickedValues, $clickedAc
 		foreach($caPHP as $thisCustomCode) {
 			foreach($clickedEntries as $formulize_thisEntryId) {
 				$GLOBALS['formulize_thisEntryId'] = $formulize_thisEntryId;
-				eval($thisCustomCode);
+				eval(removeOpeningPHPTag($thisCustomCode));
 			}
 		}
 	} else {

diff --git a/modules/formulize/templates/admin/screen_list_custom_sections.html b/modules/formulize/templates/admin/screen_list_custom_sections.html
@@ -1,76 +1,78 @@
-
-  <p><a class="deletebutton" href="" target="<{$sectionContent.id}>"><img src="../images/editdelete.gif"> Delete this button</a></p>
-
-	<div class="form-item handle required">
-		<label for="handle_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_HANDLE}></label>
-		<input type="text" id="handle_<{$sectionContent.id}>" class="required_formulize_element" name="handle_<{$sectionContent.id}>" value="<{$sectionContent.handle}>"/>
-	</div>
-	<div class="form-item required">
-		<label for="text_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_BUTTONTEXT}></label>
-		<input type="text" id="text_<{$sectionContent.id}>" class="required_formulize_element" name="buttontext_<{$sectionContent.id}>" value="<{$sectionContent.buttontext}>"/>
-	</div>
-
-    <div class="form-item">
-		<label for="popup_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_POPUPTEXT}></label>
-		<input type="text" id="popup_<{$sectionContent.id}>" name="popuptext_<{$sectionContent.id}>" value="<{$sectionContent.popuptext}>"/>
-	</div>
-
-	<div class="form-item">
-		<label for="message_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_MESSAGETEXT}></label>
-		<input type="text" id="message_<{$sectionContent.id}>" name="messagetext_<{$sectionContent.id}>" value="<{$sectionContent.messagetext}>"/>
-	</div>
-
-	<div class="form-item">
-		<label for="groups_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_GROUPS}></label>
-		<select name="groups_<{$sectionContent.id}>[]" id="groups_<{$sectionContent.id}>" size=8 multiple="multiple">
-		<{html_options options=$content.grouplist selected=$sectionContent.groups}>
-		</select>
-	</div>
-
-	<div class="form-item">
-		<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_INLINE}></label>
-			<label for="inline_yes"><input type="radio" id="inline_yes" name="appearinline_<{$sectionContent.id}>" value=1 <{if $sectionContent.appearinline}>checked<{/if}> />Yes</label>
-			<label for="inline_no"><input type="radio" id="inline_no" name="appearinline_<{$sectionContent.id}>" value=0 <{if !$sectionContent.appearinline}>checked<{/if}> />No</label>
-			<div class="description">
-				<p>If no, then the button will be available in the Top and Bottom Templates. If yes, the button will appear in the list, or will be available in the List Item Template if you use one.</p>
-			</div>
-	</div>
-	<div class="form-item">
-		<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_APPLYTO}></label>
-		<select name="applyto_<{$sectionContent.id}>" size=1>
-			<{html_options options=$content.applytoOptions selected=$sectionContent.applyto}>
-		</select>
-	</div>
-	<input type="button" class="addeffectbutton" target="<{$sectionContent.id}>" value="<{$smarty.const._AM_FORMULIZE_SCREEN_LOE_ADDCUSTOMBUTTON_EFFECT}>"/>
-
-	<{counter name="effects" start=0 print=false}>
-	<{foreach from=$sectionContent key=id item=effect}>
-		<{if is_numeric($id)}>
-		<fieldset>
-			<legend><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT}> <{counter name="effects"}></legend>
-			<div class="customeffect">
-				<p><a class="removeeffectbutton" href="" target="<{$sectionContent.id}>_<{$id}>"><img src="../images/editdelete.gif"> Remove this effect</a></p>
-				<{if $sectionContent.applyto == 'custom_code'}>
-				<textarea name="code_<{$sectionContent.id}>[<{$id}>]" class="code-textarea" rows=8><{$effect.code}></textarea>			
-				<{elseif $sectionContent.applyto == 'custom_html'}>
-				<textarea name="html_<{$sectionContent.id}>[<{$id}>]" class="code-textarea" rows=8><{$effect.html}></textarea>				
-				<{else}>
-				<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT_ELEMENT}></label>
-				<select name="element_<{$sectionContent.id}>[<{$id}>]" size=1>
-					<{html_options options=$effect.elementOptions selected=$effect.element}>
-				</select>
-				<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT_ACTION}></label>
-				<select name="action_<{$sectionContent.id}>[<{$id}>]" size=1>
-					<{html_options options=$effect.actionOptions selected=$effect.action}>
-				</select>
-				<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT_VALUE}></label>
-				<textarea name="value_<{$sectionContent.id}>[<{$id}>]" class="code-textarea" rows=4><{$effect.value}></textarea>		
-				<{/if}>
-				<div class="description">
-					<p><{$effect.description}></p>
-				</div>
-			</div>
-		</fieldset>
-
-		<{/if}>
-	<{/foreach}>
+
+  <p><a class="deletebutton" href="" target="<{$sectionContent.id}>"><img src="../images/editdelete.gif"> Delete this button</a></p>
+
+	<div class="form-item handle required">
+		<label for="handle_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_HANDLE}></label>
+		<input type="text" id="handle_<{$sectionContent.id}>" class="required_formulize_element" name="handle_<{$sectionContent.id}>" value="<{$sectionContent.handle}>"/>
+	</div>
+	<div class="form-item required">
+		<label for="text_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_BUTTONTEXT}></label>
+		<input type="text" id="text_<{$sectionContent.id}>" class="required_formulize_element" name="buttontext_<{$sectionContent.id}>" value="<{$sectionContent.buttontext}>"/>
+	</div>
+
+    <div class="form-item">
+		<label for="popup_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_POPUPTEXT}></label>
+		<input type="text" id="popup_<{$sectionContent.id}>" name="popuptext_<{$sectionContent.id}>" value="<{$sectionContent.popuptext}>"/>
+	</div>
+
+	<div class="form-item">
+		<label for="message_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_MESSAGETEXT}></label>
+		<input type="text" id="message_<{$sectionContent.id}>" name="messagetext_<{$sectionContent.id}>" value="<{$sectionContent.messagetext}>"/>
+	</div>
+
+	<div class="form-item">
+		<label for="groups_<{$sectionContent.id}>"><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_GROUPS}></label>
+		<select name="groups_<{$sectionContent.id}>[]" id="groups_<{$sectionContent.id}>" size=8 multiple="multiple">
+		<{html_options options=$content.grouplist selected=$sectionContent.groups}>
+		</select>
+	</div>
+
+	<div class="form-item">
+		<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_INLINE}></label>
+			<label for="inline_yes"><input type="radio" id="inline_yes" name="appearinline_<{$sectionContent.id}>" value=1 <{if $sectionContent.appearinline}>checked<{/if}> />Yes</label>
+			<label for="inline_no"><input type="radio" id="inline_no" name="appearinline_<{$sectionContent.id}>" value=0 <{if !$sectionContent.appearinline}>checked<{/if}> />No</label>
+			<div class="description">
+				<p>If no, then the button will be available in the Top and Bottom Templates. If yes, the button will appear in the list, or will be available in the List Item Template if you use one.</p>
+			</div>
+	</div>
+	<div class="form-item">
+		<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_APPLYTO}></label>
+		<select name="applyto_<{$sectionContent.id}>" size=1>
+			<{html_options options=$content.applytoOptions selected=$sectionContent.applyto}>
+		</select>
+	</div>
+	<input type="button" class="addeffectbutton" target="<{$sectionContent.id}>" value="<{$smarty.const._AM_FORMULIZE_SCREEN_LOE_ADDCUSTOMBUTTON_EFFECT}>"/>
+
+	<{counter name="effects" start=0 print=false}>
+	<{foreach from=$sectionContent key=id item=effect}>
+		<{if is_numeric($id)}>
+		<fieldset>
+			<legend><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT}> <{counter name="effects"}></legend>
+			<div class="customeffect">
+				<p><a class="removeeffectbutton" href="" target="<{$sectionContent.id}>_<{$id}>"><img src="../images/editdelete.gif"> Remove this effect</a></p>
+				<{if $sectionContent.applyto == 'custom_code'}>
+				<textarea name="code_<{$sectionContent.id}>[<{$id}>]" class="code-textarea" rows=8><{if $effect.code == ''}><?php
+<{else}><{$effect.code}><{/if}></textarea>
+				<{elseif $sectionContent.applyto == 'custom_html'}>
+				<textarea name="html_<{$sectionContent.id}>[<{$id}>]" class="code-textarea" rows=8><{if $effect.html == ''}><?php
+<{else}><{$effect.html}><{/if}></textarea>
+				<{else}>
+				<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT_ELEMENT}></label>
+				<select name="element_<{$sectionContent.id}>[<{$id}>]" size=1>
+					<{html_options options=$effect.elementOptions selected=$effect.element}>
+				</select>
+				<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT_ACTION}></label>
+				<select name="action_<{$sectionContent.id}>[<{$id}>]" size=1>
+					<{html_options options=$effect.actionOptions selected=$effect.action}>
+				</select>
+				<label><{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT_VALUE}></label>
+				<textarea name="value_<{$sectionContent.id}>[<{$id}>]" class="code-textarea" rows=4><{$effect.value}></textarea>
+				<{/if}>
+				<div class="description">
+					<p><{$effect.description}></p>
+				</div>
+			</div>
+		</fieldset>
+
+		<{/if}>
+	<{/foreach}>