From 622e2174eb9285a5cd54e31e0b84dd3f2b73148a Mon Sep 17 00:00:00 2001 From: Julian Egelstaff Date: Wed, 8 May 2024 01:14:46 -0300 Subject: [PATCH] Get open php tags into new derived vals, new form procs, and custom button code (#500) --- modules/formulize/admin/element.php | 2 +- modules/formulize/admin/formindex.php | 89 +++++----- modules/formulize/class/forms.php | 21 ++- modules/formulize/include/entriesdisplay.php | 6 +- .../admin/screen_list_custom_sections.html | 154 +++++++++--------- 5 files changed, 147 insertions(+), 125 deletions(-) diff --git a/modules/formulize/admin/element.php b/modules/formulize/admin/element.php index 2467c5637..1d646cdc7 100644 --- a/modules/formulize/admin/element.php +++ b/modules/formulize/admin/element.php @@ -209,7 +209,7 @@ $ele_value[2] = isset($formulizeConfig['number_prefix']) ? $formulizeConfig['number_prefix'] : ''; $ele_value[3] = isset($formulizeConfig['number_decimalsep']) ? $formulizeConfig['number_decimalsep'] : '.'; $ele_value[4] = isset($formulizeConfig['number_sep']) ? $formulizeConfig['number_sep'] : ','; - $ele_value[5] = "getVar('mid'); // recupere le numero id du module - -$n = 0; -$m = 0; -include_once XOOPS_ROOT_PATH."/class/xoopstree.php"; -include_once XOOPS_ROOT_PATH."/class/xoopslists.php"; -include_once XOOPS_ROOT_PATH."/include/xoopscodes.php"; -include_once XOOPS_ROOT_PATH."/class/module.errorhandler.php"; -$myts =& MyTextSanitizer::getInstance(); -$eh = new ErrorHandler; // this functions runs the SQL and returns false if it failed, also outputs error message to screen // returns the result object of the query if it was successful @@ -80,28 +69,6 @@ function formulize_DBPatchCheckSQL($sql, &$needsPatch) { // database patch logic for 4.0 and higher function patch40() { - $module_handler = xoops_gethandler('module'); - $formulizeModule = $module_handler->getByDirname("formulize"); - $metadata = $formulizeModule->getInfo(); - $versionNumber = $metadata['version']; - - // CHECK THAT THEY ARE AT 3.1 LEVEL, IF NOT, LINK TO PATCH31 - // Check for ele_handle being 255 in formulize table - global $xoopsDB; - // note very odd use of LIKE as a clause of its own in SHOW statements, very strange, but that's what MySQL does - $fieldStateSQL = "SHOW COLUMNS FROM " . $xoopsDB->prefix("formulize") ." LIKE 'ele_handle'"; - if (!$fieldStateRes = $xoopsDB->queryF($fieldStateSQL)) { - print "Error: could not determine if your Formulize database structure is up to date. Please contact info@formulize.org for assistance.
\n"; - return false; - } - $fieldStateData = $xoopsDB->fetchArray($fieldStateRes); - $dataType = $fieldStateData['Type']; - if ($dataType != "varchar(255)") { - print "

Your database schema is out of date. You must run \"patch31\" before running the current patch.

\n"; - print "

Click here to run \"patch31\".

\n"; - return; - } - /* ====================================== * We must check here for the latest change, so we can tell the user whether they need to update or not!! * We set needsPatch = false, and the alter to true if a patch is necessary @@ -114,18 +81,23 @@ function patch40() { * * IN ADDITION TO THE UPDATE HERE, THE mysql.sql FILE MUST BE UPDATED WITH THE REQUIRED CHANGES SO NEW INSTALLATIONS ARE UP TO DATE * - * IT IS ALSO CRITICAL THAT THE PATCH PROCESS CAN BE RUN OVER AND OVER AGAIN NON-DESTRUCTIVELY - * - * ====================================== */ - + * IT IS ALSO CRITICAL THAT THE PATCH PROCESS CAN BE RUN OVER AND OVER AGAIN NON-DESTRUCTIVELY */ $checkThisTable = 'formulize_screen_template'; - $checkThisField = 'viewentryscreen'; - $checkThisProperty = ''; - $checkPropertyForValue = ''; + $checkThisField = 'viewentryscreen'; + $checkThisProperty = ''; + $checkPropertyForValue = ''; - $needsPatch = false; + /* + * ====================================== */ + global $xoopsDB; + $module_handler = xoops_gethandler('module'); + $formulizeModule = $module_handler->getByDirname("formulize"); + $metadata = $formulizeModule->getInfo(); + $versionNumber = $metadata['version']; + + $needsPatch = false; $tableCheckSql = "SELECT 1 FROM information_schema.tables WHERE table_schema = '".SDATA_DB_NAME."' AND table_name = '".$xoopsDB->prefix(formulize_db_escape($checkThisTable)) ."'"; $tableCheckRes = formulize_DBPatchCheckSQL($tableCheckSql, $needsPatch); // may modify needsPatch! if ($tableCheckRes AND !$needsPatch AND $checkThisField) { // table was found, and we're looking for a field in it @@ -688,6 +660,41 @@ function patch40() { exit("Error detecting procedures that need opening PHP tags. SQL dump:
".$formProceduresNeedingOpeningPHPTagsSQL."
".$xoopsDB->error()."
Please contact info@formulize.org for assistance."); } + // Same operation on the custom button effects + $customButtonsNeedingOpeningPHPTagsSQL = "SELECT `sid`, `customactions` FROM ".$xoopsDB->prefix('formulize_screen_listofentries')." WHERE customactions LIKE '%\"custom_code\";%' OR customactions LIKE '%\"custom_html\";%'"; + if($res = $xoopsDB->query($customButtonsNeedingOpeningPHPTagsSQL)) { + // loop through the results... + while($record = $xoopsDB->fetchArray($res)) { + // for each record that was returned from the DB, decode the button stuff and check if the custom_html or custom_code has an opening tag + $customActions = unserialize($record['customactions']); + foreach($customActions as $actionId=>$actionSettings) { + foreach($actionSettings as $effectId=>$effectSettings) { + if(!is_numeric($effectId)) { continue; } // ugly, effects are all numeric keys, other keys at same level are strings for other metadata + switch($actionSettings['applyto']) { + case 'custom_html': + if(substr($effectSettings['html'], 0, 5) != 'prefix('formulize_screen_listofentries')." SET `customactions` = ".$xoopsDB->quoteString($customActions)." WHERE sid = ".$record['sid']; + if(!$updateProcRes = $xoopsDB->query($updateCustomButtonsSQL)) { + print "Notice: could not add opening PHP tag to the code in the custom buttons on screen ".$record['sid']." with the SQL:
".str_replace('<', '<',$updateCustomButtonsSQL)."
".$xoopsDB->error()."
This is not a critical error. You can add the tag yourself at the top of the code, if you want the editor to provide highlighting. For more information contact info@formulize.org.
"; + } + } + } else { + exit("Error detecting custom buttons that need opening PHP tags. SQL dump:
".$customButtonsNeedingOpeningPHPTagsSQL."
".$xoopsDB->error()."
Please contact info@formulize.org for assistance."); + } + global $xoopsConfig; $themeSql = 'UPDATE '.$xoopsDB->prefix('formulize_screen').' SET theme = "'.$xoopsConfig['theme_set'].'" WHERE theme = ""'; if(!$res = $xoopsDB->query($themeSql)) { diff --git a/modules/formulize/class/forms.php b/modules/formulize/class/forms.php index ddb878514..ca73c8305 100755 --- a/modules/formulize/class/forms.php +++ b/modules/formulize/class/forms.php @@ -264,22 +264,30 @@ protected function custom_edit_check_filename() { public function on_before_save() { // this function exists only because otherwise xoops automatically converts \n (which is stored in the database) to
- return $this->vars['on_before_save']['value']; + $value = $this->vars['on_before_save']['value']; + $value = $value ? $value : " - return $this->vars['on_after_save']['value']; + $value = $this->vars['on_after_save']['value']; + $value = $value ? $value : " - return $this->vars['on_delete']['value']; + $value = $this->vars['on_delete']['value']; + $value = $value ? $value : " - return $this->vars['custom_edit_check']['value']; + $value = $this->vars['custom_edit_check']['value']; + $value = $value ? $value : "isNew() || empty($id_form)) { $sql = "INSERT INTO ".$this->db->prefix("formulize_id") . " (`desc_form`, `singleentry`, `tableform`, ". "`defaultform`, `defaultlist`, `menutext`, `form_handle`, `store_revisions`, `on_before_save`, ". diff --git a/modules/formulize/include/entriesdisplay.php b/modules/formulize/include/entriesdisplay.php index ff32cde1b..fe523b098 100644 --- a/modules/formulize/include/entriesdisplay.php +++ b/modules/formulize/include/entriesdisplay.php @@ -3779,7 +3779,7 @@ function processCustomButton($caid, $thisCustomAction, $entry_id="", $entry="") foreach($caHTML as $key=>$thisHTML) { if(!isset($cachedCAHTML[$key])) { ob_start(); - eval($thisHTML); + eval(removeOpeningPHPTag($thisHTML)); $cachedCAHTML[$key] = ob_get_clean(); } $allHTML .= $cachedCAHTML[$key]; @@ -3818,7 +3818,7 @@ function processButtonValue($buttonValue, $entry_id) { $formulize_lvoverride = false; if(strstr($buttonValue, "\$value")) { $value = ''; - eval($buttonValue); + eval(removeOpeningPHPTag($buttonValue)); $valueToWrite = $value; } $GLOBALS['formulize_lvoverride'] = $formulize_lvoverride; // kludgy way to pass it back when we might need to listen for it in writeElementValue! @@ -3859,7 +3859,7 @@ function processClickedCustomButton($clickedElements, $clickedValues, $clickedAc foreach($caPHP as $thisCustomCode) { foreach($clickedEntries as $formulize_thisEntryId) { $GLOBALS['formulize_thisEntryId'] = $formulize_thisEntryId; - eval($thisCustomCode); + eval(removeOpeningPHPTag($thisCustomCode)); } } } else { diff --git a/modules/formulize/templates/admin/screen_list_custom_sections.html b/modules/formulize/templates/admin/screen_list_custom_sections.html index 140afc722..01f588bf2 100644 --- a/modules/formulize/templates/admin/screen_list_custom_sections.html +++ b/modules/formulize/templates/admin/screen_list_custom_sections.html @@ -1,76 +1,78 @@ - -

Delete this button

- -
- - -
-
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - - -
-

If no, then the button will be available in the Top and Bottom Templates. If yes, the button will appear in the list, or will be available in the List Item Template if you use one.

-
-
-
- - -
- - - <{counter name="effects" start=0 print=false}> - <{foreach from=$sectionContent key=id item=effect}> - <{if is_numeric($id)}> -
- <{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT}> <{counter name="effects"}> -
-

Remove this effect

- <{if $sectionContent.applyto == 'custom_code'}> - - <{elseif $sectionContent.applyto == 'custom_html'}> - - <{else}> - - - - - - - <{/if}> -
-

<{$effect.description}>

-
-
-
- - <{/if}> - <{/foreach}> + +

Delete this button

+ +
+ + +
+
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + + +
+

If no, then the button will be available in the Top and Bottom Templates. If yes, the button will appear in the list, or will be available in the List Item Template if you use one.

+
+
+
+ + +
+ + + <{counter name="effects" start=0 print=false}> + <{foreach from=$sectionContent key=id item=effect}> + <{if is_numeric($id)}> +
+ <{$smarty.const._AM_FORMULIZE_SCREEN_LOE_CUSTOMBUTTON_EFFECT}> <{counter name="effects"}> +
+

Remove this effect

+ <{if $sectionContent.applyto == 'custom_code'}> + + <{elseif $sectionContent.applyto == 'custom_html'}> + + <{else}> + + + + + + + <{/if}> +
+

<{$effect.description}>

+
+
+
+ + <{/if}> + <{/foreach}>