This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2005-2011 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * @package eTraxis |
||
25 | * @ignore |
||
26 | */ |
||
27 | |||
28 | /**#@+ |
||
29 | * Dependency. |
||
30 | */ |
||
31 | require_once('../engine/engine.php'); |
||
32 | require_once('../dbo/projects.php'); |
||
33 | require_once('../dbo/states.php'); |
||
34 | require_once('../dbo/fields.php'); |
||
35 | require_once('../dbo/values.php'); |
||
36 | /**#@-*/ |
||
37 | |||
38 | global $field_type_res; |
||
39 | |||
40 | init_page(LOAD_INLINE); |
||
41 | |||
42 | if (get_user_level() != USER_LEVEL_ADMIN) |
||
43 | { |
||
44 | debug_write_log(DEBUG_NOTICE, 'User must have admin rights to be allowed.'); |
||
45 | header('HTTP/1.1 307 index.php'); |
||
46 | exit; |
||
47 | } |
||
48 | |||
49 | // check that requested state exists |
||
50 | |||
51 | $id = ustr2int(try_request('id')); |
||
52 | $state = state_find($id); |
||
53 | |||
54 | if (!$state) |
||
55 | { |
||
56 | debug_write_log(DEBUG_NOTICE, 'State cannot be found.'); |
||
57 | header('HTTP/1.1 307 index.php'); |
||
58 | exit; |
||
59 | } |
||
60 | |||
61 | View Code Duplication | if (!$state['is_locked']) |
|
62 | { |
||
63 | debug_write_log(DEBUG_NOTICE, 'Template must be locked.'); |
||
64 | header('HTTP/1.1 307 findex.php?id=' . $id); |
||
65 | exit; |
||
66 | } |
||
67 | |||
68 | // 1st step of new field has been submitted |
||
69 | |||
70 | if (try_request('submitted') == 'mainform') |
||
71 | { |
||
72 | debug_write_log(DEBUG_NOTICE, 'Data for step #1 are submitted.'); |
||
73 | |||
74 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
75 | $field_type = ustr2int($_REQUEST['field_type'], FIELD_TYPE_MINIMUM, FIELD_TYPE_MAXIMUM); |
||
76 | $is_required = FALSE; |
||
77 | $guest_access = isset($_REQUEST['guest_access']); |
||
78 | $add_separator = isset($_REQUEST['add_separator']); |
||
79 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
80 | $description = NULL; |
||
81 | |||
82 | switch ($field_type) |
||
83 | { |
||
84 | case FIELD_TYPE_NUMBER: |
||
85 | $form = 'numberform'; |
||
86 | $min_value = NULL; |
||
87 | $max_value = NULL; |
||
88 | $def_value = NULL; |
||
89 | break; |
||
90 | |||
91 | case FIELD_TYPE_FLOAT: |
||
92 | $form = 'floatform'; |
||
93 | $min_value = NULL; |
||
94 | $max_value = NULL; |
||
95 | $def_value = NULL; |
||
96 | break; |
||
97 | |||
98 | View Code Duplication | case FIELD_TYPE_STRING: |
|
99 | $form = 'stringform'; |
||
100 | $max_length = NULL; |
||
101 | $regex_check = NULL; |
||
102 | $regex_search = NULL; |
||
103 | $regex_replace = NULL; |
||
104 | $def_value = NULL; |
||
105 | break; |
||
106 | |||
107 | View Code Duplication | case FIELD_TYPE_MULTILINED: |
|
108 | $form = 'multilinedform'; |
||
109 | $max_length = NULL; |
||
110 | $regex_check = NULL; |
||
111 | $regex_search = NULL; |
||
112 | $regex_replace = NULL; |
||
113 | $def_value = NULL; |
||
114 | break; |
||
115 | |||
116 | case FIELD_TYPE_CHECKBOX: |
||
117 | $form = 'checkboxform'; |
||
118 | $def_value = 1; |
||
119 | break; |
||
120 | |||
121 | case FIELD_TYPE_LIST: |
||
122 | $form = 'listform'; |
||
123 | $list_items = NULL; |
||
124 | $def_value = NULL; |
||
125 | break; |
||
126 | |||
127 | case FIELD_TYPE_RECORD: |
||
128 | $form = 'recordform'; |
||
129 | $min_value = NULL; |
||
130 | $max_value = NULL; |
||
131 | break; |
||
132 | |||
133 | case FIELD_TYPE_DATE: |
||
134 | $form = 'dateform'; |
||
135 | $min_value = NULL; |
||
136 | $max_value = NULL; |
||
137 | $def_value = NULL; |
||
138 | break; |
||
139 | |||
140 | case FIELD_TYPE_DURATION: |
||
141 | $form = 'durationform'; |
||
142 | $min_value = NULL; |
||
143 | $max_value = NULL; |
||
144 | $def_value = NULL; |
||
145 | break; |
||
146 | |||
147 | default: ; // nop |
||
148 | } |
||
149 | } |
||
150 | |||
151 | // 2st step of new field has been submitted |
||
152 | |||
153 | elseif (isset($_REQUEST['submitted'])) |
||
154 | { |
||
155 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 are submitted.'); |
||
156 | |||
157 | // 2nd step of new field (number) has been submitted |
||
158 | |||
159 | if (try_request('submitted') == 'numberform') |
||
160 | { |
||
161 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (number) are submitted.'); |
||
162 | |||
163 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
164 | $field_type = FIELD_TYPE_NUMBER; |
||
165 | $min_value = ustrcut($_REQUEST['min_value'], ustrlen(MAX_FIELD_INTEGER) + 1); |
||
166 | $max_value = ustrcut($_REQUEST['max_value'], ustrlen(MAX_FIELD_INTEGER) + 1); |
||
167 | $def_value = ustrcut($_REQUEST['def_value'], ustrlen(MAX_FIELD_INTEGER) + 1); |
||
168 | $def_value = (ustrlen($def_value) == 0 ? NULL : intval($def_value)); |
||
169 | $is_required = isset($_REQUEST['is_required']); |
||
170 | $guest_access = isset($_REQUEST['guest_access']); |
||
171 | $add_separator = isset($_REQUEST['add_separator']); |
||
172 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
173 | $description = ustrcut($_REQUEST['description'], MAX_FIELD_DESCRIPTION); |
||
174 | |||
175 | $error = field_validate_number($field_name, $min_value, $max_value, $def_value); |
||
176 | |||
177 | if ($error == NO_ERROR) |
||
178 | { |
||
179 | $error = field_create($state['template_id'], |
||
180 | $id, |
||
181 | $field_name, |
||
182 | $field_type, |
||
183 | $is_required, |
||
184 | $add_separator, |
||
185 | $guest_access, |
||
186 | $show_in_emails, |
||
187 | $description, |
||
188 | NULL, NULL, NULL, |
||
189 | $min_value, |
||
190 | $max_value, |
||
191 | $def_value); |
||
192 | } |
||
193 | } |
||
194 | |||
195 | // 2nd step of new field (decimal) has been submitted |
||
196 | |||
197 | elseif (try_request('submitted') == 'floatform') |
||
198 | { |
||
199 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (decimal) are submitted.'); |
||
200 | |||
201 | $form = 'floatform'; |
||
202 | |||
203 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
204 | $field_type = FIELD_TYPE_FLOAT; |
||
205 | $min_value = ustrcut($_REQUEST['min_value'], ustrlen(MIN_FIELD_FLOAT)); |
||
206 | $max_value = ustrcut($_REQUEST['max_value'], ustrlen(MAX_FIELD_FLOAT)); |
||
207 | $def_value = ustrcut($_REQUEST['def_value'], ustrlen(MAX_FIELD_FLOAT)); |
||
208 | $def_value = (ustrlen($def_value) == 0 ? NULL : $def_value); |
||
209 | $is_required = isset($_REQUEST['is_required']); |
||
210 | $guest_access = isset($_REQUEST['guest_access']); |
||
211 | $add_separator = isset($_REQUEST['add_separator']); |
||
212 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
213 | $description = ustrcut($_REQUEST['description'], MAX_FIELD_DESCRIPTION); |
||
214 | |||
215 | $error = field_validate_float($field_name, $min_value, $max_value, $def_value); |
||
216 | |||
217 | if ($error == NO_ERROR) |
||
218 | { |
||
219 | $error = field_create($state['template_id'], |
||
220 | $id, |
||
221 | $field_name, |
||
222 | $field_type, |
||
223 | $is_required, |
||
224 | $add_separator, |
||
225 | $guest_access, |
||
226 | $show_in_emails, |
||
227 | $description, |
||
228 | NULL, NULL, NULL, |
||
229 | value_find_float($min_value), |
||
230 | value_find_float($max_value), |
||
231 | is_null($def_value) ? NULL : value_find_float($def_value)); |
||
232 | |||
233 | if ($error == NO_ERROR) |
||
234 | { |
||
235 | header('Location: findex.php?id=' . $id); |
||
236 | exit; |
||
237 | } |
||
238 | } |
||
239 | } |
||
240 | |||
241 | // 2nd step of new field (string) has been submitted |
||
242 | |||
243 | View Code Duplication | elseif (try_request('submitted') == 'stringform') |
|
244 | { |
||
245 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (string) are submitted.'); |
||
246 | |||
247 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
248 | $field_type = FIELD_TYPE_STRING; |
||
249 | $max_length = ustrcut($_REQUEST['max_length'], ustrlen(MAX_FIELD_STRING)); |
||
250 | $is_required = isset($_REQUEST['is_required']); |
||
251 | $guest_access = isset($_REQUEST['guest_access']); |
||
252 | $add_separator = isset($_REQUEST['add_separator']); |
||
253 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
254 | $description = ustrcut($_REQUEST['description'], MAX_FIELD_DESCRIPTION); |
||
255 | $regex_check = ustrcut($_REQUEST['regex_check'], MAX_FIELD_REGEX); |
||
256 | $regex_search = ustrcut($_REQUEST['regex_search'], MAX_FIELD_REGEX); |
||
257 | $regex_replace = ustrcut($_REQUEST['regex_replace'], MAX_FIELD_REGEX); |
||
258 | |||
259 | $error = field_validate_string($field_name, $max_length); |
||
260 | |||
261 | if ($error == NO_ERROR) |
||
262 | { |
||
263 | $def_value = ustrcut($_REQUEST['def_value'], $max_length); |
||
264 | $value_id = (ustrlen($def_value) == 0 ? NULL : value_find_string($def_value)); |
||
265 | |||
266 | $error = field_create($state['template_id'], |
||
267 | $id, |
||
268 | $field_name, |
||
269 | $field_type, |
||
270 | $is_required, |
||
271 | $add_separator, |
||
272 | $guest_access, |
||
273 | $show_in_emails, |
||
274 | $description, |
||
275 | $regex_check, |
||
276 | $regex_search, |
||
277 | $regex_replace, |
||
278 | $max_length, |
||
279 | NULL, |
||
280 | $value_id); |
||
281 | } |
||
282 | } |
||
283 | |||
284 | // 2nd step of new field (multilined) has been submitted |
||
285 | |||
286 | View Code Duplication | elseif (try_request('submitted') == 'multilinedform') |
|
287 | { |
||
288 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (multilined text) are submitted.'); |
||
289 | |||
290 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
291 | $field_type = FIELD_TYPE_MULTILINED; |
||
292 | $max_length = ustrcut($_REQUEST['max_length'], ustrlen(MAX_FIELD_MULTILINED)); |
||
293 | $is_required = isset($_REQUEST['is_required']); |
||
294 | $guest_access = isset($_REQUEST['guest_access']); |
||
295 | $add_separator = isset($_REQUEST['add_separator']); |
||
296 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
297 | $description = ustrcut($_REQUEST['description'], MAX_FIELD_DESCRIPTION); |
||
298 | $regex_check = ustrcut($_REQUEST['regex_check'], MAX_FIELD_REGEX); |
||
299 | $regex_search = ustrcut($_REQUEST['regex_search'], MAX_FIELD_REGEX); |
||
300 | $regex_replace = ustrcut($_REQUEST['regex_replace'], MAX_FIELD_REGEX); |
||
301 | |||
302 | $error = field_validate_multilined($field_name, $max_length); |
||
303 | |||
304 | if ($error == NO_ERROR) |
||
305 | { |
||
306 | $def_value = ustrcut($_REQUEST['def_value'], $max_length); |
||
307 | $value_id = (ustrlen($def_value) == 0 ? NULL : value_find_multilined($def_value)); |
||
308 | |||
309 | $error = field_create($state['template_id'], |
||
310 | $id, |
||
311 | $field_name, |
||
312 | $field_type, |
||
313 | $is_required, |
||
314 | $add_separator, |
||
315 | $guest_access, |
||
316 | $show_in_emails, |
||
317 | $description, |
||
318 | $regex_check, |
||
319 | $regex_search, |
||
320 | $regex_replace, |
||
321 | $max_length, |
||
322 | NULL, |
||
323 | $value_id); |
||
324 | } |
||
325 | } |
||
326 | |||
327 | // 2nd step of new field (checkbox) has been submitted |
||
328 | |||
329 | elseif (try_request('submitted') == 'checkboxform') |
||
330 | { |
||
331 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (checkbox) are submitted.'); |
||
332 | |||
333 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
334 | $field_type = FIELD_TYPE_CHECKBOX; |
||
335 | $def_value = ustr2int(try_request('def_value', 1), 0, 1); |
||
336 | $guest_access = isset($_REQUEST['guest_access']); |
||
337 | $add_separator = isset($_REQUEST['add_separator']); |
||
338 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
339 | $description = ustrcut($_REQUEST['description'], MAX_FIELD_DESCRIPTION); |
||
340 | |||
341 | $error = field_create($state['template_id'], |
||
342 | $id, |
||
343 | $field_name, |
||
344 | $field_type, |
||
345 | FALSE, |
||
346 | $add_separator, |
||
347 | $guest_access, |
||
348 | $show_in_emails, |
||
349 | $description, |
||
350 | NULL, NULL, NULL, NULL, NULL, |
||
351 | $def_value); |
||
352 | } |
||
353 | |||
354 | // 2nd step of new field (list) has been submitted |
||
355 | |||
356 | elseif (try_request('submitted') == 'listform') |
||
357 | { |
||
358 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (list) are submitted.'); |
||
359 | |||
360 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
361 | $field_type = FIELD_TYPE_LIST; |
||
362 | $list_items = ustrcut($_REQUEST['list_items'], MAX_FIELD_LIST_ITEMS); |
||
363 | $def_value = try_request('def_value'); |
||
364 | $def_value = (ustrlen($def_value) == 0 ? NULL : ustr2int($def_value, 1, MAXINT)); |
||
365 | $is_required = isset($_REQUEST['is_required']); |
||
366 | $guest_access = isset($_REQUEST['guest_access']); |
||
367 | $add_separator = isset($_REQUEST['add_separator']); |
||
368 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
369 | $description = ustrcut($_REQUEST['description'], MAX_FIELD_DESCRIPTION); |
||
370 | |||
371 | $error = field_create($state['template_id'], |
||
372 | $id, |
||
373 | $field_name, |
||
374 | $field_type, |
||
375 | $is_required, |
||
376 | $add_separator, |
||
377 | $guest_access, |
||
378 | $show_in_emails, |
||
379 | $description, |
||
380 | NULL, NULL, NULL, NULL, NULL, |
||
381 | $def_value); |
||
382 | |||
383 | if ($error == NO_ERROR) |
||
384 | { |
||
385 | field_create_list_items($id, $field_name, $list_items); |
||
386 | } |
||
387 | } |
||
388 | |||
389 | // 2nd step of new field (record) has been submitted |
||
390 | |||
391 | elseif (try_request('submitted') == 'recordform') |
||
392 | { |
||
393 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (record) are submitted.'); |
||
394 | |||
395 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
396 | $field_type = FIELD_TYPE_RECORD; |
||
397 | $is_required = isset($_REQUEST['is_required']); |
||
398 | $guest_access = isset($_REQUEST['guest_access']); |
||
399 | $add_separator = isset($_REQUEST['add_separator']); |
||
400 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
401 | $description = ustrcut($_REQUEST['description'], MAX_FIELD_DESCRIPTION); |
||
402 | |||
403 | $error = field_create($state['template_id'], |
||
404 | $id, |
||
405 | $field_name, |
||
406 | $field_type, |
||
407 | $is_required, |
||
408 | $add_separator, |
||
409 | $guest_access, |
||
410 | $show_in_emails, |
||
411 | $description); |
||
412 | } |
||
413 | |||
414 | // 2nd step of new field (date) has been submitted |
||
415 | |||
416 | elseif (try_request('submitted') == 'dateform') |
||
417 | { |
||
418 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (date) are submitted.'); |
||
419 | |||
420 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
421 | $field_type = FIELD_TYPE_DATE; |
||
422 | $min_value = ustrcut($_REQUEST['min_value'], ustrlen(MIN_FIELD_DATE)); |
||
423 | $max_value = ustrcut($_REQUEST['max_value'], ustrlen(MIN_FIELD_DATE)); |
||
424 | $def_value = ustrcut($_REQUEST['def_value'], ustrlen(MIN_FIELD_DATE)); |
||
425 | $def_value = (ustrlen($def_value) == 0 ? NULL : $def_value); |
||
426 | $is_required = isset($_REQUEST['is_required']); |
||
427 | $guest_access = isset($_REQUEST['guest_access']); |
||
428 | $add_separator = isset($_REQUEST['add_separator']); |
||
429 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
430 | $description = ustrcut($_REQUEST['description'], MAX_FIELD_DESCRIPTION); |
||
431 | |||
432 | $error = field_validate_date($field_name, $min_value, $max_value, $def_value); |
||
433 | |||
434 | View Code Duplication | if ($error == NO_ERROR) |
|
435 | { |
||
436 | $error = field_create($state['template_id'], |
||
437 | $id, |
||
438 | $field_name, |
||
439 | $field_type, |
||
440 | $is_required, |
||
441 | $add_separator, |
||
442 | $guest_access, |
||
443 | $show_in_emails, |
||
444 | $description, |
||
445 | NULL, NULL, NULL, |
||
446 | $min_value, |
||
447 | $max_value, |
||
448 | is_null($def_value) ? NULL : ustr2int($def_value, MIN_FIELD_DATE, MAX_FIELD_DATE)); |
||
449 | } |
||
450 | } |
||
451 | |||
452 | // 2nd step of new field (duration) has been submitted |
||
453 | |||
454 | elseif (try_request('submitted') == 'durationform') |
||
455 | { |
||
456 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (duration) are submitted.'); |
||
457 | |||
458 | $field_name = ustrcut($_REQUEST['field_name'], MAX_FIELD_NAME); |
||
459 | $field_type = FIELD_TYPE_DURATION; |
||
460 | $min_value = ustrcut($_REQUEST['min_value'], ustrlen(time2ustr(MAX_FIELD_DURATION))); |
||
461 | $max_value = ustrcut($_REQUEST['max_value'], ustrlen(time2ustr(MAX_FIELD_DURATION))); |
||
462 | $def_value = ustrcut($_REQUEST['def_value'], ustrlen(time2ustr(MAX_FIELD_DURATION))); |
||
463 | $def_value = (ustrlen($def_value) == 0 ? NULL : $def_value); |
||
464 | $is_required = isset($_REQUEST['is_required']); |
||
465 | $guest_access = isset($_REQUEST['guest_access']); |
||
466 | $add_separator = isset($_REQUEST['add_separator']); |
||
467 | $show_in_emails = isset($_REQUEST['show_in_emails']); |
||
468 | $description = ustrcut($_REQUEST['description'], MAX_FIELD_DESCRIPTION); |
||
469 | |||
470 | $error = field_validate_duration($field_name, $min_value, $max_value, $def_value); |
||
471 | |||
472 | View Code Duplication | if ($error == NO_ERROR) |
|
473 | { |
||
474 | $error = field_create($state['template_id'], |
||
475 | $id, |
||
476 | $field_name, |
||
477 | $field_type, |
||
478 | $is_required, |
||
479 | $add_separator, |
||
480 | $guest_access, |
||
481 | $show_in_emails, |
||
482 | $description, |
||
483 | NULL, NULL, NULL, |
||
484 | ustr2time($min_value), |
||
485 | ustr2time($max_value), |
||
486 | is_null($def_value) ? NULL : ustr2time($def_value)); |
||
487 | } |
||
488 | } |
||
489 | |||
490 | View Code Duplication | switch ($error) |
|
491 | { |
||
492 | case NO_ERROR: |
||
493 | header('HTTP/1.0 200 OK'); |
||
494 | break; |
||
495 | |||
496 | case ERROR_INCOMPLETE_FORM: |
||
497 | send_http_error(get_js_resource(RES_ALERT_REQUIRED_ARE_EMPTY_ID)); |
||
498 | break; |
||
499 | |||
500 | case ERROR_ALREADY_EXISTS: |
||
501 | send_http_error(get_js_resource(RES_ALERT_FIELD_ALREADY_EXISTS_ID)); |
||
502 | break; |
||
503 | |||
504 | case ERROR_INVALID_INTEGER_VALUE: |
||
505 | send_http_error(get_js_resource(RES_ALERT_INVALID_INTEGER_VALUE_ID)); |
||
506 | break; |
||
507 | |||
508 | case ERROR_INVALID_FLOAT_VALUE: |
||
509 | send_http_error(get_js_resource(RES_ALERT_INVALID_DECIMAL_VALUE_ID)); |
||
510 | break; |
||
511 | |||
512 | case ERROR_INTEGER_VALUE_OUT_OF_RANGE: |
||
513 | case ERROR_FLOAT_VALUE_OUT_OF_RANGE: |
||
514 | |||
515 | if (try_request('submitted') == 'numberform') |
||
516 | { |
||
517 | send_http_error(ustrprocess(get_js_resource(RES_ALERT_INTEGER_VALUE_OUT_OF_RANGE_ID), -MAX_FIELD_INTEGER, +MAX_FIELD_INTEGER)); |
||
518 | } |
||
519 | elseif (try_request('submitted') == 'floatform') |
||
520 | { |
||
521 | send_http_error(ustrprocess(get_js_resource(RES_ALERT_DECIMAL_VALUE_OUT_OF_RANGE_ID), MIN_FIELD_FLOAT, MAX_FIELD_FLOAT)); |
||
522 | } |
||
523 | elseif (try_request('submitted') == 'stringform') |
||
524 | { |
||
525 | send_http_error(ustrprocess(get_js_resource(RES_ALERT_INTEGER_VALUE_OUT_OF_RANGE_ID), 1, MAX_FIELD_STRING)); |
||
526 | } |
||
527 | elseif (try_request('submitted') == 'multilinedform') |
||
528 | { |
||
529 | send_http_error(ustrprocess(get_js_resource(RES_ALERT_INTEGER_VALUE_OUT_OF_RANGE_ID), 1, MAX_FIELD_MULTILINED)); |
||
530 | } |
||
531 | else |
||
532 | { |
||
533 | send_http_error(get_js_resource(RES_ALERT_UNKNOWN_ERROR_ID)); |
||
534 | } |
||
535 | |||
536 | break; |
||
537 | |||
538 | case ERROR_MIN_MAX_VALUES: |
||
539 | send_http_error(get_js_resource(RES_ALERT_MIN_MAX_VALUES_ID)); |
||
540 | break; |
||
541 | |||
542 | case ERROR_INVALID_DATE_VALUE: |
||
543 | send_http_error(get_js_resource(RES_ALERT_INVALID_DATE_VALUE_ID)); |
||
544 | break; |
||
545 | |||
546 | case ERROR_DATE_VALUE_OUT_OF_RANGE: |
||
547 | send_http_error(ustrprocess(get_js_resource(RES_ALERT_DATE_VALUE_OUT_OF_RANGE_ID), MIN_FIELD_DATE, MAX_FIELD_DATE)); |
||
548 | break; |
||
549 | |||
550 | case ERROR_INVALID_TIME_VALUE: |
||
551 | send_http_error(get_js_resource(RES_ALERT_INVALID_TIME_VALUE_ID)); |
||
552 | break; |
||
553 | |||
554 | case ERROR_TIME_VALUE_OUT_OF_RANGE: |
||
555 | send_http_error(ustrprocess(get_js_resource(RES_ALERT_TIME_VALUE_OUT_OF_RANGE_ID), time2ustr(MIN_FIELD_DURATION), time2ustr(MAX_FIELD_DURATION))); |
||
556 | break; |
||
557 | |||
558 | case ERROR_DEFAULT_VALUE_OUT_OF_RANGE: |
||
559 | send_http_error(ustrprocess(get_js_resource(RES_ALERT_DEFAULT_VALUE_OUT_OF_RANGE_ID), $min_value, $max_value)); |
||
560 | break; |
||
561 | |||
562 | default: |
||
563 | send_http_error(get_js_resource(RES_ALERT_UNKNOWN_ERROR_ID)); |
||
564 | } |
||
565 | |||
566 | exit; |
||
567 | } |
||
568 | else |
||
569 | { |
||
570 | debug_write_log(DEBUG_NOTICE, 'Data are being requested.'); |
||
571 | |||
572 | $error = NO_ERROR; |
||
573 | $form = 'mainform'; |
||
574 | $field_name = NULL; |
||
575 | $field_type = FIELD_TYPE_MINIMUM; |
||
576 | $guest_access = FALSE; |
||
577 | $add_separator = FALSE; |
||
578 | $show_in_emails = FALSE; |
||
579 | } |
||
580 | |||
581 | // local JS functions |
||
582 | |||
583 | $resTitle = get_js_resource(RES_ERROR_ID); |
||
584 | $resOK = get_js_resource(RES_OK_ID); |
||
585 | |||
586 | $xml = <<<JQUERY |
||
587 | <script> |
||
588 | |||
589 | function createSuccess () |
||
590 | { |
||
591 | closeModal(); |
||
592 | reloadTab(); |
||
593 | } |
||
594 | |||
595 | function createError (XMLHttpRequest) |
||
596 | { |
||
597 | jqAlert("{$resTitle}", XMLHttpRequest.responseText, "{$resOK}"); |
||
598 | } |
||
599 | |||
600 | </script> |
||
601 | JQUERY; |
||
602 | |||
603 | // generate header |
||
604 | |||
605 | $xml .= '<form name="' . $form . '" action="fcreate.php?id=' . $id . '" success="createSuccess" error="createError">' |
||
606 | . '<group>'; |
||
607 | |||
608 | // generate common controls |
||
609 | |||
610 | $xml .= '<control name="field_name" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
611 | . '<label>' . get_html_resource(RES_FIELD_NAME_ID) . '</label>' |
||
612 | . '<editbox maxlen="' . MAX_FIELD_NAME . '">' . ustr2html($field_name) . '</editbox>' |
||
613 | . '</control>' |
||
614 | . '<control name="field_type" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
615 | . '<label>' . get_html_resource(RES_FIELD_TYPE_ID) . '</label>' |
||
616 | . '<combobox>'; |
||
617 | |||
618 | if ($form == 'mainform') |
||
619 | { |
||
620 | foreach ($field_type_res as $i => $type_res) |
||
621 | { |
||
622 | $xml .= ($field_type == $i |
||
623 | ? '<listitem value="' . $i . '" selected="true">' |
||
624 | : '<listitem value="' . $i . '">') |
||
625 | . get_html_resource($type_res) |
||
626 | . '</listitem>'; |
||
627 | } |
||
628 | } |
||
629 | else |
||
630 | { |
||
631 | $xml .= '<listitem value="' . $field_type . '" selected="true">' |
||
632 | . get_html_resource($field_type_res[$field_type]) |
||
633 | . '</listitem>'; |
||
634 | } |
||
635 | |||
636 | $xml .= '</combobox>' |
||
637 | . '</control>'; |
||
638 | |||
639 | $notes = '<note>' . get_html_resource(RES_ALERT_REQUIRED_ARE_EMPTY_ID) . '</note>'; |
||
640 | |||
641 | // generate controls for 'number' field |
||
642 | |||
643 | if ($form == 'numberform') |
||
644 | { |
||
645 | $xml .= '<control name="min_value" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
646 | . '<label>' . get_html_resource(RES_MIN_VALUE_ID) . '</label>' |
||
647 | . '<editbox maxlen="' . (ustrlen(MAX_FIELD_INTEGER) + 1) . '">' |
||
648 | . ustr2html($min_value) |
||
649 | . '</editbox>' |
||
650 | . '</control>'; |
||
651 | |||
652 | $xml .= '<control name="max_value" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
653 | . '<label>' . get_html_resource(RES_MAX_VALUE_ID) . '</label>' |
||
654 | . '<editbox maxlen="' . (ustrlen(MAX_FIELD_INTEGER) + 1) . '">' |
||
655 | . ustr2html($max_value) |
||
656 | . '</editbox>' |
||
657 | . '</control>'; |
||
658 | |||
659 | $xml .= '<control name="def_value">' |
||
660 | . '<label>' . get_html_resource(RES_DEFAULT_VALUE_ID) . '</label>' |
||
661 | . '<editbox maxlen="' . (ustrlen(MAX_FIELD_INTEGER) + 1) . '">' |
||
662 | . ustr2html($def_value) |
||
663 | . '</editbox>' |
||
664 | . '</control>'; |
||
665 | |||
666 | $notes .= '<note>' . ustrprocess(get_html_resource(RES_ALERT_INTEGER_VALUE_OUT_OF_RANGE_ID), -MAX_FIELD_INTEGER, +MAX_FIELD_INTEGER) . '</note>' |
||
667 | . '<note>' . get_html_resource(RES_ALERT_MIN_MAX_VALUES_ID) . '</note>'; |
||
668 | } |
||
669 | |||
670 | // generate controls for 'decimal' field |
||
671 | |||
672 | View Code Duplication | elseif ($form == 'floatform') |
|
673 | { |
||
674 | $xml .= '<control name="min_value" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
675 | . '<label>' . get_html_resource(RES_MIN_VALUE_ID) . '</label>' |
||
676 | . '<editbox maxlen="' . ustrlen(MIN_FIELD_FLOAT) . '">' |
||
677 | . ustr2html($min_value) |
||
678 | . '</editbox>' |
||
679 | . '</control>'; |
||
680 | |||
681 | $xml .= '<control name="max_value" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
682 | . '<label>' . get_html_resource(RES_MAX_VALUE_ID) . '</label>' |
||
683 | . '<editbox maxlen="' . ustrlen(MAX_FIELD_FLOAT) . '">' |
||
684 | . ustr2html($max_value) |
||
685 | . '</editbox>' |
||
686 | . '</control>'; |
||
687 | |||
688 | $xml .= '<control name="def_value">' |
||
689 | . '<label>' . get_html_resource(RES_DEFAULT_VALUE_ID) . '</label>' |
||
690 | . '<editbox maxlen="' . ustrlen(MAX_FIELD_FLOAT) . '">' |
||
691 | . ustr2html($def_value) |
||
692 | . '</editbox>' |
||
693 | . '</control>'; |
||
694 | |||
695 | $notes .= '<note>' . ustrprocess(get_html_resource(RES_ALERT_DECIMAL_VALUE_OUT_OF_RANGE_ID), MIN_FIELD_FLOAT, MAX_FIELD_FLOAT) . '</note>' |
||
696 | . '<note>' . get_html_resource(RES_ALERT_MIN_MAX_VALUES_ID) . '</note>'; |
||
697 | } |
||
698 | |||
699 | // generate controls for 'string' field |
||
700 | |||
701 | elseif ($form == 'stringform') |
||
702 | { |
||
703 | $xml .= '<control name="max_length" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
704 | . '<label>' . get_html_resource(RES_MAX_LENGTH_ID) . '</label>' |
||
705 | . '<editbox maxlen="' . ustrlen(MAX_FIELD_STRING) . '">' |
||
706 | . ustr2html($max_length) |
||
707 | . '</editbox>' |
||
708 | . '</control>'; |
||
709 | |||
710 | $xml .= '<control name="def_value">' |
||
711 | . '<label>' . get_html_resource(RES_DEFAULT_VALUE_ID) . '</label>' |
||
712 | . '<editbox maxlen="' . MAX_FIELD_STRING . '">' |
||
713 | . ustr2html($def_value) |
||
714 | . '</editbox>' |
||
715 | . '</control>'; |
||
716 | |||
717 | $xml .= '<control name="regex_check">' |
||
718 | . '<label>' . get_html_resource(RES_REGEX_CHECK_ID) . '</label>' |
||
719 | . '<editbox maxlen="' . MAX_FIELD_REGEX . '">' |
||
720 | . ustr2html($regex_check) |
||
721 | . '</editbox>' |
||
722 | . '</control>'; |
||
723 | |||
724 | $xml .= '<control name="regex_search">' |
||
725 | . '<label>' . get_html_resource(RES_REGEX_SEARCH_ID) . '</label>' |
||
726 | . '<editbox maxlen="' . MAX_FIELD_REGEX . '">' |
||
727 | . ustr2html($regex_search) |
||
728 | . '</editbox>' |
||
729 | . '</control>'; |
||
730 | |||
731 | $xml .= '<control name="regex_replace">' |
||
732 | . '<label>' . get_html_resource(RES_REGEX_REPLACE_ID) . '</label>' |
||
733 | . '<editbox maxlen="' . MAX_FIELD_REGEX . '">' |
||
734 | . ustr2html($regex_replace) |
||
735 | . '</editbox>' |
||
736 | . '</control>'; |
||
737 | |||
738 | $notes .= '<note>' . ustrprocess(get_html_resource(RES_ALERT_INTEGER_VALUE_OUT_OF_RANGE_ID), 1, MAX_FIELD_STRING) . '</note>'; |
||
739 | } |
||
740 | |||
741 | // generate controls for 'multilined' field |
||
742 | |||
743 | View Code Duplication | elseif ($form == 'multilinedform') |
|
744 | { |
||
745 | $xml .= '<control name="max_length" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
746 | . '<label>' . get_html_resource(RES_MAX_LENGTH_ID) . '</label>' |
||
747 | . '<editbox maxlen="' . ustrlen(MAX_FIELD_MULTILINED) . '">' |
||
748 | . ustr2html($max_length) |
||
749 | . '</editbox>' |
||
750 | . '</control>'; |
||
751 | |||
752 | $xml .= '<control name="def_value">' |
||
753 | . '<label>' . get_html_resource(RES_DEFAULT_VALUE_ID) . '</label>' |
||
754 | . '<textbox rows="' . $_SESSION[VAR_TEXTROWS] . '" maxlen="' . MAX_FIELD_MULTILINED . '">' |
||
755 | . ustr2html($def_value) |
||
756 | . '</textbox>' |
||
757 | . '</control>'; |
||
758 | |||
759 | $xml .= '<control name="regex_check">' |
||
760 | . '<label>' . get_html_resource(RES_REGEX_CHECK_ID) . '</label>' |
||
761 | . '<editbox maxlen="' . MAX_FIELD_REGEX . '">' |
||
762 | . ustr2html($regex_check) |
||
763 | . '</editbox>' |
||
764 | . '</control>'; |
||
765 | |||
766 | $xml .= '<control name="regex_search">' |
||
767 | . '<label>' . get_html_resource(RES_REGEX_SEARCH_ID) . '</label>' |
||
768 | . '<editbox maxlen="' . MAX_FIELD_REGEX . '">' |
||
769 | . ustr2html($regex_search) |
||
770 | . '</editbox>' |
||
771 | . '</control>'; |
||
772 | |||
773 | $xml .= '<control name="regex_replace">' |
||
774 | . '<label>' . get_html_resource(RES_REGEX_REPLACE_ID) . '</label>' |
||
775 | . '<editbox maxlen="' . MAX_FIELD_REGEX . '">' |
||
776 | . ustr2html($regex_replace) |
||
777 | . '</editbox>' |
||
778 | . '</control>'; |
||
779 | |||
780 | $notes .= '<note>' . ustrprocess(get_html_resource(RES_ALERT_INTEGER_VALUE_OUT_OF_RANGE_ID), 1, MAX_FIELD_MULTILINED) . '</note>'; |
||
781 | } |
||
782 | |||
783 | // generate controls for 'checkbox' field |
||
784 | |||
785 | View Code Duplication | elseif ($form == 'checkboxform') |
|
786 | { |
||
787 | $xml .= '<control name="def_value">' |
||
788 | . '<label>' . get_html_resource(RES_DEFAULT_VALUE_ID) . '</label>' |
||
789 | . '<radio value="1"' . ($def_value != 0 ? ' checked="true">' : '>') . get_html_resource(RES_ON_ID) . '</radio>' |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
790 | . '<radio value="0"' . ($def_value == 0 ? ' checked="true">' : '>') . get_html_resource(RES_OFF_ID) . '</radio>' |
||
0 ignored issues
–
show
|
|||
791 | . '</control>'; |
||
792 | } |
||
793 | |||
794 | // generate controls for 'list' field |
||
795 | |||
796 | View Code Duplication | elseif ($form == 'listform') |
|
797 | { |
||
798 | $xml .= '<control name="list_items" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
799 | . '<label>' . get_html_resource(RES_LIST_ITEMS_ID) . '</label>' |
||
800 | . '<textbox rows="' . $_SESSION[VAR_TEXTROWS] . '" maxlen="' . MAX_FIELD_LIST_ITEMS . '">' |
||
801 | . ustr2html($list_items) |
||
802 | . '</textbox>' |
||
803 | . '</control>'; |
||
804 | |||
805 | $xml .= '<control name="def_value">' |
||
806 | . '<label>' . get_html_resource(RES_DEFAULT_VALUE_ID) . '</label>' |
||
807 | . '<editbox maxlen="' . ustrlen(MAXINT) . '">' |
||
808 | . ustr2html($def_value) |
||
809 | . '</editbox>' |
||
810 | . '</control>'; |
||
811 | } |
||
812 | |||
813 | // generate controls for 'date' field |
||
814 | |||
815 | elseif ($form == 'dateform') |
||
816 | { |
||
817 | $xml .= '<control name="min_value" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
818 | . '<label>' . get_html_resource(RES_MIN_VALUE_ID) . '</label>' |
||
819 | . '<editbox maxlen="' . (ustrlen(MAX_FIELD_DATE) + 1) . '">' |
||
820 | . ustr2html($min_value) |
||
821 | . '</editbox>' |
||
822 | . '</control>'; |
||
823 | |||
824 | $xml .= '<control name="max_value" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
825 | . '<label>' . get_html_resource(RES_MAX_VALUE_ID) . '</label>' |
||
826 | . '<editbox maxlen="' . ustrlen(MAX_FIELD_DATE) . '">' |
||
827 | . ustr2html($max_value) |
||
828 | . '</editbox>' |
||
829 | . '</control>'; |
||
830 | |||
831 | $xml .= '<control name="def_value">' |
||
832 | . '<label>' . get_html_resource(RES_DEFAULT_VALUE_ID) . '</label>' |
||
833 | . '<editbox maxlen="' . (ustrlen(MAX_FIELD_DATE) + 1) . '">' |
||
834 | . ustr2html($def_value) |
||
835 | . '</editbox>' |
||
836 | . '</control>'; |
||
837 | |||
838 | $notes .= '<note>' . ustrprocess(get_html_resource(RES_ALERT_DATE_VALUE_OUT_OF_RANGE_ID), MIN_FIELD_DATE, MAX_FIELD_DATE) . '</note>' |
||
839 | . '<note>' . ustrprocess(get_html_resource(RES_ALERT_DEFAULT_VALUE_OUT_OF_RANGE_ID), MIN_FIELD_DATE, MAX_FIELD_DATE) . '</note>' |
||
840 | . '<note>' . get_html_resource(RES_ALERT_MIN_MAX_VALUES_ID) . '</note>'; |
||
841 | } |
||
842 | |||
843 | // generate controls for 'duration' field |
||
844 | |||
845 | View Code Duplication | elseif ($form == 'durationform') |
|
846 | { |
||
847 | $xml .= '<control name="min_value" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
848 | . '<label>' . get_html_resource(RES_MIN_VALUE_ID) . '</label>' |
||
849 | . '<editbox maxlen="' . ustrlen(time2ustr(MAX_FIELD_DURATION)) . '">' |
||
850 | . ustr2html($min_value) |
||
851 | . '</editbox>' |
||
852 | . '</control>'; |
||
853 | |||
854 | $xml .= '<control name="max_value" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
855 | . '<label>' . get_html_resource(RES_MAX_VALUE_ID) . '</label>' |
||
856 | . '<editbox maxlen="' . ustrlen(time2ustr(MAX_FIELD_DURATION)) . '">' |
||
857 | . ustr2html($max_value) |
||
858 | . '</editbox>' |
||
859 | . '</control>'; |
||
860 | |||
861 | $xml .= '<control name="def_value">' |
||
862 | . '<label>' . get_html_resource(RES_DEFAULT_VALUE_ID) . '</label>' |
||
863 | . '<editbox maxlen="' . ustrlen(time2ustr(MAX_FIELD_DURATION)) . '">' |
||
864 | . ustr2html($def_value) |
||
865 | . '</editbox>' |
||
866 | . '</control>'; |
||
867 | |||
868 | $notes .= '<note>' . ustrprocess(get_html_resource(RES_ALERT_TIME_VALUE_OUT_OF_RANGE_ID), time2ustr(MIN_FIELD_DURATION), time2ustr(MAX_FIELD_DURATION)) . '</note>' |
||
869 | . '<note>' . get_html_resource(RES_ALERT_MIN_MAX_VALUES_ID) . '</note>'; |
||
870 | } |
||
871 | |||
872 | // generate common controls |
||
873 | |||
874 | if ($form != 'mainform') |
||
875 | { |
||
876 | $xml .= '<control name="description">' |
||
877 | . '<label>' . get_html_resource(RES_DESCRIPTION_ID) . '</label>' |
||
878 | . '<textbox rows="' . $_SESSION[VAR_TEXTROWS] . '" maxlen="' . MAX_FIELD_DESCRIPTION . '">' |
||
879 | . ustr2html($description) |
||
880 | . '</textbox>' |
||
881 | . '</control>'; |
||
882 | |||
883 | View Code Duplication | if ($form != 'checkboxform') |
|
884 | { |
||
885 | $xml .= '<control name="is_required">' |
||
886 | . '<label/>' |
||
887 | . ($is_required |
||
888 | ? '<checkbox checked="true">' |
||
889 | : '<checkbox>') |
||
890 | . ustrtolower(get_html_resource(RES_REQUIRED2_ID)) |
||
891 | . '</checkbox>' |
||
892 | . '</control>'; |
||
893 | } |
||
894 | } |
||
895 | |||
896 | $xml .= '<control name="guest_access">' |
||
897 | . '<label/>' |
||
898 | . ($guest_access |
||
899 | ? '<checkbox checked="true">' |
||
900 | : '<checkbox>') |
||
901 | . ustrtolower(get_html_resource(RES_GUEST_ACCESS_ID)) |
||
902 | . '</checkbox>' |
||
903 | . '</control>'; |
||
904 | |||
905 | $xml .= '<control name="add_separator">' |
||
906 | . '<label/>' |
||
907 | . ($add_separator |
||
908 | ? '<checkbox checked="true">' |
||
909 | : '<checkbox>') |
||
910 | . ustrtolower(get_html_resource(RES_ADD_SEPARATOR_ID)) |
||
911 | . '</checkbox>' |
||
912 | . '</control>'; |
||
913 | |||
914 | $xml .= '<control name="show_in_emails">' |
||
915 | . '<label/>' |
||
916 | . ($show_in_emails |
||
917 | ? '<checkbox checked="true">' |
||
918 | : '<checkbox>') |
||
919 | . ustrtolower(get_html_resource(RES_SHOW_IN_EMAILS_ID)) |
||
920 | . '</checkbox>' |
||
921 | . '</control>'; |
||
922 | |||
923 | // generate footer |
||
924 | |||
925 | $xml .= '</group>' |
||
926 | . $notes |
||
927 | . '</form>'; |
||
928 | |||
929 | echo(xml2html($xml)); |
||
930 | |||
931 | ?> |
||
932 |