This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
Encourage use of @property annotation when providing magic access
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2005-2012 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * @package eTraxis |
||
25 | * @ignore |
||
26 | */ |
||
27 | |||
28 | /**#@+ |
||
29 | * Dependency. |
||
30 | */ |
||
31 | require_once('../engine/engine.php'); |
||
32 | require_once('../dbo/accounts.php'); |
||
33 | require_once('../dbo/states.php'); |
||
34 | require_once('../dbo/fields.php'); |
||
35 | require_once('../dbo/values.php'); |
||
36 | require_once('../dbo/records.php'); |
||
37 | require_once('../dbo/events.php'); |
||
38 | /**#@-*/ |
||
39 | |||
40 | init_page(LOAD_INLINE); |
||
41 | |||
42 | // check that requested record exists |
||
43 | |||
44 | $id = ustr2int(try_request('id')); |
||
45 | $record = record_find($id); |
||
46 | |||
47 | if (!$record) |
||
48 | { |
||
49 | debug_write_log(DEBUG_NOTICE, 'Record cannot be found.'); |
||
50 | header('HTTP/1.1 307 index.php'); |
||
51 | exit; |
||
52 | } |
||
53 | |||
54 | // check that requested state exists |
||
55 | |||
56 | $state_id = ustr2int(try_request('state')); |
||
57 | $state = state_find($state_id); |
||
58 | |||
59 | if (!$state) |
||
60 | { |
||
61 | debug_write_log(DEBUG_NOTICE, 'State cannot be found.'); |
||
62 | header('HTTP/1.1 307 view.php?id=' . $id); |
||
63 | exit; |
||
64 | } |
||
65 | |||
66 | // get current user's permissions |
||
67 | |||
68 | $permissions = record_get_permissions($record['template_id'], $record['creator_id'], $record['responsible_id']); |
||
69 | |||
70 | // check whether a state of specified record can be changed |
||
71 | |||
72 | if (!can_state_be_changed($record) && |
||
73 | !can_record_be_reopened($record, $permissions)) |
||
74 | { |
||
75 | debug_write_log(DEBUG_NOTICE, 'State cannot be changed.'); |
||
76 | header('HTTP/1.1 307 view.php?id=' . $id); |
||
77 | exit; |
||
78 | } |
||
79 | |||
80 | // if state is final... |
||
81 | |||
82 | if ($state['state_type'] == STATE_TYPE_FINAL) |
||
83 | { |
||
84 | // ... check whether there are no unclosed dependencies |
||
85 | $rs = dal_query('depends/listuc.sql', $id); |
||
86 | |||
87 | if ($rs->rows != 0) |
||
0 ignored issues
–
show
|
|||
88 | { |
||
89 | debug_write_log(DEBUG_NOTICE, 'The record has unclosed dependencies.'); |
||
90 | header('HTTP/1.1 307 view.php?id=' . $id); |
||
91 | exit; |
||
92 | } |
||
93 | |||
94 | // ... check we are not reopening closed record |
||
95 | if (is_record_closed($record)) |
||
96 | { |
||
97 | debug_write_log(DEBUG_NOTICE, 'The record cannot be reopened in a final state.'); |
||
98 | header('HTTP/1.1 307 view.php?id=' . $id); |
||
99 | exit; |
||
100 | } |
||
101 | } |
||
102 | else |
||
103 | { |
||
104 | // ... otherwise, check whether the record can be moved to specified state from current one |
||
105 | if (is_record_closed($record)) |
||
106 | { |
||
107 | if ($state['template_id'] != $record['template_id']) |
||
108 | { |
||
109 | debug_write_log(DEBUG_NOTICE, 'No permissions to reopen in specified state.'); |
||
110 | header('HTTP/1.1 307 view.php?id=' . $id); |
||
111 | exit; |
||
112 | } |
||
113 | } |
||
114 | else |
||
115 | { |
||
116 | $rs = dal_query('records/tramongs.sql', $id, $_SESSION[VAR_USERID], ''); |
||
117 | |||
118 | if ($rs->rows == 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
119 | { |
||
120 | debug_write_log(DEBUG_NOTICE, 'No permissions to change to specified state.'); |
||
121 | header('HTTP/1.1 307 view.php?id=' . $id); |
||
122 | exit; |
||
123 | } |
||
124 | } |
||
125 | } |
||
126 | |||
127 | // state form is submitted |
||
128 | |||
129 | if (try_request('submitted') == 'stateform') |
||
130 | { |
||
131 | debug_write_log(DEBUG_NOTICE, 'Data are submitted.'); |
||
132 | |||
133 | $rs = dal_query('records/efnd.sql', |
||
134 | $_SESSION[VAR_USERID], |
||
135 | is_record_closed($record) ? EVENT_RECORD_REOPENED : EVENT_RECORD_STATE_CHANGED, |
||
136 | time() - 3, |
||
137 | $state_id); |
||
138 | |||
139 | if ($rs->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
140 | { |
||
141 | debug_write_log(DEBUG_NOTICE, 'Double click issue is detected.'); |
||
142 | exit; |
||
143 | } |
||
144 | |||
145 | switch ($state['responsible']) |
||
146 | { |
||
147 | case STATE_RESPONSIBLE_REMAIN: |
||
148 | $responsible_id = 0; |
||
149 | break; |
||
150 | case STATE_RESPONSIBLE_ASSIGN: |
||
151 | $responsible_id = try_request('responsible'); |
||
152 | break; |
||
153 | case STATE_RESPONSIBLE_REMOVE: |
||
154 | $responsible_id = NULL; |
||
155 | break; |
||
156 | default: |
||
157 | debug_write_log(DEBUG_WARNING, 'Unknown state responsible type = ' . $state['responsible']); |
||
158 | } |
||
159 | |||
160 | $error = record_validate(OPERATION_CHANGE_STATE, NULL, $id, $state_id); |
||
161 | |||
162 | if ($error == NO_ERROR) |
||
163 | { |
||
164 | $error = state_change($id, |
||
165 | $state_id, |
||
166 | $responsible_id, |
||
167 | ($state['state_type'] == STATE_TYPE_FINAL), |
||
168 | is_record_closed($record)); |
||
169 | } |
||
170 | |||
171 | View Code Duplication | switch ($error) |
|
172 | { |
||
173 | case NO_ERROR: |
||
174 | header('HTTP/1.0 200 OK'); |
||
175 | break; |
||
176 | |||
177 | case ERROR_INCOMPLETE_FORM: |
||
178 | send_http_error(get_html_resource(RES_ALERT_REQUIRED_ARE_EMPTY_ID)); |
||
179 | break; |
||
180 | |||
181 | case ERROR_INVALID_INTEGER_VALUE: |
||
182 | send_http_error(get_html_resource(RES_ALERT_INVALID_INTEGER_VALUE_ID)); |
||
183 | break; |
||
184 | |||
185 | case ERROR_INVALID_FLOAT_VALUE: |
||
186 | send_http_error(get_html_resource(RES_ALERT_INVALID_DECIMAL_VALUE_ID)); |
||
187 | break; |
||
188 | |||
189 | case ERROR_INVALID_DATE_VALUE: |
||
190 | send_http_error(get_html_resource(RES_ALERT_INVALID_DATE_VALUE_ID)); |
||
191 | break; |
||
192 | |||
193 | case ERROR_INVALID_TIME_VALUE: |
||
194 | send_http_error(get_html_resource(RES_ALERT_INVALID_TIME_VALUE_ID)); |
||
195 | break; |
||
196 | |||
197 | case ERROR_INTEGER_VALUE_OUT_OF_RANGE: |
||
198 | case ERROR_FLOAT_VALUE_OUT_OF_RANGE: |
||
199 | case ERROR_DATE_VALUE_OUT_OF_RANGE: |
||
200 | case ERROR_TIME_VALUE_OUT_OF_RANGE: |
||
201 | send_http_error(ustrprocess(get_js_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), $_SESSION['FIELD_NAME'], $_SESSION['MIN_FIELD_INTEGER'], $_SESSION['MAX_FIELD_INTEGER'])); |
||
202 | unset($_SESSION['FIELD_NAME']); |
||
203 | unset($_SESSION['MIN_FIELD_INTEGER']); |
||
204 | unset($_SESSION['MAX_FIELD_INTEGER']); |
||
205 | break; |
||
206 | |||
207 | case ERROR_RECORD_NOT_FOUND: |
||
208 | send_http_error(get_html_resource(RES_ALERT_RECORD_NOT_FOUND_ID)); |
||
209 | break; |
||
210 | |||
211 | case ERROR_VALUE_FAILS_REGEX_CHECK: |
||
212 | send_http_error(ustrprocess(get_js_resource(RES_ALERT_VALUE_FAILS_REGEX_CHECK_ID), $_SESSION['FIELD_NAME'], $_SESSION['FIELD_VALUE'])); |
||
213 | unset($_SESSION['FIELD_NAME']); |
||
214 | unset($_SESSION['FIELD_VALUE']); |
||
215 | break; |
||
216 | |||
217 | default: |
||
218 | send_http_error(get_html_resource(RES_ALERT_UNKNOWN_ERROR_ID)); |
||
219 | } |
||
220 | |||
221 | exit; |
||
222 | } |
||
223 | else |
||
224 | { |
||
225 | debug_write_log(DEBUG_NOTICE, 'Data are being requested.'); |
||
226 | |||
227 | $responsible_id = NULL; |
||
228 | } |
||
229 | |||
230 | // local JS functions |
||
231 | |||
232 | $resTitle = get_js_resource(RES_ERROR_ID); |
||
233 | $resOK = get_js_resource(RES_OK_ID); |
||
234 | |||
235 | $xml = <<<JQUERY |
||
236 | <script> |
||
237 | |||
238 | function stateSuccess () |
||
239 | { |
||
240 | closeModal(); |
||
241 | reloadTab(); |
||
242 | } |
||
243 | |||
244 | function stateError (XMLHttpRequest) |
||
245 | { |
||
246 | jqAlert("{$resTitle}", XMLHttpRequest.responseText, "{$resOK}"); |
||
247 | } |
||
248 | |||
249 | </script> |
||
250 | JQUERY; |
||
251 | |||
252 | // generate state form |
||
253 | |||
254 | $xml .= '<form name="stateform" action="state.php?id=' . $id . '&state=' . $state_id . '" success="stateSuccess" error="stateError">'; |
||
255 | |||
256 | // get list of latest values of related fields |
||
257 | |||
258 | $rs = dal_query('fields/listv.sql', $id, $state_id); |
||
259 | |||
260 | // if state is being used first time (no latest values yet), then get list of fields |
||
261 | |||
262 | if ($rs->rows == 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
263 | { |
||
264 | $rs = dal_query('fields/list.sql', $state_id, 'field_order'); |
||
265 | } |
||
266 | |||
267 | if ($rs->rows == 0 && $state['responsible'] != STATE_RESPONSIBLE_ASSIGN) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
268 | { |
||
269 | debug_write_log(DEBUG_NOTICE, 'No fields for specified state are found.'); |
||
270 | |||
271 | $xml .= '<div>' . get_html_resource(RES_CONFIRM_CHANGE_STATE_ID) . '</div>'; |
||
272 | } |
||
273 | else |
||
274 | { |
||
275 | // if state must be assigned, generate list of accounts |
||
276 | |||
277 | $xml .= '<group>'; |
||
278 | |||
279 | if ($state['responsible'] == STATE_RESPONSIBLE_ASSIGN) |
||
280 | { |
||
281 | debug_write_log(DEBUG_NOTICE, 'Record should be assigned.'); |
||
282 | |||
283 | $rs_res = dal_query('records/responsibles.sql', $state_id, $_SESSION[VAR_USERID]); |
||
284 | |||
285 | if ($rs_res->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
286 | { |
||
287 | $rs_last = dal_query('records/lastresp.sql', $id); |
||
288 | |||
289 | $last_responsible = ($rs_last->rows == 0) ? $_SESSION[VAR_USERID] : $rs_last->fetch('event_param'); |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
290 | |||
291 | $default_responsible = (is_null($record['responsible_id']) ? $last_responsible : $record['responsible_id']); |
||
292 | |||
293 | $xml .= '<control name="responsible" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
294 | . '<label>' . get_html_resource(RES_RESPONSIBLE_ID) . '</label>' |
||
295 | . '<combobox>'; |
||
296 | |||
297 | View Code Duplication | while (($row = $rs_res->fetch())) |
|
298 | { |
||
299 | $xml .= ($row['account_id'] == $default_responsible |
||
300 | ? '<listitem value="' . $row['account_id'] . '" selected="true">' |
||
301 | : '<listitem value="' . $row['account_id'] . '">') |
||
302 | . ustr2html(sprintf('%s (%s)', $row['fullname'], account_get_username($row['username']))) |
||
303 | . '</listitem>'; |
||
304 | } |
||
305 | |||
306 | $xml .= '</combobox>' |
||
307 | . '</control>'; |
||
308 | } |
||
309 | } |
||
310 | |||
311 | $flag1 = FALSE; |
||
312 | $flag2 = FALSE; |
||
313 | $notes = NULL; |
||
314 | $script = NULL; |
||
315 | |||
316 | // go through the list of fields |
||
317 | |||
318 | debug_write_log(DEBUG_NOTICE, 'Fields of specified state are being enumerated.'); |
||
319 | |||
320 | while (($row = $rs->fetch())) |
||
321 | { |
||
322 | $name = 'field' . $row['field_id']; |
||
323 | $value = NULL; |
||
324 | |||
325 | // determine default value of the field |
||
326 | |||
327 | $clone_id = is_record_cloned($id); |
||
328 | |||
329 | if (!is_null($row['value_id'])) |
||
330 | { |
||
331 | $value = $row['value_id']; |
||
332 | } |
||
333 | elseif ($clone_id != 0) |
||
334 | { |
||
335 | $rsv = dal_query('values/fndk.sql', $clone_id, $row['field_id']); |
||
336 | |||
337 | if ($rsv->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
338 | { |
||
339 | $value = $rsv->fetch('value_id'); |
||
340 | } |
||
341 | elseif (!is_null($row['value_id'])) |
||
342 | { |
||
343 | $value = $row['value_id']; |
||
344 | } |
||
345 | } |
||
346 | |||
347 | // adjust for current date the value of date fields |
||
348 | |||
349 | if ($row['field_type'] == FIELD_TYPE_DATE) |
||
350 | { |
||
351 | $today = time(); |
||
352 | |||
353 | $row['param1'] = date_offset($today, $row['param1']); |
||
354 | $row['param2'] = date_offset($today, $row['param2']); |
||
355 | |||
356 | if (!is_null($value)) |
||
357 | { |
||
358 | $value = date_offset($today, $value); |
||
359 | $value = ustr2int($value, $row['param1'], $row['param2']); |
||
360 | } |
||
361 | } |
||
362 | |||
363 | // convert to "human reading" format |
||
364 | $value = value_find($row['field_type'], $value); |
||
365 | |||
366 | if ($row['is_required']) |
||
367 | { |
||
368 | $flag1 = TRUE; |
||
369 | } |
||
370 | |||
371 | // generate control for the field |
||
372 | $xml .= '<control name="' . $name . '"' |
||
373 | . ($row['is_required'] && $row['field_type'] != FIELD_TYPE_CHECKBOX |
||
374 | ? ' required="' . get_html_resource(RES_REQUIRED3_ID) . '"' |
||
375 | : NULL) |
||
376 | . (ustrlen($row['description']) != 0 |
||
377 | ? ' description="true"' |
||
378 | : NULL) |
||
379 | . '>'; |
||
380 | |||
381 | switch ($row['field_type']) |
||
382 | { |
||
383 | case FIELD_TYPE_NUMBER: |
||
384 | |||
385 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
386 | |||
387 | $xml .= '<editbox maxlen="' . (ustrlen(MAX_FIELD_INTEGER) + 1) . '">' |
||
388 | . ustr2html(try_request($name, $value)) |
||
389 | . '</editbox>'; |
||
390 | |||
391 | $notes .= '<note>' |
||
392 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), ustr2html($row['field_name']), $row['param1'], $row['param2']) |
||
393 | . '</note>'; |
||
394 | |||
395 | break; |
||
396 | |||
397 | case FIELD_TYPE_FLOAT: |
||
398 | |||
399 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
400 | |||
401 | $xml .= '<editbox maxlen="' . ustrlen(MAX_FIELD_FLOAT) . '">' |
||
402 | . ustr2html(try_request($name, $value)) |
||
403 | . '</editbox>'; |
||
404 | |||
405 | $notes .= '<note>' |
||
406 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), |
||
407 | ustr2html($row['field_name']), |
||
408 | value_find(FIELD_TYPE_FLOAT, $row['param1']), |
||
409 | value_find(FIELD_TYPE_FLOAT, $row['param2'])) |
||
410 | . '</note>'; |
||
411 | |||
412 | break; |
||
413 | |||
414 | case FIELD_TYPE_STRING: |
||
415 | |||
416 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
417 | |||
418 | $xml .= '<editbox maxlen="' . $row['param1'] . '">' |
||
419 | . ustr2html(try_request($name, $value)) |
||
420 | . '</editbox>'; |
||
421 | |||
422 | $flag2 = TRUE; |
||
423 | |||
424 | break; |
||
425 | |||
426 | case FIELD_TYPE_MULTILINED: |
||
427 | |||
428 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
429 | |||
430 | $xml .= '<textbox rows="' . $_SESSION[VAR_TEXTROWS] . '" maxlen="' . MAX_FIELD_MULTILINED . '">' |
||
431 | . ustr2html(try_request($name, $value)) |
||
432 | . '</textbox>'; |
||
433 | |||
434 | $flag2 = TRUE; |
||
435 | |||
436 | break; |
||
437 | |||
438 | case FIELD_TYPE_CHECKBOX: |
||
439 | |||
440 | $user_value = (try_request('submitted') == 'fieldsform') |
||
441 | ? isset($_REQUEST[$name]) |
||
442 | : $value; |
||
443 | |||
444 | $xml .= '<label/>'; |
||
445 | |||
446 | $xml .= ($user_value |
||
447 | ? '<checkbox checked="true">' |
||
448 | : '<checkbox>') |
||
449 | . ustr2html($row['field_name']) |
||
450 | . '</checkbox>'; |
||
451 | |||
452 | break; |
||
453 | |||
454 | case FIELD_TYPE_LIST: |
||
455 | |||
456 | $selected = try_request($name, $value); |
||
457 | |||
458 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
459 | |||
460 | $xml .= '<combobox>' |
||
461 | . '<listitem value=""/>'; |
||
462 | |||
463 | $rsv = dal_query('values/lvlist.sql', $row['field_id']); |
||
464 | |||
465 | while (($item = $rsv->fetch())) |
||
466 | { |
||
467 | $xml .= ($selected == $item['int_value'] |
||
468 | ? '<listitem value="' . $item['int_value'] . '" selected="true">' |
||
469 | : '<listitem value="' . $item['int_value'] . '">') |
||
470 | . ustr2html($item['str_value']) |
||
471 | . '</listitem>'; |
||
472 | } |
||
473 | |||
474 | $xml .= '</combobox>'; |
||
475 | |||
476 | break; |
||
477 | |||
478 | case FIELD_TYPE_RECORD: |
||
479 | |||
480 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
481 | |||
482 | $xml .= '<editbox maxlen="' . ustrlen(MAXINT) . '">' |
||
483 | . ustr2html(try_request($name, $value)) |
||
484 | . '</editbox>'; |
||
485 | |||
486 | $notes .= '<note>' |
||
487 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), ustr2html($row['field_name']), 1, MAXINT) |
||
488 | . '</note>'; |
||
489 | |||
490 | break; |
||
491 | |||
492 | case FIELD_TYPE_DATE: |
||
493 | |||
494 | $xml .= '<label>' . sprintf('%s (%s)', ustr2html($row['field_name']), get_date_format_str()) . '</label>'; |
||
495 | |||
496 | $xml .= '<editbox maxlen="' . ustrlen(get_date(SAMPLE_DATE)) . '">' |
||
497 | . ustr2html(try_request($name, $value)) |
||
498 | . '</editbox>'; |
||
499 | |||
500 | $notes .= '<note>' |
||
501 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), ustr2html($row['field_name']), get_date($row['param1']), get_date($row['param2'])) |
||
502 | . '</note>'; |
||
503 | |||
504 | $script .= '$("#' . $name . '").datepicker($.datepicker.regional["' . $_SESSION[VAR_LOCALE] . '"]);'; |
||
505 | |||
506 | break; |
||
507 | |||
508 | case FIELD_TYPE_DURATION: |
||
509 | |||
510 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
511 | |||
512 | $xml .= '<editbox maxlen="' . ustrlen(time2ustr(MAX_FIELD_DURATION)) . '">' |
||
513 | . ustr2html(try_request($name, $value)) |
||
514 | . '</editbox>'; |
||
515 | |||
516 | $notes .= '<note>' |
||
517 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), ustr2html($row['field_name']), time2ustr($row['param1']), time2ustr($row['param2'])) |
||
518 | . '</note>'; |
||
519 | |||
520 | break; |
||
521 | |||
522 | default: |
||
523 | |||
524 | debug_write_log(DEBUG_WARNING, 'Unknown field type = ' . $row['field_type']); |
||
525 | } |
||
526 | |||
527 | View Code Duplication | if (strlen($row['description']) != 0) |
|
528 | { |
||
529 | $xml .= '<description>' |
||
530 | . update_references($row['description'], BBCODE_ALL) |
||
531 | . '</description>'; |
||
532 | } |
||
533 | |||
534 | $xml .= '</control>'; |
||
535 | |||
536 | if ($row['add_separator']) |
||
537 | { |
||
538 | $xml .= '<hr/>'; |
||
539 | } |
||
540 | } |
||
541 | |||
542 | if ($flag1) |
||
543 | { |
||
544 | $notes = '<note>' . get_html_resource(RES_ALERT_REQUIRED_ARE_EMPTY_ID) . '</note>' . $notes; |
||
545 | } |
||
546 | |||
547 | if ($flag2) |
||
548 | { |
||
549 | $notes .= '<note>' . get_html_resource(RES_LINK_TO_ANOTHER_RECORD_ID) . '</note>'; |
||
550 | } |
||
551 | |||
552 | $xml .= '</group>' |
||
553 | . $notes |
||
554 | . '<script>' . $script . '</script>'; |
||
555 | } |
||
556 | |||
557 | $xml .= '</form>'; |
||
558 | |||
559 | echo(xml2html($xml)); |
||
560 | |||
561 | ?> |
||
562 |
Since your code implements the magic setter
_set
, this function will be called for any write access on an undefined variable. You can add the@property
annotation to your class or interface to document the existence of this variable.Since the property has write access only, you can use the @property-write annotation instead.
Of course, you may also just have mistyped another name, in which case you should fix the error.
See also the PhpDoc documentation for @property.