From 12c84b8874fa23d15135e321b1287e25ba1ecda4 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 15 Nov 2013 18:06:03 -0600
Subject: [PATCH] forms: fixup a few sanity issues
* Require a label on form fields
* Require variable name to be unique per form
* Fixup duplicate phone numbers on upgrade
---
include/class.dynamic_forms.php | 3 +++
include/staff/dynamic-form.inc.php | 5 ++++-
include/upgrader/streams/core/dad45ca2-61c9d5d7.cleanup.sql | 2 +-
scp/forms.php | 5 +++++
4 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/include/class.dynamic_forms.php b/include/class.dynamic_forms.php
index b48ac67f5..73868aca0 100644
--- a/include/class.dynamic_forms.php
+++ b/include/class.dynamic_forms.php
@@ -284,6 +284,9 @@ class DynamicFormField extends VerySimpleModel {
function isValid() {
if (count($this->errors()) || !parent::isValid())
return false;
+ if (!$this->get('label'))
+ $this->addError(
+ "Label is required for custom form fields", "label");
if ($this->get('required') && !$this->get('name'))
$this->addError(
"Variable name is required for required fields", "name");
diff --git a/include/staff/dynamic-form.inc.php b/include/staff/dynamic-form.inc.php
index 254dc0fbe..26a30ae5b 100644
--- a/include/staff/dynamic-form.inc.php
+++ b/include/staff/dynamic-form.inc.php
@@ -110,7 +110,10 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
<tr>
<td><i class="icon-sort"></i></td>
<td><input type="text" size="32" name="label-<?php echo $id; ?>"
- value="<?php echo $f->get('label'); ?>"/></td>
+ value="<?php echo $f->get('label'); ?>"/>
+ <font class="error"><?php
+ if ($errors['label']) echo '<br/>'; echo $errors['label']; ?>
+ </td>
<td><select name="type-<?php echo $id; ?>" <?php
if (!$f->isChangeable()) echo 'disabled="disabled"'; ?>>
<?php foreach (FormField::allTypes() as $group=>$types) {
diff --git a/include/upgrader/streams/core/dad45ca2-61c9d5d7.cleanup.sql b/include/upgrader/streams/core/dad45ca2-61c9d5d7.cleanup.sql
index 8d3482a94..18de0a28e 100644
--- a/include/upgrader/streams/core/dad45ca2-61c9d5d7.cleanup.sql
+++ b/include/upgrader/streams/core/dad45ca2-61c9d5d7.cleanup.sql
@@ -83,9 +83,9 @@ INSERT INTO `%TABLE_PREFIX%form_entry_values` (
'-', ''),
'.', ''), 'X', A1.`phone_ext`))
FROM `%TABLE_PREFIX%ticket` A1
- INNER JOIN `%TABLE_PREFIX%form` A4 ON (`type`='U')
INNER JOIN `%TABLE_PREFIX%form_entry` A2 ON (A2.`object_id`
= A1.`ticket_id` AND A2.`object_type` = 'U')
+ INNER JOIN `%TABLE_PREFIX%form` A4 ON (A4.`id` = A2.`form_id`)
INNER JOIN `%TABLE_PREFIX%form_field` A3 ON (A2.`form_id`
= A4.`id`)
WHERE A3.`name` = 'phone' AND LENGTH(A1.`phone`)
diff --git a/scp/forms.php b/scp/forms.php
index 311207756..4e5b5aa6d 100644
--- a/scp/forms.php
+++ b/scp/forms.php
@@ -17,6 +17,7 @@ if($_POST) {
$form->set($f, $_POST[$f]);
if ($form->isValid())
$form->save(true);
+ $names = array();
foreach ($form->getDynamicFields() as $field) {
$id = $field->get('id');
if ($_POST["delete-$id"] == 'on' && $field->isDeletable()) {
@@ -38,6 +39,10 @@ if($_POST) {
$field->set($f, $_POST["$f-$id"]);
}
}
+ if (in_array($field->get('name'), $names))
+ $field->addError('Field variable name is not unique', 'name');
+ if ($field->get('name'))
+ $names[] = $field->get('name');
if ($field->isValid())
$field->save();
else
--
GitLab