From 27d132f47fe77740e1c81b4e7314cb250aef533c Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 20 Jan 2014 13:43:34 -0600
Subject: [PATCH] Double check value entered in typeahead fields

If the text does not match the value on record in the custom list, then the
value entered in the field cannot be accepted.

NOTE: This may have unintended i18n consequences, where there are varying
ways to write a letter in Unicode which may be rendered the same but will
not be correct with a string ==.
---
 include/class.dynamic_forms.php | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/include/class.dynamic_forms.php b/include/class.dynamic_forms.php
index 8e4df839a..c22e563fe 100644
--- a/include/class.dynamic_forms.php
+++ b/include/class.dynamic_forms.php
@@ -879,7 +879,9 @@ class SelectionField extends FormField {
 
     function parse($value) {
         $config = $this->getConfiguration();
-        if (is_int($value) || !$config['typeahead'])
+        if (is_int($value))
+            return $this->to_php($this->getWidget()->getEnteredValue(), (int) $value);
+        elseif (!$config['typeahead'])
             return $this->to_php(null, (int) $value);
         else
             return $this->to_php($value);
@@ -889,7 +891,7 @@ class SelectionField extends FormField {
         if ($id && is_int($id))
             $item = DynamicListItem::lookup($id);
         # Attempt item lookup by name too
-        if (!$item) {
+        if (!$item || ($value !== null && $value != $item->get('value'))) {
             $item = DynamicListItem::lookup(array(
                 'value'=>$value,
                 'list_id'=>$this->getListId()));
@@ -908,9 +910,13 @@ class SelectionField extends FormField {
     }
 
     function validateEntry($item) {
+        $config = $this->getConfiguration();
         parent::validateEntry($item);
         if ($item && !$item instanceof DynamicListItem)
             $this->_errors[] = 'Select a value from the list';
+        elseif ($item && $config['typeahead']
+                && $this->getWidget()->getEnteredValue() != $item->get('value'))
+            $this->_errors[] = 'Select a value from the list';
     }
 
     function getConfigurationOptions() {
@@ -944,10 +950,8 @@ class SelectionWidget extends ChoicesWidget {
         } elseif ($this->value) {
             // Loaded from POST
             $value = $this->value;
-            $name = DynamicListItem::lookup($value);
-            $name = ($name) ? $name->get('value') : $value;
+            $name = $this->getEnteredValue();
         }
-
         if (!$config['typeahead']) {
             $this->value = $value;
             return parent::render();
@@ -989,5 +993,10 @@ class SelectionWidget extends ChoicesWidget {
             return (int) $data[$this->name.'_id'];
         return parent::getValue();
     }
+
+    function getEnteredValue() {
+        // Used to verify typeahead fields
+        return parent::getValue();
+    }
 }
 ?>
-- 
GitLab