Skip to content
Snippets Groups Projects
Commit b5ac5a7c authored by Jared Hancock's avatar Jared Hancock
Browse files

Merge remote branch 'upstream/develop' into develop-next

parents bd63ec6c 7bc88c39
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
include/ajax.tickets.php
+ 4
3
View file @ b5ac5a7c
......@@ -211,10 +211,11 @@ class TicketsAjaxAPI extends AjaxController {
foreach (TicketForm::getInstance()->getFields() as $f) {
if (isset($req[$f->getFormName()])
&& ($val = $req[$f->getFormName()])) {
$name = $f->get('name') ? $f->get('name') : 'field_'.$f->get('id');
$cwhere = "cdata.`$name` LIKE '%".db_real_escape($val)."%'";
$name = $f->get('name') ? db_real_escape($f->get('name'))
: 'field_'.$f->get('id');
$cwhere = "cdata.\"$name\" LIKE '%".db_real_escape($val)."%'";
if ($f->getImpl()->hasIdValue() && is_numeric($val))
$cwhere .= " OR cdata.`{$name}_id` = ".db_input($val);
$cwhere .= " OR cdata.\"{$name}_id\" = ".db_input($val);
$where .= ' AND ('.$cwhere.')';
$cdata_search = true;
}
......
include/class.dynamic_forms.php
+ 18
10
View file @ b5ac5a7c
......@@ -244,9 +244,9 @@ class TicketForm extends DynamicForm {
$fields = static::getDynamicDataViewFields();
$sql = 'CREATE TABLE `'.TABLE_PREFIX.'ticket__cdata` (PRIMARY KEY (ticket_id)) AS
SELECT entry.`object_id` AS ticket_id, '.implode(',', $fields)
.' FROM ost_form_entry entry
JOIN ost_form_entry_values ans ON ans.entry_id = entry.id
JOIN ost_form_field field ON field.id=ans.field_id
.' FROM '.FORM_ENTRY_TABLE.' entry
JOIN '.FORM_ANSWER_TABLE.' ans ON ans.entry_id = entry.id
JOIN '.FORM_FIELD_TABLE.' field ON field.id=ans.field_id
WHERE entry.object_type=\'T\' GROUP BY entry.object_id';
db_query($sql);
}
......@@ -261,17 +261,17 @@ class TicketForm extends DynamicForm {
if (!($e = $answer->getEntry()) || $e->get('object_type') != 'T')
return;
// If the `name` column is in the dirty list, we would be renaming a
// column. Delete the view instead.
if (isset($data['dirty']) && isset($data['dirty']['name']))
return self::dropDynamicDataView();
// $record = array();
// $record[$f] = $answer->value'
// TicketFormData::objects()->filter(array('ticket_id'=>$a))
// ->merge($record);
$sql = 'SHOW TABLES LIKE \''.TABLE_PREFIX.'ticket__cdata\'';
if (!db_num_rows(db_query($sql)))
return;
$f = $answer->getField();
$name = $f->get('name') ? $f->get('name') : 'field_'.$f->get('id');
$name = $f->get('name') ? $f->get('name')
: 'field_'.$f->get('id');
$ids = $f->hasIdValue();
$fields = sprintf('`%s`=', $name) . db_input($answer->get('value'));
if ($f->hasIdValue())
......@@ -279,7 +279,8 @@ class TicketForm extends DynamicForm {
$sql = 'INSERT INTO `'.TABLE_PREFIX.'ticket__cdata` SET '.$fields
.', `ticket_id`='.db_input($answer->getEntry()->get('object_id'))
.' ON DUPLICATE KEY UPDATE '.$fields;
db_query($sql);
if (!db_query($sql) || !db_affected_rows())
return self::dropDynamicDataView();
}
}
// Add fields from the standard ticket form to the ticket filterable fields
......@@ -309,6 +310,13 @@ Signal::connect('model.deleted',
array('TicketForm', 'dropDynamicDataView'),
'DynamicFormField',
function($o) { return $o->getForm()->get('type') == 'T'; });
// If the `name` column is in the dirty list, we would be renaming a
// column. Delete the view instead.
Signal::connect('model.updated',
array('TicketForm', 'dropDynamicDataView'),
'DynamicFormField',
// TODO: Lookup the dynamic form to verify {type == 'T'}
function($o, $d) { return isset($d['dirty']) && isset($d['dirty']['name']); });
require_once(INCLUDE_DIR . "class.json.php");
......
include/class.forms.php
+ 1
1
View file @ b5ac5a7c
......@@ -290,7 +290,7 @@ class FormField {
* $value - PHP value of the field's content
*/
function toString($value) {
return $value;
return (string) $value;
}
/**
......
include/class.ticket.php
+ 2
2
View file @ b5ac5a7c
......@@ -1925,7 +1925,7 @@ class Ticket {
if(!$staff || (!is_object($staff) && !($staff=Staff::lookup($staff))) || !$staff->isStaff())
return null;
$where = array();
$where = array('ticket.staff_id='.db_input($staff->getId()));
$where2 = '';
if(($teams=$staff->getTeams()))
......@@ -1935,7 +1935,7 @@ class Ticket {
$where[] = 'ticket.dept_id IN('.implode(',', db_input($depts)).') ';
if(!$cfg || !($cfg->showAssignedTickets() || $staff->showAssignedTickets()))
$where2 =' AND (ticket.staff_id=0 OR ticket.staff_id='.db_input($staff->getId()).') ';
$where2 =' AND ticket.staff_id=0 ';
$where = implode(' OR ', $where);
if ($where) $where = 'AND ( '.$where.' ) ';
......
include/staff/dynamic-form.inc.php
+ 3
2
View file @ b5ac5a7c
......@@ -123,7 +123,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
<tr>
<td><i class="icon-sort"></i></td>
<td><input type="text" size="32" name="label-<?php echo $id; ?>"
value="<?php echo $f->get('label'); ?>"/>
value="<?php echo Format::htmlchars($f->get('label')); ?>"/>
<font class="error"><?php
if ($ferrors['label']) echo '<br/>'; echo $ferrors['label']; ?>
</td>
......@@ -161,7 +161,8 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
</td>
<td>
<input type="text" size="20" name="name-<?php echo $id; ?>"
value="<?php echo $f->get('name'); ?>" <?php echo $force_name ?>/>
value="<?php echo Format::htmlchars($f->get('name'));
?>" <?php echo $force_name ?>/>
<font class="error"><?php
if ($ferrors['name']) echo '<br/>'; echo $ferrors['name'];
?></font>
......
scp/forms.php
+ 2
0
View file @ b5ac5a7c
......@@ -43,6 +43,8 @@ if($_POST) {
}
if (in_array($field->get('name'), $names))
$field->addError('Field variable name is not unique', 'name');
if (preg_match('/[.{}\'"`; ]/u', $field->get('name')))
$field->addError('Invalid character in variable name. Please use letters and numbers only.', 'name');
if ($field->get('name'))
$names[] = $field->get('name');
if ($field->isValid())
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment