From 2f4458cf7c43957ec7c7fb9660ea9d74cf263b3b Mon Sep 17 00:00:00 2001
From: Denis Chenu <courriel@shnoulle.net>
Date: Fri, 4 Oct 2013 15:03:45 +0200
Subject: [PATCH] Fixed issue: #08206: Add answers to the set of labels is not
 possible in language code for "-" eg: pt-BR. Dev: remove xss filter uneeded
 Dev: use sanitize_languagecodeS for language and rules for label name

---
 application/controllers/admin/labels.php   |  4 ++--
 application/helpers/admin/label_helper.php | 16 +++-------------
 application/models/Labelsets.php           | 13 ++++++++++++-
 3 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/application/controllers/admin/labels.php b/application/controllers/admin/labels.php
index ae0670a8256..54e15144402 100644
--- a/application/controllers/admin/labels.php
+++ b/application/controllers/admin/labels.php
@@ -392,8 +392,8 @@ public function ajaxSets()
         if ($lid == 0)
         {
             $lset = new Labelsets;
-            $lset->label_name = sanitize_xss_string(Yii::app()->getRequest()->getPost('laname'));
-            $lset->languages = sanitize_xss_string($language);
+            $lset->label_name = Yii::app()->getRequest()->getPost('laname');
+            $lset->languages = sanitize_languagecodeS($language);
             $lset->save();
 
             $lid = getLastInsertID($lset->tableName());
diff --git a/application/helpers/admin/label_helper.php b/application/helpers/admin/label_helper.php
index ed765911c03..cc97289b6df 100644
--- a/application/helpers/admin/label_helper.php
+++ b/application/helpers/admin/label_helper.php
@@ -97,19 +97,9 @@ function insertlabelset()
     //	$labelsoutput.= $_POST['languageids'];  For debug purposes
     $clang = Yii::app()->lang;
 
+    $postlanguageids=sanitize_languagecodeS(Yii::app()->getRequest()->getPost('languageids'));
+    $postlabel_name=Yii::app()->getRequest()->getPost('label_name');
 
-    if (!empty($_POST['languageids']))
-    {
-        $postlanguageids=sanitize_languagecodeS($_POST['languageids']);
-    }
-
-    if (!empty($_POST['label_name']))
-    {
-        $postlabel_name=sanitize_labelname($_POST['label_name']);
-    }
-
-    //postlabel_name = dbQuoteAll($postlabel_name,true);
-    //$postlanguageids = dbQuoteAll($postlanguageids,true);
     $data = array(
     'label_name' => $postlabel_name,
     'languages' => $postlanguageids
@@ -119,7 +109,7 @@ function insertlabelset()
     $result=Labelsets::model()->insertRecords($data);
     if (!$result)
     {
-        safeDie("Inserting the label set failed:<br />".$query."<br />");
+        Yii::app()->session['flashmessage'] = $clang->gT("Inserting the label set failed.");
     }
     else
     {
diff --git a/application/models/Labelsets.php b/application/models/Labelsets.php
index 749cccf4a51..ae0ae6df57b 100644
--- a/application/models/Labelsets.php
+++ b/application/models/Labelsets.php
@@ -64,7 +64,18 @@ function getAllRecords($condition=FALSE)
 
         return $data;
 	}
-
+    /**
+    * Returns this model's validation rules
+    *
+    */
+    public function rules()
+    {
+        return array(
+            array('label_name','required'),
+            array('label_name','length', 'min' => 1, 'max'=>100),
+            array('label_name','LSYii_Validators'),
+        );
+    }
     function getLID()
     {
 		return Yii::app()->db->createCommand()->select('lid')->order('lid asc')->from('{{labelsets}}')->query()->readAll();