Skip to content

Commit

Permalink
Fixed issue #10825: No filter on number is done before try to save in DB
Browse files Browse the repository at this point in the history 
Dev: see #10827
  • Loading branch information
@Shnoulle
Shnoulle committed Mar 24, 2016
1 parent f6ade6d commit 65105ce
Showing 1 changed file with 20 additions and 16 deletions.
36 changes: 20 additions & 16 deletions application/helpers/expressions/em_manager_helper.php
View file
Expand Up @@ -4889,10 +4889,12 @@ static function StartSurvey($surveyid,$surveyMode='group',$aSurveyOptions=NULL,$
break;
case 'N': //NUMERICAL QUESTION TYPE
case 'K': //MULTIPLE NUMERICAL QUESTION
if (trim($value)=="") {
if (trim($value)=="")
{
$value = NULL;
}
else {
else
{
$value = sanitize_float($value);
}
break;
Expand Down Expand Up @@ -5278,6 +5280,7 @@ private function _UpdateValuesInDatabase($updatedValues, $finished=false)
{
return $message;
}

if (!isset($_SESSION[$this->sessid]['srid']))// Create the response line, and fill Session with primaryKey
{
$_SESSION[$this->sessid]['datestamp']=dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $this->surveyOptions['timeadjust']);
Expand Down Expand Up @@ -5373,15 +5376,16 @@ private function _UpdateValuesInDatabase($updatedValues, $finished=false)
$val = (is_null($value) ? NULL : $value['value']);
$type = (is_null($value) ? NULL : $value['type']);

// Clean up the values to cope with database storage requirements
// Clean up the values to cope with database storage requirements : some value are fitered in ProcessCurrentResponses
// @todo fix whole type according to DB : use Yii for this ?
switch($type)
{
case 'D': //DATE
if (trim($val)=='' || $val=="INVALID")
if (trim($val)=='' || $val=="INVALID")// otherwise will already be in yyyy-mm-dd format after ProcessCurrentResponses() (not for default value, GET value, Expression set value etc ... cf todo
{
$val=NULL; // since some databases can't store blanks in date fields
}
// otherwise will already be in yyyy-mm-dd format after ProcessCurrentResponses()

break;
case '|': //File upload
// This block can be removed once we require 5.3 or later
Expand All @@ -5391,7 +5395,8 @@ private function _UpdateValuesInDatabase($updatedValues, $finished=false)
break;
case 'N': //NUMERICAL QUESTION TYPE
case 'K': //MULTIPLE NUMERICAL QUESTION
if (trim($val)=='')
// @todo Validate a DECIMAL(30.10)
if (trim($val)=='' || !is_numeric($val))
{
$val=NULL; // since some databases can't store blanks in numerical inputs
}
Expand Down Expand Up @@ -6646,7 +6651,6 @@ function _ValidateQuestion($questionSeq,$force=false)
}
}


/////////////////////////////////////////////////////////////
// CREATE ARRAY OF VALUES THAT NEED TO BE SILENTLY UPDATED //
/////////////////////////////////////////////////////////////
Expand Down Expand Up @@ -8544,7 +8548,7 @@ static function ProcessCurrentResponses()
$value = preg_replace('|\,|', '', $value);
}

switch($type)
switch($type) // fix value before trying to save in DB : date and numeric only
{
case 'D': //DATE
$value=trim($value);
Expand All @@ -8569,14 +8573,14 @@ static function ProcessCurrentResponses()
}
}
break;
# case 'N': //NUMERICAL QUESTION TYPE
# case 'K': //MULTIPLE NUMERICAL QUESTION
# if (trim($value)=="") {
# $value = "";
# }
# else {
# $value = sanitize_float($value);
# }
case 'N': //NUMERICAL QUESTION TYPE
case 'K': //MULTIPLE NUMERICAL QUESTION
if (trim($value)=="") {
$value = "";
}
else {
$value = sanitize_float($value);
}
break;
case '|': //File Upload
if (!preg_match('/_filecount$/', $sq))
Expand Down

2 comments on commit 65105ce

@olleharstedt
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will there be a warning message if you try to save wrong data?

@Shnoulle
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For public ?

If you try AA in a numeric question type : Show AA , but return with "Error" at same page.

Try the files in bug report :)

Please sign in to comment.