Skip to content

Commit

Permalink
Fixed issue #7644: {TEMPLATEURL} cannot be used in predefined labels …
Browse files Browse the repository at this point in the history 
…inside "

Dev: updated model and add rules for xssfiltering
  • Loading branch information
@Shnoulle
Shnoulle committed Mar 11, 2013
1 parent 5f73ccb commit 897255a
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 43 deletions.
55 changes: 25 additions & 30 deletions application/helpers/admin/label_helper.php
View file
Expand Up @@ -157,7 +157,7 @@ function modlabelsetanswers($lid)

if ($ajax)
$lid = insertlabelset();

$aErrors=array();
if (count(array_unique($data->{'codelist'})) == count($data->{'codelist'}))
{

Expand All @@ -178,38 +178,33 @@ function modlabelsetanswers($lid)

$strTemp = 'text_'.$lang;
$title = $codeObj->$strTemp;

$p = new CHtmlPurifier();

if (Yii::app()->getConfig('filterxsshtml'))
$title = $p->purify($title);
$sortorder = $index;

$oLabel = new Label();
$oLabel->lid=$lid;
$oLabel->code=$actualcode;
$oLabel->title=$title;
$oLabel->sortorder=$sortorder;
$oLabel->assessment_value=$assessmentvalue;
$oLabel->language=$lang;
if($oLabel->validate())
{
$result=$oLabel->save();
}
else
$title = html_entity_decode($title, ENT_QUOTES, "UTF-8");


// Fix bug with FCKEditor saving strange BR types
$title = fixCKeditorText($title);
$sort_order = $index;

$insertdata = array(
'lid' => $lid,
'code' => $actualcode,
'title' => $title,
'sortorder' => $sort_order,
'assessment_value' => $assessmentvalue,
'language' => $lang
);

//$query = "INSERT INTO ".db_table_name('labels')." (`lid`,`code`,`title`,`sortorder`, `assessment_value`, `language`)
// VALUES('$lid',$actualcode,$title,$sort_order,$assessmentvalue,$lang)";

$result = Yii::app()->db->createCommand()->insert('{{labels}}', $insertdata);
{
$aErrors[]=$oLabel->getErrors();
}
}
}


Yii::app()->session['flashmessage'] = $clang->gT("Labels sucessfully updated");

if(count($aErrors))
{
Yii::app()->session['flashmessage'] = $clang->gT("Labels updated but with some error");
}
else
{
Yii::app()->session['flashmessage'] = $clang->gT("Labels sucessfully updated");
}
}
else
{
Expand Down
46 changes: 33 additions & 13 deletions application/models/Label.php
View file
Expand Up @@ -40,21 +40,41 @@ public function tableName()
*/
public function primaryKey()
{
return 'lid';
return 'lid,language';
}
/**
* Returns the static model of Settings table
*
* @static
* @access public
* @param string $class
* @return CActiveRecord
*/
public static function model($class = __CLASS__)
{
return parent::model($class);
}

/**
* Returns this model's validation rules
*
*/
public function rules()
{
return array(
array('lid','numerical', 'integerOnly'=>true),
array('code', 'unique', 'caseSensitive'=>true, 'criteria'=>array(
'condition'=>'lid = :lid AND language=:language',
'params'=>array(':lid'=>$this->lid,':language'=>$this->language)
),
'message'=>'{attribute} "{value}" is already in use.'),
array('title','LSYii_Validators'),
array('sortorder','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
array('language','length', 'min' => 2, 'max'=>20),// in array languages ?
array('assessment_value','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
);
}

/**
* Returns the static model of Settings table
*
* @static
* @access public
* @param string $class
* @return CActiveRecord
*/
public static function model($class = __CLASS__)
{
return parent::model($class);
}

function getAllRecords($condition=FALSE)
{
Expand Down

0 comments on commit 897255a

Please sign in to comment.