Skip to content

Commit

Permalink
Bugfix - ensure question attributes are db->escaped() on insert/update
Browse files Browse the repository at this point in the history 
New Feature - auto-generate Relevance Equation from Conditions when save question
Upgrade Feature - improved tooltips in EM - For each variable, now shows the question, value, and either the SGQA code (if use Question-code-based naming), or Question Code (if using SGQA codes)
Dev ToDo - (a) convert all conditions to relevance on load, (b) auto-generate relevance from conditions all other times that conditions change.

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_ci@11098 b72ed6b6-b9f8-46b5-92b4-906544132732
  • Loading branch information
@TMSWhite
TMSWhite committed Oct 4, 2011
1 parent e5ee4a8 commit ea43942
Show file tree
Hide file tree
Showing 4 changed files with 74 additions and 27 deletions.
11 changes: 9 additions & 2 deletions application/controllers/admin/database.php
View file
Expand Up @@ -581,6 +581,12 @@ function index($action=null)

//now save all valid attributes
$validAttributes=$qattributes[$_POST['type']];
// if there are conditions, create a relevance equation, over-writing any default relevance value
$cond2rel = LimeExpressionManager::ConvertConditionsToRelevance($surveyid,$qid);
if (!is_null($cond2rel)) {
$_POST['relevance'] = $cond2rel;
}

foreach ($validAttributes as $validAttribute)
{
if ($validAttribute['i18n'])
Expand Down Expand Up @@ -615,16 +621,17 @@ function index($action=null)
$query = "select qaid from ".$this->db->dbprefix."question_attributes
WHERE attribute='".$validAttribute['name']."' AND qid=".$qid;
$result = db_execute_assoc($query); // or safe_die("Error updating attribute value<br />".$query."<br />".$connect->ErrorMsg()); // Checked
$value = $this->db->escape($_POST[$validAttribute['name']]);
if ($result->num_rows()>0)
{
$query = "UPDATE ".$this->db->dbprefix."question_attributes
SET value='".$_POST[$validAttribute['name']]."',language=NULL WHERE attribute='".$validAttribute['name']."' AND qid=".$qid;
SET value=".$value.",language=NULL WHERE attribute='".$validAttribute['name']."' AND qid=".$qid;
$result = db_execute_assoc($query) ; // or safe_die("Error updating attribute value<br />".$query."<br />".$connect->ErrorMsg()); // Checked
}
else
{
$query = "INSERT into ".$this->db->dbprefix."question_attributes
(qid, value, attribute) values ($qid,'".$_POST[$validAttribute['name']]."','{$validAttribute['name']}')";
(qid, value, attribute) values ($qid,$value,'{$validAttribute['name']}')";
$result = db_execute_assoc($query); // or safe_die("Error updating attribute value<br />".$query."<br />".$connect->ErrorMsg()); // Checked
}
}
Expand Down
46 changes: 28 additions & 18 deletions application/helpers/expressions/em_core_helper.php
View file
Expand Up @@ -1268,12 +1268,12 @@ public function GetPrettyPrintString()
$stringParts[] = "'</span>";
break;
case 'SGQA':
$codeValue = $this->GetVarAttribute($token[0], 'displayValue', '');
$messages[] = 'value=' . htmlspecialchars($codeValue,ENT_QUOTES,'UTF-8',false);
$stringParts[] = "<span title='" . implode('; ',$messages) . "' style='color: #4C88BE; font-weight: bold'>";
$stringParts[] = $token[0];
$stringParts[] = "</span>";
break;
// $codeValue = $this->GetVarAttribute($token[0], 'displayValue', '');
// $messages[] = 'value=' . htmlspecialchars($codeValue,ENT_QUOTES,'UTF-8',false);
// $stringParts[] = "<span title='" . implode('; ',$messages) . "' style='color: #4C88BE; font-weight: bold'>";
// $stringParts[] = $token[0];
// $stringParts[] = "</span>";
// break;
case 'WORD':
if ($i+1<$numTokens && $tokens[$i+1][2] == 'LP')
{
Expand All @@ -1292,27 +1292,36 @@ public function GetPrettyPrintString()
$isOnCurrentPage = $this->GetVarAttribute($token[0],'isOnCurrentPage','N');
$jsName = $this->GetVarAttribute($token[0],'jsName','');
$codeValue = $this->GetVarAttribute($token[0],'codeValue','');
if ($isOnCurrentPage=='Y')
{
$messages[] = 'Variable that is set on current page';
if ($jsName != '') {
$messages[] = $jsName;
$question = $this->GetVarAttribute($token[0], 'question', '');
$qcode= $this->GetVarAttribute($token[0],'qcode','');
if ($token[2] == 'SGQA' && $qcode != '') {
$descriptor = '[' . $qcode . ']: ';
}
else if ($jsName != '') {
$descriptor = '[' . $jsName . ']: ';
}
else {
$descriptor = '';
}
$messages[] = $descriptor . htmlspecialchars($question,ENT_QUOTES,'UTF-8',false);
if ($codeValue != '') {
if ($token[2] == 'SGQA' && preg_match('/^INSERTANS:/',$token[0])) {
$displayValue = $this->GetVarAttribute($token[0], 'displayValue', '');
$messages[] = 'value=[' . htmlspecialchars($codeValue,ENT_QUOTES,'UTF-8',false) . '] '
. htmlspecialchars($displayValue,ENT_QUOTES,'UTF-8',false);
}
if ($codeValue != '') {
else {
$messages[] = 'value=' . htmlspecialchars($codeValue,ENT_QUOTES,'UTF-8',false);
}
}
if ($isOnCurrentPage=='Y')
{
$stringParts[] = "<span title='". implode('; ',$messages) . "' style='color: #a0522d; font-weight: bold'>";
$stringParts[] = $token[0];
$stringParts[] = "</span>";
}
else
{
if ($jsName != '') {
$messages[] = $jsName;
}
if ($codeValue != '') {
$messages[] = 'value=' . htmlspecialchars($codeValue,ENT_QUOTES,'UTF-8',false);
}
$stringParts[] = "<span title='" . implode('; ',$messages) . "' style='color: #228b22; font-weight: bold'>";
$stringParts[] = $token[0];
$stringParts[] = "</span>";
Expand Down Expand Up @@ -1384,6 +1393,7 @@ public function GetVarAttribute($name,$attr,$default)
case 'relevanceNum':
case 'relevanceStatus':
case 'type':
case 'qcode':
return (isset($var[$attr])) ? $var[$attr] : $default;
case 'displayValue':
case 'shown':
Expand Down
29 changes: 26 additions & 3 deletions application/helpers/expressions/em_manager_helper.php
View file
Expand Up @@ -48,12 +48,19 @@ public function __clone()
trigger_error('Clone is not allowed.', E_USER_ERROR);
}

public function ConvertConditionsToRelevance($surveyId)
/**
* If $qid is set, returns the relevance equation generated from conditions (or NULL if there are no conditions for that $qid)
* If $qid is NULL, returns an array of relevance equations generated from Conditions, keyed on the question ID
* @param <type> $surveyId
* @param <type> $qid - if passed, only generates relevance equation for that question - otherwise genereates for all questions with conditions
* @return <type>
*/
public function ConvertConditionsToRelevance($surveyId, $qid=NULL)
{
$CI =& get_instance();
$CI->load->model('conditions_model');

$query = $CI->conditions_model->getAllRecordsForSurvey($surveyId);
$query = $CI->conditions_model->getAllRecordsForSurvey($surveyId,$qid);

$_qid = -1;
$relevanceEqns = array();
Expand Down Expand Up @@ -129,14 +136,28 @@ public function ConvertConditionsToRelevance($surveyId)
$relevanceEqn = implode(' and ', $scenarios);
$relevanceEqns[$_qid] = $relevanceEqn;
}
return $relevanceEqns;
if (is_null($qid)) {
return $relevanceEqns;
}
else {
if (isset($relevanceEqns[$qid]))
{
return $relevanceEqns[$qid];
}
else
{
return NULL;
}
}
}

public static function UnitTestConvertConditionsToRelevance()
{
$LEM =& LimeExpressionManager::singleton();
print_r($LEM->ConvertConditionsToRelevance(1));
print_r($LEM->ConvertConditionsToRelevance(26766));
print_r($LEM->ConvertConditionsToRelevance(26766,289));
print_r($LEM->ConvertConditionsToRelevance(26766,3)); // should be NULL
}

/**
Expand Down Expand Up @@ -344,9 +365,11 @@ public function setVariableAndTokenMappingsForExpressionManager($forceRefresh=fa
'relevance'=>$relevance,
'relevanceNum'=>'relevance' . $questionNum,
'relevanceStatus'=>$relStatus,
'qcode'=>$varName,
);
$this->knownVars[$varName] = $varInfo_Code;
$this->knownVars['INSERTANS:' . $code] = $varInfo_Code; // $varInfo_DisplayVal;
$this->knownVars[$code] = $varInfo_Code;

$this->jsVar2qid[$jsVarName] = $questionNum;

Expand Down
15 changes: 11 additions & 4 deletions application/models/conditions_model.php
View file
Expand Up @@ -2,12 +2,19 @@

class Conditions_model extends CI_Model {

function getAllRecordsForSurvey($surveyid)
function getAllRecordsForSurvey($surveyid, $qid=NULL)
{
$query = "select * from ".$this->db->dbprefix('conditions')
." where qid in (select qid from ".$this->db->dbprefix('questions')
." where sid = ".$surveyid
if (is_null($qid)) {
$query = "select * from ".$this->db->dbprefix('conditions')
." where qid in (select qid from ".$this->db->dbprefix('questions')
." where sid = ".$surveyid
.") order by qid, scenario, cqid";
}
else {
$query = "select * from ".$this->db->dbprefix('conditions')
." where qid = ".$qid
." order by qid, scenario, cqid";
}

$data = $this->db->query($query);

Expand Down

0 comments on commit ea43942

Please sign in to comment.