diff --git a/ajax-ac-insert.php b/ajax-ac-insert.php
index ee338688b..49144a97b 100644
--- a/ajax-ac-insert.php
+++ b/ajax-ac-insert.php
@@ -7,13 +7,25 @@
$_POST['offset'] = 0;
$offset = " OFFSET 0";
}
- $keyspos = array_combine($_POST['fkeynames'], $_POST['keys']);
- $keysnames = array_combine($_POST['fkeynames'], $_POST['keynames']);
+
+ $keynames = array();
+ foreach ($_POST['fkeynames'] as $k => $v) {
+ $fkeynames[$k] = html_entity_decode($v, ENT_QUOTES);
+ }
+
+ $keyspos = array_combine($fkeynames, $_POST['keys']);
+
+ $f_schema = html_entity_decode($_POST['f_schema'], ENT_QUOTES);
+ $data->fieldClean($f_schema);
+ $f_table = html_entity_decode($_POST['f_table'], ENT_QUOTES);
+ $data->fieldClean($f_table);
+ $f_attname = $fkeynames[$_POST['fattpos'][0]];
+ $data->fieldClean($f_attname);
$q = "SELECT *
- FROM \"{$_POST['f_schema']}\".\"{$_POST['f_table']}\"
- WHERE \"{$_POST['fkeynames'][$_POST['fattpos']]}\"::text LIKE '{$_POST['fvalue']}%'
- ORDER BY \"{$_POST['fkeynames'][$_POST['fattpos']]}\" LIMIT 12 {$offset};";
+ FROM \"{$f_schema}\".\"{$f_table}\"
+ WHERE \"{$f_attname}\"::text LIKE '{$_POST['fvalue']}%'
+ ORDER BY \"{$f_attname}\" LIMIT 12 {$offset};";
$res = $data->selectSet($q);
@@ -23,7 +35,7 @@
foreach (array_keys($res->fields) as $h) {
echo '
';
- if (in_array($h,$_POST['fkeynames']))
+ if (in_array($h, $fkeynames))
echo '';
echo htmlentities($h), ' | ';
@@ -34,7 +46,7 @@
while ((!$res->EOF) && ($i < 11)) {
echo "";
foreach ($res->fields as $n => $v) {
- if (in_array($n,$_POST['fkeynames']))
+ if (in_array($n, $fkeynames))
echo "",htmlentities($v), " | ";
else
echo "", htmlentities($v), " | ";
@@ -66,7 +78,7 @@
echo $js ."";
}
else {
- printf("{$lang['strnofkref']}
", "\"{$_POST['f_schema']}\".\"{$_POST['f_table']}\".\"{$_POST['fkeynames'][$_POST['fattpos']]}\"");
+ printf("{$lang['strnofkref']}
", "\"{$_POST['f_schema']}\".\"{$_POST['f_table']}\".\"{$fkeynames[$_POST['fattpos']]}\"");
if ($_POST['offset'])
echo "Prev <<";
diff --git a/classes/Misc.php b/classes/Misc.php
index b92e1dbf1..b9bf917fc 100644
--- a/classes/Misc.php
+++ b/classes/Misc.php
@@ -2154,6 +2154,28 @@ function printConnection($onchange) {
echo "
\n";
}
+ /**
+ * returns an array representing FKs definition for a table, sorted by fields
+ * or by constraint.
+ * @param $table The table to retrieve FK contraints from
+ * @returns the array of FK definition:
+ * array(
+ * 'byconstr' => array(
+ * constrain id => array(
+ * confrelid => foreign relation oid
+ * f_schema => foreign schema name
+ * f_table => foreign table name
+ * pattnums => array of parent's fields nums
+ * pattnames => array of parent's fields names
+ * fattnames => array of foreign attributes names
+ * )
+ * ),
+ * 'byfield' => array(
+ * attribute num => array (constraint id, ...)
+ * ),
+ * 'code' => HTML/js code to include in the page for auto-completion
+ * )
+ **/
function getAutocompleteFKProperties($table) {
global $data;
@@ -2186,7 +2208,7 @@ function getAutocompleteFKProperties($table) {
if (!isset($fksprops['byfield'][$constrs->fields['p_attnum']]))
$fksprops['byfield'][$constrs->fields['p_attnum']] = array();
- $fksprops['byfield'][$constrs->fields['p_attnum']] = $constrs->fields['conid'];
+ $fksprops['byfield'][$constrs->fields['p_attnum']][] = $constrs->fields['conid'];
}
$constrs->moveNext();
}
@@ -2196,8 +2218,8 @@ function getAutocompleteFKProperties($table) {
foreach ($fksprops['byconstr'] as $conid => $props) {
$fksprops['code'] .= "constrs.constr_{$conid} = {\n";
$fksprops['code'] .= 'pattnums: ['. implode(',',$props['pattnums']) ."],\n";
- $fksprops['code'] .= "f_table:\"". htmlentities($props['f_table']) ."\",\n";
- $fksprops['code'] .= "f_schema:\"". htmlentities($props['f_schema']) ."\",\n";
+ $fksprops['code'] .= "f_table:'". addslashes(htmlentities($props['f_table'], ENT_QUOTES)) ."',\n";
+ $fksprops['code'] .= "f_schema:'". addslashes(htmlentities($props['f_schema'], ENT_QUOTES)) ."',\n";
$_ = '';
foreach ($props['pattnames'] as $n) {
$_ .= ",'". htmlentities($n, ENT_QUOTES) ."'";
@@ -2215,12 +2237,12 @@ function getAutocompleteFKProperties($table) {
$fksprops['code'] .= "var attrs = {};\n";
foreach ($fksprops['byfield'] as $attnum => $cstrs ) {
- $fksprops['code'] .= "attrs.attr_{$attnum} = {$fksprops['byfield'][$attnum]};\n";
+ $fksprops['code'] .= "attrs.attr_{$attnum} = [". implode(',', $fksprops['byfield'][$attnum]) ."];\n";
}
- $fksprops['code'] .= "var table='". htmlentities($_REQUEST['table']) ."';";
+ $fksprops['code'] .= "var table='". addslashes(htmlentities($table, ENT_QUOTES)) ."';";
$fksprops['code'] .= "var server='". htmlentities($_REQUEST['server']) ."';";
- $fksprops['code'] .= "var database='". htmlentities($_REQUEST['database']) ."';";
+ $fksprops['code'] .= "var database='". addslashes(htmlentities($_REQUEST['database'], ENT_QUOTES)) ."';";
$fksprops['code'] .= "\n";
$fksprops['code'] .= '';
diff --git a/js/ac_insert_row.js b/js/ac_insert_row.js
index cd59e2c5f..5ca85efa3 100644
--- a/js/ac_insert_row.js
+++ b/js/ac_insert_row.js
@@ -53,7 +53,8 @@ function selectVal(index) {
function openlist(e) {
var elt = jQuery(e);
var attnum = elt.attr('id').match(/\d+/)[0];
- var conid = attrs['attr_'+attnum];
+ /* FIXME we only support the first FK constraint of the field */
+ var conid = attrs['attr_'+attnum][0];
var constr = constrs["constr_" + conid];