Skip to content
Permalink
Browse files

updated the filtering to properly handle arrays;

resolves the issue with the project designer not working at all;
  • Loading branch information...
caseysoftware committed Feb 5, 2014
1 parent dce1871 commit 3edb12fcff4bb9e10281ae65bd33d206f1f0e81a
@@ -193,8 +193,16 @@ function w2PgetParam(&$arr, $name, $def = null)
$key = preg_replace("/[^A-Za-z0-9_]/", "", $name);
if (isset($arr[$key])) {
$_result = strip_tags($arr[$key]);
$result = preg_replace("/<>'\"\[\]{}:;/", "", $_result);
if (is_array($arr[$key])) {
$_result = $arr[$key];
foreach($_result as $_key => $_value) {
$_result[$_key] = preg_replace("/<>'\"\[\]{}:;/", "", $_value);
}
$result = $_result;
} else {
$_result = strip_tags($arr[$key]);
$result = preg_replace("/<>'\"\[\]{}:;/", "", $_result);
}
} else {
$result = $def;
}
@@ -4,11 +4,10 @@
}
// @todo refactor to use a core controller
// @todo remove database query
global $AppUI;
$project_id = w2PgetParam($_POST, 'project_id', 0);
$selected = w2PgetParam($_POST, 'bulk_selected_task', 0);
$selected = w2PgetParam($_POST, 'bulk_selected_task', array());
$bulk_task_project = w2PgetParam($_POST, 'bulk_task_project', '');
$bulk_task_parent = w2PgetParam($_POST, 'bulk_task_parent', '');
$bulk_task_dependency = w2PgetParam($_POST, 'bulk_task_dependency', '');
@@ -42,16 +41,10 @@
$bulk_move_date = (int) w2PgetParam($_POST, 'bulk_move_date', '0');
$bulk_task_percent_complete = w2PgetParam($_POST, 'bulk_task_percent_complete', '');
$perms = &$AppUI->acl();
if (!canEdit('tasks')) {
$AppUI->redirect(ACCESS_DENIED);
}
//Lets store the panels view options of the user:
$pdo = new CProjectDesigner();
$pdo->bind($_POST);
$pdo->store();
$updateFields = array('bulk_task_percent_complete' => $bulk_task_percent_complete,
'bulk_task_owner' => $bulk_task_owner, 'bulk_task_priority' => $bulk_task_priority,
'bulk_task_access' => $bulk_task_access, 'bulk_task_type' => $bulk_task_type,
@@ -187,7 +180,6 @@
if (isset($_POST['bulk_task_dependency']) && $bulk_task_dependency != '') {
if ($upd_task->task_id) {
//If parent is self task
//print_r($bulk_task_dependency);die;
if ($bulk_task_dependency == '0') {
$upd_task->task_dynamic = 0;
$upd_task->store();
@@ -26,7 +26,8 @@ class Main_Functions_Test extends PHPUnit_Framework_TestCase
public function testW2PgetParam()
{
$params = array('m' => 'projects', 'a' => 'view', 'v' => '<script>alert</script>',
'html' => '<div onclick="doSomething()">asdf</div>', '<script>' => 'Something Nasty');
'html' => '<div onclick="doSomething()">asdf</div>', '<script>' => 'Something Nasty',
'key' => array(1,2,3));
$this->assertEquals('projects', w2PgetParam($params, 'm'));
@@ -39,6 +40,10 @@ public function testW2PgetParam()
$this->assertEquals('asdf', w2PgetParam($params, 'html'));
$this->assertEquals('Some Default', w2PgetParam($params, '<script>', 'Some Default'));
$this->assertEquals(array(1,2,3), w2PgetParam($params, 'key', array()));
$this->assertEquals(array(), w2PgetParam($params, 'not-there', array()));
}
public function testArrayMerge()

0 comments on commit 3edb12f

Please sign in to comment.
You can’t perform that action at this time.