CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Output\Form to allow ACL controlled edit/view entries

Browse Source 
Fixed phpunit test runs with encoding test run and not resetting the
subsitute character back to default

Note: There are mime encoding failures for php 7.4 and 8.0 and one ACL
login failure test for php 7.4
This commit is contained in:
Clemens Schwaighofer
2022-09-06 11:17:03 +09:00
parent a8e75d158b
commit d5942f1430
25 changed files with 563 additions and 609 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
4dev/database/function/edit_access_set_uid.sql
View File

@@ -25,4 +25,4 @@ BEGIN
RETURN NEW;
END;
$$
LANGUAGE 'plpgsql';
LANGUAGE 'plpgsql';

2
4dev/database/function/edit_group_set_uid.sql
View File

@@ -25,4 +25,4 @@ BEGIN
RETURN NEW;
END;
$$
LANGUAGE 'plpgsql';
LANGUAGE 'plpgsql';

4
4dev/tests/CoreLibsACLLoginTest.php
View File

@@ -1477,7 +1477,7 @@ final class CoreLibsACLLoginTest extends TestCase
);
// - loginGetLoginHTML
$this->assertStringContainsString(
'<html>',
'<html lang="',
$login_mock->loginGetLoginHTML(),
'Assert login html string exits'
);
@@ -1529,7 +1529,7 @@ final class CoreLibsACLLoginTest extends TestCase
// html login basic check only, content is the same as when
// read from loginGetLoginHTML()
$this->assertStringContainsString(
'<html>',
'<html lang="',
$_POST['login_html'],
'Assert ajax _POST html string exits'
);

3
4dev/tests/CoreLibsCheckEncodingTest.php
View File

@@ -92,6 +92,7 @@ final class CoreLibsCheckEncodingTest extends TestCase
$error_char,
$expected
): void {
$current_subsitute_character = mb_substitute_character();
if ($error_char !== null) {
\CoreLibs\Check\Encoding::setErrorChar($error_char);
if (!in_array($error_char, ['none', 'long', 'entity'])) {
@@ -111,6 +112,8 @@ final class CoreLibsCheckEncodingTest extends TestCase
$expected,
$return
);
// reset after test
mb_substitute_character($current_subsitute_character);
}
}

2
4dev/tests/CoreLibsCreateEmailTest.php
View File

@@ -122,7 +122,7 @@ final class CoreLibsCreateEmailTest extends TestCase
* Undocumented function
*
* @dataProvider encodeEmailNameProvider
* @testdox encode email $email, name $name, encoding $encoding will be $expected [$_dataName]
* @testdox encode email $email, name $name, encoding $encoding, folding $kv_folding will be $expected [$_dataName]
*
* @return void
*/

2
4dev/tests/CoreLibsCreateSessionTest.php
View File

@@ -181,7 +181,7 @@ final class CoreLibsCreateSessionTest extends TestCase
string $type,
array $mock_data,
string $expected,
string $expected_error,
string $expected_error
): void {
// override expected
if ($type == 'd') {

2
4dev/tests/CoreLibsDBIOTest.php
View File

@@ -2536,7 +2536,7 @@ final class CoreLibsDBIOTest extends TestCase
private function subAssertCursorExtTestDbReturnFunction(
\CoreLibs\DB\IO $db,
string $query,
array $cursor_ext_checks,
array $cursor_ext_checks
): void {
// cursor check
if (

0
4dev/database/update/20190910-edit_update_missing_cuid.sql → 4dev/update/20190910_page_content/20190910-edit_update_missing_cuid.sql
View File

0
4dev/database/update/20191211-edit_tables_missing_columns.sql → 4dev/update/20191211_edit_add_missing_columns/20191211-edit_tables_missing_columns.sql
View File

0
4dev/database/update/20220617-edit_user_login_user_id_add.sql → 4dev/update/20220617_edit_user_login_update/20220617-edit_user_login_user_id_add.sql
View File

23
4dev/update/20220906_edit_acl_update/20220906_readme.md Normal file
View File

@@ -0,0 +1,23 @@
# Files to be changed
Change: Update Generate\Form to use ACL for form creation (basic)
Date: 2022/9/6
## File List
```sh
includes/table_arrays/array_edit_pages.php
includes/table_arrays/array_edit_users.php
includes/templates/admin/edit_body.tpl
includes/templates/admin/edit_elements.tpl
includes/templates/admin/edit_load.tpl
includes/templates/admin/edit_new.tpl
includes/templates/admin/edit_save_delete.tpl
includes/edit_base.php
lib/CoreLibs/ACL/Login.php
lib/CoreLibs/DB/Extended/ArrayIO.php
lib/CoreLibs/Convert/MimeEncode.php
lib/CoreLibs/Create/Email.php
lib/CoreLibs/Output/Form/Generate.php
```

426
www/composer.lock generated
View File

@@ -138,16 +138,16 @@
},
{
"name": "nikic/php-parser",
"version": "v4.13.2",
"version": "v4.15.1",
"source": {
"type": "git",
"url": "https://github.com/nikic/PHP-Parser.git",
"reference": "210577fe3cf7badcc5814d99455df46564f3c077"
"reference": "0ef6c55a3f47f89d7a374e6f835197a0b5fcf900"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/210577fe3cf7badcc5814d99455df46564f3c077",
"reference": "210577fe3cf7badcc5814d99455df46564f3c077",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/0ef6c55a3f47f89d7a374e6f835197a0b5fcf900",
"reference": "0ef6c55a3f47f89d7a374e6f835197a0b5fcf900",
"shasum": ""
},
"require": {
@@ -188,9 +188,9 @@
],
"support": {
"issues": "https://github.com/nikic/PHP-Parser/issues",
"source": "https://github.com/nikic/PHP-Parser/tree/v4.13.2"
"source": "https://github.com/nikic/PHP-Parser/tree/v4.15.1"
},
"time": "2021-11-30T19:35:32+00:00"
"time": "2022-09-04T07:30:47+00:00"
},
{
"name": "phar-io/manifest",
@@ -303,252 +303,25 @@
},
"time": "2022-02-21T01:04:05+00:00"
},
{
"name": "phpdocumentor/reflection-common",
"version": "2.2.0",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionCommon.git",
"reference": "1d01c49d4ed62f25aa84a747ad35d5a16924662b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionCommon/zipball/1d01c49d4ed62f25aa84a747ad35d5a16924662b",
"reference": "1d01c49d4ed62f25aa84a747ad35d5a16924662b",
"shasum": ""
},
"require": {
"php": "^7.2 || ^8.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-2.x": "2.x-dev"
}
},
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jaap van Otterdijk",
"email": "opensource@ijaap.nl"
}
],
"description": "Common reflection classes used by phpdocumentor to reflect the code structure",
"homepage": "http://www.phpdoc.org",
"keywords": [
"FQSEN",
"phpDocumentor",
"phpdoc",
"reflection",
"static analysis"
],
"support": {
"issues": "https://github.com/phpDocumentor/ReflectionCommon/issues",
"source": "https://github.com/phpDocumentor/ReflectionCommon/tree/2.x"
},
"time": "2020-06-27T09:03:43+00:00"
},
{
"name": "phpdocumentor/reflection-docblock",
"version": "5.3.0",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
"reference": "622548b623e81ca6d78b721c5e029f4ce664f170"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/622548b623e81ca6d78b721c5e029f4ce664f170",
"reference": "622548b623e81ca6d78b721c5e029f4ce664f170",
"shasum": ""
},
"require": {
"ext-filter": "*",
"php": "^7.2 || ^8.0",
"phpdocumentor/reflection-common": "^2.2",
"phpdocumentor/type-resolver": "^1.3",
"webmozart/assert": "^1.9.1"
},
"require-dev": {
"mockery/mockery": "~1.3.2",
"psalm/phar": "^4.8"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "5.x-dev"
}
},
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Mike van Riel",
"email": "me@mikevanriel.com"
},
{
"name": "Jaap van Otterdijk",
"email": "account@ijaap.nl"
}
],
"description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
"support": {
"issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
"source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.3.0"
},
"time": "2021-10-19T17:43:47+00:00"
},
{
"name": "phpdocumentor/type-resolver",
"version": "1.6.1",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/TypeResolver.git",
"reference": "77a32518733312af16a44300404e945338981de3"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/77a32518733312af16a44300404e945338981de3",
"reference": "77a32518733312af16a44300404e945338981de3",
"shasum": ""
},
"require": {
"php": "^7.2 || ^8.0",
"phpdocumentor/reflection-common": "^2.0"
},
"require-dev": {
"ext-tokenizer": "*",
"psalm/phar": "^4.8"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-1.x": "1.x-dev"
}
},
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Mike van Riel",
"email": "me@mikevanriel.com"
}
],
"description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
"support": {
"issues": "https://github.com/phpDocumentor/TypeResolver/issues",
"source": "https://github.com/phpDocumentor/TypeResolver/tree/1.6.1"
},
"time": "2022-03-15T21:29:03+00:00"
},
{
"name": "phpspec/prophecy",
"version": "v1.15.0",
"source": {
"type": "git",
"url": "https://github.com/phpspec/prophecy.git",
"reference": "bbcd7380b0ebf3961ee21409db7b38bc31d69a13"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpspec/prophecy/zipball/bbcd7380b0ebf3961ee21409db7b38bc31d69a13",
"reference": "bbcd7380b0ebf3961ee21409db7b38bc31d69a13",
"shasum": ""
},
"require": {
"doctrine/instantiator": "^1.2",
"php": "^7.2 || ~8.0, <8.2",
"phpdocumentor/reflection-docblock": "^5.2",
"sebastian/comparator": "^3.0 || ^4.0",
"sebastian/recursion-context": "^3.0 || ^4.0"
},
"require-dev": {
"phpspec/phpspec": "^6.0 || ^7.0",
"phpunit/phpunit": "^8.0 || ^9.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.x-dev"
}
},
"autoload": {
"psr-4": {
"Prophecy\\": "src/Prophecy"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Konstantin Kudryashov",
"email": "ever.zet@gmail.com",
"homepage": "http://everzet.com"
},
{
"name": "Marcello Duarte",
"email": "marcello.duarte@gmail.com"
}
],
"description": "Highly opinionated mocking framework for PHP 5.3+",
"homepage": "https://github.com/phpspec/prophecy",
"keywords": [
"Double",
"Dummy",
"fake",
"mock",
"spy",
"stub"
],
"support": {
"issues": "https://github.com/phpspec/prophecy/issues",
"source": "https://github.com/phpspec/prophecy/tree/v1.15.0"
},
"time": "2021-12-08T12:19:24+00:00"
},
{
"name": "phpunit/php-code-coverage",
"version": "9.2.15",
"version": "9.2.17",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-code-coverage.git",
"reference": "2e9da11878c4202f97915c1cb4bb1ca318a63f5f"
"reference": "aa94dc41e8661fe90c7316849907cba3007b10d8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/2e9da11878c4202f97915c1cb4bb1ca318a63f5f",
"reference": "2e9da11878c4202f97915c1cb4bb1ca318a63f5f",
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/aa94dc41e8661fe90c7316849907cba3007b10d8",
"reference": "aa94dc41e8661fe90c7316849907cba3007b10d8",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-libxml": "*",
"ext-xmlwriter": "*",
"nikic/php-parser": "^4.13.0",
"nikic/php-parser": "^4.14",
"php": ">=7.3",
"phpunit/php-file-iterator": "^3.0.3",
"phpunit/php-text-template": "^2.0.2",
@@ -597,7 +370,7 @@
],
"support": {
"issues": "https://github.com/sebastianbergmann/php-code-coverage/issues",
"source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.15"
"source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.17"
},
"funding": [
{
@@ -605,7 +378,7 @@
"type": "github"
}
],
"time": "2022-03-07T09:28:20+00:00"
"time": "2022-08-30T12:24:04+00:00"
},
{
"name": "phpunit/php-file-iterator",
@@ -850,16 +623,16 @@
},
{
"name": "phpunit/phpunit",
"version": "9.5.20",
"version": "9.5.24",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/phpunit.git",
"reference": "12bc8879fb65aef2138b26fc633cb1e3620cffba"
"reference": "d0aa6097bef9fd42458a9b3c49da32c6ce6129c5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/12bc8879fb65aef2138b26fc633cb1e3620cffba",
"reference": "12bc8879fb65aef2138b26fc633cb1e3620cffba",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/d0aa6097bef9fd42458a9b3c49da32c6ce6129c5",
"reference": "d0aa6097bef9fd42458a9b3c49da32c6ce6129c5",
"shasum": ""
},
"require": {
@@ -874,7 +647,6 @@
"phar-io/manifest": "^2.0.3",
"phar-io/version": "^3.0.2",
"php": ">=7.3",
"phpspec/prophecy": "^1.12.1",
"phpunit/php-code-coverage": "^9.2.13",
"phpunit/php-file-iterator": "^3.0.5",
"phpunit/php-invoker": "^3.1.1",
@@ -889,13 +661,9 @@
"sebastian/global-state": "^5.0.1",
"sebastian/object-enumerator": "^4.0.3",
"sebastian/resource-operations": "^3.0.3",
"sebastian/type": "^3.0",
"sebastian/type": "^3.1",
"sebastian/version": "^3.0.2"
},
"require-dev": {
"ext-pdo": "*",
"phpspec/prophecy-phpunit": "^2.0.1"
},
"suggest": {
"ext-soap": "*",
"ext-xdebug": "*"
@@ -937,7 +705,7 @@
],
"support": {
"issues": "https://github.com/sebastianbergmann/phpunit/issues",
"source": "https://github.com/sebastianbergmann/phpunit/tree/9.5.20"
"source": "https://github.com/sebastianbergmann/phpunit/tree/9.5.24"
},
"funding": [
{
@@ -949,7 +717,7 @@
"type": "github"
}
],
"time": "2022-04-01T12:37:26+00:00"
"time": "2022-08-30T07:42:16+00:00"
},
{
"name": "sebastian/cli-parser",
@@ -1808,16 +1576,16 @@
},
{
"name": "sebastian/type",
"version": "3.0.0",
"version": "3.1.0",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/type.git",
"reference": "b233b84bc4465aff7b57cf1c4bc75c86d00d6dad"
"reference": "fb44e1cc6e557418387ad815780360057e40753e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/type/zipball/b233b84bc4465aff7b57cf1c4bc75c86d00d6dad",
"reference": "b233b84bc4465aff7b57cf1c4bc75c86d00d6dad",
"url": "https://api.github.com/repos/sebastianbergmann/type/zipball/fb44e1cc6e557418387ad815780360057e40753e",
"reference": "fb44e1cc6e557418387ad815780360057e40753e",
"shasum": ""
},
"require": {
@@ -1829,7 +1597,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.0-dev"
"dev-master": "3.1-dev"
}
},
"autoload": {
@@ -1852,7 +1620,7 @@
"homepage": "https://github.com/sebastianbergmann/type",
"support": {
"issues": "https://github.com/sebastianbergmann/type/issues",
"source": "https://github.com/sebastianbergmann/type/tree/3.0.0"
"source": "https://github.com/sebastianbergmann/type/tree/3.1.0"
},
"funding": [
{
@@ -1860,7 +1628,7 @@
"type": "github"
}
],
"time": "2022-03-15T09:54:48+00:00"
"time": "2022-08-29T06:55:37+00:00"
},
{
"name": "sebastian/version",
@@ -1915,88 +1683,6 @@
],
"time": "2020-09-28T06:39:44+00:00"
},
{
"name": "symfony/polyfill-ctype",
"version": "v1.25.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-ctype.git",
"reference": "30885182c981ab175d4d034db0f6f469898070ab"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/30885182c981ab175d4d034db0f6f469898070ab",
"reference": "30885182c981ab175d4d034db0f6f469898070ab",
"shasum": ""
},
"require": {
"php": ">=7.1"
},
"provide": {
"ext-ctype": "*"
},
"suggest": {
"ext-ctype": "For best performance"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-main": "1.23-dev"
},
"thanks": {
"name": "symfony/polyfill",
"url": "https://github.com/symfony/polyfill"
}
},
"autoload": {
"files": [
"bootstrap.php"
],
"psr-4": {
"Symfony\\Polyfill\\Ctype\\": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Gert de Pagter",
"email": "BackEndTea@gmail.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony polyfill for ctype functions",
"homepage": "https://symfony.com",
"keywords": [
"compatibility",
"ctype",
"polyfill",
"portable"
],
"support": {
"source": "https://github.com/symfony/polyfill-ctype/tree/v1.25.0"
},
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2021-10-20T20:35:02+00:00"
},
{
"name": "theseer/tokenizer",
"version": "1.2.1",
@@ -2046,64 +1732,6 @@
}
],
"time": "2021-07-28T10:34:58+00:00"
},
{
"name": "webmozart/assert",
"version": "1.10.0",
"source": {
"type": "git",
"url": "https://github.com/webmozarts/assert.git",
"reference": "6964c76c7804814a842473e0c8fd15bab0f18e25"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/webmozarts/assert/zipball/6964c76c7804814a842473e0c8fd15bab0f18e25",
"reference": "6964c76c7804814a842473e0c8fd15bab0f18e25",
"shasum": ""
},
"require": {
"php": "^7.2 || ^8.0",
"symfony/polyfill-ctype": "^1.8"
},
"conflict": {
"phpstan/phpstan": "<0.12.20",
"vimeo/psalm": "<4.6.1 || 4.6.2"
},
"require-dev": {
"phpunit/phpunit": "^8.5.13"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.10-dev"
}
},
"autoload": {
"psr-4": {
"Webmozart\\Assert\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Bernhard Schussek",
"email": "bschussek@gmail.com"
}
],
"description": "Assertions to validate method input/output with nice error messages.",
"keywords": [
"assert",
"check",
"validate"
],
"support": {
"issues": "https://github.com/webmozarts/assert/issues",
"source": "https://github.com/webmozarts/assert/tree/1.10.0"
},
"time": "2021-03-09T10:59:23+00:00"
}
],
"aliases": [],

1
www/includes/edit_base.php
View File

@@ -552,6 +552,7 @@ if (is_dir(BASE . CACHE)) {
}
$smarty->display($EDIT_TEMPLATE, 'editAdmin_' . $smarty->lang, 'editAdmin_' . $smarty->lang);
$form->log->debug('DEBUGEND', '==================================== [Form END]');
// debug output
echo $login->log->printErrorMsg();
echo $form->log->printErrorMsg();

20
www/includes/table_arrays/array_edit_pages.php
View File

@@ -66,8 +66,8 @@ $edit_pages = [
'int' => 1,
'type' => 'binary',
'element_list' => [
'1' => 'Yes',
'0' => 'No'
'1' => 'Yes',
'0' => 'No'
],
],
'popup' => [
@@ -76,8 +76,8 @@ $edit_pages = [
'int' => 1,
'type' => 'binary',
'element_list' => [
'1' => 'Yes',
'0' => 'No'
'1' => 'Yes',
'0' => 'No'
],
],
'popup_x' => [
@@ -128,12 +128,12 @@ $edit_pages = [
'name' => 'filename',
'before_value' => 'Filename: '
],
[
'name' => 'online',
'binary' => ['Yes', 'No'],
'before_value' => 'Online: '
],
[
[
'name' => 'online',
'binary' => ['Yes', 'No'],
'before_value' => 'Online: '
],
[
'name' => 'menu',
'binary' => ['Yes', 'No'],
'before_value' => 'Menu: '

115
www/includes/table_arrays/array_edit_users.php
View File

@@ -15,7 +15,11 @@ $edit_users = [
'output_name' => 'Username',
'mandatory' => 1,
'error_check' => 'unique|alphanumericextended',
'type' => 'text'
'type' => 'text',
// if not min_edit_acl only read
// if not min_show_acl not visible
'min_edit_acl' => '100',
'min_show_acl' => '-1',
],
'password' => [
'value' => $GLOBALS['password'] ?? '',
@@ -30,6 +34,8 @@ $edit_users = [
'value' => 'NOW()' // value [todo: complex reference
],
],
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
// password date when first insert and password is set, needs special field with connection to password
// password reset force interval, if set, user needs to reset password after X time period
@@ -41,7 +47,9 @@ $edit_users = [
'type' => 'text',
'interval' => 1, // interval needs NULL write for empty
'size' => 5, // make it 5 chars long
'length' => 5
'length' => 5,
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'enabled' => [
'value' => $GLOBALS['enabled'] ?? '',
@@ -52,6 +60,8 @@ $edit_users = [
'1' => 'Yes',
'0' => 'No'
],
'min_edit_acl' => '100',
'min_show_acl' => '-1',
],
'deleted' => [
'value' => $GLOBALS['deleted'] ?? '',
@@ -62,6 +72,8 @@ $edit_users = [
'1' => 'Yes',
'0' => 'No'
],
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'strict' => [
'value' => $GLOBALS['strict'] ?? '',
@@ -72,6 +84,8 @@ $edit_users = [
'1' => 'Yes',
'0' => 'No'
],
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'locked' => [
'value' => $GLOBALS['locked'] ?? '',
@@ -82,6 +96,8 @@ $edit_users = [
'1' => 'Yes',
'0' => 'No'
],
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'admin' => [
'value' => $GLOBALS['admin'] ?? '',
@@ -92,6 +108,8 @@ $edit_users = [
'1' => 'Yes',
'0' => 'No'
],
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'debug' => [
'value' => $GLOBALS['debug'] ?? '',
@@ -102,6 +120,8 @@ $edit_users = [
'1' => 'Yes',
'0' => 'No'
],
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'db_debug' => [
'value' => $GLOBALS['db_debug'] ?? '',
@@ -112,22 +132,30 @@ $edit_users = [
'1' => 'Yes',
'0' => 'No'
],
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'email' => [
'value' => $GLOBALS['email'] ?? '',
'output_name' => 'E-Mail',
'type' => 'text',
'error_check' => 'email'
'error_check' => 'email',
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'last_name' => [
'value' => $GLOBALS['last_name'] ?? '',
'output_name' => 'Last Name',
'type' => 'text'
'type' => 'text',
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'first_name' => [
'value' => $GLOBALS['first_name'] ?? '',
'output_name' => 'First Name',
'type' => 'text'
'type' => 'text',
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'lock_until' => [
'value' => $GLOBALS['lock_until'] ?? '',
@@ -136,6 +164,8 @@ $edit_users = [
'error_check' => 'datetime',
'sql_read' => 'YYYY-MM-DD HH24:MI',
'datetime' => 1,
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'lock_after' => [
'value' => $GLOBALS['lock_after'] ?? '',
@@ -143,7 +173,8 @@ $edit_users = [
'type' => 'datetime',
'error_check' => 'datetime',
'sql_read' => 'YYYY-MM-DD HH24:MI',
'datetime' => 1,
'datetime' => 1,'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'login_user_id' => [
'value' => $GLOBALS['login_user_id'] ?? '',
@@ -151,19 +182,22 @@ $edit_users = [
'type' => 'text',
'error_check' => 'unique|custom',
'error_regex' => "/^[A-Za-z0-9]+$/",
'emptynull' => 1,
'emptynull' => 1,'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'login_user_id_set_date' => [
'output_name' => 'loginUserId set date',
'value' => $GLOBALS['login_user_id_set_date'] ?? '',
'type' => 'view',
'empty' => '-'
'empty' => '-',
'min_show_acl' => '100',
],
'login_user_id_last_revalidate' => [
'output_name' => 'loginUserId last revalidate date',
'value' => $GLOBALS['login_user_id_last_revalidate'] ?? '',
'type' => 'view',
'empty' => '-'
'empty' => '-',
'min_show_acl' => '100',
],
'login_user_id_locked' => [
'value' => $GLOBALS['login_user_id_locked'] ?? '',
@@ -174,6 +208,8 @@ $edit_users = [
'1' => 'Yes',
'0' => 'No'
],
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'login_user_id_revalidate_after' => [
'value' => $GLOBALS['login_user_id_revalidate_after'] ?? '',
@@ -182,7 +218,9 @@ $edit_users = [
'error_check' => 'intervalshort',
'interval' => 1, // interval needs NULL write for empty
'size' => 5, // make it 5 chars long
'length' => 5
'length' => 5,
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'login_user_id_valid_from' => [
'value' => $GLOBALS['login_user_id_valid_from'] ?? '',
@@ -191,6 +229,8 @@ $edit_users = [
'error_check' => 'datetime',
'sql_read' => 'YYYY-MM-DD HH24:MI',
'datetime' => 1,
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'login_user_id_valid_until' => [
'value' => $GLOBALS['login_user_id_valid_until'] ?? '',
@@ -199,6 +239,8 @@ $edit_users = [
'error_check' => 'datetime',
'sql_read' => 'YYYY-MM-DD HH24:MI',
'datetime' => 1,
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'edit_language_id' => [
'value' => $GLOBALS['edit_language_id'] ?? '',
@@ -206,14 +248,18 @@ $edit_users = [
'mandatory' => 1,
'int' => 1,
'type' => 'drop_down_db',
'query' => "SELECT edit_language_id, long_name FROM edit_language WHERE enabled = 1 ORDER BY order_number"
'query' => "SELECT edit_language_id, long_name FROM edit_language WHERE enabled = 1 ORDER BY order_number",
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'edit_scheme_id' => [
'value' => $GLOBALS['edit_scheme_id'] ?? '',
'output_name' => 'Scheme',
'int_null' => 1,
'type' => 'drop_down_db',
'query' => "SELECT edit_scheme_id, name FROM edit_scheme WHERE enabled = 1 ORDER BY name"
'query' => "SELECT edit_scheme_id, name FROM edit_scheme WHERE enabled = 1 ORDER BY name",
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'edit_group_id' => [
'value' => $GLOBALS['edit_group_id'] ?? '',
@@ -221,7 +267,9 @@ $edit_users = [
'int' => 1,
'type' => 'drop_down_db',
'query' => "SELECT edit_group_id, name FROM edit_group WHERE enabled = 1 ORDER BY name",
'mandatory' => 1
'mandatory' => 1,
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'edit_access_right_id' => [
'value' => $GLOBALS['edit_access_right_id'] ?? '',
@@ -229,25 +277,30 @@ $edit_users = [
'mandatory' => 1,
'int' => 1,
'type' => 'drop_down_db',
'query' => "SELECT edit_access_right_id, name FROM edit_access_right ORDER BY level"
'query' => "SELECT edit_access_right_id, name FROM edit_access_right ORDER BY level",
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'login_error_count' => [
'output_name' => 'Login error count',
'value' => $GLOBALS['login_error_count'] ?? '',
'type' => 'view',
'empty' => '0'
'empty' => '0',
'min_show_acl' => '100',
],
'login_error_date_last' => [
'output_name' => 'Last login error',
'value' => $GLOBALS['login_error_date_liast'] ?? '',
'type' => 'view',
'empty' => '-'
'empty' => '-',
'min_show_acl' => '100',
],
'login_error_date_first' => [
'output_name' => 'First login error',
'value' => $GLOBALS['login_error_date_first'] ?? '',
'type' => 'view',
'empty' => '-'
'empty' => '-',
'min_show_acl' => '100',
],
'protected' => [
'value' => $GLOBALS['protected'] ?? '',
@@ -258,6 +311,8 @@ $edit_users = [
'1' => 'Yes',
'0' => 'No'
],
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
'additional_acl' => [
'value' => $GLOBALS['additional_acl'] ?? '',
@@ -265,12 +320,27 @@ $edit_users = [
'type' => 'textarea',
'error_check' => 'json',
'rows' => 10,
'cols' => 60
'cols' => 60,
'min_edit_acl' => '100',
'min_show_acl' => '100',
],
],
'load_query' => "SELECT edit_user_id, username, enabled, deleted, "
. "strict, locked, login_error_count "
. "FROM edit_user ORDER BY username",
. "FROM edit_user "
// if base acl is not 90 only list enabled
// if not admin flag, do not list admin flagged
. (
!$GLOBALS['acl_admin'] ?
"WHERE admin = 0 "
. (
$GLOBALS['base_acl_level'] < 90 ?
"AND enabled = 1 " :
""
)
: ''
)
. "ORDER BY username",
'table_name' => 'edit_user',
'show_fields' => [
[
@@ -305,7 +375,12 @@ $edit_users = [
'edit_access_user' => [
'output_name' => 'Accounts',
'mandatory' => 1,
'delete' => 0, // set then reference entries are deleted, else the 'enable' flag is only set
// set then reference entries are deleted, else the 'enable' flag is only set
'delete' => 0,
// acl
'min_edit_acl' => '40',
'min_show_acl' => '20',
// table read prefix
'prefix' => 'ecu',
'read_data' => [
'table_name' => 'edit_access',

5
www/includes/templates/admin/edit_body.tpl
View File

@@ -83,13 +83,8 @@ function pop(theURL, winName, features) {
<td width="{$table_width}" class="edit_bgcolor">
<form method="post" name="edit_form" style="margin-block-end: 0em;">
<table width="100%" border="0" cellpadding="2" cellspacing="1">
<!-- LOAD START //-->
{include file="edit_load.tpl"}
<!-- LOAD END //-->
<!-- NEW START //-->
{include file="edit_new.tpl"}
{* $form_create_new*}
<!-- NEW END //-->
{if $form_yes}
{include file="edit_save_delete.tpl"}
{if $form_my_page_name == "edit_pages" && $filename_exist}

18
www/includes/templates/admin/edit_elements.tpl
View File

@@ -8,6 +8,7 @@
********************************************************************
*}
{foreach from=$elements item=element key=key name=loop}
{if $element.allow_edit}
<tr>
<td class="edit_fgcolor" class="normal" valign="top">
{$element.output_name}
@@ -129,4 +130,21 @@
{/if}
</td>
</tr>
{elseif $element.allow_show}
<tr>
<td class="edit_fgcolor" class="normal" valign="top">
{$element.output_name}
</td>
<td class="{$element.color}" class="normal">
{if $element.type != 'view'}
{$element.show_value}
<input type="hidden" name="{$element.data.name}" value="{$element.show_value}">
{else}
{$element.data.value}
{/if}
</td>
</tr>
{* {else}
<!-- No {$key} --> *}
{/if}
{/foreach}

3
www/includes/templates/admin/edit_load.tpl
View File

@@ -7,7 +7,7 @@
* HISTORY:
********************************************************************
*}
<!-- LOAD START //-->
<tr>
<td class="edit_fgcolor_alt" class="normal">
Load:
@@ -20,3 +20,4 @@
<input type="submit" name="archive" value="{t}Load{/t}">
</td>
</tr>
<!-- LOAD END //-->

5
www/includes/templates/admin/edit_new.tpl
View File

@@ -7,7 +7,8 @@
* HISTORY:
********************************************************************
*}
{if $new.seclevel_okay}
<!-- NEW START //-->
<tr>
<td class="edit_fgcolor_alt" class="normal">
{t}Create new media:{/t}
@@ -21,3 +22,5 @@
<input type="submit" name="new" value="{$new.new_name}">
</td>
</tr>
<!-- NEW END //-->
{/if}

8
www/includes/templates/admin/edit_save_delete.tpl
View File

@@ -7,16 +7,18 @@
* HISTORY:
********************************************************************
*}
<tr>
{if $save_delete.seclevel_okay}
<tr>
<!-- SAVE START //-->
<td class="edit_fgcolor_alt" class="normal">
<input type="submit" name="save" value="{$save_delete.save}">
{if $save_delete.old_school_hidden}
<input type="hidden" name="{$save_delete.pk_name}" value="{$save_delete.pk_value}">
{/if}
</td>
{/if}
<!-- SAVE END //-->
{if $save_delete.show_delete}
<!-- DELETE START //-->
<td class="edit_fgcolor_delete">
{if !$save_delete.hide_delete_checkbox}
<input type="checkbox" name="really_delete" value="yes">&nbsp;{t}really{/t}&nbsp;
@@ -24,9 +26,11 @@
<input type="hidden" name="really_delete" value="yes">
{/if}
<input type="submit" name="delete" value="{t}Delete{/t}">
<!-- DELETE END //-->
{else}
<td class="edit_fgcolor_alt" class="normal">
&nbsp;
{/if}
</td>
</tr>
{/if}

7
www/lib/CoreLibs/ACL/Login.php
View File

@@ -1131,6 +1131,9 @@ class Login
$html_string = (string)$this->login_template['template'];
$locales = $this->l->parseLocale($this->l->getLocale());
$this->login_template['strings']['LANGUAGE'] = $locales['lang'] ?? 'en';
// if password change is okay
if ($this->password_change) {
$html_string_password_change = $this->login_template['password_change'];
@@ -1334,7 +1337,7 @@ EOM;
if (!$this->login_template['template']) {
$this->login_template['template'] = <<<EOM
<!DOCTYPE html>
<html lang="en">
<html lang="{LANGUAGE}">
<head>
<title>{HTML_TITLE}</title>
<style type="text/css">
@@ -1617,7 +1620,7 @@ EOM;
// set the locale
if (
$this->session->checkActiveSession() === true &&
!empty($_SESSION['DEFAULT_LANG'])
!empty($_SESSION['DEFAULT_LOCALE'])
) {
$locale = $_SESSION['DEFAULT_LOCALE'] ?? '';
} else {

4
www/lib/CoreLibs/Convert/MimeEncode.php
View File

@@ -26,6 +26,7 @@ class MimeEncode
string $encoding,
string $line_break = "\r\n"
): string {
$current_internal_encoding = mb_internal_encoding();
// set internal encoding, so the mimeheader encode works correctly
mb_internal_encoding($encoding);
// if a subject, make a work around for the broken mb_mimencode
@@ -60,6 +61,9 @@ class MimeEncode
}
// strip out any spaces BEFORE a line break
$string = str_replace(" " . $line_break, $line_break, $_string);
// before we end, reset internal encoding
mb_internal_encoding($current_internal_encoding);
// return mime encoded string
return $string;
}
}

37
www/lib/CoreLibs/Create/Email.php
View File

@@ -45,27 +45,26 @@ class Email
string $encoding = 'UTF-8',
bool $kv_folding = false
): string {
if (!empty($email_name)) {
// if encoding is not UTF-8 then we convert
if ($encoding != 'UTF-8') {
$email_name = mb_convert_encoding($email_name, $encoding, 'UTF-8');
}
$email_name =
mb_encode_mimeheader(
in_array($encoding, self::$encoding_kv_allowed) && $kv_folding ?
mb_convert_kana(
$email_name,
self::$mb_convert_kana_mode,
$encoding
) :
$email_name,
$encoding
);
return '"' . $email_name . '" '
. '<' . (string)$email . '>';
} else {
if (empty($email_name)) {
return $email;
}
// if encoding is not UTF-8 then we convert
if ($encoding != 'UTF-8') {
$email_name = mb_convert_encoding($email_name, $encoding, 'UTF-8');
}
$email_name =
mb_encode_mimeheader(
in_array($encoding, self::$encoding_kv_allowed) && $kv_folding ?
mb_convert_kana(
$email_name,
self::$mb_convert_kana_mode,
$encoding
) :
$email_name,
$encoding
);
return '"' . $email_name . '" '
. '<' . (string)$email . '>';
}
/**

86
www/lib/CoreLibs/DB/Extended/ArrayIO.php
View File

@@ -46,21 +46,28 @@ class ArrayIO extends \CoreLibs\DB\IO
public $pk_name = ''; // the primary key from this table
/** @var int|string|null */
public $pk_id; // the PK id
// security values
/** @var int base acl for current page */
private $base_acl_level = 0;
/**
* constructor for the array io class, set the
* primary key name automatically (from array)
*
* @param array<mixed> $db_config db connection config
* @param array<mixed> $table_array table array config
* @param string $table_name table name string
* @param array<mixed> $db_config db connection config
* @param array<mixed> $table_array table array config
* @param string $table_name table name string
* @param \CoreLibs\Debug\Logging|null $log Logging class, default set if not set
* @param int $base_acl_level Set base acl level, if needed
* @param int $acl_admin Flag if this is an admin ACL access level
*/
public function __construct(
array $db_config,
array $table_array,
string $table_name,
\CoreLibs\Debug\Logging $log = null
\CoreLibs\Debug\Logging $log = null,
int $base_acl_level = 0,
int $acl_admin = 0
) {
// instance db_io class
parent::__construct($db_config, $log ?? new \CoreLibs\Debug\Logging());
@@ -79,6 +86,7 @@ class ArrayIO extends \CoreLibs\DB\IO
}
}
} // set pk_name IF table_array was given
$this->dbArrayIOSetAcl($base_acl_level, $acl_admin);
}
/**
@@ -89,6 +97,33 @@ class ArrayIO extends \CoreLibs\DB\IO
parent::__destruct();
}
/**
* set the base acl level and admin acl flag
* This is needed for table array ACL checks
* if not set I assume 0 (non write/non read/non admin)
*
* @param int $base_acl_level ACL Level from 0 to 100, -1 is not allowed
* Will sett 0 if invalid
* @param int $acl_admin 0 for non admin, 1 for admin (base acl is 100)
* @return void
*/
public function dbArrayIOSetAcl(int $base_acl_level, int $acl_admin): void
{
// default not allowed, must be 0 at least
if ($base_acl_level < 0) {
$base_acl_level = 0;
}
// only 0 or 1 allowed
if (!in_array($acl_admin, [0, 1])) {
$acl_admin = 0;
}
// if the user is admin flagged, auto set to 100, if not already set to 100
if ($acl_admin == 1) {
$base_acl_level = 100;
}
$this->base_acl_level = $base_acl_level;
}
/**
* changes all previously alterd HTML code into visible one,
* works for <b>,<i>, and <a> (thought <a> can be / or should
@@ -191,9 +226,10 @@ class ArrayIO extends \CoreLibs\DB\IO
*
* @param array<mixed> $table_array optional override for table array set
* set this as new table array too
* @param boolean $acl_limit [false], if set to true, well do ACL limit check
* @return array<mixed> returns the table array that was deleted
*/
public function dbDelete($table_array = [])
public function dbDelete($table_array = [], $acl_limit = false)
{
// is array and has values, override set and set new
if (is_array($table_array) && count($table_array)) {
@@ -202,6 +238,11 @@ class ArrayIO extends \CoreLibs\DB\IO
if (!$this->dbCheckPkSet()) {
return $this->table_array;
}
if ($acl_limit === true && $this->base_acl_level < 100) {
$this->log->debug('DB DELETE ERROR', 'ACL Limit on, Delete, '
. 'but base ACL level of 100 not met: ' . $this->base_acl_level);
return $this->table_array;
}
// delete query
$q = 'DELETE FROM ' . $this->table_name . ' WHERE ';
$q .= $this->pk_name . ' = ' . $this->table_array[$this->pk_name]['value'] . ' ';
@@ -338,10 +379,14 @@ class ArrayIO extends \CoreLibs\DB\IO
*
* @param boolean $addslashes old convert entities and set set escape
* @param array<mixed> $table_array optional table array, overwrites internal one
* @param boolean $acl_limit [false], if set to true, well do ACL limit check
* @return array<mixed> table array or null
*/
public function dbWrite($addslashes = false, $table_array = [])
{
public function dbWrite(
bool $addslashes = false,
array $table_array = [],
bool $acl_limit = false
): array {
if (is_array($table_array) && count($table_array)) {
$this->table_array = $table_array;
}
@@ -355,6 +400,12 @@ class ArrayIO extends \CoreLibs\DB\IO
} else {
$insert = 0;
}
// early abort for new write with not enough ACL level
if ($insert && $acl_limit === true && $this->base_acl_level < 100) {
$this->log->debug('DB WRITE ERROR', 'ACL Limit on, Insert, '
. 'but base ACL level of 100 not met: ' . $this->base_acl_level);
return $this->table_array;
}
reset($this->table_array);
$q_data = '';
@@ -408,11 +459,25 @@ class ArrayIO extends \CoreLibs\DB\IO
/********************************* END FILE **************************************/
// do not write 'pk' (primary key) or 'view' values
// also do not write UPDATE for elements that are
// acl flagged, not if we have an ACL limiter, don't insert
// $this->log->debug('DB WRITE', 'C: ' . $column . ', '
// . 'ACL Level ' . $this->log->prBl($acl_limit) . ', '
// . 'TA ACL: ' . ($this->table_array[$column]['min_edit_acl'] ?? 100) . ', '
// . 'Base ACL: ' . $this->base_acl_level);
if (
!isset($this->table_array[$column]['pk']) &&
isset($this->table_array[$column]['type']) &&
$this->table_array[$column]['type'] != 'view' &&
strlen($column) > 0
strlen($column) > 0 &&
// no acl limiter
($acl_limit === false ||
(
// acl limit is true, min edit must be at larger than set
$acl_limit === true &&
$this->base_acl_level >=
($this->table_array[$column]['min_edit_acl'] ?? 100)
))
) {
// for password use hidden value if main is not set
if (
@@ -510,6 +575,11 @@ class ArrayIO extends \CoreLibs\DB\IO
}
} // while ...
if (empty($q_data)) {
$this->log->debug('DB WRITE ERROR', 'No data to write, possible through ACL');
return $this->table_array;
}
// NOW get PK, and FK settings (FK only for update query)
// get it at the end, cause now we can be more sure of no double IDs, etc
reset($this->table_array);

397
www/lib/CoreLibs/Output/Form/Generate.php
View File

@@ -270,9 +270,11 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
public $save;
/** @var string */
public $remove_button;
// security publics
/** @var int */
public $base_acl_level;
// security values
/** @var int base acl for current page */
private $base_acl_level = 0;
/** @var int admin master flag (1/0) */
private $acl_admin = 0;
/** @var array<mixed> */
public $security_level;
// layout publics
@@ -336,6 +338,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
// load config array
// get table array definitions for current page name
// security settings
$this->base_acl_level = (int)$_SESSION['BASE_ACL_LEVEL'];
$this->acl_admin = (int)$_SESSION['ADMIN'];
$GLOBALS['base_acl_level'] = $this->base_acl_level;
$GLOBALS['acl_admin'] = $this->acl_admin;
// first check if we have a in page override as $table_arrays[page name]
if (
/* isset($GLOBALS['table_arrays']) &&
@@ -348,7 +356,8 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
// $config_array = $GLOBALS['table_arrays'][System::getPageName(1)];
$config_array = $table_arrays[System::getPageName(1)];
} else {
// WARNING: auto spl load does not work with this as it is an array and not a function/object
// WARNING: auto spl load does not work with this as it is an array
// and not a function/object
// check if this is the old path or the new path
// check local folder in current path
// then check general global folder
@@ -383,8 +392,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$db_config,
$config_array['table_array'],
$config_array['table_name'],
$log ?? new \CoreLibs\Debug\Logging()
$log ?? new \CoreLibs\Debug\Logging(),
// set the ACL
$this->base_acl_level,
$this->acl_admin
);
// $this->log->debug('SESSION FORM', 'sessin: ' . $this->log->prAr($_SESSION));
// here should be a check if the config_array is correct ...
if (isset($config_array['show_fields']) && is_array($config_array['show_fields'])) {
$this->field_array = $config_array['show_fields'];
@@ -392,6 +405,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
if (isset($config_array['load_query']) && $config_array['load_query']) {
$this->load_query = $config_array['load_query'];
}
if (empty($this->load_query)) {
$this->log->debug('INIT ERROR', 'Missing Load Query for: ' . $this->my_page_name);
}
$this->archive_pk_name = 'a_' . $this->pk_name;
$this->col_name = str_replace('_id', '', $this->pk_name);
$this->int_pk_name = $this->pk_name;
@@ -416,8 +432,6 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$this->save = $_POST['save'] ?? '';
$this->remove_button = $_POST['remove_button'] ?? '';
// security settings
$this->base_acl_level = $_SESSION['BASE_ACL_LEVEL'] ?? 0;
// security levels for buttons/actions
// if array does not exists create basic
if (
@@ -428,9 +442,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
)
) {
$this->security_level = [
'load' => 100,
'load' => 20,
'new' => 100,
'save' => 100,
'save' => 40,
'delete' => 100
];
} else {
@@ -438,9 +452,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$this->security_level = isset($config_array['security_level']) ?
$config_array['security_level'] :
[
'load' => 100,
'load' => 20,
'new' => 100,
'save' => 100,
'save' => 40,
'delete' => 100
];
}
@@ -489,8 +503,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
* @param string|null $key_value value to match to (optional)
* @return string|null returns key found or empty string
*/
public function formGetColNameFromKey(string $want_key, ?string $key_value = null): ?string
{
public function formGetColNameFromKey(
string $want_key,
?string $key_value = null
): ?string {
if (!is_array($this->table_array)) {
$this->table_array = [];
}
@@ -513,8 +529,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
* @param string|null $key_value if set searches for special right value
* @return array<mixed> found key fields
*/
public function formGetColNameArrayFromKey(string $want_key, ?string $key_value = null): array
{
public function formGetColNameArrayFromKey(
string $want_key,
?string $key_value = null
): array {
$key_array = [];
if (!is_array($this->table_array)) {
$this->table_array = [];
@@ -648,8 +666,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
* @param array<mixed> $remove_name key names that should be removed
* @return void has no return
*/
public function formProcedureDeleteFromElementList(array $element_list, array $remove_name): void
{
public function formProcedureDeleteFromElementList(
array $element_list,
array $remove_name
): void {
/** @phan-suppress-next-line PhanTypeArraySuspiciousNullable */
$this->log->debug('REMOVE ELEMENT', 'Remove REF ELEMENT: ' . $this->base_acl_level . ' >= '
. $this->security_level['delete']);
@@ -752,55 +772,72 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$t_pk_name = '';
$pk_names = [];
$pk_ids = [];
$seclevel_okay = false;
// for error abort only
$return_array = [
't_pk_name' => $t_pk_name,
'pk_ids' => $pk_ids,
'pk_names' => $pk_names,
'pk_selected' => $pk_selected,
'seclevel_okay' => $seclevel_okay,
];
// when security level is okay ...
if (
isset($this->security_level['load']) &&
$this->base_acl_level >= $this->security_level['load']
empty($this->security_level['load']) ||
$this->base_acl_level < $this->security_level['load']
) {
$t_pk_name = $this->archive_pk_name;
return $return_array;
}
if (empty($this->load_query)) {
$this->log->debug('LOAD LIST ERROR', 'Missing load list query');
return $return_array;
}
// load list data
$this->dbExec($this->load_query);
while (is_array($res = $this->dbFetchArray())) {
$pk_ids[] = $res[$this->int_pk_name];
if (
isset($this->table_array[$this->int_pk_name]['value']) &&
$res[$this->int_pk_name] == $this->table_array[$this->int_pk_name]['value']
) {
$pk_selected = $res[$this->int_pk_name];
}
$t_string = '';
foreach ($this->field_array as $i => $field_array) {
if ($t_string) {
$t_string .= ', ';
}
if (isset($field_array['before_value'])) {
$t_string .= $field_array['before_value'];
}
// must have res element set
if (
isset($field_array['name']) &&
isset($res[$field_array['name']])
) {
if (isset($field_array['binary'])) {
if (isset($field_array['binary'][0])) {
$t_string .= $field_array['binary'][0];
} elseif (isset($field_array['binary'][1])) {
$t_string .= $field_array['binary'][1];
}
} else {
$t_string .= $res[$field_array['name']];
}
}
}
$pk_names[] = $t_string;
$t_pk_name = $this->archive_pk_name;
// load list data
$this->dbExec($this->load_query);
while (is_array($res = $this->dbFetchArray())) {
$pk_ids[] = $res[$this->int_pk_name];
if (
isset($this->table_array[$this->int_pk_name]['value']) &&
$res[$this->int_pk_name] == $this->table_array[$this->int_pk_name]['value']
) {
$pk_selected = $res[$this->int_pk_name];
}
} // show it at all
$t_string = '';
foreach ($this->field_array as $i => $field_array) {
if ($t_string) {
$t_string .= ', ';
}
if (isset($field_array['before_value'])) {
$t_string .= $field_array['before_value'];
}
// must have res element set
if (
isset($field_array['name']) &&
isset($res[$field_array['name']])
) {
if (isset($field_array['binary'])) {
if (isset($field_array['binary'][0])) {
$t_string .= $field_array['binary'][0];
} elseif (isset($field_array['binary'][1])) {
$t_string .= $field_array['binary'][1];
}
} else {
$t_string .= $res[$field_array['name']];
}
}
}
$pk_names[] = $t_string;
}
$seclevel_okay = true;
return [
't_pk_name' => $t_pk_name,
'pk_ids' => $pk_ids,
'pk_names' => $pk_names,
'pk_selected' => $pk_selected
'pk_selected' => $pk_selected,
'seclevel_okay' => $seclevel_okay,
];
}
@@ -808,30 +845,38 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
* Create new entry element for HTML output
*
* @param bool $hide_new_checkbox show or hide the new checkbox, default is false
* @return array<string,string|int> return the new create array with name & checkbox show flag
* @return array<string,string|bool> return the new create array with name & checkbox show flag
*/
public function formCreateNew($hide_new_checkbox = false): array
public function formCreateNew(bool $hide_new_checkbox = false): array
{
$show_checkbox = 0;
$show_checkbox = false;
$new_name = '';
$seclevel_okay = false;
// when security level is okay
if (
isset($this->security_level['new']) &&
$this->base_acl_level >= $this->security_level['new']
empty($this->security_level['new']) ||
$this->base_acl_level < $this->security_level['new']
) {
if ($this->yes && !$hide_new_checkbox) {
$show_checkbox = 1;
}
// set type of new name
if ($this->yes) {
$new_name = $this->l->__('Clear all and create new');
} else {
$new_name = $this->l->__('New');
}
} // security level okay
return [
'new_name' => $new_name,
'show_checkbox' => $show_checkbox,
'seclevel_okay' => $seclevel_okay,
];
}
if ($this->yes && !$hide_new_checkbox) {
$show_checkbox = false;
}
// set type of new name
if ($this->yes) {
$new_name = $this->l->__('Clear all and create new');
} else {
$new_name = $this->l->__('New');
}
$seclevel_okay = true;
return [
'new_name' => $new_name,
'show_checkbox' => $show_checkbox
'show_checkbox' => $show_checkbox,
'seclevel_okay' => $seclevel_okay,
];
}
@@ -842,42 +887,57 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
* @return array<string,mixed> return the hide/show delete framework
* for html creation
*/
public function formCreateSaveDelete($hide_delete = false, $hide_delete_checkbox = false): array
{
$seclevel_okay = 0;
public function formCreateSaveDelete(
bool $hide_delete = false,
bool $hide_delete_checkbox = false,
bool $old_school_hidden = false
): array {
$seclevel_okay = false;
$save = '';
$pk_name = '';
$pk_value = '';
$show_delete = 0;
$old_school_hidden = 0;
$show_delete = false;
if (
(isset($this->security_level['save']) &&
$this->base_acl_level >= $this->security_level['save']) ||
(isset($this->security_level['delete']) &&
$this->base_acl_level >= $this->security_level['delete'])
(empty($this->security_level['save']) ||
$this->base_acl_level < $this->security_level['save']) &&
(empty($this->security_level['delete']) ||
$this->base_acl_level < $this->security_level['delete'])
) {
if ($this->base_acl_level >= $this->security_level['save']) {
$seclevel_okay = 1;
if (empty($this->table_array[$this->int_pk_name]['value'])) {
$save = $this->l->__('Save');
} else {
$save = $this->l->__('Update');
}
// print the old_school hidden if requestet
if ($old_school_hidden == 1) { /** @phpstan-ignore-line Unclear logic */
$pk_name = $this->int_pk_name;
$pk_value = $this->table_array[$this->int_pk_name]['value'];
}
} // show save part
// show delete part only if pk is set && we want to see the delete
if (
!empty($this->table_array[$this->int_pk_name]['value']) &&
!$hide_delete &&
$this->base_acl_level >= $this->security_level['delete']
) {
$show_delete = 1;
return [
'seclevel_okay' => $seclevel_okay,
'save' => $save,
'pk_name' => $pk_name,
'pk_value' => $pk_value,
'show_delete' => $show_delete,
'old_school_hidden' => $old_school_hidden,
'hide_delete_checkbox' => $hide_delete_checkbox
];
}
if (
!empty($this->security_level['save']) &&
$this->base_acl_level >= $this->security_level['save']
) {
$seclevel_okay = true;
if (empty($this->table_array[$this->int_pk_name]['value'])) {
$save = $this->l->__('Save');
} else {
$save = $this->l->__('Update');
}
} // print save/delete row at all$
// print the old_school hidden if requestet
if ($old_school_hidden === true) {
$pk_name = $this->int_pk_name;
$pk_value = $this->table_array[$this->int_pk_name]['value'];
}
} // show save part
// show delete part only if pk is set && we want to see the delete
if (
!empty($this->table_array[$this->int_pk_name]['value']) &&
!$hide_delete &&
!empty($this->security_level['delete']) &&
$this->base_acl_level >= $this->security_level['delete']
) {
$show_delete = true;
}
return [
'seclevel_okay' => $seclevel_okay,
'save' => $save,
@@ -921,11 +981,16 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
}
// create right side depending on 'definiton' in table_array
$type = $this->table_array[$element_name]['type'];
// set default min edit/read to 100 (admin)
$min_edit_acl = $this->table_array[$element_name]['min_edit_acl'] ?? 100;
$min_show_acl = $this->table_array[$element_name]['min_show_acl'] ?? 100;
$show_value = '-';
// view only output
if ($this->table_array[$element_name]['type'] == 'view') {
$data['value'] = empty($this->table_array[$element_name]['value']) ?
$this->table_array[$element_name]['empty'] :
$this->table_array[$element_name]['value'];
$show_value = $data['value'];
}
// binary true/false element
if ($this->table_array[$element_name]['type'] == 'binary') {
@@ -940,6 +1005,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
(!$i && !$this->table_array[$element_name]['value']))
) {
$data['checked'] = $this->table_array[$element_name]['value'];
$show_value = $this->table_array[$element_name]['element_list'][$i] ?? $data['checked'];
}
if ($i) {
@@ -952,6 +1018,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$data['name'] = $element_name;
$data['value'][] = $this->table_array[$element_name]['element_list'];
$data['checked'] = $this->table_array[$element_name]['value'];
// array map element list + value
// foreach ($data['checked'] as $checked)
$show_value = join(', ', $data['checked']);
}
// normal text element
if ($this->table_array[$element_name]['type'] == 'text') {
@@ -959,6 +1028,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$data['value'] = $this->table_array[$element_name]['value'] ?? '';
$data['size'] = $this->table_array[$element_name]['size'] ?? '';
$data['length'] = $this->table_array[$element_name]['length'] ?? '';
$show_value = $data['value'];
}
// password element, does not write back the value
if ($this->table_array[$element_name]['type'] == 'password') {
@@ -971,11 +1041,13 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
if ($this->table_array[$element_name]['type'] == 'date') {
$data['name'] = $element_name;
$data['value'] = $this->table_array[$element_name]['value'] ?? '';
$show_value = $data['value'];
}
// date time (no sec) (YYYY-MM-DD HH:mm)
if ($this->table_array[$element_name]['type'] == 'datetime') {
$data['name'] = $element_name;
$data['value'] = $this->table_array[$element_name]['value'] ?? '';
$show_value = $data['value'];
}
// textarea
if ($this->table_array[$element_name]['type'] == 'textarea') {
@@ -983,6 +1055,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$data['value'] = $this->table_array[$element_name]['value'] ?? '';
$data['rows'] = $this->table_array[$element_name]['rows'] ?? '';
$data['cols'] = $this->table_array[$element_name]['cols'] ?? '';
$show_value = $data['value'];
}
// for drop_down_*
if (preg_match("/^drop_down_/", $this->table_array[$element_name]['type'])) {
@@ -1047,6 +1120,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$this->table_array[$element_name]['value'] == $res[0]
) {
$data['selected'] = $this->table_array[$element_name]['value'];
$show_value = $res[1];
}
}
// for _input put additional field next to drop down
@@ -1079,6 +1153,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$data['output'][] = $value;
if ($this->table_array[$element_name]['value'] == $key) {
$data['selected'] = $this->table_array[$element_name]['value'];
$show_value = $value;
}
}
}
@@ -1093,6 +1168,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$data['output'][] = $value;
if ($this->table_array[$element_name]['value'] == $key) {
$data['checked'] = $this->table_array[$element_name]['value'];
$show_value = $value;
}
$data['separator'] = '';
}
@@ -1126,7 +1202,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
'output_name' => $output_name,
'color' => $EDIT_FGCOLOR_T,
'type' => $type,
'data' => $data
'data' => $data,
'show_value' => $show_value,
'allow_edit' => $this->base_acl_level >= $min_edit_acl ? 1 : 0,
'allow_show' => $this->base_acl_level >= $min_show_acl ? 1 : 0,
];
}
@@ -1146,6 +1225,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
}
reset($this->table_array);
foreach ($this->table_array as $key => $value) {
// skip if we are not allowe to write this anyway
// $this->log->debug('ERROR CHECK', 'ACL K: ' . $key . ', '
// . ($value['min_edit_acl'] ?? 100) . ' < ' . $this->base_acl_level);
if ($this->base_acl_level < ($value['min_edit_acl'] ?? 100)) {
continue;
}
//if ($value['mandatory'] && $value['error_check'])
// if error value set && somethign input, check if input okay
if (
@@ -1373,6 +1458,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
// do check for reference tables
reset($this->reference_array);
foreach ($this->reference_array as $key => $value) {
// skip if not allowed to write
if (
$this->base_acl_level < ($this->reference_array[$key]['min_edit_acl'] ?? 100)
) {
continue;
}
if (
isset($this->reference_array[$key]['mandatory']) &&
$this->reference_array[$key]['mandatory'] &&
@@ -1392,6 +1483,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
if (!is_array($reference_array)) {
$reference_array = [];
}
// skip if not allowed to write
if (
$this->base_acl_level < ($this->reference_array['min_edit_acl'] ?? 100)
) {
continue;
}
// set pk/fk id for this
$_pk_name = '';
$_fk_name = '';
@@ -1567,32 +1664,33 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
{
// get order name
$order_name = $this->formGetColNameFromKey('order');
if ($order_name) {
// first check out of order ...
if (empty($this->table_array[$order_name]['value'])) {
// set order (read max)
$q = 'SELECT MAX(' . $order_name . ') + 1 AS max_page_order '
. 'FROM ' . $this->table_name;
if (
is_array($res = $this->dbReturnRow($q)) &&
!empty($res['max_page_order'])
) {
$this->table_array[$order_name]['value'] = $res['max_page_order'];
}
// frist element is 0 because NULL gets returned, set to 1
if (!$this->table_array[$order_name]['value']) {
$this->table_array[$order_name]['value'] = 1;
}
} elseif (!empty($this->table_array[$this->int_pk_name]['value'])) {
$q = 'SELECT ' . $order_name . ' AS order_name '
. 'FROM ' . $this->table_name . ' '
. 'WHERE ' . $this->int_pk_name . ' = ' . $this->table_array[$this->int_pk_name]['value'];
if (
is_array($res = $this->dbReturnRow($q)) &&
!empty($res['order_name'])
) {
$this->table_array[$order_name]['value'] = $res['order_name'];
}
if (empty($order_name)) {
return $this->table_array;
}
// first check out of order ...
if (empty($this->table_array[$order_name]['value'])) {
// set order (read max)
$q = 'SELECT MAX(' . $order_name . ') + 1 AS max_page_order '
. 'FROM ' . $this->table_name;
if (
is_array($res = $this->dbReturnRow($q)) &&
!empty($res['max_page_order'])
) {
$this->table_array[$order_name]['value'] = $res['max_page_order'];
}
// frist element is 0 because NULL gets returned, set to 1
if (!$this->table_array[$order_name]['value']) {
$this->table_array[$order_name]['value'] = 1;
}
} elseif (!empty($this->table_array[$this->int_pk_name]['value'])) {
$q = 'SELECT ' . $order_name . ' AS order_name '
. 'FROM ' . $this->table_name . ' '
. 'WHERE ' . $this->int_pk_name . ' = ' . $this->table_array[$this->int_pk_name]['value'];
if (
is_array($res = $this->dbReturnRow($q)) &&
!empty($res['order_name'])
) {
$this->table_array[$order_name]['value'] = $res['order_name'];
}
}
return $this->table_array;
@@ -1681,7 +1779,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
* @param bool $addslashes override internal addslasahes flag (default false)
* @return void has no return
*/
public function formSaveTableArray($addslashes = false)
public function formSaveTableArray(bool $addslashes = false)
{
// for drop_down_db_input check if text field is filled and if, if not yet in db ...
// and upload files
@@ -1827,7 +1925,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
// . $this->table_array[$this->pk_name]['value'] . "/"
// . $this->table_array[$this->int_pk_name]['value']);
// write the object
$this->dbWrite($addslashes);
$this->dbWrite($addslashes, [], true);
// write reference array (s) if necessary
if (is_array($this->reference_array)) {
if (!is_array($this->reference_array)) {
@@ -1852,6 +1950,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
$type = [];
reset($this->element_list);
foreach ($this->element_list as $table_name => $reference_array) {
// early skip if not enought ACL
if ($this->base_acl_level < ($reference_array['min_edit_acl'] ?? 100)) {
continue;
}
// init arrays
$q_begin = [];
$q_middle = [];
@@ -2157,7 +2259,14 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
public function formCreateElementReferenceTable(string $table_name): array
{
$data = [];
//
$show_value = '';
// set default min edit/read to 100 (admin)
$min_edit_acl = $this->reference_array[$table_name]['min_edit_acl'] ?? 100;
$min_show_acl = $this->reference_array[$table_name]['min_show_acl'] ?? 100;
// output name
$output_name = $this->reference_array[$table_name]['output_name'];
// mandatory flag
if (
isset($this->reference_array[$table_name]['mandatory']) &&
$this->reference_array[$table_name]['mandatory']
@@ -2169,17 +2278,27 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
while (is_array($res = $this->dbReturn($this->reference_array[$table_name]['query']))) {
$data['value'][] = $res[0];
$data['output'][] = $res[1];
$data['selected'][] = (\CoreLibs\Convert\Html::checked(
$selected = (\CoreLibs\Convert\Html::checked(
$this->reference_array[$table_name]['selected'] ?? '',
$res[0]
)) ? $res[0] : '';
$data['selected'][] = $selected;
if (!empty($selected)) {
if (!empty($show_value)) {
$show_value .= ", ";
}
$show_value .= $res[1];
}
}
$type = 'reference_table';
return [
'output_name' => $output_name,
'type' => $type,
'color' => 'edit_fgcolor',
'data' => $data
'data' => $data,
'show_value' => empty($show_value) ? '-' : $show_value,
'allow_edit' => $this->base_acl_level >= $min_edit_acl ? 1 : 0,
'allow_show' => $this->base_acl_level >= $min_show_acl ? 1 : 0,
];
}
@@ -2211,8 +2330,13 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
'pos' => [],
'table_name' => $table_name // sub table name
];
$show_value = '-';
// set default min edit/read to 100 (admin)
$min_edit_acl = $this->element_list[$table_name]['min_edit_acl'] ?? 100;
$min_show_acl = $this->element_list[$table_name]['min_show_acl'] ?? 100;
// output name for the viewable left table td box, prefixed with * if mandatory
$output_name = $this->element_list[$table_name]['output_name'];
// mandatory flag
if (
isset($this->element_list[$table_name]['mandatory']) &&
$this->element_list[$table_name]['mandatory']
@@ -2523,7 +2647,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
'output_name' => $output_name,
'type' => $type,
'color' => 'edit_fgcolor',
'data' => $data
'data' => $data,
'show_value' => $show_value,
'allow_edit' => $this->base_acl_level >= $min_edit_acl ? 1 : 0,
'allow_show' => $this->base_acl_level >= $min_show_acl ? 1 : 0,
];
}
// end of class