From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/lib/classes/listform.inc.php |   31 +++++++++++++++++++++++++++++--
 1 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index cc3f761..8f5bd86 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -124,6 +124,17 @@
 				$this->errorMessage .= "Custom datasource class or function is empty<br />\r\n";
 			}
 		}
+		
+		if($api == false && isset($field['filters']) && is_array($field['filters'])) {
+			$new_values = array();
+			foreach($values as $index => $value) {
+				$new_index = $app->tform->filterField($index, $index, $field['filters'], 'SHOW');
+				$new_values[$new_index] = $app->tform->filterField($index, (isset($values[$index]))?$values[$index]:'', $field['filters'], 'SHOW');
+			}
+			$values = $new_values;
+			unset($new_values);
+			unset($new_index);
+		}
 		return $values;
 	}
 
@@ -186,6 +197,20 @@
 				$table = $i['table'];
 
 				$searchval = $_SESSION['search'][$list_name][$search_prefix.$field];
+				// IDN
+				if($searchval != ''){
+					foreach($i['filters'] as $searchval_filter) {
+						if($searchval_filter['event'] == 'SHOW') {
+							switch ($searchval_filter['type']) {
+							case 'IDNTOUTF8':
+								$searchval = $app->functions->idn_encode($searchval);
+								//echo $searchval;
+								break;
+							}
+						}
+					}
+				}
+		
 				// format user date format to MySQL date format 0000-00-00
 				if($i['datatype'] == 'DATE' && $this->lng('conf_format_dateshort') != 'Y-m-d'){
 					$dateformat = preg_replace("@[^Ymd]@", "", $this->lng('conf_format_dateshort'));
@@ -246,6 +271,7 @@
 		return $this->pagingValues[$key];
 	}
 
+	/* TODO: maybe rewrite sql */
 	public function getPagingSQL($sql_where = '1')
 	{
 		global $app, $conf;
@@ -283,7 +309,7 @@
 		if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0;
 
 		$sql_von = $app->functions->intval($_SESSION['search'][$list_name]['page'] * $records_per_page);
-		$record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table".($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where");
+		$record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ??".($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where", $table);
 		$pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page);
 
 
@@ -482,7 +508,8 @@
 		}
 		return $record;
 	}
-
+	
+	/* TODO: check double quoting of SQL */
 	public function encode($record)
 	{
 		global $app;

--
Gitblit v1.9.1