Commit d8999f70 authored by Chenu Denis's avatar Chenu Denis

Fixed issue 07644: {TEMPLATEURL} cannot be used in predefined labels inside "

Dev: updated model and add rules for xssfiltering
parent 8070c7db
......@@ -157,7 +157,7 @@ function modlabelsetanswers($lid)
if ($ajax)
$lid = insertlabelset();
$aErrors=array();
if (count(array_unique($data->{'codelist'})) == count($data->{'codelist'}))
{
......@@ -178,38 +178,33 @@ function modlabelsetanswers($lid)
$strTemp = 'text_'.$lang;
$title = $codeObj->$strTemp;
$p = new CHtmlPurifier();
if (Yii::app()->getConfig('filterxsshtml'))
$title = $p->purify($title);
$sortorder = $index;
$oLabel = new Label();
$oLabel->lid=$lid;
$oLabel->code=$actualcode;
$oLabel->title=$title;
$oLabel->sortorder=$sortorder;
$oLabel->assessment_value=$assessmentvalue;
$oLabel->language=$lang;
if($oLabel->validate())
{
$result=$oLabel->save();
}
else
$title = html_entity_decode($title, ENT_QUOTES, "UTF-8");
// Fix bug with FCKEditor saving strange BR types
$title = fixCKeditorText($title);
$sort_order = $index;
$insertdata = array(
'lid' => $lid,
'code' => $actualcode,
'title' => $title,
'sortorder' => $sort_order,
'assessment_value' => $assessmentvalue,
'language' => $lang
);
//$query = "INSERT INTO ".db_table_name('labels')." (`lid`,`code`,`title`,`sortorder`, `assessment_value`, `language`)
// VALUES('$lid',$actualcode,$title,$sort_order,$assessmentvalue,$lang)";
$result = Yii::app()->db->createCommand()->insert('{{labels}}', $insertdata);
{
$aErrors[]=$oLabel->getErrors();
}
}
}
Yii::app()->session['flashmessage'] = $clang->gT("Labels sucessfully updated");
if(count($aErrors))
{
Yii::app()->session['flashmessage'] = $clang->gT("Labels updated but with some error");
}
else
{
Yii::app()->session['flashmessage'] = $clang->gT("Labels sucessfully updated");
}
}
else
{
......
......@@ -40,21 +40,41 @@ class Label extends CActiveRecord
*/
public function primaryKey()
{
return 'lid';
return 'lid,language';
}
/**
* Returns the static model of Settings table
*
* @static
* @access public
* @param string $class
* @return CActiveRecord
*/
public static function model($class = __CLASS__)
{
return parent::model($class);
}
/**
* Returns this model's validation rules
*
*/
public function rules()
{
return array(
array('lid','numerical', 'integerOnly'=>true),
array('code', 'unique', 'caseSensitive'=>true, 'criteria'=>array(
'condition'=>'lid = :lid AND language=:language',
'params'=>array(':lid'=>$this->lid,':language'=>$this->language)
),
'message'=>'{attribute} "{value}" is already in use.'),
array('title','LSYii_Validators'),
array('sortorder','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
array('language','length', 'min' => 2, 'max'=>20),// in array languages ?
array('assessment_value','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
);
}
/**
* Returns the static model of Settings table
*
* @static
* @access public
* @param string $class
* @return CActiveRecord
*/
public static function model($class = __CLASS__)
{
return parent::model($class);
}
function getAllRecords($condition=FALSE)
{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment