Commit d8999f70 authored by Chenu Denis's avatar Chenu Denis

Fixed issue 07644: {TEMPLATEURL} cannot be used in predefined labels inside "

Dev: updated model and add rules for xssfiltering
parent 8070c7db
...@@ -157,7 +157,7 @@ function modlabelsetanswers($lid) ...@@ -157,7 +157,7 @@ function modlabelsetanswers($lid)
if ($ajax) if ($ajax)
$lid = insertlabelset(); $lid = insertlabelset();
$aErrors=array();
if (count(array_unique($data->{'codelist'})) == count($data->{'codelist'})) if (count(array_unique($data->{'codelist'})) == count($data->{'codelist'}))
{ {
...@@ -178,38 +178,33 @@ function modlabelsetanswers($lid) ...@@ -178,38 +178,33 @@ function modlabelsetanswers($lid)
$strTemp = 'text_'.$lang; $strTemp = 'text_'.$lang;
$title = $codeObj->$strTemp; $title = $codeObj->$strTemp;
$sortorder = $index;
$p = new CHtmlPurifier();
$oLabel = new Label();
if (Yii::app()->getConfig('filterxsshtml')) $oLabel->lid=$lid;
$title = $p->purify($title); $oLabel->code=$actualcode;
$oLabel->title=$title;
$oLabel->sortorder=$sortorder;
$oLabel->assessment_value=$assessmentvalue;
$oLabel->language=$lang;
if($oLabel->validate())
{
$result=$oLabel->save();
}
else else
$title = html_entity_decode($title, ENT_QUOTES, "UTF-8"); {
$aErrors[]=$oLabel->getErrors();
}
// Fix bug with FCKEditor saving strange BR types
$title = fixCKeditorText($title);
$sort_order = $index;
$insertdata = array(
'lid' => $lid,
'code' => $actualcode,
'title' => $title,
'sortorder' => $sort_order,
'assessment_value' => $assessmentvalue,
'language' => $lang
);
//$query = "INSERT INTO ".db_table_name('labels')." (`lid`,`code`,`title`,`sortorder`, `assessment_value`, `language`)
// VALUES('$lid',$actualcode,$title,$sort_order,$assessmentvalue,$lang)";
$result = Yii::app()->db->createCommand()->insert('{{labels}}', $insertdata);
} }
} }
if(count($aErrors))
{
Yii::app()->session['flashmessage'] = $clang->gT("Labels sucessfully updated"); Yii::app()->session['flashmessage'] = $clang->gT("Labels updated but with some error");
}
else
{
Yii::app()->session['flashmessage'] = $clang->gT("Labels sucessfully updated");
}
} }
else else
{ {
......
...@@ -40,21 +40,41 @@ class Label extends CActiveRecord ...@@ -40,21 +40,41 @@ class Label extends CActiveRecord
*/ */
public function primaryKey() public function primaryKey()
{ {
return 'lid'; return 'lid,language';
} }
/**
* Returns the static model of Settings table
*
* @static
* @access public
* @param string $class
* @return CActiveRecord
*/
public static function model($class = __CLASS__)
{
return parent::model($class);
}
/**
* Returns this model's validation rules
*
*/
public function rules()
{
return array(
array('lid','numerical', 'integerOnly'=>true),
array('code', 'unique', 'caseSensitive'=>true, 'criteria'=>array(
'condition'=>'lid = :lid AND language=:language',
'params'=>array(':lid'=>$this->lid,':language'=>$this->language)
),
'message'=>'{attribute} "{value}" is already in use.'),
array('title','LSYii_Validators'),
array('sortorder','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
array('language','length', 'min' => 2, 'max'=>20),// in array languages ?
array('assessment_value','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
);
}
/**
* Returns the static model of Settings table
*
* @static
* @access public
* @param string $class
* @return CActiveRecord
*/
public static function model($class = __CLASS__)
{
return parent::model($class);
}
function getAllRecords($condition=FALSE) function getAllRecords($condition=FALSE)
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment