Skip to content

Handling of customized search fields

I added a new field for the zip code and tried to add it to search. I'm happy to provide a patch but before I'd be happy to understand the reasoning behind the current implementation in class.tx_dmmjobcontrol_pi1.php starting with this line:

} elseif (isset(TCA['tx_dmmjobcontrol_job']['columns'][field])) { value = current(value);

this last line assumes that $value is an array which it can never be as it was never made one. Since the current line $whereAdd[] = GLOBALS['TYPO3_DB']->listQuery(field, $value, 'tx_dmmjobcontrol_job'); only works for comma separated lists in the database as is uses MYSQL find_in_set. I hard coded my own line as follows: whereAdd[] = 'tx_dmmjobcontrol_job.'.field.' like "'. $value. '%"';

I think that this code: if (is_array(value) && count(value) == 1 && current($value) == -1) { continue; }

might be part of the solution but I'm not 100% sure.

$value can definitely be an array if it was submitted as such in the form.

If you want to add your custom field to the search form, have a look at http://www.mixedcase.nl/projects/dmmjobcontrol/extending (search for "Extending the search form").

okay. I'm not the person to argue if it is an array or not. but in my case it is just a string (another text field for searching) and this case is currently not handled well. I looked into the linked that you referred to, otherwise I wouldn't have come this far I think ;)

any suggestions how you would handle a string?

Ah sorry, misunderstood you a bit. Right, so strings aren't handled. Looks like part oversight from me and part error from my former colleagues. The indentation doesn't even match of that code, definitely not mine :)

I think we need the split the search:

} elseif (is_array($value) && isset($TCA['tx_dmmjobcontrol_job']['columns'][$field])) {
    // current code
} elseif (isset($TCA['tx_dmmjobcontrol_job']['columns'][$field])) {
    // new code
} else {
...

Sounds good to me. the new code could be that part from my code: whereAdd[] = 'tx_dmmjobcontrol_job.'.field.' like "'. $value. '%"';

I'm not sure if this is sufficient from a security POV though (are the values cleaned when you get them from the session?)