fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-05 09:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix xe_validator_id being overwritten by input error

Browse source
This commit is contained in:
Kijin Sung 2017-01-10 00:09:50 +09:00
parent 3da76b0bd7
commit 67d16d0f3c
2 changed files with 14 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

40
classes/display/HTMLDisplayHandler.php
View file

@ -201,7 +201,7 @@ class HTMLDisplayHandler
if(is_array(Context::get('INPUT_ERROR')))
{
$INPUT_ERROR = Context::get('INPUT_ERROR');
$keys = array_keys($INPUT_ERROR);
$keys = array_map(function($str) { return preg_quote($str, '@'); }, array_keys($INPUT_ERROR));
$keys = '(' . implode('|', $keys) . ')';
$output = preg_replace_callback('@(<input)([^>]*?)\sname="' . $keys . '"([^>]*?)/?>@is', array(&$this, '_preserveValue'), $output);
@ -259,42 +259,28 @@ class HTMLDisplayHandler
// get type
$type = 'text';
if(preg_match('/\stype="([a-z]+)"/i', $str, $m))
if(preg_match('/\stype="([^"]+)"/i', $str, $m))
{
$type = strtolower($m[1]);
}
switch($type)
{
case 'text':
case 'hidden':
case 'email':
case 'search':
case 'tel':
case 'url':
case 'email':
case 'datetime':
case 'date':
case 'month':
case 'week':
case 'time':
case 'datetime-local':
case 'number':
case 'range':
case 'color':
$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str) . ' value="' . htmlspecialchars($INPUT_ERROR[$match[3]], ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '"';
break;
case 'password':
$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str);
break;
case 'radio':
case 'checkbox':
$str = preg_replace('@\schecked(="[^"]*?")?@', ' ', $str);
if(@preg_match('@\s(?i:value)="' . $INPUT_ERROR[$match[3]] . '"@', $str))
if(preg_match('@\s(?i:value)="' . preg_quote($INPUT_ERROR[$match[3]], '@') . '"@', $str))
{
$str .= ' checked="checked"';
$str = preg_replace('@\schecked(="[^"]*?")?@', ' checked="checked"', $str);
}
break;
default:
if (!preg_match('@\svalue="([^"]*?)"@', $str))
{
$str = $str . ' value=""';
}
$str = preg_replace_callback('@\svalue="([^"]*?)"@', function() use($INPUT_ERROR, $match) {
return ' value="' . escape($INPUT_ERROR[$match[3]], true) . '"';
}, $str);
}
return $str . ' />';
@ -333,7 +319,7 @@ class HTMLDisplayHandler
{
$INPUT_ERROR = Context::get('INPUT_ERROR');
preg_match('@<textarea.*?>@is', $matches[0], $mm);
return $mm[0] . $INPUT_ERROR[$matches[1]] . '</textarea>';
return $mm[0] . escape($INPUT_ERROR[$matches[1]], true) . '</textarea>';
}
/**

2
classes/module/ModuleHandler.class.php
View file

@ -909,7 +909,7 @@ class ModuleHandler extends Handler
public static function _setInputValueToSession()
{
$requestVars = Context::getRequestVars();
unset($requestVars->act, $requestVars->mid, $requestVars->vid, $requestVars->success_return_url, $requestVars->error_return_url);
unset($requestVars->act, $requestVars->mid, $requestVars->vid, $requestVars->success_return_url, $requestVars->error_return_url, $requestVars->xe_validator_id);
foreach($requestVars AS $key => $value)
{
$_SESSION['INPUT_ERROR'][$key] = $value;