From b17464e1c19f1035d88adbda41b7b960a24b2ce2 Mon Sep 17 00:00:00 2001 From: ovclas Date: Tue, 14 Jun 2011 02:16:44 +0000 Subject: [PATCH] issue 37 Server Side Validator apply core code git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@8477 201d5d3c-b55e-5fd7-737f-ddc643e51545 --- classes/context/Context.class.php | 2 + classes/display/HTMLDisplayHandler.php | 9 +++ classes/module/ModuleHandler.class.php | 64 ++++++++++++++++++++-- classes/template/TemplateHandler.class.php | 43 +++++++++++++++ config/func.inc.php | 8 +++ modules/message/message.view.php | 3 +- 6 files changed, 121 insertions(+), 8 deletions(-) diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php index b6a47c687..84fe5a59a 100644 --- a/classes/context/Context.class.php +++ b/classes/context/Context.class.php @@ -925,6 +925,8 @@ class Context { **/ function get($key) { is_a($this,'Context')?$self=&$this:$self=&Context::getInstance(); + + if(!isset($self->context->{$key})) return null; return $self->context->{$key}; } diff --git a/classes/display/HTMLDisplayHandler.php b/classes/display/HTMLDisplayHandler.php index 1ce430756..aa4ed116b 100644 --- a/classes/display/HTMLDisplayHandler.php +++ b/classes/display/HTMLDisplayHandler.php @@ -92,6 +92,15 @@ class HTMLDisplayHandler { // prevent the 2nd request due to url(none) of the background-image $output = preg_replace('/url\((["\']?)none(["\']?)\)/is', 'none', $output); + if(is_array(Context::get('INPUT_ERROR'))) + { + $INPUT_ERROR = Context::get('INPUT_ERROR'); + $keys = array_keys($INPUT_ERROR); + $keys = '('.implode('|', $keys).')'; + + $output = preg_replace('/(]*?)(?:value="[^"]*"([^>]*?name="'.$keys.'"[^>])|(name="'.$keys.'"[^>]*?)value="[^"]*")([^>]*?\/?>)/ise', '"\\1\\2\\4 value=\\"".htmlspecialchars($INPUT_ERROR["\\3\\5"])."\\" \\6"', $output); + } + if(__DEBUG__==3) $GLOBALS['__trans_content_elapsed__'] = getMicroTime()-$start; // Remove unnecessary information diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php index 4b9eecc98..cb071ec2e 100644 --- a/classes/module/ModuleHandler.class.php +++ b/classes/module/ModuleHandler.class.php @@ -297,8 +297,23 @@ if(!empty($rulesetFile)) { $Validator = new Validator($rulesetFile); - if(!$Validator->validate()) - return $Validator->getLastError(); + $result = $Validator->validate(); + if(!$result) + { + $lastError = $Validator->getLastError(); + $returnUrl = Context::get('error_return_url')?Context::get('error_return_url'):getUrl(); + $errorMsg = $lastError['msg'] ? $lastError['msg'] : 'validation error'; + + //for xml response + $oModule->setError(-1); + $oModule->setMessage($errorMsg); + //for html redirect + $this->error = $errorMsg; + $_SESSION['XE_VALIDATOR_ERROR'] = $this->error; + $_SESSION['XE_VALIDATOR_ERROR_RETURN_URL'] = $returnUrl; + $this->_setInputValueToSession(); + return $oModule; + } } } @@ -315,11 +330,37 @@ } // execute the action, and if failed, set error - if(!$oModule->proc()) $this->error = $oModule->getMessage(); + if(!$oModule->proc()) + { + // case post, redirect page + if(!in_array(Context::getRequestMethod(),array('XMLRPC','JSON'))) + { + $this->_setInputValueToSession(); + $returnUrl = Context::get('error_return_url')?Context::get('error_return_url'):getUrl(); + header('location:'.$returnUrl); + return; + } + // case exec xml, return xml response + else $this->error = $oModule->getMessage(); + } + else + { + if(count($_SESSION['INPUT_ERROR'])) + { + Context::set('INPUT_ERROR', $_SESSION['INPUT_ERROR']); + $_SESSION['INPUT_ERROR'] = ''; + } + } return $oModule; } + function _setInputValueToSession() + { + $requestVars = Context::getRequestVars(); + foreach($requestVars AS $key=>$value) $_SESSION['INPUT_ERROR'][$key] = $value; + } + /** * @brief display contents from executed module * @param[in] $oModule module instance @@ -344,6 +385,12 @@ if(!in_array(Context::getRequestMethod(),array('XMLRPC','JSON'))) { // If error occurred, handle it if($this->error) { + if($_SESSION['XE_VALIDATOR_ERROR'] && $_SESSION['XE_VALIDATOR_ERROR_RETURN_URL']) + { + header('location:'.$_SESSION['XE_VALIDATOR_ERROR_RETURN_URL']); + return; + } + // display content with message module instance $type = Mobile::isFromMobilePhone() ? 'mobile' : 'view'; $oMessageObject = &ModuleHandler::getModuleInstance('message',$type); @@ -353,9 +400,8 @@ // If module was called normally, change the templates of the module into ones of the message view module if($oModule) { - $oModule->setTemplatePath($oMessageObject->getTemplatePath()); - $oModule->setTemplateFile($oMessageObject->getTemplateFile()); - + $oModule->setTemplatePath($oMessageObject->getTemplatePath()); + $oModule->setTemplateFile($oMessageObject->getTemplateFile()); // Otherwise, set message instance as the target module } else { $oModule = $oMessageObject; @@ -410,9 +456,15 @@ } } + if($_SESSION['XE_VALIDATOR_ERROR'] && !Context::get('XE_VALIDATOR_ERROR')) Context::set('XE_VALIDATOR_ERROR', $_SESSION['XE_VALIDATOR_ERROR']); + if($_SESSION['XE_VALIDATOR_ERROR_RETURN_URL'] && !Context::get('XE_VALIDATOR_ERROR_RETURN_URL')) Context::set('XE_VALIDATOR_ERROR_RETURN_URL', $_SESSION['XE_VALIDATOR_ERROR_RETURN_URL']); + // Display contents $oDisplayHandler = new DisplayHandler(); $oDisplayHandler->printContent($oModule); + + $_SESSION['XE_VALIDATOR_ERROR'] = ''; + $_SESSION['XE_VALIDATOR_ERROR_RETURN_URL'] = ''; } /** diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 4344f4e7b..fffd4e510 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -187,6 +187,9 @@ // javascript plugin import $buff = preg_replace_callback('!<\!--%load_js_plugin\(\"([^\"]*?)\"\)-->!is', array($this, '_compileLoadJavascriptPlugin'), $buff); + // form auto generation + $buff = preg_replace_callback('/()(.*)(<\/form>)/is', array($this, '_compileFormAuthGeneration'), $buff); + // replace variables $buff = preg_replace_callback('/\{[^@^ ]([^\{\}\n]+)\}/i', array($this, '_compileVarToContext'), $buff); @@ -200,6 +203,46 @@ $this->buff = ''.$buff; } + /** + * @brief 1. remove ruleset from form tag + * 2. add hidden tag with ruleset value + * 3. if empty default hidden tag, generate hidden tag (ex:mid, vid, act...) + * 4. generate return url, return url use in server side validator + **/ + function _compileFormAuthGeneration($matches) + { + // form ruleset attribute move to hidden tag + if($matches[1]) + { + preg_match('/ruleset="([^"]*?)"/is', $matches[1], $m); + if($m[0]) + { + $matches[1] = preg_replace('/'.$m[0].'/i', '', $matches[1]); + $matches[2] = ''.$matches[2]; + } + } + + // if not exists default hidden tag, generate hidden tag + preg_match_all('/]* name="(act|mid|vid)"/is', $matches[2], $m2); + $checkVar = array('act', 'mid', 'vid'); + $resultArray = array_diff($checkVar, $m2[1]); + if(is_array($resultArray)) + { + $generatedHidden = ''; + foreach($resultArray AS $key=>$value) + { + $generatedHidden .= ''; + } + $matches[2] = $generatedHidden.$matches[2]; + } + + // return url generate + $matches[2] = ''.$matches[2]; + + $matches[0] = ''; + return implode($matches); + } + /** * @brief fetch using ob_* function * @param[in] $compiled_tpl_file path of compiled template file diff --git a/config/func.inc.php b/config/func.inc.php index 9b3f5fa03..eee62cadc 100644 --- a/config/func.inc.php +++ b/config/func.inc.php @@ -820,6 +820,14 @@ return $url; } + /** + * return the requested script path + **/ + function getRequestUriByServerEnviroment() + { + return $_SERVER['REQUEST_URI']; + } + /** * php unescape function of javascript's escape * Function converts an Javascript escaped string back into a string with specified charset (default is UTF-8). diff --git a/modules/message/message.view.php b/modules/message/message.view.php index 9251c1fb7..d476f4f50 100644 --- a/modules/message/message.view.php +++ b/modules/message/message.view.php @@ -37,8 +37,7 @@ Context::set('system_message', nl2br($this->getMessage())); $this->setTemplatePath($template_path); - $this->setTemplateFile('system_message'); + $this->setTemplateFile('system_message'); } - } ?>