actions_extrafields.inc.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406
  1. <?php
  2. /* Copyright (C) 2011-2020 Laurent Destailleur <eldy@users.sourceforge.net>
  3. *
  4. * This program is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU General Public License as published by
  6. * the Free Software Foundation; either version 3 of the License, or
  7. * (at your option) any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  16. * or see https://www.gnu.org/
  17. *
  18. * $elementype must be defined.
  19. */
  20. /**
  21. * \file htdocs/core/actions_extrafields.inc.php
  22. * \brief Code for actions on extrafields admin pages
  23. */
  24. $maxsizestring = 255;
  25. $maxsizeint = 10;
  26. $mesg = array();
  27. $extrasize = GETPOST('size', 'intcomma');
  28. $type = GETPOST('type', 'alpha');
  29. $param = GETPOST('param', 'alpha');
  30. if ($type == 'double' && strpos($extrasize, ',') === false) {
  31. $extrasize = '24,8';
  32. }
  33. if ($type == 'date') {
  34. $extrasize = '';
  35. }
  36. if ($type == 'datetime') {
  37. $extrasize = '';
  38. }
  39. if ($type == 'select') {
  40. $extrasize = '';
  41. }
  42. // Add attribute
  43. if ($action == 'add') {
  44. if (GETPOST("button") != $langs->trans("Cancel")) {
  45. // Check values
  46. if (!$type) {
  47. $error++;
  48. $langs->load("errors");
  49. $mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type"));
  50. $action = 'create';
  51. }
  52. if ($type == 'varchar' && $extrasize <= 0) {
  53. $error++;
  54. $langs->load("errors");
  55. $mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Size"));
  56. $action = 'edit';
  57. }
  58. if ($type == 'varchar' && $extrasize > $maxsizestring) {
  59. $error++;
  60. $langs->load("errors");
  61. $mesg[] = $langs->trans("ErrorSizeTooLongForVarcharType", $maxsizestring);
  62. $action = 'create';
  63. }
  64. if ($type == 'int' && $extrasize > $maxsizeint) {
  65. $error++;
  66. $langs->load("errors");
  67. $mesg[] = $langs->trans("ErrorSizeTooLongForIntType", $maxsizeint);
  68. $action = 'create';
  69. }
  70. if ($type == 'select' && !$param) {
  71. $error++;
  72. $langs->load("errors");
  73. $mesg[] = $langs->trans("ErrorNoValueForSelectType");
  74. $action = 'create';
  75. }
  76. if ($type == 'sellist' && !$param) {
  77. $error++;
  78. $langs->load("errors");
  79. $mesg[] = $langs->trans("ErrorNoValueForSelectListType");
  80. $action = 'create';
  81. }
  82. if ($type == 'checkbox' && !$param) {
  83. $error++;
  84. $langs->load("errors");
  85. $mesg[] = $langs->trans("ErrorNoValueForCheckBoxType");
  86. $action = 'create';
  87. }
  88. if ($type == 'link' && !$param) {
  89. $error++;
  90. $langs->load("errors");
  91. $mesg[] = $langs->trans("ErrorNoValueForLinkType");
  92. $action = 'create';
  93. }
  94. if ($type == 'radio' && !$param) {
  95. $error++;
  96. $langs->load("errors");
  97. $mesg[] = $langs->trans("ErrorNoValueForRadioType");
  98. $action = 'create';
  99. }
  100. if ((($type == 'radio') || ($type == 'checkbox')) && $param) {
  101. // Construct array for parameter (value of select list)
  102. $parameters = $param;
  103. $parameters_array = explode("\r\n", $parameters);
  104. foreach ($parameters_array as $param_ligne) {
  105. if (!empty($param_ligne)) {
  106. if (preg_match_all('/,/', $param_ligne, $matches)) {
  107. if (count($matches[0]) > 1) {
  108. $error++;
  109. $langs->load("errors");
  110. $mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
  111. $action = 'create';
  112. }
  113. } else {
  114. $error++;
  115. $langs->load("errors");
  116. $mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
  117. $action = 'create';
  118. }
  119. }
  120. }
  121. }
  122. if (!$error) {
  123. if (strlen(GETPOST('attrname', 'aZ09')) < 3) {
  124. $error++;
  125. $langs->load("errors");
  126. $mesg[] = $langs->trans("ErrorValueLength", $langs->transnoentitiesnoconv("AttributeCode"), 3);
  127. $action = 'create';
  128. }
  129. }
  130. // Check reserved keyword with more than 3 characters
  131. if (!$error) {
  132. if (in_array(GETPOST('attrname', 'aZ09'), array('and', 'keyword', 'table', 'index', 'int', 'integer', 'float', 'double', 'real', 'position'))) {
  133. $error++;
  134. $langs->load("errors");
  135. $mesg[] = $langs->trans("ErrorReservedKeyword", GETPOST('attrname', 'aZ09'));
  136. $action = 'create';
  137. }
  138. }
  139. if (!$error) {
  140. // attrname must be alphabetical and lower case only
  141. if (GETPOSTISSET("attrname") && preg_match("/^[a-z0-9_]+$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09'))) {
  142. // Construct array for parameter (value of select list)
  143. $default_value = GETPOST('default_value', 'alpha');
  144. $parameters = $param;
  145. $parameters_array = explode("\r\n", $parameters);
  146. $params = array();
  147. //In sellist we have only one line and it can have come to do SQL expression
  148. if ($type == 'sellist' || $type == 'chkbxlst') {
  149. foreach ($parameters_array as $param_ligne) {
  150. $params['options'] = array($parameters=>null);
  151. }
  152. } else {
  153. // Else it's separated key/value and coma list
  154. foreach ($parameters_array as $param_ligne) {
  155. list($key, $value) = explode(',', $param_ligne);
  156. if (!array_key_exists('options', $params)) {
  157. $params['options'] = array();
  158. }
  159. $params['options'][$key] = $value;
  160. }
  161. }
  162. // Visibility: -1=not visible by default in list, 1=visible, 0=hidden
  163. $visibility = GETPOST('list', 'alpha');
  164. if ($type == 'separate') {
  165. $visibility = 3;
  166. }
  167. $result = $extrafields->addExtraField(
  168. GETPOST('attrname', 'aZ09'),
  169. GETPOST('label', 'alpha'),
  170. $type,
  171. GETPOST('pos', 'int'),
  172. $extrasize,
  173. $elementtype,
  174. (GETPOST('unique', 'alpha') ? 1 : 0),
  175. (GETPOST('required', 'alpha') ? 1 : 0),
  176. $default_value,
  177. $params,
  178. (GETPOST('alwayseditable', 'alpha') ? 1 : 0),
  179. (GETPOST('perms', 'alpha') ? GETPOST('perms', 'alpha') : ''),
  180. $visibility,
  181. GETPOST('help', 'alpha'),
  182. GETPOST('computed_value', 'alpha'),
  183. (GETPOST('entitycurrentorall', 'alpha') ? 0 : ''),
  184. GETPOST('langfile', 'alpha'),
  185. 1,
  186. (GETPOST('totalizable', 'alpha') ? 1 : 0),
  187. GETPOST('printable', 'alpha')
  188. );
  189. if ($result > 0) {
  190. setEventMessages($langs->trans('SetupSaved'), null, 'mesgs');
  191. header("Location: ".$_SERVER["PHP_SELF"]);
  192. exit;
  193. } else {
  194. $error++;
  195. $mesg = $extrafields->error;
  196. setEventMessages($mesg, null, 'errors');
  197. }
  198. } else {
  199. $error++;
  200. $langs->load("errors");
  201. $mesg = $langs->trans("ErrorFieldCanNotContainSpecialNorUpperCharacters", $langs->transnoentities("AttributeCode"));
  202. setEventMessages($mesg, null, 'errors');
  203. $action = 'create';
  204. }
  205. } else {
  206. setEventMessages($mesg, null, 'errors');
  207. }
  208. }
  209. }
  210. // Rename field
  211. if ($action == 'update') {
  212. if (GETPOST("button") != $langs->trans("Cancel")) {
  213. // Check values
  214. if (!$type) {
  215. $error++;
  216. $langs->load("errors");
  217. $mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type"));
  218. $action = 'edit';
  219. }
  220. if ($type == 'varchar' && $extrasize <= 0) {
  221. $error++;
  222. $langs->load("errors");
  223. $mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Size"));
  224. $action = 'edit';
  225. }
  226. if ($type == 'varchar' && $extrasize > $maxsizestring) {
  227. $error++;
  228. $langs->load("errors");
  229. $mesg[] = $langs->trans("ErrorSizeTooLongForVarcharType", $maxsizestring);
  230. $action = 'edit';
  231. }
  232. if ($type == 'int' && $extrasize > $maxsizeint) {
  233. $error++;
  234. $langs->load("errors");
  235. $mesg[] = $langs->trans("ErrorSizeTooLongForIntType", $maxsizeint);
  236. $action = 'edit';
  237. }
  238. if ($type == 'select' && !$param) {
  239. $error++;
  240. $langs->load("errors");
  241. $mesg[] = $langs->trans("ErrorNoValueForSelectType");
  242. $action = 'edit';
  243. }
  244. if ($type == 'sellist' && !$param) {
  245. $error++;
  246. $langs->load("errors");
  247. $mesg[] = $langs->trans("ErrorNoValueForSelectListType");
  248. $action = 'edit';
  249. }
  250. if ($type == 'checkbox' && !$param) {
  251. $error++;
  252. $langs->load("errors");
  253. $mesg[] = $langs->trans("ErrorNoValueForCheckBoxType");
  254. $action = 'edit';
  255. }
  256. if ($type == 'radio' && !$param) {
  257. $error++;
  258. $langs->load("errors");
  259. $mesg[] = $langs->trans("ErrorNoValueForRadioType");
  260. $action = 'edit';
  261. }
  262. if ((($type == 'radio') || ($type == 'checkbox')) && $param) {
  263. // Construct array for parameter (value of select list)
  264. $parameters = $param;
  265. $parameters_array = explode("\r\n", $parameters);
  266. foreach ($parameters_array as $param_ligne) {
  267. if (!empty($param_ligne)) {
  268. if (preg_match_all('/,/', $param_ligne, $matches)) {
  269. if (count($matches[0]) > 1) {
  270. $error++;
  271. $langs->load("errors");
  272. $mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
  273. $action = 'edit';
  274. }
  275. } else {
  276. $error++;
  277. $langs->load("errors");
  278. $mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
  279. $action = 'edit';
  280. }
  281. }
  282. }
  283. }
  284. if (!$error) {
  285. if (strlen(GETPOST('attrname', 'aZ09')) < 3 && empty($conf->global->MAIN_DISABLE_EXTRAFIELDS_CHECK_FOR_UPDATE)) {
  286. $error++;
  287. $langs->load("errors");
  288. $mesg[] = $langs->trans("ErrorValueLength", $langs->transnoentitiesnoconv("AttributeCode"), 3);
  289. $action = 'edit';
  290. }
  291. }
  292. // Check reserved keyword with more than 3 characters
  293. if (!$error) {
  294. if (in_array(GETPOST('attrname', 'aZ09'), array('and', 'keyword', 'table', 'index', 'integer', 'float', 'double', 'position')) && empty($conf->global->MAIN_DISABLE_EXTRAFIELDS_CHECK_FOR_UPDATE)) {
  295. $error++;
  296. $langs->load("errors");
  297. $mesg[] = $langs->trans("ErrorReservedKeyword", GETPOST('attrname', 'aZ09'));
  298. $action = 'edit';
  299. }
  300. }
  301. if (!$error) {
  302. if (GETPOSTISSET("attrname") && preg_match("/^\w[a-zA-Z0-9-_]*$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09'))) {
  303. $pos = GETPOST('pos', 'int');
  304. // Construct array for parameter (value of select list)
  305. $parameters = $param;
  306. $parameters_array = explode("\r\n", $parameters);
  307. $params = array();
  308. //In sellist we have only one line and it can have come to do SQL expression
  309. if ($type == 'sellist' || $type == 'chkbxlst') {
  310. foreach ($parameters_array as $param_ligne) {
  311. $params['options'] = array($parameters=>null);
  312. }
  313. } else {
  314. //Esle it's separated key/value and coma list
  315. foreach ($parameters_array as $param_ligne) {
  316. list($key, $value) = explode(',', $param_ligne);
  317. if (!array_key_exists('options', $params)) {
  318. $params['options'] = array();
  319. }
  320. $params['options'][$key] = $value;
  321. }
  322. }
  323. // Visibility: -1=not visible by default in list, 1=visible, 0=hidden
  324. $visibility = GETPOST('list', 'alpha');
  325. if ($type == 'separate') {
  326. $visibility = 3;
  327. }
  328. // Example: is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : 'objnotdefined'
  329. $computedvalue = GETPOST('computed_value', 'nohtml');
  330. $result = $extrafields->update(
  331. GETPOST('attrname', 'aZ09'),
  332. GETPOST('label', 'alpha'),
  333. $type,
  334. $extrasize,
  335. $elementtype,
  336. (GETPOST('unique', 'alpha') ? 1 : 0),
  337. (GETPOST('required', 'alpha') ? 1 : 0),
  338. $pos,
  339. $params,
  340. (GETPOST('alwayseditable', 'alpha') ? 1 : 0),
  341. (GETPOST('perms', 'alpha') ?GETPOST('perms', 'alpha') : ''),
  342. $visibility,
  343. GETPOST('help', 'alpha'),
  344. GETPOST('default_value', 'alpha'),
  345. $computedvalue,
  346. (GETPOST('entitycurrentorall', 'alpha') ? 0 : ''),
  347. GETPOST('langfile'),
  348. GETPOST('enabled', 'alpha'),
  349. (GETPOST('totalizable', 'alpha') ? 1 : 0),
  350. GETPOST('printable', 'alpha')
  351. );
  352. if ($result > 0) {
  353. setEventMessages($langs->trans('SetupSaved'), null, 'mesgs');
  354. header("Location: ".$_SERVER["PHP_SELF"]);
  355. exit;
  356. } else {
  357. $error++;
  358. $mesg = $extrafields->error;
  359. setEventMessages($mesg, null, 'errors');
  360. }
  361. } else {
  362. $error++;
  363. $langs->load("errors");
  364. $mesg = $langs->trans("ErrorFieldCanNotContainSpecialCharacters", $langs->transnoentities("AttributeCode"));
  365. setEventMessages($mesg, null, 'errors');
  366. }
  367. } else {
  368. setEventMessages($mesg, null, 'errors');
  369. }
  370. }
  371. }
  372. // Delete attribute
  373. if ($action == 'delete') {
  374. if (GETPOSTISSET("attrname") && preg_match("/^\w[a-zA-Z0-9-_]*$/", GETPOST("attrname", 'aZ09'))) {
  375. $result = $extrafields->delete(GETPOST("attrname", 'aZ09'), $elementtype);
  376. if ($result >= 0) {
  377. header("Location: ".$_SERVER["PHP_SELF"]);
  378. exit;
  379. } else {
  380. $mesg = $extrafields->error;
  381. }
  382. } else {
  383. $error++;
  384. $langs->load("errors");
  385. $mesg = $langs->trans("ErrorFieldCanNotContainSpecialCharacters", $langs->transnoentities("AttributeCode"));
  386. }
  387. }