actions_extrafields.inc.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398
  1. <?php
  2. /* Copyright (C) 2011-2020 Laurent Destailleur <eldy@users.sourceforge.net>
  3. *
  4. * This program is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU General Public License as published by
  6. * the Free Software Foundation; either version 3 of the License, or
  7. * (at your option) any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  16. * or see https://www.gnu.org/
  17. *
  18. * $elementype must be defined.
  19. */
  20. /**
  21. * \file htdocs/core/actions_extrafields.inc.php
  22. * \brief Code for actions on extrafields admin pages
  23. */
  24. $maxsizestring = 255;
  25. $maxsizeint = 10;
  26. $mesg = array();
  27. $extrasize = GETPOST('size', 'intcomma');
  28. $type = GETPOST('type', 'alpha');
  29. $param = GETPOST('param', 'alpha');
  30. if ($type == 'double' && strpos($extrasize, ',') === false) {
  31. $extrasize = '24,8';
  32. }
  33. if ($type == 'date') {
  34. $extrasize = '';
  35. }
  36. if ($type == 'datetime') {
  37. $extrasize = '';
  38. }
  39. if ($type == 'select') {
  40. $extrasize = '';
  41. }
  42. // Add attribute
  43. if ($action == 'add') {
  44. if (GETPOST("button") != $langs->trans("Cancel")) {
  45. // Check values
  46. if (!$type) {
  47. $error++;
  48. $langs->load("errors");
  49. $mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type"));
  50. $action = 'create';
  51. }
  52. if ($type == 'varchar' && $extrasize <= 0) {
  53. $error++;
  54. $langs->load("errors");
  55. $mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Size"));
  56. $action = 'edit';
  57. }
  58. if ($type == 'varchar' && $extrasize > $maxsizestring) {
  59. $error++;
  60. $langs->load("errors");
  61. $mesg[] = $langs->trans("ErrorSizeTooLongForVarcharType", $maxsizestring);
  62. $action = 'create';
  63. }
  64. if ($type == 'int' && $extrasize > $maxsizeint) {
  65. $error++;
  66. $langs->load("errors");
  67. $mesg[] = $langs->trans("ErrorSizeTooLongForIntType", $maxsizeint);
  68. $action = 'create';
  69. }
  70. if ($type == 'select' && !$param) {
  71. $error++;
  72. $langs->load("errors");
  73. $mesg[] = $langs->trans("ErrorNoValueForSelectType");
  74. $action = 'create';
  75. }
  76. if ($type == 'sellist' && !$param) {
  77. $error++;
  78. $langs->load("errors");
  79. $mesg[] = $langs->trans("ErrorNoValueForSelectListType");
  80. $action = 'create';
  81. }
  82. if ($type == 'checkbox' && !$param) {
  83. $error++;
  84. $langs->load("errors");
  85. $mesg[] = $langs->trans("ErrorNoValueForCheckBoxType");
  86. $action = 'create';
  87. }
  88. if ($type == 'link' && !$param) {
  89. $error++;
  90. $langs->load("errors");
  91. $mesg[] = $langs->trans("ErrorNoValueForLinkType");
  92. $action = 'create';
  93. }
  94. if ($type == 'radio' && !$param) {
  95. $error++;
  96. $langs->load("errors");
  97. $mesg[] = $langs->trans("ErrorNoValueForRadioType");
  98. $action = 'create';
  99. }
  100. if ((($type == 'radio') || ($type == 'checkbox')) && $param) {
  101. // Construct array for parameter (value of select list)
  102. $parameters = $param;
  103. $parameters_array = explode("\r\n", $parameters);
  104. foreach ($parameters_array as $param_ligne) {
  105. if (!empty($param_ligne)) {
  106. if (preg_match_all('/,/', $param_ligne, $matches)) {
  107. if (count($matches[0]) > 1) {
  108. $error++;
  109. $langs->load("errors");
  110. $mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
  111. $action = 'create';
  112. }
  113. } else {
  114. $error++;
  115. $langs->load("errors");
  116. $mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
  117. $action = 'create';
  118. }
  119. }
  120. }
  121. }
  122. if (!$error) {
  123. if (strlen(GETPOST('attrname', 'aZ09')) < 3) {
  124. $error++;
  125. $langs->load("errors");
  126. $mesg[] = $langs->trans("ErrorValueLength", $langs->transnoentitiesnoconv("AttributeCode"), 3);
  127. $action = 'create';
  128. }
  129. }
  130. // Check reserved keyword with more than 3 characters
  131. if (!$error) {
  132. if (in_array(GETPOST('attrname', 'aZ09'), array('and', 'keyword', 'table', 'index', 'int', 'integer', 'float', 'double', 'real', 'position'))) {
  133. $error++;
  134. $langs->load("errors");
  135. $mesg[] = $langs->trans("ErrorReservedKeyword", GETPOST('attrname', 'aZ09'));
  136. $action = 'create';
  137. }
  138. }
  139. if (!$error) {
  140. // attrname must be alphabetical and lower case only
  141. if (GETPOSTISSET("attrname") && preg_match("/^[a-z0-9-_]+$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09'))) {
  142. // Construct array for parameter (value of select list)
  143. $default_value = GETPOST('default_value', 'alpha');
  144. $parameters = $param;
  145. $parameters_array = explode("\r\n", $parameters);
  146. //In sellist we have only one line and it can have come to do SQL expression
  147. if ($type == 'sellist' || $type == 'chkbxlst') {
  148. foreach ($parameters_array as $param_ligne) {
  149. $params['options'] = array($parameters=>null);
  150. }
  151. } else {
  152. // Else it's separated key/value and coma list
  153. foreach ($parameters_array as $param_ligne) {
  154. list($key, $value) = explode(',', $param_ligne);
  155. $params['options'][$key] = $value;
  156. }
  157. }
  158. // Visibility: -1=not visible by default in list, 1=visible, 0=hidden
  159. $visibility = GETPOST('list', 'alpha');
  160. if ($type == 'separate') {
  161. $visibility = 3;
  162. }
  163. $result = $extrafields->addExtraField(
  164. GETPOST('attrname', 'aZ09'),
  165. GETPOST('label', 'alpha'),
  166. $type,
  167. GETPOST('pos', 'int'),
  168. $extrasize,
  169. $elementtype,
  170. (GETPOST('unique', 'alpha') ? 1 : 0),
  171. (GETPOST('required', 'alpha') ? 1 : 0),
  172. $default_value,
  173. $params,
  174. (GETPOST('alwayseditable', 'alpha') ? 1 : 0),
  175. (GETPOST('perms', 'alpha') ?GETPOST('perms', 'alpha') : ''),
  176. $visibility,
  177. GETPOST('help', 'alpha'),
  178. GETPOST('computed_value', 'alpha'),
  179. (GETPOST('entitycurrentorall', 'alpha') ? 0 : ''),
  180. GETPOST('langfile', 'alpha'),
  181. 1,
  182. (GETPOST('totalizable', 'alpha') ? 1 : 0),
  183. GETPOST('printable', 'alpha')
  184. );
  185. if ($result > 0) {
  186. setEventMessages($langs->trans('SetupSaved'), null, 'mesgs');
  187. header("Location: ".$_SERVER["PHP_SELF"]);
  188. exit;
  189. } else {
  190. $error++;
  191. $mesg = $extrafields->error;
  192. setEventMessages($mesg, null, 'errors');
  193. }
  194. } else {
  195. $error++;
  196. $langs->load("errors");
  197. $mesg = $langs->trans("ErrorFieldCanNotContainSpecialNorUpperCharacters", $langs->transnoentities("AttributeCode"));
  198. setEventMessages($mesg, null, 'errors');
  199. $action = 'create';
  200. }
  201. } else {
  202. setEventMessages($mesg, null, 'errors');
  203. }
  204. }
  205. }
  206. // Rename field
  207. if ($action == 'update') {
  208. if (GETPOST("button") != $langs->trans("Cancel")) {
  209. // Check values
  210. if (!$type) {
  211. $error++;
  212. $langs->load("errors");
  213. $mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type"));
  214. $action = 'edit';
  215. }
  216. if ($type == 'varchar' && $extrasize <= 0) {
  217. $error++;
  218. $langs->load("errors");
  219. $mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Size"));
  220. $action = 'edit';
  221. }
  222. if ($type == 'varchar' && $extrasize > $maxsizestring) {
  223. $error++;
  224. $langs->load("errors");
  225. $mesg[] = $langs->trans("ErrorSizeTooLongForVarcharType", $maxsizestring);
  226. $action = 'edit';
  227. }
  228. if ($type == 'int' && $extrasize > $maxsizeint) {
  229. $error++;
  230. $langs->load("errors");
  231. $mesg[] = $langs->trans("ErrorSizeTooLongForIntType", $maxsizeint);
  232. $action = 'edit';
  233. }
  234. if ($type == 'select' && !$param) {
  235. $error++;
  236. $langs->load("errors");
  237. $mesg[] = $langs->trans("ErrorNoValueForSelectType");
  238. $action = 'edit';
  239. }
  240. if ($type == 'sellist' && !$param) {
  241. $error++;
  242. $langs->load("errors");
  243. $mesg[] = $langs->trans("ErrorNoValueForSelectListType");
  244. $action = 'edit';
  245. }
  246. if ($type == 'checkbox' && !$param) {
  247. $error++;
  248. $langs->load("errors");
  249. $mesg[] = $langs->trans("ErrorNoValueForCheckBoxType");
  250. $action = 'edit';
  251. }
  252. if ($type == 'radio' && !$param) {
  253. $error++;
  254. $langs->load("errors");
  255. $mesg[] = $langs->trans("ErrorNoValueForRadioType");
  256. $action = 'edit';
  257. }
  258. if ((($type == 'radio') || ($type == 'checkbox')) && $param) {
  259. // Construct array for parameter (value of select list)
  260. $parameters = $param;
  261. $parameters_array = explode("\r\n", $parameters);
  262. foreach ($parameters_array as $param_ligne) {
  263. if (!empty($param_ligne)) {
  264. if (preg_match_all('/,/', $param_ligne, $matches)) {
  265. if (count($matches[0]) > 1) {
  266. $error++;
  267. $langs->load("errors");
  268. $mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
  269. $action = 'edit';
  270. }
  271. } else {
  272. $error++;
  273. $langs->load("errors");
  274. $mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
  275. $action = 'edit';
  276. }
  277. }
  278. }
  279. }
  280. if (!$error) {
  281. if (strlen(GETPOST('attrname', 'aZ09')) < 3 && empty($conf->global->MAIN_DISABLE_EXTRAFIELDS_CHECK_FOR_UPDATE)) {
  282. $error++;
  283. $langs->load("errors");
  284. $mesg[] = $langs->trans("ErrorValueLength", $langs->transnoentitiesnoconv("AttributeCode"), 3);
  285. $action = 'edit';
  286. }
  287. }
  288. // Check reserved keyword with more than 3 characters
  289. if (!$error) {
  290. if (in_array(GETPOST('attrname', 'aZ09'), array('and', 'keyword', 'table', 'index', 'integer', 'float', 'double', 'position')) && empty($conf->global->MAIN_DISABLE_EXTRAFIELDS_CHECK_FOR_UPDATE)) {
  291. $error++;
  292. $langs->load("errors");
  293. $mesg[] = $langs->trans("ErrorReservedKeyword", GETPOST('attrname', 'aZ09'));
  294. $action = 'edit';
  295. }
  296. }
  297. if (!$error) {
  298. if (GETPOSTISSET("attrname") && preg_match("/^\w[a-zA-Z0-9-_]*$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09'))) {
  299. $pos = GETPOST('pos', 'int');
  300. // Construct array for parameter (value of select list)
  301. $parameters = $param;
  302. $parameters_array = explode("\r\n", $parameters);
  303. //In sellist we have only one line and it can have come to do SQL expression
  304. if ($type == 'sellist' || $type == 'chkbxlst') {
  305. foreach ($parameters_array as $param_ligne) {
  306. $params['options'] = array($parameters=>null);
  307. }
  308. } else {
  309. //Esle it's separated key/value and coma list
  310. foreach ($parameters_array as $param_ligne) {
  311. list($key, $value) = explode(',', $param_ligne);
  312. $params['options'][$key] = $value;
  313. }
  314. }
  315. // Visibility: -1=not visible by default in list, 1=visible, 0=hidden
  316. $visibility = GETPOST('list', 'alpha');
  317. if ($type == 'separate') {
  318. $visibility = 3;
  319. }
  320. // Example: is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : 'objnotdefined'
  321. $computedvalue = GETPOST('computed_value', 'nohtml');
  322. $result = $extrafields->update(
  323. GETPOST('attrname', 'aZ09'),
  324. GETPOST('label', 'alpha'),
  325. $type,
  326. $extrasize,
  327. $elementtype,
  328. (GETPOST('unique', 'alpha') ? 1 : 0),
  329. (GETPOST('required', 'alpha') ? 1 : 0),
  330. $pos,
  331. $params,
  332. (GETPOST('alwayseditable', 'alpha') ? 1 : 0),
  333. (GETPOST('perms', 'alpha') ?GETPOST('perms', 'alpha') : ''),
  334. $visibility,
  335. GETPOST('help', 'alpha'),
  336. GETPOST('default_value', 'alpha'),
  337. $computedvalue,
  338. (GETPOST('entitycurrentorall', 'alpha') ? 0 : ''),
  339. GETPOST('langfile'),
  340. GETPOST('enabled', 'alpha'),
  341. (GETPOST('totalizable', 'alpha') ? 1 : 0),
  342. GETPOST('printable', 'alpha')
  343. );
  344. if ($result > 0) {
  345. setEventMessages($langs->trans('SetupSaved'), null, 'mesgs');
  346. header("Location: ".$_SERVER["PHP_SELF"]);
  347. exit;
  348. } else {
  349. $error++;
  350. $mesg = $extrafields->error;
  351. setEventMessages($mesg, null, 'errors');
  352. }
  353. } else {
  354. $error++;
  355. $langs->load("errors");
  356. $mesg = $langs->trans("ErrorFieldCanNotContainSpecialCharacters", $langs->transnoentities("AttributeCode"));
  357. setEventMessages($mesg, null, 'errors');
  358. }
  359. } else {
  360. setEventMessages($mesg, null, 'errors');
  361. }
  362. }
  363. }
  364. // Delete attribute
  365. if ($action == 'delete') {
  366. if (GETPOSTISSET("attrname") && preg_match("/^\w[a-zA-Z0-9-_]*$/", GETPOST("attrname", 'aZ09'))) {
  367. $result = $extrafields->delete(GETPOST("attrname", 'aZ09'), $elementtype);
  368. if ($result >= 0) {
  369. header("Location: ".$_SERVER["PHP_SELF"]);
  370. exit;
  371. } else {
  372. $mesg = $extrafields->error;
  373. }
  374. } else {
  375. $error++;
  376. $langs->load("errors");
  377. $mesg = $langs->trans("ErrorFieldCanNotContainSpecialCharacters", $langs->transnoentities("AttributeCode"));
  378. }
  379. }