lib/php/db/field.php

diff --git a/lib/php/db/field.php b/lib/php/db/field.php
index 84805a2fdfd8beedbc279b8052480d0d19166bfb..f49b4be17b74397a4c45c39df9f9c59ab456d13a 100644 (file)
--- a/lib/php/db/field.php
+++ b/lib/php/db/field.php
@@ -119,6 +119,8 @@ class field extends nb {
 
                $values = (array)$values;
                $suff = count( $values ) > 1 ? '[]' : '';
+               if ($type === null) $type = $this->html_type();
+
                foreach ($values as $value) {
        $html .= '<div class="label '.$this->name.'"><label for="'.$this->name.'">'.htmlspecialchars(prettyText($this->name)).'</label>';
 
@@ -129,15 +131,21 @@ class field extends nb {
        $html .= $this->htmlYesNo($value);
 
        } else {
-                               if ($tag == 'textarea' and $this->html_type() != 'text') $tag = 'input';
+                               if ($tag == 'textarea' and $type != 'text') $tag = 'input';
+                               if ($media = Mime::html($value,'')) {
+                                       $tag = 'input';
+                                       $type = 'hidden';
+                                       $html .= $media;
+                               }
+
+                               # NB 09.02.18: needed ? 
+                               $value = htmlspecialchars($value);
        $html .= '<'.$tag
                .' name="'.$this->preffix.$this->name.$suff.'"'
        # NB 06.02.18         .' id="'.$this->name.'"'
                .( ($size and $tag != 'textarea') ? ' size="'.$size.'"' : '')
                #.' value="'.$value.'"'
-               .($tag == 'textarea' ? '>'.$value.'</textarea>' : ' type="'
-               .($type ? $type : $this->html_type())
-               .'" value="'.$value.'" />')
+               .($tag == 'textarea' ? '>'.$value.'</textarea>' : ' type="'.$type.'" value="'.$value.'" />')
        ;
 
        }

diff --git a/lib/php/db/table.php b/lib/php/db/table.php
index 6df037ce9342a9f3ee9db6de5c6b53b6421ddc82..1d0bdf7d558f105dcafebe20fad071136c7cd05b 100644 (file)
--- a/lib/php/db/table.php
+++ b/lib/php/db/table.php
@@ -36,20 +36,21 @@ Class Table extends nb {
        public $key_preff = '_key_';
 
        public $fields = [];
-       public $fields_only = [];
+       public $fields_only = []; # filter for rows
        public $indexes = [];
 
        public $idtemplate;
 
+       public static $params = [
+               'db', 'table', 'limit', 'debug', 'action',
+               'page', 'paged', # wordpress
+       ];
+
        # hidden, sort, ... fields
        public $show_hidden_params = true;
        public $show_buttons = true;
        public $show_url_sort = true;
        public $show_header = true;
-       public static $params = [
-               'db', 'table', 'limit', 'debug', 'action',
-               'page', 'paged', # wordpress
-       ];
 
        function __construct($name,$opt=[]) {
 
@@ -521,7 +522,7 @@ Class Table extends nb {
                return html_edit($values,$form_action,true);
        }
 
-       private function sql_edit($values = null,&$add=false) {
+       private function _html_edit_sql($values = null,&$add=false) {
                $where = $this->where($this->fields(),$values);
                if (empty($where)) {
                        $where = ' WHERE 1=0';
@@ -546,7 +547,7 @@ Class Table extends nb {
                        if ($fct = $this->db()->conf_type('html_edit_row')) {
                        } else {
                                $fct = function (&$table,&$values) use ($add) {
-                                       $sql = $table->sql_edit($values,$add);
+                                       $sql = $table->_html_edit_sql($values,$add);
                                        $st = $table->db()->conn->prepare($sql);
                                        $st->execute();
                                        $row = $st->fetch(PDO::FETCH_ASSOC, PDO::FETCH_ORI_NEXT);
@@ -602,7 +603,6 @@ Class Table extends nb {
                // Form
                echo '<form class="db edit form-table" method="post" action="'.$form_action.'">'.NB_EOL;
                echo '<div class="fields">'.NB_EOL;
-               #if ( $add or ($row = $st->fetch(PDO::FETCH_ASSOC, PDO::FETCH_ORI_NEXT))) {
                if ( $add or $row) {
 
                        if (!empty($row)) $this->db()->table_row_decrypt($this,$row);
@@ -620,8 +620,9 @@ Class Table extends nb {
                                }
 
                                if (!$add and $field->key) {
-                                       echo '<input name="'.$this->key_preff.$name.'" value="'.$row[$name].'" type="hidden" />'.NB_EOL;
+                                       echo $this->key_preff.'<input name="'.$this->key_preff.$name.'" value="'.$row[$name].'" type="hidden" />'.NB_EOL;
                                }
+
                                echo $field->html_edit($row[$name]);
                        }
 
@@ -1053,11 +1054,6 @@ Class Table extends nb {
 
                }
 
-               //
-               // Keep only wanted fields
-               //
-               $this->fields_only($row);
-
                //
                // Post
                //
@@ -1074,6 +1070,11 @@ Class Table extends nb {
                        $call = $opt['row_parse_post']; $call($row,$this,$opt);
                }
 
+               //
+               // Keep only wanted fields
+               //
+               $this->fields_only($row);
+
                return $call;
        }
 
@@ -1164,7 +1165,6 @@ Class Table extends nb {
                # Fields
                #
                $opt['fields'] = $fields = $this->fields();
-# NB 07.02.18          $this->fields_only($fields);
 
                # Check fields_only exists
                if (!empty($this->fields_only)) foreach ($this->fields_only as $f) {
@@ -1371,13 +1371,8 @@ Class Table extends nb {
 
                $file = TABLE_TEMPLATE.'/'.$id.'.php';
                if (!is_readable($file)) return false; #$this->bye("Wrong id `$id`");
-# NB 02.12.16     $o['file'] = $file;
                $this->__file = $file;
                $this->__fields = array_keys($fields);
-# NB 02.12.16     $HEAD = array_keys($fields);
-# NB 02.12.16     $ROWS = [];
-# NB 02.12.16     $ROW = [];
-# NB 02.12.16     require $o['file'];
        }
 
        private function rows_rec_template($row,&$o) {
@@ -1387,9 +1382,6 @@ Class Table extends nb {
                        $i++;
                }
                $this->__rows[] = $row;
-# NB 02.12.16     $HEAD = [];
-# NB 02.12.16     $ROWS = [$row];
-# NB 02.12.16     $ROW = $row;
        }
 
        private function rows_end_template() {
@@ -1444,6 +1436,8 @@ Class Table extends nb {
        private function rows_rec_sql(&$row,&$opt) {
                $keys = $values = [];
 
+               $this->fields_only($row);
+
                foreach ($row as $k=>$v) {
                        if (isset($this->extras[$k])) continue;
                        $f = $this->field($k);
@@ -1453,7 +1447,7 @@ Class Table extends nb {
                }
 
                $fields = $this->fields_only ? ' ('.join(',',$keys).')' : '';
-               $sql = "INSERT INTO ".$this->sql_name().$fields." VALUES(".join(',',array_values($values)).");";
+               $sql = "INSERT INTO " . $this->sql_name() . $fields . " VALUES(" . join(',',array_values($values)) . ");";
 
                $fct = !empty($opt['fct']) ? $opt['fct'] : null;
                if ($fct) $sql = $fct($sql,$this);

diff --git a/lib/php/mime.php b/lib/php/mime.php
index 83e47e3cb83644e4cfbf26d43670072b04a15053..98d8ab0d40bf5c8ecb606fc38f7282347a37f943 100644 (file)
--- a/lib/php/mime.php
+++ b/lib/php/mime.php
@@ -729,7 +729,7 @@ class Mime {
                return $m[1];
        }
 
-       public static function html(&$str) {
+       public static function html(&$str,$default=null) {
 
                if (!$str) return $str;
 
@@ -747,7 +747,8 @@ class Mime {
                        return '<img src="data:image/jpeg;base64,'.$v.'" />';
                }
 
-               return $str;
+               if ($default === null) $default = $str;
+               return $default;
        }
 
        private static function is_base64($str) {

diff --git a/lib/php/out.php b/lib/php/out.php
index 51ea254dd79291404d1b3da15a7be30b50f2a02a..c9933abdc5477e1405e4fc5c1aa01aa0a3315438 100644 (file)
--- a/lib/php/out.php
+++ b/lib/php/out.php
@@ -304,10 +304,6 @@ Class Out extends Nb {
     #return;
   }
 
-  /*
-   * Function format
-   * format ar variable for scalar output
-   */
   public static function row_parse(&$row,$o=[]) {
     if (empty($o['no_format'])) foreach ($row as $k => $v) {
       $row[$k] = self::format($v,null,$o);
@@ -317,16 +313,18 @@ Class Out extends Nb {
     }
   }
 
+  /*
+   * Function format
+   * format ar variable for scalar output
+   */
   public static function format($v,$type=null,$o=[]) {
     if ($type === null) $type = self::type();
     $is_scalar = is_scalar($v);
     $v = self::scalar($v);
     if ($v==='') $is_scalar = true;
 
-# NB 07.01.18     if (empty($o['no_escape'])) $v = self::escape($v);
     if (!empty($o['escape'])) $v = self::escape($v);
 
-# NB 05.02.18     if (!$is_scalar and strpos($type,'html') !== false) $v = '<pre>'.NB_EOL.$v.NB_EOL.'</pre>';
     return $v;
   }
 

diff --git a/www/dbq/dbq.php b/www/dbq/dbq.php
index 254aa922e2935e0b5ce7886cf74ae5dd7f011a50..6e597eebe12c7dc450a7e2d35b30a25337beba63 100644 (file)
--- a/www/dbq/dbq.php
+++ b/www/dbq/dbq.php
@@ -479,7 +479,7 @@ class DbQ extends nb {
                        return;
                }
                # nb 31.01.18: move to out.php or ldap.php 
-               if ($this->is_html) mime::html($r);
+               if ($this->is_html) Mime::html($r);
 
                if (empty($row_parse_post)) return;
                $row_parse_post($r,$this->table);