From dc67ec3170ea3d318ba4e7e6d2d545798a20637f Mon Sep 17 00:00:00 2001
From: Nicolas Boisselier <nicolas.boisselier@gmail.com>
Date: Fri, 9 Feb 2018 03:30:48 +0000
Subject: [PATCH] lib/php/db/field.php

---
 lib/php/db/field.php | 16 ++++++++++++----
 lib/php/db/table.php | 42 ++++++++++++++++++------------------------
 lib/php/mime.php     |  5 +++--
 lib/php/out.php      | 10 ++++------
 www/dbq/dbq.php      |  2 +-
 5 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/lib/php/db/field.php b/lib/php/db/field.php
index 84805a2f..f49b4be1 100644
--- a/lib/php/db/field.php
+++ b/lib/php/db/field.php
@@ -119,6 +119,8 @@ class field extends nb {
 
 		$values = (array)$values;
 		$suff = count( $values ) > 1 ? '[]' : '';
+		if ($type === null) $type = $this->html_type();
+
 		foreach ($values as $value) {
     	$html .= '<div class="label '.$this->name.'"><label for="'.$this->name.'">'.htmlspecialchars(prettyText($this->name)).'</label>';
 
@@ -129,15 +131,21 @@ class field extends nb {
       	$html .= $this->htmlYesNo($value);
 
     	} else {
-				if ($tag == 'textarea' and $this->html_type() != 'text') $tag = 'input';
+				if ($tag == 'textarea' and $type != 'text') $tag = 'input';
+				if ($media = Mime::html($value,'')) {
+					$tag = 'input';
+					$type = 'hidden';
+					$html .= $media;
+				}
+
+				# NB 09.02.18: needed ? 
+				$value = htmlspecialchars($value);
       	$html .= '<'.$tag
         	.' name="'.$this->preffix.$this->name.$suff.'"'
 	# NB 06.02.18         .' id="'.$this->name.'"'
         	.( ($size and $tag != 'textarea') ? ' size="'.$size.'"' : '')
         	#.' value="'.$value.'"'
-        	.($tag == 'textarea' ? '>'.$value.'</textarea>' : ' type="'
-          	.($type ? $type : $this->html_type())
-        	.'" value="'.$value.'" />')
+        	.($tag == 'textarea' ? '>'.$value.'</textarea>' : ' type="'.$type.'" value="'.$value.'" />')
       	;
 
     	}
diff --git a/lib/php/db/table.php b/lib/php/db/table.php
index 6df037ce..1d0bdf7d 100644
--- a/lib/php/db/table.php
+++ b/lib/php/db/table.php
@@ -36,20 +36,21 @@ Class Table extends nb {
 	public $key_preff = '_key_';
 
 	public $fields = [];
-	public $fields_only = [];
+	public $fields_only = []; # filter for rows
 	public $indexes = [];
 
 	public $idtemplate;
 
+	public static $params = [
+		'db', 'table', 'limit', 'debug', 'action',
+		'page', 'paged', # wordpress
+	];
+
 	# hidden, sort, ... fields
 	public $show_hidden_params = true;
 	public $show_buttons = true;
 	public $show_url_sort = true;
 	public $show_header = true;
-	public static $params = [
-		'db', 'table', 'limit', 'debug', 'action',
-		'page', 'paged', # wordpress
-	];
 
 	function __construct($name,$opt=[]) {
 
@@ -521,7 +522,7 @@ Class Table extends nb {
 		return html_edit($values,$form_action,true);
 	}
 
-	private function sql_edit($values = null,&$add=false) {
+	private function _html_edit_sql($values = null,&$add=false) {
 		$where = $this->where($this->fields(),$values);
 		if (empty($where)) {
 			$where = ' WHERE 1=0';
@@ -546,7 +547,7 @@ Class Table extends nb {
 			if ($fct = $this->db()->conf_type('html_edit_row')) {
 			} else {
 				$fct = function (&$table,&$values) use ($add) {
-					$sql = $table->sql_edit($values,$add);
+					$sql = $table->_html_edit_sql($values,$add);
 					$st = $table->db()->conn->prepare($sql);
 					$st->execute();
  					$row = $st->fetch(PDO::FETCH_ASSOC, PDO::FETCH_ORI_NEXT);
@@ -602,7 +603,6 @@ Class Table extends nb {
 		// Form
 		echo '<form class="db edit form-table" method="post" action="'.$form_action.'">'.NB_EOL;
 		echo '<div class="fields">'.NB_EOL;
-		#if ( $add or ($row = $st->fetch(PDO::FETCH_ASSOC, PDO::FETCH_ORI_NEXT))) {
 		if ( $add or $row) {
 
 			if (!empty($row)) $this->db()->table_row_decrypt($this,$row);
@@ -620,8 +620,9 @@ Class Table extends nb {
 				}
 
 				if (!$add and $field->key) {
-					echo '<input name="'.$this->key_preff.$name.'" value="'.$row[$name].'" type="hidden" />'.NB_EOL;
+					echo $this->key_preff.'<input name="'.$this->key_preff.$name.'" value="'.$row[$name].'" type="hidden" />'.NB_EOL;
 				}
+
 				echo $field->html_edit($row[$name]);
 			}
 
@@ -1053,11 +1054,6 @@ Class Table extends nb {
 
 		}
 
-		//
-		// Keep only wanted fields
-		//
-		$this->fields_only($row);
-
 		//
 		// Post
 		//
@@ -1074,6 +1070,11 @@ Class Table extends nb {
 			$call = $opt['row_parse_post']; $call($row,$this,$opt);
 		}
 
+		//
+		// Keep only wanted fields
+		//
+		$this->fields_only($row);
+
 		return $call;
 	}
 
@@ -1164,7 +1165,6 @@ Class Table extends nb {
 		# Fields
 		#
 		$opt['fields'] = $fields = $this->fields();
-# NB 07.02.18 		$this->fields_only($fields);
 
 		# Check fields_only exists
 		if (!empty($this->fields_only)) foreach ($this->fields_only as $f) {
@@ -1371,13 +1371,8 @@ Class Table extends nb {
 
 		$file = TABLE_TEMPLATE.'/'.$id.'.php';
 		if (!is_readable($file)) return false; #$this->bye("Wrong id `$id`");
-# NB 02.12.16     $o['file'] = $file;
 		$this->__file = $file;
 		$this->__fields = array_keys($fields);
-# NB 02.12.16     $HEAD = array_keys($fields);
-# NB 02.12.16     $ROWS = [];
-# NB 02.12.16     $ROW = [];
-# NB 02.12.16     require $o['file'];
 	}
 
 	private function rows_rec_template($row,&$o) {
@@ -1387,9 +1382,6 @@ Class Table extends nb {
 			$i++;
 		}
 		$this->__rows[] = $row;
-# NB 02.12.16     $HEAD = [];
-# NB 02.12.16     $ROWS = [$row];
-# NB 02.12.16     $ROW = $row;
 	}
 
 	private function rows_end_template() {
@@ -1444,6 +1436,8 @@ Class Table extends nb {
 	private function rows_rec_sql(&$row,&$opt) {
 		$keys = $values = [];
 
+		$this->fields_only($row);
+
 		foreach ($row as $k=>$v) {
 			if (isset($this->extras[$k])) continue;
 			$f = $this->field($k);
@@ -1453,7 +1447,7 @@ Class Table extends nb {
 		}
 
 		$fields = $this->fields_only ? ' ('.join(',',$keys).')' : '';
-		$sql = "INSERT INTO ".$this->sql_name().$fields." VALUES(".join(',',array_values($values)).");";
+		$sql = "INSERT INTO " . $this->sql_name() . $fields . " VALUES(" . join(',',array_values($values)) . ");";
 
 		$fct = !empty($opt['fct']) ? $opt['fct'] : null;
 		if ($fct) $sql = $fct($sql,$this);
diff --git a/lib/php/mime.php b/lib/php/mime.php
index 83e47e3c..98d8ab0d 100644
--- a/lib/php/mime.php
+++ b/lib/php/mime.php
@@ -729,7 +729,7 @@ class Mime {
 		return $m[1];
 	}
 
-	public static function html(&$str) {
+	public static function html(&$str,$default=null) {
 
 		if (!$str) return $str;
 
@@ -747,7 +747,8 @@ class Mime {
 			return '<img src="data:image/jpeg;base64,'.$v.'" />';
 		}
 
-		return $str;
+		if ($default === null) $default = $str;
+		return $default;
 	}
 
 	private static function is_base64($str) {
diff --git a/lib/php/out.php b/lib/php/out.php
index 51ea254d..c9933abd 100644
--- a/lib/php/out.php
+++ b/lib/php/out.php
@@ -304,10 +304,6 @@ Class Out extends Nb {
     #return;
   }
 
-  /*
-   * Function format
-   * format ar variable for scalar output
-   */
   public static function row_parse(&$row,$o=[]) {
     if (empty($o['no_format'])) foreach ($row as $k => $v) {
       $row[$k] = self::format($v,null,$o);
@@ -317,16 +313,18 @@ Class Out extends Nb {
     }
   }
 
+  /*
+   * Function format
+   * format ar variable for scalar output
+   */
   public static function format($v,$type=null,$o=[]) {
     if ($type === null) $type = self::type();
     $is_scalar = is_scalar($v);
     $v = self::scalar($v);
     if ($v==='') $is_scalar = true;
 
-# NB 07.01.18     if (empty($o['no_escape'])) $v = self::escape($v);
     if (!empty($o['escape'])) $v = self::escape($v);
 
-# NB 05.02.18     if (!$is_scalar and strpos($type,'html') !== false) $v = '<pre>'.NB_EOL.$v.NB_EOL.'</pre>';
     return $v;
   }
 
diff --git a/www/dbq/dbq.php b/www/dbq/dbq.php
index 254aa922..6e597eeb 100644
--- a/www/dbq/dbq.php
+++ b/www/dbq/dbq.php
@@ -479,7 +479,7 @@ class DbQ extends nb {
 			return;
 		}
 		# nb 31.01.18: move to out.php or ldap.php 
-		if ($this->is_html) mime::html($r);
+		if ($this->is_html) Mime::html($r);
 
 		if (empty($row_parse_post)) return;
 		$row_parse_post($r,$this->table);
-- 
2.47.3