Index: branches/RC/core/units/general/helpers/controls/minput_helper.php
===================================================================
diff -u -r10294 -r10647
--- branches/RC/core/units/general/helpers/controls/minput_helper.php (.../minput_helper.php) (revision 10294)
+++ branches/RC/core/units/general/helpers/controls/minput_helper.php (.../minput_helper.php) (revision 10647)
@@ -24,7 +24,7 @@
if (!in_array($field_name, $use_fields)) {
continue;
}
- $xml .= ''.$field_value.'';
+ $xml .= '' . htmlspecialchars($field_value) . '';
}
$xml .= '';
}
@@ -109,43 +109,43 @@
{
$object =& $event->getObject();
/* @var $object kDBItem */
-
- $sub_item =& $this->Application->recallObject($sub_prefix, null, Array('skip_autoload' => true));
+
+ $sub_item =& $this->Application->recallObject($sub_prefix, null, Array('skip_autoload' => true));
/* @var $sub_item kDBItem */
$foreign_key = $this->Application->getUnitOption($sub_prefix, 'ForeignKey');
$sql = 'SELECT *
FROM '.$this->getTable($sub_prefix, $object->IsTempTable()).'
WHERE '.$foreign_key.' = '.$object->GetID();
-
+
$selected_items = $this->Conn->Query($sql);
-
+
$field_names = array_keys( $sub_item->GetFieldValues() );
-
+
foreach ($selected_items as $key => $fields_hash) {
$sub_item->Clear();
$sub_item->SetDBFieldsFromHash($fields_hash);
-
+
// to fill *_date and *_time fields from main date fields
- $sub_item->UpdateFormattersSubFields();
-
+ $sub_item->UpdateFormattersSubFields();
+
foreach ($field_names as $field) {
- $field_options = $sub_item->GetFieldOptions($field);
+ $field_options = $sub_item->GetFieldOptions($field);
$formatter = array_key_exists('formatter', $field_options) ? $field_options['formatter'] : false;
-
+
if ($formatter == 'kDateFormatter') {
- $selected_items[$key][$field] = $sub_item->GetField($field);
+ $selected_items[$key][$field] = $sub_item->GetField($field);
}
else {
- $selected_items[$key][$field] = $sub_item->GetDBField($field);
+ $selected_items[$key][$field] = $sub_item->GetDBField($field);
}
}
}
$object->SetDBField($store_field, $this->prepareMInputXML($selected_items, $use_fields));
}
-
+
/**
* Saves data from minput control to subitem table (used from subitem hook)
*
@@ -157,21 +157,21 @@
$main_object =& $sub_event->MasterEvent->getObject();
$affected_field = $main_object->GetDBField($store_field);
- $object =& $this->Application->recallObject($sub_event->getPrefixSpecial(), null, Array('skip_autoload' => true));
+ $object =& $this->Application->recallObject($sub_event->getPrefixSpecial(), null, Array('skip_autoload' => true));
/*@var $object kDBItem*/
-
+
$sub_table = $object->TableName;
$foreign_key = $this->Application->getUnitOption($sub_event->Prefix, 'ForeignKey');
-
+
$sql = 'DELETE FROM '.$sub_table.'
WHERE '.$foreign_key.' = '.$main_object->GetID();
-
+
$this->Conn->Query($sql);
-
+
if ($affected_field) {
$records = $this->parseMInputXML($affected_field);
$main_id = $main_object->GetID();
-
+
foreach ($records as $fields_hash) {
$object->Clear();
$fields_hash[$foreign_key] = $main_id;
Index: branches/RC/core/admin_templates/js/form_controls.js
===================================================================
diff -u -r10020 -r10647
--- branches/RC/core/admin_templates/js/form_controls.js (.../form_controls.js) (revision 10020)
+++ branches/RC/core/admin_templates/js/form_controls.js (.../form_controls.js) (revision 10647)
@@ -244,7 +244,7 @@
while ($i < this.Records.length) {
$xml += '';
for (var $field_name in this.Controls) {
- $xml += '' + this.Records[$i][$field_name] + '';
+ $xml += '' + this.htmlspecialchars(this.Records[$i][$field_name]) + '';
}
$xml += '';
$i++;
@@ -253,6 +253,15 @@
this.getControl(this.FieldName).value = $xml ? '' + $xml + '' : '';
}
+MultiInputControl.prototype.htmlspecialchars = function (string) {
+ string = string.replace(/&/g, '&');
+ string = string.replace(//g, '>');
+ string = string.replace(/\"/g, '"');
+
+ return string;
+}
+
MultiInputControl.prototype.prepareRecord = function() {
var $record = new Array ();
for (var $field_name in this.Controls) {