diff --git a/application/utils.inc.php b/application/utils.inc.php index c9c2e5a7b..3000af189 100644 --- a/application/utils.inc.php +++ b/application/utils.inc.php @@ -181,6 +181,7 @@ class utils break; case 'parameter': + case 'field_name': if (is_array($value)) { $retValue = array(); @@ -196,10 +197,21 @@ class utils } else { - $retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[ A-Za-z0-9_=-]*$/'))); // the '=' equal character is used in serialized filters + switch($sSanitizationFilter) + { + case 'parameter': + $retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[ A-Za-z0-9_=-]*$/'))); // the '=' equal character is used in serialized filters + break; + + case 'field_name': + $retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[A-Za-z0-9_]+(->[A-Za-z0-9_]+)*$/'))); // att_code or att_code->name or AttCode->Name or AttCode->Key2->Name + break; + } } break; + break; + default: case 'raw_data': $retValue = $value; diff --git a/pages/csvimport.php b/pages/csvimport.php index 007d51c3c..0afeab5a0 100644 --- a/pages/csvimport.php +++ b/pages/csvimport.php @@ -198,8 +198,8 @@ try $bHeaderLine = (utils::ReadParam('header_line', '0') == 1); $iRealSkippedLines = $iSkippedLines = utils::ReadParam('nb_skipped_lines', '0'); $sClassName = utils::ReadParam('class_name', ''); - $aFieldsMapping = utils::ReadParam('field', array()); - $aSearchFields = utils::ReadParam('search_field', array()); + $aFieldsMapping = utils::ReadParam('field', array(), false, 'field_name'); + $aSearchFields = utils::ReadParam('search_field', array(), false, 'field_name'); $iCurrentStep = $bSimulate ? 4 : 5; $bAdvanced = utils::ReadParam('advanced', 0); $sEncoding = utils::ReadParam('encoding', 'UTF-8'); diff --git a/setup/setuppage.class.inc.php b/setup/setuppage.class.inc.php index 65eaa67ee..c6e3b98be 100644 --- a/setup/setuppage.class.inc.php +++ b/setup/setuppage.class.inc.php @@ -677,7 +677,7 @@ function CreateDatabaseStructure(Config $oConfig, $aSelectedModules, $sMode) MetaModel::DBCreate(); SetupWebPage::log_ok("Database structure successfully created."); // Check (and update only if it seems needed) the hierarchical keys - MetaModel::CheckHKeys(false /* bForceUpdate */); + MetaModel::CheckHKeys(false /* bDiagnosticsOnly */, false /* bVerbose*/, false /* bForceUpdate */); } else { diff --git a/synchro/synchro_exec.php b/synchro/synchro_exec.php index 562d07e66..636dae5f1 100644 --- a/synchro/synchro_exec.php +++ b/synchro/synchro_exec.php @@ -61,9 +61,9 @@ function UsageAndExit($oP) exit -2; } -function ReadMandatoryParam($oP, $sParam) +function ReadMandatoryParam($oP, $sParam, $sSanitizationFilter = 'parameter') { - $sValue = utils::ReadParam($sParam, null, true /* Allow CLI */); + $sValue = utils::ReadParam($sParam, null, true /* Allow CLI */, $sSanitizationFilter); if (is_null($sValue)) { $oP->p("ERROR: Missing argument '$sParam'\n"); @@ -100,9 +100,9 @@ if (utils::IsModeCLI()) // Next steps: // specific arguments: 'csvfile' // - $sAuthUser = ReadMandatoryParam($oP, 'auth_user'); - $sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd'); - $sDataSourcesList = ReadMandatoryParam($oP, 'data_sources'); + $sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data'); + $sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data'); + $sDataSourcesList = ReadMandatoryParam($oP, 'data_sources', 'raw_data'); // May contain commas if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) { UserRights::Login($sAuthUser); // Login & set the user's language @@ -119,7 +119,7 @@ else require_once(APPROOT.'/application/loginwebpage.class.inc.php'); LoginWebPage::DoLogin(); // Check user rights and prompt if needed - $sDataSourcesList = utils::ReadParam('data_sources', null, true); + $sDataSourcesList = utils::ReadParam('data_sources', null, true, 'raw_data'); if ($sDataSourcesList == null) { diff --git a/synchro/synchro_import.php b/synchro/synchro_import.php index f3b628947..2b7e63cdd 100644 --- a/synchro/synchro_import.php +++ b/synchro/synchro_import.php @@ -176,22 +176,22 @@ function UsageAndExit($oP) } -function ReadParam($oP, $sParam) +function ReadParam($oP, $sParam, $sSanitizationFilter = 'parameter') { global $aPageParams; assert(isset($aPageParams[$sParam])); assert(!$aPageParams[$sParam]['mandatory']); - $sValue = utils::ReadParam($sParam, $aPageParams[$sParam]['default'], true /* Allow CLI */); + $sValue = utils::ReadParam($sParam, $aPageParams[$sParam]['default'], true /* Allow CLI */, $sSanitizationFilter); return trim($sValue); } -function ReadMandatoryParam($oP, $sParam) +function ReadMandatoryParam($oP, $sParam, $sSanitizationFilter) { global $aPageParams; assert(isset($aPageParams[$sParam])); assert($aPageParams[$sParam]['mandatory']); - $sValue = utils::ReadParam($sParam, null, true /* Allow CLI */); + $sValue = utils::ReadParam($sParam, null, true /* Allow CLI */, $sSanitizationFilter); if (is_null($sValue)) { $oP->p("ERROR: Missing argument '$sParam'\n"); @@ -244,9 +244,9 @@ if (utils::IsModeCLI()) // Next steps: // specific arguments: 'csvfile' // - $sAuthUser = ReadMandatoryParam($oP, 'auth_user'); - $sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd'); - $sCsvFile = ReadMandatoryParam($oP, 'csvfile'); + $sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data'); + $sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data'); + $sCsvFile = ReadMandatoryParam($oP, 'csvfile', 'raw_data'); if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) { UserRights::Login($sAuthUser); // Login & set the user's language @@ -273,7 +273,7 @@ else require_once(APPROOT.'/application/loginwebpage.class.inc.php'); LoginWebPage::DoLogin(); // Check user rights and prompt if needed - $sCSVData = utils::ReadPostedParam('csvdata', '', 'raw_data'); + $sCSVData = utils::ReadPostedParam('csvdata', '', false, 'raw_data'); } @@ -285,14 +285,14 @@ try // $iDataSourceId = ReadMandatoryParam($oP, 'data_source_id'); $sSynchronize = ReadParam($oP, 'synchronize'); - $sSep = ReadParam($oP, 'separator'); - $sQualifier = ReadParam($oP, 'qualifier'); - $sCharSet = ReadParam($oP, 'charset'); - $sDateFormat = ReadParam($oP, 'date_format'); + $sSep = ReadParam($oP, 'separator', 'raw_data'); + $sQualifier = ReadParam($oP, 'qualifier', 'raw_data'); + $sCharSet = ReadParam($oP, 'charset', 'raw_data'); + $sDateFormat = ReadParam($oP, 'date_format', 'raw_data'); $sOutput = ReadParam($oP, 'output'); // $sReportLevel = ReadParam($oP, 'reportlevel'); $sSimulate = ReadParam($oP, 'simulate'); - $sComment = ReadParam($oP, 'comment'); + $sComment = ReadParam($oP, 'comment', 'raw_data'); $oLoadStartDate = new DateTime(); // Now diff --git a/webservices/cron.php b/webservices/cron.php index b5f732f52..d3152ae4c 100644 --- a/webservices/cron.php +++ b/webservices/cron.php @@ -32,9 +32,9 @@ require_once(APPROOT.'/application/startup.inc.php'); -function ReadMandatoryParam($oP, $sParam) +function ReadMandatoryParam($oP, $sParam, $sSanitizationFilter = 'parameter') { - $sValue = utils::ReadParam($sParam, null, true /* Allow CLI */); + $sValue = utils::ReadParam($sParam, null, true /* Allow CLI */, $sSanitizationFilter); if (is_null($sValue)) { $oP->p("ERROR: Missing argument '$sParam'\n"); @@ -130,8 +130,8 @@ if (utils::IsModeCLI()) // Next steps: // specific arguments: 'csvfile' // - $sAuthUser = ReadMandatoryParam($oP, 'auth_user'); - $sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd'); + $sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data'); + $sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data'); if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) { UserRights::Login($sAuthUser); // Login & set the user's language diff --git a/webservices/import.php b/webservices/import.php index 708e8de77..f206912ad 100644 --- a/webservices/import.php +++ b/webservices/import.php @@ -181,22 +181,22 @@ function UsageAndExit($oP) } -function ReadParam($oP, $sParam) +function ReadParam($oP, $sParam, $sSanitizationFilter = 'parameter') { global $aPageParams; assert(isset($aPageParams[$sParam])); assert(!$aPageParams[$sParam]['mandatory']); - $sValue = utils::ReadParam($sParam, $aPageParams[$sParam]['default'], true /* Allow CLI */); + $sValue = utils::ReadParam($sParam, $aPageParams[$sParam]['default'], true /* Allow CLI */, $sSanitizationFilter); return trim($sValue); } -function ReadMandatoryParam($oP, $sParam) +function ReadMandatoryParam($oP, $sParam, $sSanitizationFilter) { global $aPageParams; assert(isset($aPageParams[$sParam])); assert($aPageParams[$sParam]['mandatory']); - $sValue = utils::ReadParam($sParam, null, true /* Allow CLI */); + $sValue = utils::ReadParam($sParam, null, true /* Allow CLI */, $sSanitizationFilter); if (is_null($sValue)) { $oP->p("ERROR: Missing argument '$sParam'\n"); @@ -233,9 +233,9 @@ if (utils::IsModeCLI()) // Next steps: // specific arguments: 'csvfile' // - $sAuthUser = ReadMandatoryParam($oP, 'auth_user'); - $sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd'); - $sCsvFile = ReadMandatoryParam($oP, 'csvfile'); + $sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data'); + $sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data'); + $sCsvFile = ReadMandatoryParam($oP, 'csvfile', 'raw_data'); if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) { UserRights::Login($sAuthUser); // Login & set the user's language @@ -272,16 +272,16 @@ try // // Read parameters // - $sClass = ReadMandatoryParam($oP, 'class'); - $sSep = ReadParam($oP, 'separator'); - $sQualifier = ReadParam($oP, 'qualifier'); - $sCharSet = ReadParam($oP, 'charset'); - $sDateFormat = ReadParam($oP, 'date_format'); + $sClass = ReadMandatoryParam($oP, 'class', 'class'); + $sSep = ReadParam($oP, 'separator', 'raw_data'); + $sQualifier = ReadParam($oP, 'qualifier', 'raw_data'); + $sCharSet = ReadParam($oP, 'charset', 'raw_data'); + $sDateFormat = ReadParam($oP, 'date_format', 'raw_data'); $sOutput = ReadParam($oP, 'output'); // $sReportLevel = ReadParam($oP, 'reportlevel'); - $sReconcKeys = ReadParam($oP, 'reconciliationkeys'); + $sReconcKeys = ReadParam($oP, 'reconciliationkeys', 'field_name'); $sSimulate = ReadParam($oP, 'simulate'); - $sComment = ReadParam($oP, 'comment'); + $sComment = ReadParam($oP, 'comment', 'raw_data'); ////////////////////////////////////////////////// //