diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index ebf6d15d3..ca685e8fe 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -11,6 +11,15 @@ - fix: CS Phishing Exploit. - fix: Groups admin gui - fix: Wiki does not show history correctly + - fix: SQLForm - Field Constraint (Martin Kamerbeek / Oqapi) + - fix: SQLForm - Default search template uses downloadUrl in stead of + templateUrl for displaying thumbnails. (Martin Kamerbeek / Oqapi) + - fix: SQLForm - Required file fields could be left open (Martin Kamerbeek / + Oqapi) + - fix: SQLForm - Using radio buttons would error when re-edited (Martin Kamerbeek / + Oqapi) + - fix: SQLForm - DBD Error handling (Martin Kamerbeek / Oqapi) + 7.3.1 - Fixed a problem with IE and resizable text areas that caused IE to crash diff --git a/docs/upgrades/templates-7.3.2/default-sqlform-search.tmpl b/docs/upgrades/templates-7.3.2/default-sqlform-search.tmpl new file mode 100644 index 000000000..f4c512a07 --- /dev/null +++ b/docs/upgrades/templates-7.3.2/default-sqlform-search.tmpl @@ -0,0 +1,83 @@ +#SQLFormSearchTmpl00001 + + + + +

+ + +
+ + +

+ + + + +

Search records

+
+ + +Some error(s) occurred: +
    + +
    • +     +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Last updateLast update bycolor="red"> + + + (asc)(desc)
+ + + + + <tmpl_var record.value.downloadUrl> + + Click here for file + + + + + + +
+ + + +No fields are defined to be shown in the search results. + + +
+ diff --git a/lib/WebGUI/Asset/Wobject/SQLForm.pm b/lib/WebGUI/Asset/Wobject/SQLForm.pm index 066a56f3e..ffe712bfc 100644 --- a/lib/WebGUI/Asset/Wobject/SQLForm.pm +++ b/lib/WebGUI/Asset/Wobject/SQLForm.pm @@ -608,6 +608,49 @@ sub _createFieldType { #------------------------------------------------------------------- +=head2 _databaseLinkHasPrivileges ( wantedPrivileges, databaseLink ) + +Returns true if the database link has at least the given privileges. + +=head3 wantedPrivileges + +Arrayref containing the desired privileges (eg. ['SELECT','ALTER']) + +=head3 databaseName + +The name of the database you want to check the privileges of. + +=head3 databaseLink + +An instanciated databaselink object. Defaults to the databaselink of the sqlform table. + +=cut + +sub _databaseLinkHasPrivileges { + my (@privileges, @grants, $databaseName); + my $self = shift; + my $wantedPrivileges = shift; + my $dbLink = shift || $self->_getDbLink; + + ($databaseName = $dbLink->get->{DSN}) =~ s/^[^:]*:[^:]*:([^:]*)(:.*)?$/$1/; + + @grants = $dbLink->db->buildArray('show grants for current_user'); + + foreach (@grants) { + if (m/GRANT ([\w\s\d,]*?) ON .$databaseName.*$/) { + push(@privileges, (split(/, /,$1))); + } + } + + return 1 if (isIn('ALL PRIVILEGES', @privileges)); + + foreach (@$wantedPrivileges) { + return 0 unless (isIn(uc($_), @privileges)); + } +} + +#------------------------------------------------------------------- + =head2 _getDbLink ( ) Returns a WebGUI::DatabaseLink object for the database the SQLForm table is in. @@ -1178,7 +1221,14 @@ sub processPropertiesFromFormPost { my $self = shift; my $dbLink = WebGUI::DatabaseLink->new($self->session, $self->session->form->process("databaseLinkId")); - + + # $dbLink->db will raise a fatal error if there is a connection error. +# return ["Can't connect to database through the selected database link"] unless ($dbLink->db); + + unless ($self->_databaseLinkHasPrivileges([qw(ALTER CREATE DELETE INDEX INSERT SELECT UPDATE)], $dbLink)) { + return ["Databaselink does not have enough privileges (Needs ALTER, CREATE, DELETE, INDEX, INSERT, SELECT, UPDATE)"]; + } + $tableName = $self->session->form->process("tableName"); if ($self->session->form->process("assetId") eq 'new') { @@ -2359,7 +2409,13 @@ sub _getFormElement { $fieldParameters->{options} = $field->{options}; # make sure that previously selected items still appear for this for element, even if # if is set to a set difference. - @{$fieldParameters->{options}}{@$fieldValue} = @{$field->{allOptions}}{@$fieldValue} if ($fieldValue && $field->{hasOptions}); + if ($fieldValue && $field->{hasOptions}) { + if ($field->{canHaveMultipleValues}) { + @{$fieldParameters->{options}}{@$fieldValue} = @{$field->{allOptions}}{@$fieldValue}; + } else { + $fieldParameters->{options}->{$fieldValue} = $field->{allOptions}->{$fieldValue}; + } + } $fieldParameters->{options}->{''} = '-leave empty-' if (!$field->{isRequired}); $fieldParameters->{name} = $field->{fieldName}; $fieldParameters->{value} = $fieldValue unless ($fieldType eq 'file'); @@ -2658,6 +2714,7 @@ my @results = $self->session->db->quickArray($sql); push(@update, "__".$fieldName."_mimeType=".$self->session->db->quote($fileType)); } } else { + push(@error, $i18n->get('ers field required').' '.$field->{displayName}) if ($field->{isRequired}); } # Throw error if field is required and empty. } elsif ($self->session->form->process($fieldName) eq '' && $field->{isRequired}) { diff --git a/www/extras/wobject/SQLForm/SQLFormEditField.js b/www/extras/wobject/SQLForm/SQLFormEditField.js index f30f62688..8a9dfb559 100644 --- a/www/extras/wobject/SQLForm/SQLFormEditField.js +++ b/www/extras/wobject/SQLForm/SQLFormEditField.js @@ -39,7 +39,10 @@ function updateFormFields() { // Handle Field constraints section if (document.getElementById('SQLFormFieldConstraintType').value > 0) { enableField('SQLFormFieldConstraintTarget'); - if (document.getElementById('SQLFormFieldConstraintTarget').value == 'value') { + if ( + (document.getElementById('SQLFormFieldConstraintTarget').value == 'value') || + (document.getElementById('SQLFormFieldConstraintTarget').value == '' && document.getElementById('SQLFormFieldConstraintValue').value != '') + ) { enableField('SQLFormFieldConstraintValue'); } else { disableField('SQLFormFieldConstraintValue');