MDL-21767 fixed input validation
authorPetr Skoda <skodak@moodle.org>
Sun, 7 Mar 2010 14:58:19 +0000 (14:58 +0000)
committerPetr Skoda <skodak@moodle.org>
Sun, 7 Mar 2010 14:58:19 +0000 (14:58 +0000)
lib/form/select.php
lib/form/selectgroups.php
lib/form/selectwithlink.php

index 9742d92..f6bcfbd 100644 (file)
@@ -117,4 +117,39 @@ class MoodleQuickForm_select extends HTML_QuickForm_select{
             return 'default';
         }
     }
+   /**
+    * We check the options and return only the values that _could_ have been
+    * selected. We also return a scalar value if select is not "multiple"
+    */
+    function exportValue(&$submitValues, $assoc = false)
+    {
+        if (empty($this->_options)) {
+            return $this->_prepareValue(null, $assoc);
+        }
+
+        $value = $this->_findValue($submitValues);
+        if (is_null($value)) {
+            $value = $this->getValue();
+        }
+        $value = (array)$value;
+
+        $cleaned = array();
+        foreach ($value as $v) {
+            foreach ($this->_options as $option) {
+                if ((string)$option['attr']['value'] === (string)$v) {
+                    $cleaned[] = (string)$option['attr']['value'];
+                    break;
+                }
+            }
+        }
+
+        if (empty($cleaned)) {
+            return $this->_prepareValue(null, $assoc);
+        }
+        if ($this->getMultiple()) {
+            return $this->_prepareValue($cleaned, $assoc);
+        } else {
+            return $this->_prepareValue($cleaned[0], $assoc);
+        }
+    }
 }
index 9db9b8f..5838510 100644 (file)
@@ -487,37 +487,41 @@ class MoodleQuickForm_selectgroups extends HTML_QuickForm_element {
     */
     function exportValue(&$submitValues, $assoc = false)
     {
+        if (empty($this->_optGroups)) {
+            return $this->_prepareValue(null, $assoc);
+        }
+
         $value = $this->_findValue($submitValues);
         if (is_null($value)) {
             $value = $this->getValue();
-        } elseif(!is_array($value)) {
-            $value = array($value);
         }
-        if (is_array($value) && !empty($this->_optGroups)) {
-            $cleanValue = null;
-            foreach ($value as $v) {
-                foreach ($this->_optGroups as $optGroup){
-                    if (empty($optGroup['options'])) {
-                        continue;
-                    }
-                    for ($i = 0, $optCount = count($optGroup['options']); $i < $optCount; $i++) {
-                        if ($v == $optGroup['options'][$i]['attr']['value']) {
-                            $cleanValue[] = $v;
-                            break;
-                        }
+        $value = (array)$value;
+
+        $cleaned = array();
+        foreach ($value as $v) {
+            foreach ($this->_optGroups as $optGroup){
+                if (empty($optGroup['options'])) {
+                    continue;
+                }
+                foreach ($optGroup['options'] as $option) {
+                    if ((string)$option['attr']['value'] === (string)$v) {
+                        $cleaned[] = (string)$option['attr']['value'];
+                        break;
                     }
                 }
             }
-        } else {
-            $cleanValue = $value;
         }
-        if (is_array($cleanValue) && !$this->getMultiple()) {
-            return $this->_prepareValue($cleanValue[0], $assoc);
+
+        if (empty($cleaned)) {
+            return $this->_prepareValue(null, $assoc);
+        }
+        if ($this->getMultiple()) {
+            return $this->_prepareValue($cleaned, $assoc);
         } else {
-            return $this->_prepareValue($cleanValue, $assoc);
+            return $this->_prepareValue($cleaned[0], $assoc);
         }
     }
-
+    
     // }}}
     // {{{ onQuickFormEvent()
 
index 6d5a1de..ccdd55a 100755 (executable)
@@ -148,4 +148,39 @@ class MoodleQuickForm_selectwithlink extends HTML_QuickForm_select{
             return 'default';
         }
     }
+   /**
+    * We check the options and return only the values that _could_ have been
+    * selected. We also return a scalar value if select is not "multiple"
+    */
+    function exportValue(&$submitValues, $assoc = false)
+    {
+        if (empty($this->_options)) {
+            return $this->_prepareValue(null, $assoc);
+        }
+
+        $value = $this->_findValue($submitValues);
+        if (is_null($value)) {
+            $value = $this->getValue();
+        }
+        $value = (array)$value;
+
+        $cleaned = array();
+        foreach ($value as $v) {
+            foreach ($this->_options as $option) {
+                if ((string)$option['attr']['value'] === (string)$v) {
+                    $cleaned[] = (string)$option['attr']['value'];
+                    break;
+                }
+            }
+        }
+
+        if (empty($cleaned)) {
+            return $this->_prepareValue(null, $assoc);
+        }
+        if ($this->getMultiple()) {
+            return $this->_prepareValue($cleaned, $assoc);
+        } else {
+            return $this->_prepareValue($cleaned[0], $assoc);
+        }
+    }
 }