From f6d5022b2056172fe8a5c135c6b247f9db08009c Mon Sep 17 00:00:00 2001 From: joebordes Date: Sun, 19 Dec 2021 18:20:11 +0100 Subject: [PATCH] sec(Validations) apply all validations again in PHP on Save --- modules/Vtiger/Save.php | 9 +++++ modules/cbMap/processmap/Validations.php | 44 +++++++++++------------- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/modules/Vtiger/Save.php b/modules/Vtiger/Save.php index c0b4e56f9d..6936222a52 100644 --- a/modules/Vtiger/Save.php +++ b/modules/Vtiger/Save.php @@ -7,6 +7,7 @@ * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ************************************************************************************/ +require_once 'modules/Vtiger/ExecuteFunctionsfromphp.php'; global $current_user, $currentModule, $singlepane_view; checkFileAccessForInclusion("modules/$currentModule/$currentModule.php"); @@ -93,6 +94,14 @@ } } list($saveerror,$errormessage,$error_action,$returnvalues) = $focus->preSaveCheck($_REQUEST); +if (!$saveerror) { // if there is no error we still check the defined validations again + $validation = executefunctionsvalidate('ValidationLoad', $currentModule, json_encode(vtlib_purify($_REQUEST))); + if ($validation != '%%%OK%%%') { + $saveerror = true; + $errormessage = $validation; + $error_action = ''; + } +} if ($saveerror) { // there is an error so we go back to EditView. $return_module=$return_id=$return_action=''; if (isset($_REQUEST['return_id']) && $_REQUEST['return_id'] != '') { diff --git a/modules/cbMap/processmap/Validations.php b/modules/cbMap/processmap/Validations.php index e669bf9b27..1c01a40560 100644 --- a/modules/cbMap/processmap/Validations.php +++ b/modules/cbMap/processmap/Validations.php @@ -406,6 +406,20 @@ private static function addFieldValidations($mapping, $tabid) { $validationData = getDBValidationData(array(), $tabid); foreach ($validationData as $fname => $finfo) { foreach ($finfo as $fvalidation) { + if (substr($fvalidation, 0, 2)=='I~') { + if (isset($mapping['fields'][$fname])) { + $mapping['fields'][$fname][] = array('rule'=>'integer', 'rst'=>array()); + } else { + $mapping['fields'][$fname] = array(array('rule'=>'integer', 'rst'=>array())); + } + } + if (substr($fvalidation, 0, 2)=='N~') { + if (isset($mapping['fields'][$fname])) { + $mapping['fields'][$fname][] = array('rule'=>'min', 'rst'=>array(0)); + } else { + $mapping['fields'][$fname] = array(array('rule'=>'min', 'rst'=>array(0))); + } + } if (strpos($fvalidation, '~M')) { if ($fname=='taxclass') { unset($mapping['fields'][$fname]); @@ -464,31 +478,13 @@ private static function addFieldValidations($mapping, $tabid) { return $mapping; } + /** + * We just return true because all modules have some validation now that we are checking them all again + * at the very least they are going to have the MySQL varchar limit check and that is in the case that + * all other validations on the module are deactivated (integer, number, ...) + */ public static function ValidationsExist($module) { - global $adb, $current_user; - $crmEntityTable = CRMEntity::getcrmEntityTableAlias('cbMap'); - $q = "select 1 - from vtiger_cbmap - inner join ".$crmEntityTable." on vtiger_crmentity.crmid=cbmapid - where deleted=0 and maptype=? and targetname=? and mapname like '%_Validations' limit 1"; - $rs = $adb->pquery($q, array('Validations',$module)); - if ($rs && $adb->num_rows($rs)==1) { - return true; - } - $crmGvEntityTable = CRMEntity::getcrmEntityTableAlias('GlobalVariable'); - $q = 'select globalvariableid - from vtiger_globalvariable - inner join '.$crmGvEntityTable.' on vtiger_crmentity.crmid=globalvariableid - where vtiger_crmentity.deleted=0 and gvname=? and module_list=? and bmapid!=0 and bmapid is not null'; - $rs = $adb->pquery($q, array('BusinessMapping_Validations', $module)); - if ($rs && $adb->num_rows($rs)>0) { - while ($gv = $adb->fetch_array($rs)) { - if (GlobalVariable::isAppliable($gv['globalvariableid'], $module, $current_user->id)) { - return true; - } - } - } - return false; + return true; } public static function recordIsAssignedToInactiveUser() {