From a362ac12b119b49519f5af51b92ebb7d6e127b87 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 31 Oct 2013 12:38:25 +0100
Subject: Comments, minor refactoring, possiblity to validate configuration
 parameters

---
 modules/baseconfig.inc.php | 69 ++++++++++++++++++++++++++++++----------------
 1 file changed, 46 insertions(+), 23 deletions(-)

(limited to 'modules/baseconfig.inc.php')

diff --git a/modules/baseconfig.inc.php b/modules/baseconfig.inc.php
index 58c6fa01..f6f4188f 100644
--- a/modules/baseconfig.inc.php
+++ b/modules/baseconfig.inc.php
@@ -3,43 +3,60 @@
 User::load();
 
 // Determine if we're setting global, distro or pool
-if (isset($_REQUEST['distro'])) {
+$qry_extra = array();
+if (isset($_REQUEST['distroid'])) {
 	// TODO: Everything
-	$qry_insert = ', distroid';
-	$qry_values = ', :distroid';
-	$qry_distroid = (int)$_REQUEST['distro'];
-	if (isset($_REQUEST['pool'])) {
-		// TODO: Everything
-		$qry_insert .= ', poolid';
-		$qry_values .= ', :poolid';
-		$qry_poolid .= (int)$_REQUEST['pool'];
+	$qry_extra[] = array(
+		'name'  => 'distroid',
+		'value' => (int)$_REQUEST['distroid'],
+		'table' => 'setting_distro',
+	);
+	if (isset($_REQUEST['poolid'])) {
+		$qry_extra[] = array(
+			'name'  => 'poolid',
+			'value' => (int)$_REQUEST['poolid'],
+			'table' => 'setting_pool',
+		);
 	}
-} else {
-	$qry_insert = '';
-	$qry_values = '';
-	$qry_distroid = '';
-	$qry_poolid = '';
 }
 
 
 if (isset($_POST['setting']) && is_array($_POST['setting'])) {
 	if (User::hasPermission('superadmin')) {
 		if (Util::verifyToken()) {
+			// Build variables for specific sub-settings
+			$qry_insert = '';
+			$qry_values = '';
+			foreach ($qry_extra as $item) {
+				$qry_insert = ', ' . $item['name'];
+				$qry_values = ', :' . $item['name'];
+			}
 			// Load all existing config options to validate input
 			$settings = array();
-			$res = Database::simpleQuery('SELECT setting FROM setting');
+			$res = Database::simpleQuery('SELECT setting, validator FROM setting');
 			while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-				$settings[$row['setting']] = true; // will contain validation regex at some point
+				$settings[$row['setting']] = $row['validator'];
 			}
-			foreach (array_keys($settings) as $key) {
-				$value = (isset($_POST['setting'][$key]) ? $_POST['setting'][$key] : '');
-				// use validation regex here
-				Database::exec("INSERT INTO setting_global (setting, value $qry_insert) VALUES (:key, :value $qry_values) ON DUPLICATE KEY UPDATE value = :value", array(
-					'key'      => $key,
-					'value'    => $value,
-				));
+			foreach ($settings as $key => $validator) {
+				$input = (isset($_POST['setting'][$key]) ? $_POST['setting'][$key] : '');
+				// Validate data first!
+				$value = Validator::validate($validator, $input);
+				if ($value === false) {
+					Message::addWarning('value-invalid', $key, $input);
+					continue;
+				}
+				// Now put into DB
+				Database::exec("INSERT INTO setting_global (setting, value $qry_insert)
+					VALUES (:key, :value $qry_values)
+					ON DUPLICATE KEY UPDATE value = :value",
+					$qry_extra + array(
+						'key'      => $key,
+						'value'    => $value,
+					)
+				);
 			}
 			Message::addSuccess('settings-updated');
+			Util::redirect('?do=baseconfig');
 		}
 	}
 }
@@ -50,6 +67,12 @@ function render_module()
 		Message::addError('no-permission');
 		return;
 	}
+	// Build left joins for specific settings
+	global $qry_extra;
+	$joins = '';
+	foreach ($qry_extra as $item) {
+		$joins .= " LEFT JOIN ${item['table']} ";
+	}
 	// List global config option
 	$settings = array();
 	$res = Database::simpleQuery('SELECT setting.setting, setting.defaultvalue, setting.permissions, setting.description, tbl.value
-- 
cgit v1.2.3-55-g7522