diff --git a/fields/multi_list/field.php b/fields/multi_list/field.php
index 72156c0..304ce82 100644
--- a/fields/multi_list/field.php
+++ b/fields/multi_list/field.php
@@ -15,9 +15,10 @@
function get_field_multi_list($field_value, $action, $field_id=0, $tpl='', $tpl_empty=0, &$maxlength=null, $document_fields=array(), $rubric_id=0, $default=null, $_tpl=null)
{
global $AVE_Template;
+ global $AVE_DB;
- $fld_dir = dirname(__FILE__) . '/';
- $tpl_dir = $fld_dir . 'tpl/';
+ $fld_dir = dirname(__FILE__) . '/';
+ $tpl_dir = $fld_dir . 'tpl/';
$fld_name = basename($fld_dir);
$lang_file = $fld_dir . 'lang/' . (defined('ACP') ? $_SESSION['admin_language'] : $_SESSION['user_language']) . '.txt';
@@ -34,7 +35,7 @@
$items = array();
- $items = unserialize($field_value);
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
@@ -42,8 +43,8 @@
foreach($items as $k => $v){
$list_item = explode('|', $v);
- $list[$k]['param'] = (isset($list_item[0])) ? htmlspecialchars($list_item[0], ENT_QUOTES) : '';
- $list[$k]['value'] = (isset($list_item[1])) ? htmlspecialchars($list_item[1], ENT_QUOTES) : '';
+ $list[$k]['param'] = (isset($list_item[0])) ? $list_item[0] : '';
+ $list[$k]['value'] = (isset($list_item[1])) ? $list_item[1] : '';
}
$items = $list;
@@ -55,13 +56,14 @@
foreach($items as $k => $v){
$list_item = explode('|', $v);
- $list[$k]['param'] = (isset($list_item[0])) ? htmlspecialchars($list_item[0], ENT_QUOTES) : '';
- $list[$k]['value'] = (isset($list_item[1])) ? htmlspecialchars($list_item[1], ENT_QUOTES) : '';
+ $list[$k]['param'] = (isset($list_item[0])) ? $list_item[0] : '';
+ $list[$k]['value'] = (isset($list_item[1])) ? $list_item[1] : '';
}
$items = $list;
}
- $AVE_Template->assign('doc_id', $_REQUEST['Id']);
+ // NOTE: Проверил, здесь нет невидимого символа, как вы прислали в последнем сообщении
+ $AVE_Template->assign('doc_id', $_REQUEST['Id']);
$AVE_Template->assign('field_dir', $fld_name);
$AVE_Template->assign('items', $items);
$AVE_Template->assign('field_id', $field_id);
@@ -72,7 +74,8 @@
break;
case 'doc':
- $items = unserialize($field_value);
+
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
@@ -119,7 +122,8 @@
break;
case 'req':
- $items = unserialize($field_value);
+
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
@@ -170,13 +174,18 @@
{
if(! empty($v['param']))
{
- $field_value_new[] = $v['param'] . ($v['value'] ? '|' . $v['value'] : '');
+ $param_safe = stripslashes(trim($v['param']));
+ $value_safe = stripslashes(trim($v['value']));
+
+ $field_value_new[] = $param_safe . ($value_safe ? '|' . $value_safe : '');
}
}
if (isset($field_value_new))
{
- return @serialize($field_value_new);
+ $serialized_value = @serialize($field_value_new);
+
+ return addslashes($serialized_value);
}
else
{
@@ -188,7 +197,7 @@
if (empty($field_value))
return $field_value;
- $items = unserialize($field_value);
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
diff --git a/fields/multi_list_single/field.php b/fields/multi_list_single/field.php
index 842da1a..290d235 100644
--- a/fields/multi_list_single/field.php
+++ b/fields/multi_list_single/field.php
@@ -14,9 +14,10 @@
function get_field_multi_list_single($field_value, $action, $field_id=0, $tpl='', $tpl_empty=0, &$maxlength=null, $document_fields=array(), $rubric_id=0, $default=null, $_tpl=null)
{
global $AVE_Template;
+ global $AVE_DB; // Объявляем глобальный объект базы данных, если он нужен для других полей
- $fld_dir = dirname(__FILE__) . '/';
- $tpl_dir = $fld_dir . 'tpl/';
+ $fld_dir = dirname(__FILE__) . '/';
+ $tpl_dir = $fld_dir . 'tpl/';
$fld_name = basename($fld_dir);
$lang_file = $fld_dir . 'lang/' . (defined('ACP') ? $_SESSION['admin_language'] : $_SESSION['user_language']) . '.txt';
@@ -33,11 +34,13 @@
$items = array();
- $items = unserialize($field_value);
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
- $items = $items;
+ foreach($items as $k => $v){
+ $items[$k] = $v;
+ }
}
else
{
@@ -55,7 +58,8 @@
break;
case 'doc':
- $items = unserialize($field_value);
+
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
@@ -102,7 +106,8 @@
break;
case 'req':
- $items = unserialize($field_value);
+
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
@@ -153,13 +158,15 @@
{
if (! empty($v))
{
- $field_value_new[] = $v;
+ $field_value_new[] = stripslashes($v);
}
}
if (isset($field_value_new))
{
- return @serialize($field_value_new);
+ $serialized_value = @serialize($field_value_new);
+
+ return addslashes($serialized_value);
}
else
{
@@ -171,7 +178,7 @@
if (empty($field_value))
return $field_value;
- return unserialize($field_value);
+ return @unserialize($field_value);
break;
case 'name':
diff --git a/fields/multi_list_single/tpl/field.tpl b/fields/multi_list_single/tpl/field.tpl
index 060749b..9ea05d6 100644
--- a/fields/multi_list_single/tpl/field.tpl
+++ b/fields/multi_list_single/tpl/field.tpl
@@ -1,6 +1,6 @@
{if $multi_list_single != 'load'}
{assign var=multi_list_single value='' scope="global"}
- {if $smarty.request.outside}
+ {if isset($smarty.request.outside) && $smarty.request.outside}
{else}
diff --git a/fields/multi_list_triple/field.php b/fields/multi_list_triple/field.php
index 050487d..75443cb 100644
--- a/fields/multi_list_triple/field.php
+++ b/fields/multi_list_triple/field.php
@@ -14,9 +14,10 @@
function get_field_multi_list_triple($field_value, $action, $field_id=0, $tpl='', $tpl_empty=0, &$maxlength=null, $document_fields=array(), $rubric_id=0, $default=null, $_tpl=null)
{
global $AVE_Template;
+ global $AVE_DB;
- $fld_dir = dirname(__FILE__) . '/';
- $tpl_dir = $fld_dir . 'tpl/';
+ $fld_dir = dirname(__FILE__) . '/';
+ $tpl_dir = $fld_dir . 'tpl/';
$fld_name = basename($fld_dir);
$lang_file = $fld_dir . 'lang/' . (defined('ACP') ? $_SESSION['admin_language'] : $_SESSION['user_language']) . '.txt';
@@ -33,7 +34,7 @@
$items = array();
- $items = unserialize($field_value);
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
@@ -42,9 +43,9 @@
{
$list_item = explode('|', $v);
- $list[$k]['param'] = (isset($list_item[0])) ? htmlspecialchars($list_item[0], ENT_QUOTES) : '';
- $list[$k]['value'] = (isset($list_item[1])) ? htmlspecialchars($list_item[1], ENT_QUOTES) : '';
- $list[$k]['value2'] = (isset($list_item[2])) ? htmlspecialchars($list_item[2], ENT_QUOTES) : '';
+ $list[$k]['param'] = (isset($list_item[0])) ? $list_item[0] : '';
+ $list[$k]['value'] = (isset($list_item[1])) ? $list_item[1] : '';
+ $list[$k]['value2'] = (isset($list_item[2])) ? $list_item[2] : '';
}
$items = $list;
@@ -58,9 +59,9 @@
{
$list_item = explode('|', $v);
- $list[$k]['param'] = (isset($list_item[0])) ? htmlspecialchars($list_item[0], ENT_QUOTES) : '';
- $list[$k]['value'] = (isset($list_item[1])) ? htmlspecialchars($list_item[1], ENT_QUOTES) : '';
- $list[$k]['value2'] = (isset($list_item[2])) ? htmlspecialchars($list_item[2], ENT_QUOTES) : '';
+ $list[$k]['param'] = (isset($list_item[0])) ? $list_item[0] : '';
+ $list[$k]['value'] = (isset($list_item[1])) ? $list_item[1] : '';
+ $list[$k]['value2'] = (isset($list_item[2])) ? $list_item[2] : '';
}
$items = $list;
@@ -77,7 +78,8 @@
break;
case 'doc':
- $items = unserialize($field_value);
+
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
@@ -124,7 +126,8 @@
break;
case 'req':
- $items = unserialize($field_value);
+
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
@@ -175,13 +178,19 @@
{
if(!empty($v['param']))
{
- $field_value_new[] = $v['param'] . '|' . $v['value'] . '|' . $v['value2'];
+ $param_safe = stripslashes(trim($v['param']));
+ $value_safe = stripslashes(trim($v['value']));
+ $value2_safe = stripslashes(trim($v['value2']));
+
+ $field_value_new[] = $param_safe . '|' . $value_safe . '|' . $value2_safe;
}
}
if (isset($field_value_new))
{
- return @serialize($field_value_new);
+ $serialized_value = @serialize($field_value_new);
+
+ return addslashes($serialized_value);
}
else
{
@@ -193,7 +202,7 @@
if (empty($field_value))
return $field_value;
- $items = unserialize($field_value);
+ $items = (trim($field_value) !== '') ? @unserialize($field_value) : [];
if ($items != false)
{
diff --git a/fields/multi_list_triple/tpl/field.tpl b/fields/multi_list_triple/tpl/field.tpl
index c2a0853..d0dd23d 100644
--- a/fields/multi_list_triple/tpl/field.tpl
+++ b/fields/multi_list_triple/tpl/field.tpl
@@ -1,6 +1,6 @@
{if $multi_list_triple != 'load'}
{assign var=multi_list_triple value='' scope="global"}
- {if $smarty.request.outside}
+ {if isset($smarty.request.outside) && $smarty.request.outside}
{else}