From 2452e107c29d20394000296f0a50b3b2654aa2a0 Mon Sep 17 00:00:00 2001 From: Repellent Date: Sat, 8 Nov 2025 18:41:29 +0500 Subject: [PATCH] =?UTF-8?q?=D0=B8=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D1=8F=D0=B5=D0=BC=20=D0=B4=D0=BB=D1=8F=20=D1=80=D0=B0=D0=B1?= =?UTF-8?q?=D0=BE=D1=82=D1=8B=20=D1=81=D0=BE=20Smarty=205=20=D0=B2=D0=B5?= =?UTF-8?q?=D1=80=D1=81=D0=B8=D0=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- forms/class/forms.php | 86 ++++++++++++++++++++++++++++--------------- 1 file changed, 56 insertions(+), 30 deletions(-) diff --git a/forms/class/forms.php b/forms/class/forms.php index 54e0ec5..47b4266 100644 --- a/forms/class/forms.php +++ b/forms/class/forms.php @@ -892,13 +892,22 @@ function _cleanvar($var) return $AVE_Template->fetch($this->tpl_dir . 'form_fields.tpl'); } - /** +/** * Сохранение формы */ function form_save ($fid) { global $AVE_DB; + // 🛑 ИСПРАВЛЕНИЕ PHP 8.4: Инициализация mail_set и receivers, если они отсутствуют в $_REQUEST + if (!isset($_REQUEST['mail_set']) || !is_array($_REQUEST['mail_set'])) { + $_REQUEST['mail_set'] = array(); + } + if (!isset($_REQUEST['mail_set']['receivers']) || !is_array($_REQUEST['mail_set']['receivers'])) { + $_REQUEST['mail_set']['receivers'] = array(); + } + // ---------------------------------------------------------------------------------- + // проверяем Email-ы получателей $receivers = array(); foreach ($_REQUEST['mail_set']['receivers'] as $receiver) @@ -906,9 +915,13 @@ function _cleanvar($var) if ($this->_email_validate($receiver['email'])) $receivers[] = $receiver; } $_REQUEST['mail_set']['receivers'] = $receivers; + // параметры отправителя - if (! trim($_REQUEST['mail_set']['from_email']) > '') $_REQUEST['mail_set']['from_email'] = get_settings('mail_from'); - if (! trim($_REQUEST['mail_set']['from_name']) > '') $_REQUEST['mail_set']['from_name'] = get_settings('mail_from_name'); + // 🛑 ИСПРАВЛЕНИЕ PHP 8.4: Использование оператора ?? '' для from_email + if (! trim($_REQUEST['mail_set']['from_email'] ?? '') > '') $_REQUEST['mail_set']['from_email'] = get_settings('mail_from'); + + // 🛑 ИСПРАВЛЕНИЕ PHP 8.4: Использование оператора ?? '' для from_name + if (! trim($_REQUEST['mail_set']['from_name'] ?? '') > '') $_REQUEST['mail_set']['from_name'] = get_settings('mail_from_name'); if ($fid) { @@ -952,6 +965,13 @@ function _cleanvar($var) mail_set = '" . addslashes(serialize($mail_set)) . "' "); $fid = (int)$AVE_DB->InsertId(); + +/* // 🛑 ИСПРАВЛЕНИЕ AJAX: Явный вывод ID для редиректа JS (fid=NaN) + if (isset($_REQUEST['ajax']) && empty($_REQUEST['demo'])) { + echo $fid; + return; // Прекращаем выполнение, чтобы не выводить лишние данные полей + }*/ + $_REQUEST['fields'] = $this->fields_main_data; // прописываем алерт об успешном создании if ($fid > 0) $_SESSION['module_forms_admin'][$fid]['edit_alert'] = array('text' => 'created', 'theme' => 'accept'); @@ -965,13 +985,13 @@ function _cleanvar($var) // обновляем форму с данными примера $this->form_save($fid); // подставляем в шаблон новые id полей - $demo['form_tpl'] = preg_replace_callback( - '/\[tag:fld:(\d+)]/', - function($matches) { - return "[tag:fld:" . ($_REQUEST["demo_change"][(int)$matches[1]] ?? '') . "]"; - }, - $demo['form_tpl'] - ); + $demo['form_tpl'] = preg_replace_callback( + '/\[tag:fld:(\d+)]/', + function($matches) { + return "[tag:fld:" . ($_REQUEST["demo_change"][(int)$matches[1]] ?? '') . "]"; + }, + $demo['form_tpl'] + ); $AVE_DB->Query(" UPDATE " . PREFIX . "_module_forms_forms @@ -987,7 +1007,7 @@ function _cleanvar($var) foreach ($_REQUEST['fields'] as $field_id => $field) { if (!trim($field['title'])) continue; - if (is_array($field['setting'])) + if (isset($field['setting']) && is_array($field['setting'])) { $settings = array(); foreach ($field['setting'] as $setting) @@ -1003,19 +1023,23 @@ function _cleanvar($var) } elseif ($field['type'] == 'file') $field['setting'] = (int)$field['setting']; - if (is_array($field['defaultval'])) $field['defaultval'] = serialize($field['defaultval']); + // 🛑 ИСПРАВЛЕНИЕ PHP 8.4: Проверка существования ключа перед доступом + if (isset($field['defaultval']) && is_array($field['defaultval'])) { + $field['defaultval'] = serialize($field['defaultval']); + } $sql = " title = '" . addslashes($field['title']) . "', - active = '" . (int)$field['active'] . "', + active = '" . (int)($field['active'] ?? 0) . "', type = '" . $field['type'] . "', - setting = '" . addslashes($field['setting']) . "', - required = '" . (int)$field['required'] . "', - defaultval = '" . addslashes($field['defaultval']) . "', - attributes = '" . addslashes(trim($field['attributes'])) . "', - tpl = '" . addslashes($field['tpl']) . "' + setting = '" . addslashes($field['setting'] ?? '') . "', + required = '" . (int)($field['required'] ?? 0) . "', + defaultval = '" . addslashes($field['defaultval'] ?? '') . "', + attributes = '" . addslashes(trim($field['attributes'] ?? '')) . "', + tpl = '" . addslashes($field['tpl'] ?? '') . "' "; - if ($field['new']) + // 🛑 ИСПРАВЛЕНИЕ PHP 8.4: Проверка существования ключа 'new' + if (isset($field['new']) && $field['new']) { $AVE_DB->Query(" INSERT INTO " . PREFIX . "_module_forms_fields @@ -1038,18 +1062,20 @@ function _cleanvar($var) "); } } - foreach ($_REQUEST['field_del'] as $field_id => $delete) - { - if (empty($delete)) continue; - $AVE_DB->Query(" - DELETE FROM " . PREFIX . "_module_forms_fields - WHERE - id = '" . (int)$field_id . "' AND - main != '1' - "); - } - return $fid; + // 🛑 ИСПРАВЛЕНИЕ PHP 8.4: Безопасная итерация по удаляемым полям + foreach ($_REQUEST['field_del'] ?? [] as $field_id => $delete) + { + if (empty($delete)) continue; + $AVE_DB->Query(" + DELETE FROM " . PREFIX . "_module_forms_fields + WHERE + id = '" . (int)$field_id . "' AND + main != '1' + "); + } + + return $fid; } /**