
# HG changeset patch
# User Matti Hamalainen <ccr@tnsp.org>
# Date 1384719431 -7200
# Node ID bfd480370a70a6673eb51d1019a7fc0a00a66c15
# Parent  36423e8ab76563c5e77518b44e268a9992af2c82
More work on input validation.

diff -r 36423e8ab765 -r bfd480370a70 admajax.php
--- a/admajax.php	Sun Nov 17 22:01:40 2013 +0200
+++ b/admajax.php	Sun Nov 17 22:17:11 2013 +0200
@@ -53,7 +53,7 @@
     ) &&
     stChkRequestItem("info", $fake,
       array(CHK_TYPE, VT_TEXT, "Invalid data."),
-      array(CHK_ISLT, VT_STR, SET_LEN_INFO, "Entry info too long.")
+      array(CHK_ISLT, VT_STR, SET_LEN_ENTRY_INFO, "Entry info too long.")
     ) &&
     stChkRequestItem("compo_id", $compo_id,
       array(CHK_TYPE, VT_INT, "Invalid compo ID.")
@@ -231,7 +231,7 @@
             "<form>\n".
             " <table class=\"misc\">\n".
             "  <tr>\n".
-            "   <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n".
+            "   <th colspan=\"6\">#".$id." - ".chentities($compo["name"])."</th>\n".
             "  </tr>\n".
             "  <tr>\n".
             "   <th style=\"width:4%;\">ID#</th>\n".
@@ -239,6 +239,7 @@
             "   <th>Title</th>\n".
             "   <th>Author(s)</th>\n".
             "   <th>Filename</th>\n".
+            "   <th>Info</th>\n".
             "   <th>Actions</th>\n".
             "  </tr>\n";
 
@@ -249,13 +250,14 @@
               "  <tr id=\"entry".$eid."\">\n".
               "   <td>".$eid."</td>\n".
               "   <td>".($entry["show_id"] > 0 ? $entry["show_id"] : "-")."</td>\n".
-              "   <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n".
-              "   <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n".
-              "   <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n".
+              "   <td>".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $eid, "en", $entry["name"])."</td>\n".
+              "   <td>".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $eid, "en", $entry["author"])."</td>\n".
+              "   <td>".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $eid, "en", $entry["filename"])."</td>\n".
+              "   <td>".stGetFormTextInput(20, SET_LEN_ENTRY_INFO, "info", $eid, "en", $entry["info"])."</td>\n".
               "   <td>".
-              stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")").
+              stGetFormButtonInput("delete", $eid, $prefix, "Del", "deleteEntry(".$eid.")").
               stGetFormTextInput(3, 3, "compo_id", $eid, "en", $id).
-              stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")").
+              stGetFormButtonInput("update", $eid, $prefix, "Upd", "updateEntry(".$eid.")").
               "</td>\n".
               "  </tr>\n";
           }
@@ -265,10 +267,11 @@
             "  <tr>\n".
             "   <td></td>\n".
             "   <td></td>\n".
-            "   <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n".
-            "   <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n".
-            "   <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n".
-            "   <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n".
+            "   <td>".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $id, "ne", "")."</td>\n".
+            "   <td>".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $id, "ne", "")."</td>\n".
+            "   <td>".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $id, "ne", "")."</td>\n".
+            "   <td>".stGetFormTextInput(20, SET_LEN_ENTRY_INFO, "info", $id, "ne", "")."</td>\n".
+            "   <td>".stGetFormButtonInput("add", $id, $prefix, "Add new", "addEntry(".$id.")")."</td>\n".
             "  </tr>\n".
             " </table>\n".
             "</form>\n";
diff -r 36423e8ab765 -r bfd480370a70 admin.php
--- a/admin.php	Sun Nov 17 22:01:40 2013 +0200
+++ b/admin.php	Sun Nov 17 22:17:11 2013 +0200
@@ -314,7 +314,7 @@
 
 function addEntry(id)
 {
-  var args = makePostArgs({"name":1, "author":1, "filename":0}, "ne", id);
+  var args = makePostArgs({"name":1, "author":1, "filename":0, "info":0}, "ne", id);
 
   var msuccess = function(txt)
   {
@@ -329,7 +329,7 @@
 
 function updateEntry(id)
 {
-  var args = makePostArgs({"name":1, "author":1, "filename":0, "compo_id":2}, "en", id);
+  var args = makePostArgs({"name":1, "author":1, "filename":0, "info":0, "compo_id":2}, "en", id);
 
   var msuccess = function(txt)
   {
#".$id." - ".chentities($compo["name"])."	#".$id." - ".chentities($compo["name"])."
ID#	Title	Author(s)	Filename	Info	Actions
".$eid."	".($entry["show_id"] > 0 ? $entry["show_id"] : "-")."	".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."	".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."	".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."	".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $eid, "en", $entry["name"])."	".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $eid, "en", $entry["author"])."	".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $eid, "en", $entry["filename"])."	".stGetFormTextInput(20, SET_LEN_ENTRY_INFO, "info", $eid, "en", $entry["info"])."	". - stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")"). + stGetFormButtonInput("delete", $eid, $prefix, "Del", "deleteEntry(".$eid.")"). stGetFormTextInput(3, 3, "compo_id", $eid, "en", $id). - stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")"). + stGetFormButtonInput("update", $eid, $prefix, "Upd", "updateEntry(".$eid.")"). "
		".stGetFormTextInput(30, 64, "name", $id, "ne", "")."	".stGetFormTextInput(30, 64, "author", $id, "ne", "")."	".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."	".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."	".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $id, "ne", "")."	".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $id, "ne", "")."	".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $id, "ne", "")."	".stGetFormTextInput(20, SET_LEN_ENTRY_INFO, "info", $id, "ne", "")."	".stGetFormButtonInput("add", $id, $prefix, "Add new", "addEntry(".$id.")")."