Class DBLFileField

Description

Field for storing files (and also image files)

SECURITY NOTICE: If you don't set the oldValue property to the real old value of the field (got from DB query), it is possible for any user who can upload files to dataDir to delete or overwrite ANY file in this directory!

NOTE: Because of the way file uploads are handled by browsers, it is not posible to set this field to send the same file on form resubmit (after error). So if there is an error in the form, user must manually select the uploaded files again.

NOTE2: Since we cannot 'prefill' the field value to the old one (see NOTE), the field retains the old value when no file is entered. To delete current file, user must check the 'delete' checkbox.

Located in /DBLFileField.php (line 28)

DBLField
   |
   --DBLFileField
Variable Summary
Method Summary
DBLFileField DBLFileField (string $name, mixed $title, mixed $titleHTML, string $dataDir, string $dataURL, string $titleTxt, string $titleHtml)
void acceptValue (mixed $value, mixed &$err, mixed &$r, mixed $new)
void formatDetail (mixed $value, mixed &$r)
void formatEdit (mixed $value, mixed &$r, mixed $dataSource, mixed $formName)
void formatFilter (mixed $value, mixed &$r, mixed $formName)
void formatIndex (mixed $value, mixed &$r)
string sanitizeFileName (string $name)
Variables
string $dataDir (line 33)
  • var: Absolute path to directory whete the files should be stored. Should not have trailing slash.
string $dataURL (line 38)
  • var: URL where the uploaded files are accessible. Should not have trailing slash.
string $lockFile (line 59)
  • var: If lock file is set, we use it to guard access to critical section in acceptValue() (where we detect file name conflicts), so the race condition in the check is prevented. Set it to a file, which is writable by WW server and it is unique for each dataDir. Unset by default.
string $oldValue (line 67)
  • var: Old value of the field (the name of the file that was in this field before). It is used to delete the old file, when a new one is entered. It is unset by default. If it is unset, the value is got from a hidden form field (whose value can be forged by the user). See SECURITY NOTICE!
bool $randomNames (line 42)
  • var: Use random names instead of the ones given from user. Defaults to false.
bool $randomNamesKeepExt (line 47)
  • var: Keep file extension when using random names. Useful, since it helps determinimg file mime type. Defaults to true.
bool $showAsImage (line 52)
  • var: Set when you want to show the file in an IMG tag instead of be linked. Defaults to false.

Inherited Variables

Inherited from DBLField

DBLField::$addAsterixes
DBLField::$allowEmpty
DBLField::$computed
DBLField::$dbName
DBLField::$default
DBLField::$detailAttributes
DBLField::$detailPostfix
DBLField::$detailPrefix
DBLField::$editAttributes
DBLField::$editPostfix
DBLField::$editPrefix
DBLField::$filterAttributes
DBLField::$filterPostfix
DBLField::$filterPrefix
DBLField::$indexAttributes
DBLField::$indexPostfix
DBLField::$indexPrefix
DBLField::$lookupField
DBLField::$name
DBLField::$needsMultipart
DBLField::$noOrderByTitle
DBLField::$readOnly
DBLField::$referenceURL
DBLField::$titleHTML
DBLField::$titleTxt
DBLField::$widgetAttributes
Methods
Constructor DBLFileField (line 78)

Constructor

DBLFileField DBLFileField (string $name, mixed $title, mixed $titleHTML, string $dataDir, string $dataURL, string $titleTxt, string $titleHtml)
  • string $name: Name of the field - see DBLField
  • string $titleTxt: Textual title - see DBLField
  • string $titleHtml: HTML title - see DBLField
  • string $dataDir: Where files are kept - see dataDir property
  • string $dataURL: Where the file(s) can be found by browser - see dataURL property
acceptFilterValue (line 237)
void acceptFilterValue ()

Redefinition of:
DBLField::acceptFilterValue()
Accept value from the filter.
acceptValue (line 138)
void acceptValue (mixed $value, mixed &$err, mixed &$r, mixed $new)

Redefinition of:
DBLField::acceptValue()
Accept value from post.
formatDetail (line 104)
void formatDetail (mixed $value, mixed &$r)

Redefinition of:
DBLField::formatDetail()
Format field for record detail.
formatEdit (line 110)
void formatEdit (mixed $value, mixed &$r, mixed $dataSource, mixed $formName)

Redefinition of:
DBLField::formatEdit()
Format field for record edit form.
formatFilter (line 118)
void formatFilter (mixed $value, mixed &$r, mixed $formName)

Redefinition of:
DBLField::formatFilter()
Format field for the filter form.
formatIndex (line 92)
void formatIndex (mixed $value, mixed &$r)

Redefinition of:
DBLField::formatIndex()
Format field for record index.
sanitizeFileName (line 131)

Internal function - sanitize file name (cut it at the first slash)

  • return: Sanitized file name.
string sanitizeFileName (string $name)
  • string $name: File name.

Inherited Methods

Inherited From DBLField

DBLField::DBLField()
DBLField::acceptFilterValue()
DBLField::acceptValue()
DBLField::addCondition()
DBLField::checkValue()
DBLField::formatDetail()
DBLField::formatEdit()
DBLField::formatFilter()
DBLField::formatIndex()
DBLField::jsCheck()
DBLField::setTitle()
DBLField::splitValue()

Documentation generated on Mon, 6 Sep 2004 21:57:08 +0200 by phpDocumentor 1.2.3