Added user input validation for custom fields on user_add.php.

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index ab50afe..8fe67f3 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.19.7.5025 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.19.7.5026 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>

diff --git a/WEB-INF/templates/user_add.tpl b/WEB-INF/templates/user_add.tpl
index 3f00c35..35040f3 100644 (file)
--- a/WEB-INF/templates/user_add.tpl
+++ b/WEB-INF/templates/user_add.tpl
@@ -109,8 +109,6 @@ function handleClientControl() {
     </tr>
   {/foreach}
 {/if}
-
-
     <tr>
       <td align="right">{$i18n.form.users.default_rate}&nbsp;(0{$user->getDecimalMark()}00):</td>
       <td>{$forms.userForm.rate.control}</td>

diff --git a/user_add.php b/user_add.php
index a3d956e..d6a24e3 100644 (file)
--- a/user_add.php
+++ b/user_add.php
@@ -172,8 +172,20 @@ if ($request->isPost()) {
   if (!ttValidEmail($cl_email, true)) $err->add($i18n->get('error.field'), $i18n->get('label.email'));
   // Require selection of a client for a client role.
   if ($user->isPluginEnabled('cl') && ttRoleHelper::isClientRole($cl_role_id) && !$cl_client_id) $err->add($i18n->get('error.client'));
-  if (!ttValidFloat($cl_rate, true)) $err->add($i18n->get('error.field'), $i18n->get('form.users.default_rate'));
   if (!ttValidFloat($cl_quota_percent, true)) $err->add($i18n->get('error.field'), $i18n->get('label.quota'));
+  // Validate input in user custom fields.
+  if ($custom_fields && $custom_fields->userFields) {
+    foreach ($custom_fields->userFields as $userField) {
+      $control_name = 'user_field_'.$userField['id'];
+      $field_label = htmlspecialchars($userField['label']);
+      $field_type = $userField['type'];
+      $required = $userField['required'];
+      $field_value = trim($request->getParameter($control_name));
+      // Validation is the same for text and dropdown fields.
+      if (!ttValidString($field_value, !$required)) $err->add($i18n->get('error.field'), $field_label);
+    }
+  }
+  if (!ttValidFloat($cl_rate, true)) $err->add($i18n->get('error.field'), $i18n->get('form.users.default_rate'));
   if (!ttUserHelper::canAdd()) $err->add($i18n->get('error.user_count'));
 
   if ($err->no()) {