_primary_id enforcing added to $params

Author: ispcomm

interface/lib/classes/remoting.inc.php

@@ -333,7 +333,10 @@ protected function insertQueryExecute($sql, $params, $event_identifier = '')
 			return false;
 		}
 
-		$insert_id = $app->db->insertID();
+		if ( isset($params['_primary_id'] ))
+			$insert_id = $params['_primary_id'];
+		else
+			$insert_id = $app->db->insertID();
 
 		// set a few values for compatibility with tform actions, mostly used by plugins
 		$this->id = $insert_id;

interface/lib/classes/remoting_lib.inc.php

@@ -200,7 +200,12 @@ function getSQL($record, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '
 
 		global $app;
 
-		$this->primary_id_override = true;
+		// early usage. make sure _primary_id is sanitized if present.
+		if ( isset($record['_primary_id']) && is_numeric($record['_primary_id'])) {
+			$_primary_id = intval($record['_primary_id']);
+			if ($_primary_id > 0)
+				$this->primary_id_override = intval($record['_primary_id']);
+		}
 
 		if(!is_array($this->formDef)) $app->error("Form definition not found.");
 		$this->dataRecord = $record;

interface/lib/classes/tform_base.inc.php

@@ -104,7 +104,7 @@ class tform_base {
 	var $module;
 	var $primary_id;
 	var $diffrec = array();
-	var $primary_id_override = false;
+	var $primary_id_override = 0;
 
 	/**
 	 * Loading of the table definition
@@ -1263,20 +1263,21 @@ protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $
 		$this->action = $action;
 		$this->primary_id = $primary_id;
 
-
-		$record = $this->encode($record, $tab, true);
 		$sql_insert_key = '';
 		$sql_insert_val = '';
 		$sql_update = '';
 
+		$record = $this->encode($record, $tab, true);
+		
+		if(($this->primary_id_override > 0)) {
+            $sql_insert_key .= '`'.$this->formDef["db_table_idx"].'`, ';
+            $sql_insert_val .= $this->primary_id_override.", ";
+			$record['_primary_id'] = $this->primary_id_override;
+		}
+
 		if($api == true) $fields = &$this->formDef['fields'];
 		else $fields = &$this->formDef['tabs'][$tab]['fields'];
 
-		if($this->primary_id_override && isset($record['_primary_id'])) {
-            $sql_insert_key .= '`'.$this->formDef["db_table_idx"].'`, ';
-            $sql_insert_val .= intval($record['_primary_id']).", ";
-		}
-		
 		// go trough all fields of the tab
 		if(is_array($record)) {
 			foreach($fields as $key => $field) {