From 89c6bbed0d6c3bcd4f0b0cd2000f4b729e58766b Mon Sep 17 00:00:00 2001 From: Matthias Schmidt Date: Fri, 3 May 2013 10:32:56 +0200 Subject: [PATCH] Adds missing validation of UserOptionAddForm::$outputClass Fixes #1258 --- .../files/acp/templates/userOptionAdd.tpl | 2 +- .../lib/acp/form/UserOptionAddForm.class.php | 19 +++++++++++-------- .../lib/acp/form/UserOptionEditForm.class.php | 15 +++++++-------- wcfsetup/install/lang/de.xml | 1 + wcfsetup/install/lang/en.xml | 1 + 5 files changed, 21 insertions(+), 17 deletions(-) diff --git a/wcfsetup/install/files/acp/templates/userOptionAdd.tpl b/wcfsetup/install/files/acp/templates/userOptionAdd.tpl index 3bf9bc2a5a..d0bc3ab861 100644 --- a/wcfsetup/install/files/acp/templates/userOptionAdd.tpl +++ b/wcfsetup/install/files/acp/templates/userOptionAdd.tpl @@ -162,7 +162,7 @@
{lang}wcf.acp.user.option.access{/lang} - +
diff --git a/wcfsetup/install/files/lib/acp/form/UserOptionAddForm.class.php b/wcfsetup/install/files/lib/acp/form/UserOptionAddForm.class.php index db0ae7a381..b639a43795 100644 --- a/wcfsetup/install/files/lib/acp/form/UserOptionAddForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/UserOptionAddForm.class.php @@ -4,7 +4,6 @@ use wcf\data\user\option\category\UserOptionCategoryList; use wcf\data\user\option\UserOptionAction; use wcf\data\user\option\UserOptionEditor; use wcf\form\AbstractForm; -use wcf\system\cache\builder\UserOptionCacheBuilder; use wcf\system\exception\UserInputException; use wcf\system\language\I18nHandler; use wcf\system\WCF; @@ -138,7 +137,7 @@ class UserOptionAddForm extends AbstractForm { */ public function readParameters() { parent::readParameters(); - + I18nHandler::getInstance()->register('optionName'); I18nHandler::getInstance()->register('optionDescription'); @@ -154,7 +153,7 @@ class UserOptionAddForm extends AbstractForm { */ public function readFormParameters() { parent::readFormParameters(); - + I18nHandler::getInstance()->readValues(); if (I18nHandler::getInstance()->isPlainValue('optionName')) $this->optionName = I18nHandler::getInstance()->getValue('optionName'); @@ -178,7 +177,7 @@ class UserOptionAddForm extends AbstractForm { */ public function validate() { parent::validate(); - + // option name if (!I18nHandler::getInstance()->validateValue('optionName', true)) { throw new UserInputException('optionName'); @@ -207,6 +206,10 @@ class UserOptionAddForm extends AbstractForm { throw new UserInputException('selectOptions'); } + if ($this->outputClass && !class_exists($this->outputClass)) { + throw new UserInputException('outputClass', 'doesNotExist'); + } + if ($this->editable < 1 || $this->editable > 3) { $this->editable = 3; } @@ -217,7 +220,7 @@ class UserOptionAddForm extends AbstractForm { */ public function save() { parent::save(); - + $this->objectAction = new UserOptionAction(array(), 'create', array('data' => array( 'optionName' => StringUtil::getRandomID(), 'categoryName' => $this->categoryName, @@ -236,7 +239,7 @@ class UserOptionAddForm extends AbstractForm { 'additionalData' => ($this->optionType == 'select' ? serialize(array('allowEmptyValue' => true)) : '') ))); $this->objectAction->executeAction(); - + $returnValues = $this->objectAction->getReturnValues(); $userOption = $returnValues['returnValues']; @@ -248,7 +251,7 @@ class UserOptionAddForm extends AbstractForm { 'optionName' => 'option'.$userOption->optionID )); $this->saved(); - + // reset values $this->optionName = $this->optionDescription = $this->categoryName = $this->optionType = $this->defaultValue = $this->validationPattern = $this->optionType = $this->selectOptions = $this->outputClass = ''; $this->required = $this->searchable = $this->showOrder = $this->askDuringRegistration = 0; @@ -266,7 +269,7 @@ class UserOptionAddForm extends AbstractForm { */ public function assignVariables() { parent::assignVariables(); - + I18nHandler::getInstance()->assignVariables(); WCF::getTPL()->assign(array( diff --git a/wcfsetup/install/files/lib/acp/form/UserOptionEditForm.class.php b/wcfsetup/install/files/lib/acp/form/UserOptionEditForm.class.php index e4bdc302a0..91ebf25f4c 100644 --- a/wcfsetup/install/files/lib/acp/form/UserOptionEditForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/UserOptionEditForm.class.php @@ -3,7 +3,6 @@ namespace wcf\acp\form; use wcf\data\user\option\UserOption; use wcf\data\user\option\UserOptionAction; use wcf\form\AbstractForm; -use wcf\system\cache\builder\UserOptionCacheBuilder; use wcf\system\exception\IllegalLinkException; use wcf\system\language\I18nHandler; use wcf\system\WCF; @@ -41,7 +40,7 @@ class UserOptionEditForm extends UserOptionAddForm { */ public function readParameters() { parent::readParameters(); - + if (isset($_REQUEST['id'])) $this->optionID = intval($_REQUEST['id']); $this->userOption = new UserOption($this->optionID); if (!$this->userOption->optionID) { @@ -54,10 +53,10 @@ class UserOptionEditForm extends UserOptionAddForm { */ public function save() { AbstractForm::save(); - + I18nHandler::getInstance()->save('optionName', 'wcf.user.option.'.$this->userOption->optionName, 'wcf.user.option'); I18nHandler::getInstance()->save('optionDescription', 'wcf.user.option.'.$this->userOption->optionName.'.description', 'wcf.user.option'); - + $this->objectAction = new UserOptionAction(array($this->userOption), 'update', array('data' => array( 'categoryName' => $this->categoryName, 'optionType' => $this->optionType, @@ -74,7 +73,7 @@ class UserOptionEditForm extends UserOptionAddForm { ))); $this->objectAction->executeAction(); $this->saved(); - + WCF::getTPL()->assign('success', true); } @@ -83,11 +82,11 @@ class UserOptionEditForm extends UserOptionAddForm { */ public function readData() { parent::readData(); - + I18nHandler::getInstance()->setOptions('optionName', 1, 'wcf.user.option.'.$this->userOption->optionName, 'wcf.user.option.option\d+'); I18nHandler::getInstance()->setOptions('optionDescription', 1, 'wcf.user.option.'.$this->userOption->optionName.'.description', 'wcf.user.option.option\d+.description'); - if (!count($_POST)) { + if (empty($_POST)) { $this->categoryName = $this->userOption->categoryName; $this->optionType = $this->userOption->optionType; $this->defaultValue = $this->userOption->defaultValue; @@ -108,7 +107,7 @@ class UserOptionEditForm extends UserOptionAddForm { */ public function assignVariables() { parent::assignVariables(); - + I18nHandler::getInstance()->assignVariables(!empty($_POST)); WCF::getTPL()->assign(array( diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml index 48948bba98..d65057636c 100644 --- a/wcfsetup/install/lang/de.xml +++ b/wcfsetup/install/lang/de.xml @@ -765,6 +765,7 @@ + diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml index 7dc991b309..e7af0540fa 100644 --- a/wcfsetup/install/lang/en.xml +++ b/wcfsetup/install/lang/en.xml @@ -765,6 +765,7 @@ + -- 2.20.1