From 6af1383e07bfe6db15b6f8e8bafdfa5d4dd8eaa1 Mon Sep 17 00:00:00 2001
From: Hugo Sales <hugo@hsal.es>
Date: Wed, 18 Aug 2021 18:35:03 +0100
Subject: [PATCH] [UTIL][Form] Disallow using very generic form names, as they
 can collide with other forms in the same page

---
 src/Core/Form.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Core/Form.php b/src/Core/Form.php
index bc8947de87..cfeae980ce 100644
--- a/src/Core/Form.php
+++ b/src/Core/Form.php
@@ -31,6 +31,7 @@
 namespace App\Core;
 
 use App\Core\DB\DB;
+use App\Util\Exception\ServerException;
 use App\Util\Formatting;
 use Symfony\Component\Form\Extension\Core\Type\SubmitType;
 use Symfony\Component\Form\Form as SymfForm;
@@ -90,6 +91,10 @@ abstract class Form
         $name = $form[array_key_last($form)][0];
         $fb   = self::$form_factory->createNamedBuilder($name, $type, data: null, options: array_merge($form_options, ['translation_domain' => false]));
         foreach ($form as [$key, $class, $options]) {
+            if ($class == SubmitType::class && in_array($key, ['save', 'publish', 'post'])) {
+                Log::critical($m = "It's generally a bad idea to use {$key} as a form name, because it can conflict with other forms in the same page");
+                throw new ServerException($m);
+            }
             if ($target != null && empty($options['data']) && (strstr($key, 'password') == false) && $class != SubmitType::class) {
                 if (isset($extra_data[$key])) {
                     // @codeCoverageIgnoreStart