GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[UTIL][Form] Disallow using very generic form names, as they can collide with other forms in the same page

Browse Source
This commit is contained in:
Hugo Sales
2021-08-18 18:35:03 +01:00
parent a7d5b5599c
commit 6af1383e07
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Core/Form.php
View File

@@ -31,6 +31,7 @@
namespace App\Core; namespace App\Core;
use App\Core\DB\DB; use App\Core\DB\DB;
use App\Util\Exception\ServerException;
use App\Util\Formatting; use App\Util\Formatting;
use Symfony\Component\Form\Extension\Core\Type\SubmitType; use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Form as SymfForm; use Symfony\Component\Form\Form as SymfForm;
@@ -90,6 +91,10 @@ abstract class Form
$name = $form[array_key_last($form)][0]; $name = $form[array_key_last($form)][0];
$fb = self::$form_factory->createNamedBuilder($name, $type, data: null, options: array_merge($form_options, ['translation_domain' => false])); $fb = self::$form_factory->createNamedBuilder($name, $type, data: null, options: array_merge($form_options, ['translation_domain' => false]));
foreach ($form as [$key, $class, $options]) { foreach ($form as [$key, $class, $options]) {
if ($class == SubmitType::class && in_array($key, ['save', 'publish', 'post'])) {
Log::critical($m = "It's generally a bad idea to use {$key} as a form name, because it can conflict with other forms in the same page");
throw new ServerException($m);
}
if ($target != null && empty($options['data']) && (strstr($key, 'password') == false) && $class != SubmitType::class) { if ($target != null && empty($options['data']) && (strstr($key, 'password') == false) && $class != SubmitType::class) {
if (isset($extra_data[$key])) { if (isset($extra_data[$key])) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart