[UTIL][Form] Disallow using very generic form names, as they can collide with other forms in the same page

This commit is contained in:
Hugo Sales 2021-08-18 18:35:03 +01:00
parent a7d5b5599c
commit 6af1383e07
Signed by untrusted user: someonewithpc
GPG Key ID: 7D0C7EAFC9D835A0

View File

@ -31,6 +31,7 @@
namespace App\Core; namespace App\Core;
use App\Core\DB\DB; use App\Core\DB\DB;
use App\Util\Exception\ServerException;
use App\Util\Formatting; use App\Util\Formatting;
use Symfony\Component\Form\Extension\Core\Type\SubmitType; use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Form as SymfForm; use Symfony\Component\Form\Form as SymfForm;
@ -90,6 +91,10 @@ abstract class Form
$name = $form[array_key_last($form)][0]; $name = $form[array_key_last($form)][0];
$fb = self::$form_factory->createNamedBuilder($name, $type, data: null, options: array_merge($form_options, ['translation_domain' => false])); $fb = self::$form_factory->createNamedBuilder($name, $type, data: null, options: array_merge($form_options, ['translation_domain' => false]));
foreach ($form as [$key, $class, $options]) { foreach ($form as [$key, $class, $options]) {
if ($class == SubmitType::class && in_array($key, ['save', 'publish', 'post'])) {
Log::critical($m = "It's generally a bad idea to use {$key} as a form name, because it can conflict with other forms in the same page");
throw new ServerException($m);
}
if ($target != null && empty($options['data']) && (strstr($key, 'password') == false) && $class != SubmitType::class) { if ($target != null && empty($options['data']) && (strstr($key, 'password') == false) && $class != SubmitType::class) {
if (isset($extra_data[$key])) { if (isset($extra_data[$key])) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart