stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-19 19:09:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Sanitize the module name and don't allow storing values for illegal

Browse Source 
module names.  Fixes #1898.
This commit is contained in:
Bharat Mediratta
2012-07-21 15:42:52 -07:00
parent 27e2534016
commit 8524fba15a
2 changed files with 18 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
modules/gallery/controllers/admin_advanced_settings.php
View File

@@ -30,24 +30,28 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller {
}
public function edit($module_name, $var_name) {
$value = module::get_var($module_name, $var_name);
$form = new Forge("admin/advanced_settings/save/$module_name/$var_name", "", "post");
$group = $form->group("edit_var")->label(t("Edit setting"));
$group->input("module_name")->label(t("Module"))->value($module_name)->disabled(1);
$group->input("var_name")->label(t("Setting"))->value($var_name)->disabled(1);
$group->textarea("value")->label(t("Value"))->value($value);
$group->submit("")->value(t("Save"));
print $form;
if (module::is_installed($module_name)) {
$value = module::get_var($module_name, $var_name);
$form = new Forge("admin/advanced_settings/save/$module_name/$var_name", "", "post");
$group = $form->group("edit_var")->label(t("Edit setting"));
$group->input("module_name")->label(t("Module"))->value($module_name)->disabled(1);
$group->input("var_name")->label(t("Setting"))->value($var_name)->disabled(1);
$group->textarea("value")->label(t("Value"))->value($value);
$group->submit("")->value(t("Save"));
print $form;
}
}
public function save($module_name, $var_name) {
access::verify_csrf();
module::set_var($module_name, $var_name, Input::instance()->post("value"));
message::success(
t("Saved value for %var (%module_name)",
array("var" => $var_name, "module_name" => $module_name)));
if (module::is_installed($module_name)) {
module::set_var($module_name, $var_name, Input::instance()->post("value"));
message::success(
t("Saved value for %var (%module_name)",
array("var" => $var_name, "module_name" => $module_name)));
json::reply(array("result" => "success"));
json::reply(array("result" => "success"));
}
}
}