fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improvements in listbox field and in the security issue RW-152-1

Browse Source
This commit is contained in:
Julio Cesar Laura
2014-06-10 16:40:33 -04:00
parent 7c7c5b0fcc
commit 8999f7baa4
2 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gulliver/system/class.xmlform.php
View File

@@ -3741,7 +3741,7 @@ class XmlForm_Field_Listbox extends XmlForm_Field
return $html; return $html;
} elseif ($this->mode === 'view') { } elseif ($this->mode === 'view') {
$valuesFound = array('__NULL__'); $valuesFound = array('__NULL__');
$html = '<select multiple="multiple" size="' . $this->size . '" style="background: none;" disabled="disabled">'; $html = '<select id="form[' . $this->name . ']" ' . $this->NSFieldType() . ' multiple="multiple" size="' . $this->size . '" style="background: none;" disabled="disabled">';
foreach ($this->option as $optionName => $option) { foreach ($this->option as $optionName => $option) {
if (in_array( $optionName . "", $value )) { if (in_array( $optionName . "", $value )) {
$valuesFound[] = $optionName . ""; $valuesFound[] = $optionName . "";

13
workflow/engine/methods/appFolder/appFolderAjax.php
View File

@@ -21,6 +21,13 @@ if (! isset ($_REQUEST ['action'])) {
die (); die ();
} }
if (! function_exists ($_REQUEST['action']) || !G::isUserFunction($_REQUEST['action'])) {
$res ['success'] = false;
$res ['message'] = 'The requested action does not exist';
print G::json_encode ($res);
die ();
}
if (($_REQUEST['action']) != 'rename') { if (($_REQUEST['action']) != 'rename') {
$functionName = $_REQUEST ['action']; $functionName = $_REQUEST ['action'];
$functionParams = isset ($_REQUEST ['params']) ? $_REQUEST ['params'] : array (); $functionParams = isset ($_REQUEST ['params']) ? $_REQUEST ['params'] : array ();
@@ -42,12 +49,6 @@ if (($_REQUEST['action']) != 'rename') {
renameFolder ($oldname, $newname, $uid); renameFolder ($oldname, $newname, $uid);
} }
if (! function_exists ($_REQUEST['action']) || !G::isUserFunction($_REQUEST['action'])) {
$res ['success'] = false;
$res ['message'] = 'The requested action does not exist';
print G::json_encode ($res);
die ();
}
///////////////////////////////////////////// /////////////////////////////////////////////
function renameFolder($oldname, $newname, $uid) function renameFolder($oldname, $newname, $uid)