Improvements in listbox field and in the security issue RW-152-1

2014-06-10 16:40:33 -04:00
parent 7c7c5b0fcc
commit 8999f7baa4
2 changed files with 8 additions and 7 deletions
--- a/gulliver/system/class.xmlform.php
+++ b/gulliver/system/class.xmlform.php
@@ -3741,7 +3741,7 @@ class XmlForm_Field_Listbox extends XmlForm_Field
            return $html;
        } elseif ($this->mode === 'view') {
            $valuesFound = array('__NULL__');
-            $html = '<select multiple="multiple" size="' . $this->size . '" style="background: none;" disabled="disabled">';
+            $html = '<select id="form[' . $this->name . ']" ' . $this->NSFieldType() . ' multiple="multiple" size="' . $this->size . '" style="background: none;" disabled="disabled">';
            foreach ($this->option as $optionName => $option) {
                if (in_array( $optionName . "", $value )) {
                    $valuesFound[] = $optionName . "";
--- a/workflow/engine/methods/appFolder/appFolderAjax.php
+++ b/workflow/engine/methods/appFolder/appFolderAjax.php
@@ -21,6 +21,13 @@ if (! isset ($_REQUEST ['action'])) {
    die ();
 }

+if (! function_exists ($_REQUEST['action']) || !G::isUserFunction($_REQUEST['action'])) {
+    $res ['success'] = false;
+    $res ['message'] = 'The requested action does not exist';
+    print G::json_encode ($res);
+    die ();
+}
+
 if (($_REQUEST['action']) != 'rename') {
    $functionName = $_REQUEST ['action'];
    $functionParams = isset ($_REQUEST ['params']) ? $_REQUEST ['params'] : array ();
@@ -42,12 +49,6 @@ if (($_REQUEST['action']) != 'rename') {
    renameFolder ($oldname, $newname, $uid);
 }

-if (! function_exists ($_REQUEST['action']) || !G::isUserFunction($_REQUEST['action'])) {
-    $res ['success'] = false;
-    $res ['message'] = 'The requested action does not exist';
-    print G::json_encode ($res);
-    die ();
-}
 /////////////////////////////////////////////

 function renameFolder($oldname, $newname, $uid)