Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed issue #15690: User with XSS enable can add/update scripts (#1364)
* Fixed issue #15690: User with XSS enable can add/update scripts
- Loading branch information
1 parent
88c5e79
commit 4774b18
Showing
5 changed files
with
75 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<?php | ||
/* | ||
* LimeSurvey | ||
* Copyright (C) 2020 The LimeSurvey Project Team / Carsten Schmitz | ||
* All rights reserved. | ||
* License: GNU/GPL License v2 or later, see LICENSE.php | ||
* LimeSurvey is free software. This version may have been modified pursuant | ||
* to the GNU General Public License, and as distributed it includes or | ||
* is derivative of works licensed under the GNU General Public License or | ||
* other free or open source software licenses. | ||
* See COPYRIGHT.php for copyright notices and details. | ||
* | ||
* Disable update of a specific column, used for Question->script in 4.0.0 | ||
* @author Denis Chenu | ||
* @since 4.0.0-RC13 | ||
*/ | ||
|
||
class LSYii_NoUpdateValidator extends CValidator | ||
{ | ||
|
||
/** | ||
* @inheritdoc | ||
* Act like a filter : automatically set to previous value | ||
* @link : https://bugs.limesurvey.org/view.php?id=15690 | ||
*/ | ||
public function validateAttribute($object, $attribute) | ||
{ | ||
if ($object->isNewRecord) { | ||
$object->$attribute = ''; | ||
return; | ||
} | ||
if (empty($object->getPrimaryKey())) { | ||
throw new \Exception('Unable to use LSYii_NoUpdateValidator without PrimaryKey'); | ||
} | ||
$classOfObject = get_class($object); | ||
$originalObject = $classOfObject::model()->findByPk($object->getPrimaryKey()); | ||
$object->$attribute = $originalObject->$attribute; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters