Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-mhfc-6rhg-fxp3
Fix possible personal data leak
  • Loading branch information
eternoendless committed Mar 2, 2020
2 parents 5c80d31 + 470af81 commit a4a609b
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 18 deletions.
2 changes: 1 addition & 1 deletion classes/form/CustomerAddressForm.php
Expand Up @@ -134,7 +134,7 @@ public function submit()
}

$address = new Address(
$this->getValue('id_address'),
Tools::getValue('id_address'),
$this->language->id
);

Expand Down
6 changes: 0 additions & 6 deletions classes/form/CustomerAddressFormatter.php
Expand Up @@ -66,12 +66,6 @@ public function getFormat()
$required = array_flip(AddressFormat::getFieldsRequired());

$format = [
'id_address' => (new FormField())
->setName('id_address')
->setType('hidden'),
'id_customer' => (new FormField())
->setName('id_customer')
->setType('hidden'),
'back' => (new FormField())
->setName('back')
->setType('hidden'),
Expand Down
10 changes: 3 additions & 7 deletions classes/form/CustomerForm.php
Expand Up @@ -76,7 +76,6 @@ public function setPasswordRequired($passwordRequired)
public function fillFromCustomer(Customer $customer)
{
$params = get_object_vars($customer);
$params['id_customer'] = $customer->id;
$params['birthday'] = $customer->birthday === '0000-00-00' ? null : Tools::displayDate($customer->birthday);

return $this->fillWith($params);
Expand All @@ -87,13 +86,10 @@ public function fillFromCustomer(Customer $customer)
*/
public function getCustomer()
{
$customer = new Customer($this->getValue('id_customer'));
$customer = new Customer($this->context->customer->id);

foreach ($this->formFields as $field) {
$customerField = $field->getName();
if ($customerField === 'id_customer') {
$customerField = 'id';
}
if (property_exists($customer, $customerField)) {
$customer->$customerField = $field->getValue();
}
Expand All @@ -119,10 +115,10 @@ public function validate()
$birthdayField = $this->getField('birthday');
if (!empty($birthdayField) &&
!empty($birthdayField->getValue()) &&
Validate::isBirthDate($birthdayField->getValue(), Context::getContext()->language->date_format_lite)
Validate::isBirthDate($birthdayField->getValue(), $this->context->language->date_format_lite)
) {
$dateBuilt = DateTime::createFromFormat(
Context::getContext()->language->date_format_lite,
$this->context->language->date_format_lite,
$birthdayField->getValue()
);
$birthdayField->setValue($dateBuilt->format('Y-m-d'));
Expand Down
4 changes: 0 additions & 4 deletions classes/form/CustomerFormatter.php
Expand Up @@ -91,10 +91,6 @@ public function getFormat()
{
$format = [];

$format['id_customer'] = (new FormField())
->setName('id_customer')
->setType('hidden');

$genders = Gender::getGenders($this->language->id);
if ($genders->count() > 0) {
$genderField = (new FormField())
Expand Down

2 comments on commit a4a609b

@NantesInteractive
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't use method return value in write context in mypath/classes/form/CustomerForm.php on line 116

@PierreRambaud
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't use method return value in write context in mypath/classes/form/CustomerForm.php on line 116

You're probably not using the same version, if you tried to apply this patch manually, it's a bad idea :/

Please sign in to comment.