Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-774w-fg8p-7c8w
Check if fields are URL
  • Loading branch information
PierreRambaud committed Apr 15, 2020
2 parents d9d2bdd + 3f2fd22 commit c1768bf
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 21 deletions.
3 changes: 2 additions & 1 deletion config.xml
Expand Up @@ -2,9 +2,10 @@
<module>
<name>ps_socialfollow</name>
<displayName><![CDATA[Social media follow links]]></displayName>
<version><![CDATA[1.0]]></version>
<version><![CDATA[2.1.0]]></version>
<description><![CDATA[Allows you to add information about your brand&#039;s social networking accounts.]]></description>
<author><![CDATA[PrestaShop]]></author>
<tab><![CDATA[]]></tab>
<is_configurable>1</is_configurable>
<need_instance>1</need_instance>
<limited_countries></limited_countries>
Expand Down
59 changes: 39 additions & 20 deletions ps_socialfollow.php
Expand Up @@ -29,16 +29,29 @@
}

use PrestaShop\PrestaShop\Core\Module\WidgetInterface;
use Symfony\Component\Validator\Constraints\Url;
use Symfony\Component\Validator\Validation;

class Ps_Socialfollow extends Module implements WidgetInterface
{
private $templateFile;

const SOCIAL_NETWORKS = [
'facebook',
'twitter',
'rss',
'youtube',
'pinterest',
'vimeo',
'instagram',
'linkedin',
];

public function __construct()
{
$this->name = 'ps_socialfollow';
$this->author = 'PrestaShop';
$this->version = '2.0.0';
$this->version = '2.1.0';

$this->bootstrap = true;
parent::__construct();
Expand Down Expand Up @@ -81,15 +94,7 @@ public function uninstall()
public function getContent()
{
if (Tools::isSubmit('submitModule')) {
Configuration::updateValue('BLOCKSOCIAL_FACEBOOK', Tools::getValue('blocksocial_facebook', ''));
Configuration::updateValue('BLOCKSOCIAL_TWITTER', Tools::getValue('blocksocial_twitter', ''));
Configuration::updateValue('BLOCKSOCIAL_RSS', Tools::getValue('blocksocial_rss', ''));
Configuration::updateValue('BLOCKSOCIAL_YOUTUBE', Tools::getValue('blocksocial_youtube', ''));
Configuration::updateValue('BLOCKSOCIAL_PINTEREST', Tools::getValue('blocksocial_pinterest', ''));
Configuration::updateValue('BLOCKSOCIAL_VIMEO', Tools::getValue('blocksocial_vimeo', ''));
Configuration::updateValue('BLOCKSOCIAL_INSTAGRAM', Tools::getValue('blocksocial_instagram', ''));
Configuration::updateValue('BLOCKSOCIAL_LINKEDIN', Tools::getValue('blocksocial_linkedin', ''));

$this->updateFields();
$this->_clearCache('*');

Tools::redirectAdmin($this->context->link->getAdminLink('AdminModules').'&configure='.$this->name.'&tab_module='.$this->tab.'&conf=4&module_name='.$this->name);
Expand Down Expand Up @@ -180,16 +185,11 @@ public function renderForm()

public function getConfigFieldsValues()
{
return array(
'blocksocial_facebook' => Tools::getValue('blocksocial_facebook', Configuration::get('BLOCKSOCIAL_FACEBOOK')),
'blocksocial_twitter' => Tools::getValue('blocksocial_twitter', Configuration::get('BLOCKSOCIAL_TWITTER')),
'blocksocial_rss' => Tools::getValue('blocksocial_rss', Configuration::get('BLOCKSOCIAL_RSS')),
'blocksocial_youtube' => Tools::getValue('blocksocial_youtube', Configuration::get('BLOCKSOCIAL_YOUTUBE')),
'blocksocial_pinterest' => Tools::getValue('blocksocial_pinterest', Configuration::get('BLOCKSOCIAL_PINTEREST')),
'blocksocial_vimeo' => Tools::getValue('blocksocial_vimeo', Configuration::get('BLOCKSOCIAL_VIMEO')),
'blocksocial_instagram' => Tools::getValue('blocksocial_instagram', Configuration::get('BLOCKSOCIAL_INSTAGRAM')),
'blocksocial_linkedin' => Tools::getValue('blocksocial_linkedin', Configuration::get('BLOCKSOCIAL_LINKEDIN')),
);
$result = [];
foreach (static::SOCIAL_NETWORKS as $social) {
$result['blocksocial_' . $social] = Configuration::get('BLOCKSOCIAL_' . strtoupper($social));
}
return $result;
}

public function renderWidget($hookName = null, array $configuration = [])
Expand Down Expand Up @@ -273,4 +273,23 @@ public function getWidgetVariables($hookName = null, array $configuration = [])
'social_links' => $social_links,
);
}

/**
* Update form fields.
* Check all social networks form value and verify the URL is valid.
* Do nothing if a violation is spotted.
*/
protected function updateFields()
{
$validator = Validation::createValidator();
$constraints = [new Url()];

foreach (static::SOCIAL_NETWORKS as $social) {
$value = Tools::getValue('blocksocial_' . $social, '');
$violations = $validator->validate($value, $constraints);
if (0 === count($violations)) {
Configuration::updateValue('BLOCKSOCIAL_' . strtoupper($social), $value);
}
}
}
}

0 comments on commit c1768bf

Please sign in to comment.