From 0f0564232e0a49719d0bdff6223539b624f116ee Mon Sep 17 00:00:00 2001 From: Andrew Embler Date: Thu, 2 Nov 2023 16:45:10 -0700 Subject: [PATCH] Fix CC-481 --- .../dashboard/system/express/entities.php | 29 ++++++++++++++----- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/concrete/controllers/single_page/dashboard/system/express/entities.php b/concrete/controllers/single_page/dashboard/system/express/entities.php index cc509efb0ca..dada5bcab1f 100644 --- a/concrete/controllers/single_page/dashboard/system/express/entities.php +++ b/concrete/controllers/single_page/dashboard/system/express/entities.php @@ -31,10 +31,11 @@ public function add() $vs = \Core::make('helper/validation/strings'); $name = $sec->sanitizeString($this->request->request->get('name')); - $handle = $sec->sanitizeString($this->request->request->get('handle')); + $handle = $this->request->request->get('handle'); + $plural_handle = $this->request->request->get('plural_handle'); if (!$vs->handle($handle)) { - $this->error->add(t('You must create a handle for your data object. It may contain only lowercase letters and underscores.'), 'handle'); + $this->error->add(t('You must create a valid handle for your data object. It may contain only lowercase letters and underscores.'), 'handle'); } else { $entity = Express::getObjectByHandle($handle); if (is_object($entity)) { @@ -44,6 +45,10 @@ public function add() } } + if (!$vs->handle($plural_handle)) { + $this->error->add(t('You must create a valid plural handle for your data object. It may contain only lowercase letters and underscores.'), 'plural_handle'); + } + if (!$name) { $this->error->add(t('You must give your data object a name.'), 'name'); } @@ -51,8 +56,8 @@ public function add() if (!$this->error->has()) { $entity = new Entity(); $entity->setName($this->request->request->get('name')); - $entity->setHandle($this->request->request->get('handle')); - $entity->setPluralHandle($this->request->request->get('plural_handle')); + $entity->setHandle($handle); + $entity->setPluralHandle($plural_handle); $entity->setLabelMask($this->request->request->get('label_mask')); $entity->setDescription($this->request->request->get('description')); $entity->setIsPublished(false); @@ -330,10 +335,11 @@ public function update($id = null) $vs = \Core::make('helper/validation/strings'); $name = $sec->sanitizeString($this->request->request->get('name')); - $handle = $sec->sanitizeString($this->request->request->get('handle')); + $handle = $this->request->request->get('handle'); + $plural_handle = $this->request->request->get('plural_handle'); if (!$vs->handle($handle)) { - $this->error->add(t('You must create a handle for your data object. It may contain only lowercase letters and underscores.'), 'handle'); + $this->error->add(t('You must create a valid handle for your data object. It may contain only lowercase letters and underscores.'), 'handle'); } else { $exist = Express::getObjectByHandle($handle); if (is_object($exist) && $exist->getID() != $id) { @@ -343,6 +349,15 @@ public function update($id = null) } } + if (!$vs->handle($plural_handle)) { + $this->error->add( + t( + 'You must create a valid plural handle for your data object. It may contain only lowercase letters and underscores.' + ), + 'plural_handle' + ); + } + if (!$name) { $this->error->add(t('You must give your data object a name.'), 'name'); } @@ -379,7 +394,7 @@ public function update($id = null) */ $entity->setName($name); $entity->setHandle($handle); - $entity->setPluralHandle($this->request->request->get('plural_handle')); + $entity->setPluralHandle($plural_handle); $entity->setLabelMask($this->request->request->get('label_mask')); $entity->setDescription($this->request->request->get('description')); $entity->setDefaultViewForm($viewForm);