From 62cc80878cbd0584334885802bfc471d25da259e Mon Sep 17 00:00:00 2001 From: Mathias Gelhausen Date: Wed, 3 Jun 2020 19:23:35 +0200 Subject: [PATCH 1/2] fix(Organizations): Form errors are not displayed --- .../src/Controller/IndexController.php | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/module/Organizations/src/Controller/IndexController.php b/module/Organizations/src/Controller/IndexController.php index a003cb471..e6716f757 100644 --- a/module/Organizations/src/Controller/IndexController.php +++ b/module/Organizations/src/Controller/IndexController.php @@ -55,19 +55,19 @@ class IndexController extends AbstractActionController * @var Repository\Organization */ private $repository; - + /** * @var FormElementManagerV3Polyfill */ private $formManager; - + private $viewHelper; - + /** * @var TranslatorInterface */ private $translator; - + /** * Create new controller instance * @@ -90,7 +90,7 @@ public function __construct( $this->viewHelper = $viewHelper; $this->translator = $translator; } - + /** * Generates a list of organizations * @@ -114,8 +114,8 @@ public function indexAction() ] ]); } - - + + /** * Change (Upsert) organizations * @@ -204,18 +204,19 @@ public function editAction() } else { if ($form instanceof SummaryForm) { /* @var $form \Core\Form\SummaryForm */ - $form->setRenderMode(SummaryForm::RENDER_SUMMARY); + $form->setRenderMode($isValid ? SummaryForm::RENDER_SUMMARY : SummaryForm::RENDER_FORM); $viewHelper = 'summaryForm'; } else { $viewHelper = 'form'; } - + $content = $this->viewHelper->get($viewHelper)->__invoke($form); } return new JsonModel( array( 'valid' => $isValid, + 'errors' => $form->getMessages(), 'content' => $content, ) ); From 52d5ff829815170d12814e52893833d9cc17a20c Mon Sep 17 00:00:00 2001 From: Mathias Gelhausen Date: Wed, 3 Jun 2020 19:25:00 +0200 Subject: [PATCH 2/2] fix(Organizations): Prevent xss attachs on form inputs [ fix #543 ] --- .../src/Form/OrganizationsContactFieldset.php | 60 +++++++++++++++---- .../Form/OrganizationsDescriptionFieldset.php | 13 +++- .../src/Form/OrganizationsNameFieldset.php | 28 +++++---- 3 files changed, 77 insertions(+), 24 deletions(-) diff --git a/module/Organizations/src/Form/OrganizationsContactFieldset.php b/module/Organizations/src/Form/OrganizationsContactFieldset.php index 126856409..21f87694b 100644 --- a/module/Organizations/src/Form/OrganizationsContactFieldset.php +++ b/module/Organizations/src/Form/OrganizationsContactFieldset.php @@ -12,6 +12,7 @@ use Laminas\Form\Fieldset; use Core\Entity\Hydrator\EntityHydrator; +use Laminas\InputFilter\InputFilterProviderInterface; use Organizations\Entity\OrganizationContact; /** @@ -19,7 +20,7 @@ * * @package Organizations\Form */ -class OrganizationsContactFieldset extends Fieldset +class OrganizationsContactFieldset extends Fieldset implements InputFilterProviderInterface { /** * Gets the Hydrator @@ -42,7 +43,7 @@ public function getHydrator() public function init() { $this->setName('contact'); - + $this->add( array( 'name' => 'street', @@ -51,7 +52,7 @@ public function init() ) ) ); - + $this->add( array( 'name' => 'houseNumber', @@ -60,7 +61,7 @@ public function init() ) ) ); - + $this->add( array( 'name' => 'postalcode', @@ -69,7 +70,7 @@ public function init() ) ) ); - + $this->add( array( 'name' => 'city', @@ -104,13 +105,52 @@ public function init() ); } - /** - * for later use - all the mandatory fields - * @return array - */ public function getInputFilterSpecification() { - return array(); + return [ + 'street' => [ + 'required' => false, + 'filters' => [ + ['name' => 'StripTags'] + ], + ], + 'houseNumber' => [ + 'required' => false, + 'filters' => [ + ['name' => 'StripTags'] + ], + ], + 'postalcode' => [ + 'required' => false, + 'filters' => [ + ['name' => 'StripTags'] + ], + ], + 'city' => [ + 'required' => false, + 'filters' => [ + ['name' => 'StripTags'] + ], + ], + 'country' => [ + 'required' => false, + 'filters' => [ + ['name' => 'StripTags'] + ], + ], + 'phone' => [ + 'required' => false, + 'filters' => [ + ['name' => 'StripTags'] + ], + ], + 'fax' => [ + 'required' => false, + 'filters' => [ + ['name' => 'StripTags'] + ], + ], + ]; } /** diff --git a/module/Organizations/src/Form/OrganizationsDescriptionFieldset.php b/module/Organizations/src/Form/OrganizationsDescriptionFieldset.php index 49793a78e..ff4df73a1 100644 --- a/module/Organizations/src/Form/OrganizationsDescriptionFieldset.php +++ b/module/Organizations/src/Form/OrganizationsDescriptionFieldset.php @@ -11,12 +11,13 @@ use Laminas\Form\Fieldset; use Core\Entity\Hydrator\EntityHydrator; +use Laminas\InputFilter\InputFilterProviderInterface; /** * Class OrganizationsDescriptionFieldset * @package Organizations\Form */ -class OrganizationsDescriptionFieldset extends Fieldset +class OrganizationsDescriptionFieldset extends Fieldset implements InputFilterProviderInterface { public function getHydrator() { @@ -51,6 +52,14 @@ public function init() */ public function getInputFilterSpecification() { - return array(); + return [ + 'description' => [ + 'required' => true, + 'allow_empty' => true, + 'filters' => [ + ['name' => 'StripTags'], + ], + ], + ]; } } diff --git a/module/Organizations/src/Form/OrganizationsNameFieldset.php b/module/Organizations/src/Form/OrganizationsNameFieldset.php index 1496ee3c6..f7cd7145a 100644 --- a/module/Organizations/src/Form/OrganizationsNameFieldset.php +++ b/module/Organizations/src/Form/OrganizationsNameFieldset.php @@ -11,24 +11,23 @@ namespace Organizations\Form; use Core\Repository\RepositoryService; -use Interop\Container\ContainerInterface; use Laminas\Form\Fieldset; use Core\Entity\Hydrator\EntityHydrator; use Organizations\Entity\Hydrator\Strategy\OrganizationNameStrategy; -use Laminas\Form\FormElementManager\FormElementManagerV3Polyfill; +use Laminas\InputFilter\InputFilterProviderInterface; /** * Class OrganizationsFieldset * @package Organizations\Form */ -class OrganizationsNameFieldset extends Fieldset +class OrganizationsNameFieldset extends Fieldset implements InputFilterProviderInterface { - + /** * @var RepositoryService */ private $repositories; - + /** * @return RepositoryService */ @@ -36,7 +35,7 @@ public function getRepositories() { return $this->repositories; } - + /** * @param RepositoryService $repositories */ @@ -44,18 +43,16 @@ public function setRepositories($repositories) { $this->repositories = $repositories; } - + public function getHydrator() { if (!$this->hydrator) { /* @var $formElementManager FormElementManagerV3Polyfill */ $hydrator = new EntityHydrator(); - $formFactory = $this->getFormFactory(); - $formElementManager = $formFactory->getFormElementManager(); - + $repositoryManager = $this->repositories; $repOrganizationName = $repositoryManager->get('Organizations/OrganizationName'); - + $organizationName = new OrganizationNameStrategy($repOrganizationName); $hydrator->addStrategy('organizationName', $organizationName); $this->setHydrator($hydrator); @@ -85,7 +82,14 @@ public function init() */ public function getInputFilterSpecification() { - return array(); + return [ + 'organizationName' => [ + 'required' => true, + 'filters' => [ + ['name' => 'StripTags'], + ], + ], + ]; } /**