Skip to content
Permalink
Browse files

[SS-2016-010] FIX Form@httpSubmission will no longer load submitted d…

…ata to disabled or readonly fields
  • Loading branch information...
dhensby committed Nov 11, 2016
1 parent 61e4055 commit 4440b887304fe80ca77366800457cbc2ac705654
Showing with 14 additions and 1 deletion.
  1. +14 −1 forms/Form.php
@@ -319,8 +319,21 @@ public function httpSubmission($request) {
$vars = $request->requestVars();
}
// construct an array of allowed fields that can be populated from request data.
// readonly or disabled fields should not be loading data from requests
$allowedFields = array();
$dataFields = $this->Fields()->dataFields();
if ($dataFields) {
/** @var FormField $field */
foreach ($this->Fields()->dataFields() as $name => $field) {
if (!$field->isReadonly() && !$field->isDisabled()) {
$allowedFields[] = $name;
}
}
}
// Populate the form
$this->loadDataFrom($vars, true);
$this->loadDataFrom($vars, true, $allowedFields);
// Protection against CSRF attacks
$token = $this->getSecurityToken();

0 comments on commit 4440b88

Please sign in to comment.
You can’t perform that action at this time.