Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

NEW: Add ReadonlyField::setIncludeHiddenField()

The new config setter restores the 2.4 behaviour of including <input type="hidden"> with a field. Although as a default, this option has security flaws; it is useful in a few circumstances and, if nothing else, is handy to make upgrading sites easier.
  • Loading branch information...
commit abbee41b7852480ff8552474a147cc5912fe755a 1 parent b63e55a
@sminnee sminnee authored
Showing with 34 additions and 1 deletion.
  1. +34 −1 forms/ReadonlyField.php
View
35 forms/ReadonlyField.php
@@ -11,10 +11,43 @@ class ReadonlyField extends FormField {
protected $readonly = true;
+ /**
+ * Include a hidden field in the HTML for the readonly field
+ * @var boolean
+ */
+ protected $includeHiddenField = false;
+
+ /**
+ * If true, a hidden field will be included in the HTML for the readonly field.
+ *
+ * This can be useful if you need to pass the data through on the form submission, as
+ * long as it's okay than an attacker could change the data before it's submitted.
+ *
+ * This is disabled by default as it can introduce security holes if the data is not
+ * allowed to be modified by the user.
+ *
+ * @param boolean $includeHiddenField
+ */
+ public function setIncludeHiddenField($includeHiddenField) {
+ $this->includeHiddenField = $includeHiddenField;
+ }
+
public function performReadonlyTransformation() {
return clone $this;
}
+ public function Field($properties = array()) {
+ // Include a hidden field in the HTML
+ if($this->includeHiddenField && $this->readonly) {
+ $hidden = clone $this;
+ $hidden->setReadonly(false);
+ return parent::Field($properties) . $hidden->Field($properties);
+
+ } else {
+ return parent::Field($properties);
+ }
+ }
+
public function Value() {
if($this->value) return $this->dontEscape ? $this->value : Convert::raw2xml($this->value);
else return '<i>(' . _t('FormField.NONE', 'none') . ')</i>';
@@ -25,7 +58,7 @@ public function getAttributes() {
parent::getAttributes(),
array(
'type' => 'hidden',
- 'value' => null,
+ 'value' => $this->readonly ? null : $this->value,
)
);
}
Please sign in to comment.
Something went wrong with that request. Please try again.