Merge pull request #3023 from vanilla/hotfix/trim-keys

Trim user-entered API keys and config strings
vanilla · Aug 31, 2015 · 728b03b · 728b03b
2 parents a419fec + d8b3a38
commit 728b03b
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 11 deletions.
diff --git a/applications/dashboard/modules/class.configurationmodule.php b/applications/dashboard/modules/class.configurationmodule.php
@@ -80,7 +80,7 @@ public function hasFiles() {
 
         if ($HasFiles === null) {
             $HasFiles = false;
-            foreach ($this->Schema() as $K => $Row) {
+            foreach ($this->schema() as $K => $Row) {
                 if (strtolower(val('Control', $Row)) == 'imageupload') {
                     $HasFiles = true;
                     break;
@@ -98,10 +98,10 @@ public function hasFiles() {
      */
     public function initialize($Schema = null) {
         if ($Schema !== null) {
-            $this->Schema($Schema);
+            $this->schema($Schema);
         }
 
-        $Form = $this->Form();
+        $Form = $this->form();
 
         if ($Form->authenticatedPostBack()) {
             // Grab the data from the form.
@@ -113,22 +113,27 @@ public function initialize($Schema = null) {
                 $Config = $Row['Config'];
 
                 // For API calls make this a sparse save.
-                if ($this->Controller()->deliveryType() === DELIVERY_TYPE_DATA && !array_key_exists($Name, $Post)) {
+                if ($this->controller()->deliveryType() === DELIVERY_TYPE_DATA && !array_key_exists($Name, $Post)) {
                     continue;
                 }
 
                 if (strtolower(val('Control', $Row)) == 'imageupload') {
-                    $Form->SaveImage($Name, arrayTranslate($Row, array('Prefix', 'Size')));
+                    $Form->saveImage($Name, arrayTranslate($Row, array('Prefix', 'Size')));
                 }
 
                 $Value = $Form->getFormValue($Name);
 
+                // Trim all incoming values by default.
+                if (val('Trim', $Row, true)) {
+                    $Value = trim($Value);
+                }
+
                 if ($Value == val('Default', $Value, '')) {
                     $Value = '';
                 }
 
                 $Data[$Config] = $Value;
-                $this->Controller()->setData($Name, $Value);
+                $this->controller()->setData($Name, $Value);
             }
 
             // Save it to the config.

diff --git a/plugins/Facebook/class.facebook.plugin.php b/plugins/Facebook/class.facebook.plugin.php
@@ -441,8 +441,8 @@ public function socialController_facebook_create($Sender, $Args) {
         $Sender->permission('Garden.Settings.Manage');
         if ($Sender->Form->authenticatedPostBack()) {
             $Settings = array(
-                'Plugins.Facebook.ApplicationID' => $Sender->Form->getFormValue('ApplicationID'),
-                'Plugins.Facebook.Secret' => $Sender->Form->getFormValue('Secret'),
+                'Plugins.Facebook.ApplicationID' => trim($Sender->Form->getFormValue('ApplicationID')),
+                'Plugins.Facebook.Secret' => trim($Sender->Form->getFormValue('Secret')),
                 'Plugins.Facebook.UseFacebookNames' => $Sender->Form->getFormValue('UseFacebookNames'),
                 'Plugins.Facebook.SocialSignIn' => $Sender->Form->getFormValue('SocialSignIn'),
                 'Plugins.Facebook.SocialReactions' => $Sender->Form->getFormValue('SocialReactions'),

diff --git a/plugins/Twitter/class.twitter.plugin.php b/plugins/Twitter/class.twitter.plugin.php
@@ -298,7 +298,7 @@ private function _getButton() {
      * @param bool $Query
      */
     public function authorize($Query = false) {
-        // Aquire the request token.
+        // Acquire the request token.
         $Consumer = new OAuthConsumer(c('Plugins.Twitter.ConsumerKey'), c('Plugins.Twitter.Secret'));
         $RedirectUri = $this->redirectUri();
         if ($Query) {
@@ -925,8 +925,8 @@ public function socialController_twitter_create($Sender, $Args) {
         $Sender->permission('Garden.Settings.Manage');
         if ($Sender->Form->authenticatedPostBack()) {
             $Settings = array(
-                'Plugins.Twitter.ConsumerKey' => $Sender->Form->getFormValue('ConsumerKey'),
-                'Plugins.Twitter.Secret' => $Sender->Form->getFormValue('Secret'),
+                'Plugins.Twitter.ConsumerKey' => trim($Sender->Form->getFormValue('ConsumerKey')),
+                'Plugins.Twitter.Secret' => trim($Sender->Form->getFormValue('Secret')),
                 'Plugins.Twitter.SocialSignIn' => $Sender->Form->getFormValue('SocialSignIn'),
                 'Plugins.Twitter.SocialReactions' => $Sender->Form->getFormValue('SocialReactions'),
                 'Plugins.Twitter.SocialSharing' => $Sender->Form->getFormValue('SocialSharing')