Skip to content

Commit 0b7d507

Browse files
pupkinVpupkinV
committed
security holes: getActualValue
1 parent 56e1edc commit 0b7d507

File tree

3 files changed

+41
-17
lines changed

3 files changed

+41
-17
lines changed

core/Form/Primitives/BasePrimitive.class.php

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -72,22 +72,34 @@ public function getRawValue()
7272
{
7373
return $this->raw;
7474
}
75+
76+
public function getValueOrDefault()
77+
{
78+
if ($this->value !== null)
79+
return $this->value;
80+
81+
return $this->default;
82+
}
7583

84+
/**
85+
* @deprecated since version 1.0
86+
* @see getSafeValue, getValueOrDefault
87+
*/
7688
public function getActualValue()
7789
{
78-
if (null !== $this->value)
90+
if ($this->value !== null)
7991
return $this->value;
8092
elseif ($this->imported)
8193
return $this->raw;
8294

8395
return $this->default;
8496
}
85-
97+
8698
public function getSafeValue()
8799
{
88100
if ($this->imported)
89101
return $this->value;
90-
102+
91103
return $this->default;
92104
}
93105

core/Form/Primitives/PrimitiveAlias.class.php

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -57,25 +57,24 @@ public function getRawValue()
5757
return $this->primitive->getRawValue();
5858
}
5959

60+
61+
public function getValueOrDefault()
62+
{
63+
return $this->primitive->getValueOrDefault();
64+
}
65+
6066
/**
6167
* @deprecated by getFormValue
68+
* since version 1.0 by getValueOrDefault
6269
**/
6370
public function getActualValue()
6471
{
65-
if (null !== $this->primitive->getValue())
66-
return $this->primitive->getValue();
67-
elseif ($this->primitive->isImported())
68-
return $this->primitive->getRawValue();
69-
70-
return $this->primitive->getDefault();
72+
return $this->primitive->getActualValue();
7173
}
7274

7375
public function getSafeValue()
7476
{
75-
if ($this->primitive->isImported())
76-
return $this->primitive->getValue();
77-
78-
return $this->primitive->getDefault();
77+
return $this->primitive->getSafeValue();
7978
}
8079

8180
public function getFormValue()

core/Form/Primitives/TimeList.class.php

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -53,17 +53,30 @@ public function import($scope)
5353

5454
return ($this->value !== array());
5555
}
56-
56+
57+
public function getValueOrDefault()
58+
{
59+
if (is_array($this->value) && $this->value[0])
60+
return $this->value;
61+
62+
return array($this->default);
63+
}
64+
65+
/**
66+
* @deprecated deprecated since version 1.0
67+
* @see getSafeValue, getValueOrDefault
68+
* @return type
69+
*/
5770
public function getActualValue()
5871
{
5972
if (is_array($this->value) && $this->value[0])
6073
return $this->value;
6174
elseif (is_array($this->raw) && $this->raw[0])
6275
return $this->raw;
63-
76+
6477
return array($this->default);
6578
}
66-
79+
6780
public static function stringToTimeList($string)
6881
{
6982
$list = array();
@@ -86,4 +99,4 @@ public function exportValue()
8699
throw new UnimplementedFeatureException();
87100
}
88101
}
89-
?>
102+
?>

0 commit comments

Comments
 (0)