added a classname form control for validating classnames and do taint checking
This commit is contained in:
parent
a1a920cfea
commit
21fedb9051
5 changed files with 109 additions and 15 deletions
|
|
@ -42,7 +42,7 @@ sub www_formAssetTree {
|
|||
my $ancestors = $base->getLineage(["self","ancestors"],{returnObjects=>1});
|
||||
foreach my $ancestor (@{$ancestors}) {
|
||||
my $url = $ancestor->getUrl("op=formAssetTree;formId=".$session->form->process("formId"));
|
||||
$url .= ";classLimiter=".$session->form->process("classLimiter") if ($session->form->process("classLimiter"));
|
||||
$url .= ";classLimiter=".$session->form->process("classLimiter","className") if ($session->form->process("classLimiter","className"));
|
||||
push(@crumb,'<a href="'.$url.'" class="crumb">'.$ancestor->get("menuTitle").'</a>');
|
||||
}
|
||||
my $output = '
|
||||
|
|
@ -79,7 +79,7 @@ sub www_formAssetTree {
|
|||
<div class="crumbTrail">'.join(" > ", @crumb)."</div><br />\n";
|
||||
my $children = $base->getLineage(["children"],{returnObjects=>1});
|
||||
my $i18n = WebGUI::International->new($session);
|
||||
my $limit = $session->form->process("classLimiter");
|
||||
my $limit = $session->form->process("classLimiter","className");
|
||||
foreach my $child (@{$children}) {
|
||||
next unless $child->canView;
|
||||
if ($limit eq "" || $child->get("className") =~ /^$limit/) {
|
||||
|
|
@ -90,7 +90,7 @@ sub www_formAssetTree {
|
|||
$output .= '<span class="selectLink">['.$i18n->get("select").']</span> ';
|
||||
}
|
||||
my $url = $child->getUrl("op=formAssetTree;formId=".$session->form->process("formId"));
|
||||
$url .= ";classLimiter=".$session->form->process("classLimiter") if ($session->form->process("classLimiter"));
|
||||
$url .= ";classLimiter=".$session->form->process("classLimiter","className") if ($session->form->process("classLimiter","className"));
|
||||
$output .= '<a href="'.$url.'" class="traverse">'.$child->get("menuTitle").'</a>'."<br />\n";
|
||||
}
|
||||
$output .= '</div></body></html>';
|
||||
|
|
|
|||
|
|
@ -264,8 +264,8 @@ sub www_editWorkflowActivity {
|
|||
my $session = shift;
|
||||
return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
|
||||
my $activity = '';
|
||||
if ($session->form->get("className")) {
|
||||
$activity = WebGUI::Workflow::Activity->newByPropertyHashRef($session, {activityId=>"new",className=>$session->form->get("className")});
|
||||
if ($session->form->process("className","className")) {
|
||||
$activity = WebGUI::Workflow::Activity->newByPropertyHashRef($session, {activityId=>"new",className=>$session->form->process("className","className")});
|
||||
} else {
|
||||
$activity = WebGUI::Workflow::Activity->new($session, $session->form->get("activityId"));
|
||||
}
|
||||
|
|
@ -296,7 +296,7 @@ sub www_editWorkflowActivitySave {
|
|||
my $activityId = $session->form->get("activityId");
|
||||
my $activity = '';
|
||||
if ($activityId eq "new") {
|
||||
$activity = $workflow->addActivity($session->form->get("className"));
|
||||
$activity = $workflow->addActivity($session->form->process("className","className"));
|
||||
} else {
|
||||
$activity = $workflow->getActivity($activityId);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue