#Fixes :: Security Fix :: Webform is creaing without name and it is allowed to...

#Fixes :: Security Fix :: Webform is creaing without name and it is allowed to save even if module is not enabled for webform.

#Fixes :: Security Fix :: Webform is creaing without name and it is allowed to...
#Fixes :: Security Fix :: Webform is creaing without name and it is allowed to save even if module is not enabled for webform.
3af72137 · Apparao G · bece55ce · 878515ce · 3af72137
Commit 3af72137 authored 1 year ago by Apparao G
--- a/pkg/vtiger/modules/Webforms/settings/actions/Save.php
+++ b/pkg/vtiger/modules/Webforms/settings/actions/Save.php
@@ -35,11 +35,17 @@ class Settings_Webforms_Save_Action extends Settings_Vtiger_Index_Action {
 		}

 		$fieldsList = $recordModel->getModule()->getFields();
+		$supportedModules = Settings_Webforms_Module_Model::getSupportedModulesList();
 		foreach ($fieldsList as $fieldName => $fieldModel) {
 			$fieldValue = $request->get($fieldName);
 			if (!$fieldValue) {
 				$fieldValue = $fieldModel->get('defaultvalue');
 			}
+			if($fieldModel->isMandatory() && empty(trim($fieldValue))) {
+                throw new AppException(vtranslate('LBL_MANDATORY_FIELD_MISSING'));
+			}else if($fieldName == 'targetmodule' && !array_key_exists($fieldValue,$supportedModules)){
+				throw new Exception('Target module is not supported to create webform');
+			}
 			$recordModel->set($fieldName, $fieldValue);
 		}