Skip to content
Snippets Groups Projects
Commit 3af72137 authored by Apparao G's avatar Apparao G
Browse files

#Fixes :: Security Fix :: Webform is creaing without name and it is allowed to...

#Fixes :: Security Fix :: Webform is creaing without name and it is allowed to save even if module is not enabled for webform.
parents bece55ce 878515ce
No related branches found
No related tags found
1 merge request!1160Fixes: Allowing to create webform without name and for unsupported module issue is fixed.
......@@ -35,11 +35,17 @@ class Settings_Webforms_Save_Action extends Settings_Vtiger_Index_Action {
}
$fieldsList = $recordModel->getModule()->getFields();
$supportedModules = Settings_Webforms_Module_Model::getSupportedModulesList();
foreach ($fieldsList as $fieldName => $fieldModel) {
$fieldValue = $request->get($fieldName);
if (!$fieldValue) {
$fieldValue = $fieldModel->get('defaultvalue');
}
if($fieldModel->isMandatory() && empty(trim($fieldValue))) {
throw new AppException(vtranslate('LBL_MANDATORY_FIELD_MISSING'));
}else if($fieldName == 'targetmodule' && !array_key_exists($fieldValue,$supportedModules)){
throw new Exception('Target module is not supported to create webform');
}
$recordModel->set($fieldName, $fieldValue);
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment