Skip to content

Commit

Permalink
Merge pull request #4399 in SW/shopware from sw-17487/5.2/form-input-…
Browse files Browse the repository at this point in the history 
…handling to 5.2

* commit '14299e9ee9f7d93f687b4ec838e0873afbc84fec':
  SW-17487 - Improve form input handling
  • Loading branch information
@bcremer
bcremer committed Jan 19, 2017
2 parents 26aa6fb + 14299e9 commit 9276814
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 10 deletions.
43 changes: 34 additions & 9 deletions engine/Shopware/Controllers/Frontend/Forms.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,7 @@ private function replaceVariables($content)
$content = str_replace("{sIP}", $_SERVER['REMOTE_ADDR'], $content);
$content = str_replace("{sDateTime}", date("d.m.Y h:i:s"), $content);
$content = str_replace('{sShopname}', Shopware()->Config()->shopName, $content);

return strip_tags($content);
}

Expand Down Expand Up @@ -378,25 +379,34 @@ protected function _createInputElement($element, $post = null)
case 'text':
case 'textarea':
case 'file':
$post = $this->_filterInput($post);
if (empty($post) && !empty($element['value'])) {
$post = $element['value'];
} elseif (!empty($post) && $element['typ'] !== 'textarea') {
$post = '{literal}' . str_replace(['{/literal}', '"'], '', $post) . '{/literal}';
} else {
$post = '{literal}' . str_replace('{/literal}', '', $post) . '{/literal}';
}

if ($element['typ'] !== 'textarea') {
$post = str_replace('"', '', $post);
}

$post = '{literal}' . $post . '{/literal}';

break;

case 'text2':
$post[0] = $this->_filterInput($post[0]);
if (empty($post[0]) && !empty($element['value'][0])) {
$post[0] = $element['value'][0];
} elseif (!empty($post[0])) {
$post[0] = '{literal}' . str_replace(['{/literal}', '"'], '', $post[0]) . '{/literal}';
}
if (empty($post[1]) && !empty($element['value'][1])) {
$post[0] = str_replace('"', '', $post[0]);
$post[0] = '{literal}' . $post[0] . '{/literal}';

$post[1] = $this->_filterInput($post[1]);
if (empty($post[0]) && !empty($element['value'][1])) {
$post[1] = $element['value'][1];
} elseif (!empty($post[1])) {
$post[1] = '{literal}' . str_replace(['{/literal}', '"'], '', $post[1]) . '{/literal}';
}
$post[1] = str_replace('"', '', $post[1]);
$post[1] = '{literal}' . $post[1] . '{/literal}';

break;
default:
break;
Expand Down Expand Up @@ -482,6 +492,21 @@ protected function _createInputElement($element, $post = null)
return $output;
}

/**
* @param string $input
* @return string
*/
protected function _filterInput($input)
{
$pattern = '#{\s*/literal\s*}#i';

if (preg_match($pattern, $input) > 0) {
return '';
}

return $input;
}

/**
* Validate input method
*
Expand Down
2 changes: 1 addition & 1 deletion themes/Frontend/Bare/frontend/forms/elements.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
<div {if $sSupport.sElements[$sKey].typ eq 'textarea'}class="textarea"{elseif $sSupport.sElements[$sKey].typ eq 'checkbox'}class="forms--checkbox"{elseif $sSupport.sElements[$sKey].typ eq 'select'}class="field--select"{/if}>
{if $sSupport.sElements[$sKey].typ eq 'select'}<span class="arrow"></span>{/if}

{eval var=$sSupport.sFields[$sKey]|replace:'%*%':"{s name='RequiredField' namespace='frontend/register/index'}{/s}"}
{$sSupport.sFields[$sKey]|replace:'{literal}':''|replace:'{/literal}':''|replace:'%*%':"{s name='RequiredField' namespace='frontend/register/index'}{/s}"}

{if $sSupport.sElements[$sKey].typ eq 'checkbox'}
{$sSupport.sLabels.$sKey|replace:':':''}
Expand Down

0 comments on commit 9276814

Please sign in to comment.