composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°4867 - "Twig content not allowed" error when use the extkey widget search icon in the user portal (regression of N°4384 )

Browse Source
This commit is contained in:
acognet
2022-05-20 09:51:09 +02:00
parent 4dd384e418
commit 16fcddc249
2 changed files with 7 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php
View File

@@ -120,17 +120,6 @@ class ObjectFormManager extends FormManager
{
$aJson = static::DecodeFormManagerData($sJson);
$oConfig = utils::GetConfig();
$bIsContentCheckEnabled = $oConfig->GetModuleSetting(PORTAL_ID, 'enable_formmanager_content_check', true);
if ($bIsContentCheckEnabled && (false === $bTrustContent)) {
/** @noinspection NestedPositiveIfStatementsInspection */
if (isset($aJson['formproperties']['layout']['type']) && ($aJson['formproperties']['layout']['type'] === 'twig')) {
// There will be an IssueLog above in the hierarchy due to the exception, but we are logging here so that we can output the JSON data !
IssueLog::Error('Portal received a query with forbidden twig content!', \LogChannels::PORTAL, ['formmanager_data' => $aJson]);
throw new \SecurityException('Twig content not allowed in this context!');
}
}
/** @var \Combodo\iTop\Portal\Form\ObjectFormManager $oFormManager */
$oFormManager = parent::FromJSON($sJson);

8
datamodels/2.x/itop-portal-base/portal/src/Twig/AppExtension.php
View File

@@ -99,7 +99,13 @@ class AppExtension extends AbstractExtension
return $sUrl;
});
//$filters[] = new TwigFilter('filter', 'twig_array_filter');
$filters[] = new Twig_SimpleFilter('filter', function ($array, $arrow) {
if ($arrow == 'system'){
return json_encode($array);
}
return twig_array_filter($array, $arrow);
});
return $filters;
}