From 94a09493b0323e37433fb19cf1103dd2d94651f4 Mon Sep 17 00:00:00 2001 From: Molkobain Date: Tue, 7 Jan 2020 17:40:03 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B02306=20-=20Security=20hardening=20(BC=20?= =?UTF-8?q?break=20for=20some=20portal=20extensions,=20see=20migration=20n?= =?UTF-8?q?otes)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/Helper/ObjectFormHandlerHelper.php | 34 +++++++++++++++---- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/datamodels/2.x/itop-portal-base/portal/src/Helper/ObjectFormHandlerHelper.php b/datamodels/2.x/itop-portal-base/portal/src/Helper/ObjectFormHandlerHelper.php index 4050979ba..0b6d096e8 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/Helper/ObjectFormHandlerHelper.php +++ b/datamodels/2.x/itop-portal-base/portal/src/Helper/ObjectFormHandlerHelper.php @@ -234,14 +234,34 @@ class ObjectFormHandlerHelper // Preparing renderer // Note : We might need to distinguish form & renderer endpoints - if (in_array($sMode, array('create', 'edit', 'view'))) + switch($sMode) { - $sFormEndpoint = $this->oUrlGenerator->generate('p_object_'.$sMode, array('sObjectClass' => $sObjectClass, 'sObjectId' => $sObjectId)); - } - else - { - // Fallback to current URL for other use cases - $sFormEndpoint = $_SERVER['REQUEST_URI']; + case 'create': + case 'edit': + case 'view': + $sFormEndpoint = $this->oUrlGenerator->generate( + 'p_object_'.$sMode, + array( + 'sObjectClass' => $sObjectClass, + 'sObjectId' => $sObjectId, + ) + ); + break; + + case 'apply_stimulus': + $sFormEndpoint = $this->oUrlGenerator->generate( + 'p_object_apply_stimulus', + array( + 'sObjectClass' => $sObjectClass, + 'sObjectId' => $sObjectId, + 'sStimulusCode' => $this->oRequestManipulator->ReadParam('sStimulusCode'), + ) + ); + break; + + default: + // Do nothing + break; } $oFormRenderer = new BsFormRenderer(); $oFormRenderer->SetEndpoint($sFormEndpoint);