ここの情報は古いです。ご理解頂いた上でお取り扱いください。

Changeset 9831


Ignore:
Timestamp:
Jan 1, 2009, 1:44:54 AM (11 years ago)
Author:
ebihara
Message:

#3252:fixed CSRF protection doesn't enable in some forms of the pc_backend application

Location:
OpenPNE3/trunk
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • OpenPNE3/trunk/apps/pc_backend/modules/design/actions/actions.class.php

    r9582 r9831  
    5050    $this->widgetConfig = sfConfig::get('op_widget_list');
    5151
     52    $this->sortForm = new HomeWidgetSortForm();
     53    $this->addForm = new HomeWidgetAddForm();
    5254    if ($request->isMethod(sfRequest::POST))
    5355    {
    54       $sortForm = new HomeWidgetSortForm();
    55       $addForm = new HomeWidgetAddForm();
    56       $sortForm->bind($request->getParameter('widget'));
    57       $addForm->bind($request->getParameter('new'));
    58       if ($sortForm->isValid() && $addForm->isValid())
     56      $this->sortForm->bind($request->getParameter('widget'));
     57      $this->addForm->bind($request->getParameter('new'));
     58      if ($this->sortForm->isValid() && $this->addForm->isValid())
    5959      {
    60         $sortForm->save();
    61         $addForm->save();
     60        $this->sortForm->save();
     61        $this->addForm->save();
    6262        $this->redirect('design/homeWidget');
    6363      }
  • OpenPNE3/trunk/apps/pc_backend/modules/design/lib/HomeWidgetAddForm.class.php

    r9582 r9831  
    1515    $this->setValidator('sideMenu', new sfValidatorCallback(array('callback' => array($this, 'validate'))));
    1616    $this->setValidator('contents', new sfValidatorCallback(array('callback' => array($this, 'validate'))));
     17
     18    $this->getWidgetSchema()->setNameFormat('new[%s]');
    1719  }
    1820
  • OpenPNE3/trunk/apps/pc_backend/modules/design/lib/HomeWidgetSortForm.class.php

    r9597 r9831  
    1515    $this->setValidator('sideMenu', new sfValidatorCallback(array('callback' => array($this, 'validate'))));
    1616    $this->setValidator('contents', new sfValidatorCallback(array('callback' => array($this, 'validate'))));
     17
     18    $this->getWidgetSchema()->setNameFormat('widget[%s]');
    1719  }
    1820
  • OpenPNE3/trunk/apps/pc_backend/modules/design/templates/homeLayoutSuccess.php

    r9501 r9831  
    88<p><input type="submit" value="<?php echo __('設定変更') ?>" /></p>
    99<?php echo $form['layout']->render() ?>
     10<?php echo $form->renderHiddenFields() ?>
    1011</form>
  • OpenPNE3/trunk/apps/pc_backend/modules/design/templates/homeWidgetSuccess.php

    r9582 r9831  
    1717<input class="contentsWidget" type="hidden" name="widget[contents][<?php echo $key ?>]" value="<?php echo $contentsWidget->getId() ?>" />
    1818<?php endforeach; ?>
     19<?php echo $sortForm->renderHiddenFields(); ?>
     20<?php echo $addForm->renderHiddenFields(); ?>
    1921<input type="submit" value="<?php echo __('設定変更') ?>" />
    2022</form>
  • OpenPNE3/trunk/apps/pc_backend/modules/navi/templates/indexSuccess.php

    r9501 r9831  
    1717<tr>
    1818<td><form action="<?php echo url_for('navi/edit') ?>" method="post">
     19<?php echo $form->renderHiddenFields() ?>
    1920<?php echo $form['uri']->render() ?></td>
    2021<td><?php echo $form['ja_JP']['caption']->render() ?><?php echo $form['type']->render(array('value' => $type)) ?></td>
  • OpenPNE3/trunk/apps/pc_backend/modules/plugin/templates/listSuccess.php

    r9490 r9831  
    2222<tr>
    2323<td colspan="5">
     24<?php echo $form->renderHiddenFields() ?>
    2425<input type="submit" value="<?php echo __('設定変更') ?>" />
    2526</td>
  • OpenPNE3/trunk/apps/pc_backend/modules/profile/templates/editSuccess.php

    r9662 r9831  
    44<?php else : ?>
    55<form action="<?php echo url_for('profile/edit?id=' . $profile->getId()) ?>" method="post">
    6 <?php echo $form['id']->render() ?>
    76<?php endif; ?>
    87<table>
     
    3130<tr>
    3231<td colspan="2">
    33 <?php echo $form['sort_order']->render() ?>
     32<?php echo $form->renderHiddenFields() ?>
    3433<input type="submit" value="<?php echo __('追加する') ?>" /></td>
    3534</tr>
  • OpenPNE3/trunk/apps/pc_backend/modules/profile/templates/listSuccess.php

    r9662 r9831  
    6767<?php if ($form->getObject()->isNew()) : ?>
    6868<td colspan="2">
    69 <?php echo $form['profile_id']->render() ?>
     69<?php echo $form->renderHiddenFields() ?>
    7070<input type="submit" value="項目追加" />
    7171</td>
     
    7373<?php else : ?>
    7474<td>
    75 <?php echo $form['id']->render() ?>
    76 <?php echo $form['profile_id']->render() ?>
    77 <?php echo $form['sort_order']->render() ?>
     75<?php echo $form->renderHiddenFields() ?>
    7876<input type="submit" value="変更" />
    7977</td>
  • OpenPNE3/trunk/apps/pc_backend/modules/sns/actions/actions.class.php

    r9582 r9831  
    3838    $this->form = new InformationConfigForm(array(), array('target' => $this->target));
    3939
    40     if ($request->isMethod('post')) {
    41       $this->form->bind(array(
    42         'information' => $request->getparameter('information'),
    43         'target' => $request->getparameter('target'),
    44       ));
    45       if ($this->form->isValid()) {
     40    if ($request->isMethod('post'))
     41    {
     42      $this->form->bind($request->getParameter('information'));
     43      if ($this->form->isValid())
     44      {
    4645        $this->form->save();
    4746      }
  • OpenPNE3/trunk/apps/pc_backend/modules/sns/templates/informationConfigSuccess.php

    r9582 r9831  
    1515<form action="<?php echo url_for('sns/informationConfig') ?>" method="post">
    1616<table>
    17 <?php echo $form['target']->render() ?>
    1817<?php echo $form['information']->render() ?>
    1918<tr>
     19<?php echo $form->renderHiddenFields() ?>
    2020<td colspan="2"><input type="submit" value="設定変更する" /></td>
    2121</tr>
  • OpenPNE3/trunk/lib/form/InformationConfigForm.class.php

    r8917 r9831  
    3131
    3232    $this->setDefaults($defaults);
     33
     34    $this->getWidgetSchema()->setNameFormat('information[%s]');
    3335  }
    3436
Note: See TracChangeset for help on using the changeset viewer.