Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F803845
D486.id1245.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Wed, Feb 26, 8:59 AM
Size
1 KB
Mime Type
text/x-diff
Expires
Thu, Feb 27, 8:59 AM (7 h, 35 m)
Engine
blob
Format
Raw Data
Handle
576568
Attached To
D486: INP-1876 - Verify system settings access permissions before allowing to change them
D486.id1245.diff
View Options
Index: core/units/configuration/configuration_event_handler.php
===================================================================
--- core/units/configuration/configuration_event_handler.php
+++ core/units/configuration/configuration_event_handler.php
@@ -373,7 +373,10 @@
return;
}
- $items_info = $this->Application->GetVar($event->getPrefixSpecial(true));
+ $items_info = $this->filterBySection(
+ $this->Application->GetVar($event->getPrefixSpecial(true)),
+ $event->getSection()
+ );
// 1. save user selected module root category
$new_category_id = getArrayValue($items_info, 'ModuleRootCategory', 'VariableValue');
@@ -454,6 +457,41 @@
}
/**
+ * Filters system settings by section.
+ *
+ * @param array $items_info Items info.
+ * @param string $section Section.
+ *
+ * @return array
+ * @throws RuntimeException When given section doesn't have any settings.
+ */
+ protected function filterBySection(array $items_info, $section)
+ {
+ $id_field = $this->Application->getUnitOption($this->Prefix, 'IDField');
+ $table_name = $this->Application->getUnitOption($this->Prefix, 'TableName');
+
+ $sql = 'SELECT ' . $id_field . '
+ FROM ' . $table_name . '
+ WHERE `Section` = ' . $this->Conn->qstr($section);
+ $section_system_setting_ids = $this->Conn->GetCol($sql);
+
+ if ( !$section_system_setting_ids ) {
+ throw new RuntimeException('The "' . $section . '" section does not have any settings.');
+ }
+
+ $ret = array();
+ $section_system_setting_ids[] = 'ModuleRootCategory';
+
+ foreach ( $section_system_setting_ids as $system_setting_id ) {
+ if ( array_key_exists($system_setting_id, $items_info) ) {
+ $ret[$system_setting_id] = $items_info[$system_setting_id];
+ }
+ }
+
+ return $ret;
+ }
+
+ /**
* Process items from selector (selected_ids var, key - prefix, value - comma separated ids)
*
* @param kEvent $event
Event Timeline
Log In to Comment