Open GoogleCodeExporter opened 8 years ago
I propose this pieces of code to enhance the security on Select elements. ============ // PFBC\Element\Select (adding 3 lines) class Select extends \PFBC\OptionElement { protected $_attributes = array(); public function render() { if(isset($this->_attributes["value"])) { if(!is_array($this->_attributes["value"])) $this->_attributes["value"] = array($this->_attributes["value"]); } else $this->_attributes["value"] = array(); if(!empty($this->_attributes["multiple"]) && substr($this->_attributes["name"], -2) != "[]") $this->_attributes["name"] .= "[]"; echo '<select', $this->getAttributes(array("value", "selected")), '>'; $selected = false; $list_of_authorized_values = array(); foreach($this->options as $value => $text) { $value = $this->getOptionValue($value); $list_of_authorized_values[] = $value; echo '<option value="', $this->filter($value), '"'; if(!$selected && in_array($value, $this->_attributes["value"])) { echo ' selected="selected"'; $selected = true; } echo '>', $text, '</option>'; } echo '</select>'; $this->validation[] = new \PFBC\Validation\Select($list_of_authorized_values); } } =========== // PFBC\Validation\Select (new Validation class) namespace PFBC\Validation; class Select extends \PFBC\Validation { protected $message = "Error: %element%, the returned value does not match any proposed values."; // or a better sentence... protected $list_of_authorized_values = array(); public function __construct ($list) { $this->list_of_authorized_values = $list; } public function isValid($value) { if(in_array($value, $this->list_of_authorized_values)) return true; return false; } }
Original issue reported on code.google.com by nrenv...@finindev.com on 5 Feb 2013 at 4:51
nrenv...@finindev.com
Original issue reported on code.google.com by
nrenv...@finindev.comon 5 Feb 2013 at 4:51