mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-06-28 15:39:42 +02:00
Make sure only fields that exist can be autocompleted on MemberTableFields, and never autocomplete on password.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.3@66544 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Andrew O'Neil
Sam Minnee
parent
4bba3151df
commit
cc982ec915
|
|
@ -81,8 +81,11 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||
$fieldName = $this->urlParams['ID'];
|
||||
$fieldVal = $_REQUEST[$fieldName];
|
||||
$result = '';
|
||||
|
||||
// Make sure we only autocomplete on keys that actually exist, and that we don't autocomplete on password
|
||||
if(!array_key_exists($fieldName, singleton($this->stat('subitem_class'))->stat('db')) && $fieldName != 'Password') return;
|
||||
|
||||
$matches = DataObject::get($this->stat('subitem_class'),"$fieldName LIKE '" . addslashes($fieldVal) . "%'");
|
||||
$matches = DataObject::get($this->stat('subitem_class'),"$fieldName LIKE '" . Convert::raw2sql($fieldVal) . "%'");
|
||||
if($matches) {
|
||||
$result .= "<ul>";
|
||||
foreach($matches as $match) {
|
||||
|
|
@ -90,7 +93,6 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||
$data = $match->FirstName;
|
||||
$data .= ",$match->Surname";
|
||||
$data .= ",$match->Email";
|
||||
$data .= ",$match->Password";
|
||||
$result .= "<li>" . $match->$fieldName . "<span class=\"informal\">($match->FirstName $match->Surname, $match->Email)</span><span class=\"informal data\">$data</span></li>";
|
||||
}
|
||||
$result .= "</ul>";
|
||||
|
|
@ -227,4 +229,4 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||
}
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user