mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[SS-2016-010] FIX Form@httpSubmission will no longer load submitted data to disabled or readonly fields
This commit is contained in:
parent
61e4055bdb
commit
4440b88730
@ -319,8 +319,21 @@ class Form extends RequestHandler {
|
||||
$vars = $request->requestVars();
|
||||
}
|
||||
|
||||
// construct an array of allowed fields that can be populated from request data.
|
||||
// readonly or disabled fields should not be loading data from requests
|
||||
$allowedFields = array();
|
||||
$dataFields = $this->Fields()->dataFields();
|
||||
if ($dataFields) {
|
||||
/** @var FormField $field */
|
||||
foreach ($this->Fields()->dataFields() as $name => $field) {
|
||||
if (!$field->isReadonly() && !$field->isDisabled()) {
|
||||
$allowedFields[] = $name;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Populate the form
|
||||
$this->loadDataFrom($vars, true);
|
||||
$this->loadDataFrom($vars, true, $allowedFields);
|
||||
|
||||
// Protection against CSRF attacks
|
||||
$token = $this->getSecurityToken();
|
||||
|
Loading…
Reference in New Issue
Block a user