Project

General

Profile

Actions
Copy link

Feature proposal #2030

closed

New event prepareFieldDataNotSaved as else-case for trigger prepareFieldDataSave does not fire for readonly fields in frontend

Added by krileon about 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
beat
Target version:
CB 1.3
Start date:
22 October 2010
Due date:
% Done:

100%

Estimated time:
1:00 h

Description

With prepareFieldDataSave not firing for read only fields it results in integrations such as CB Privacy failing. Source is shown in comprofiler.class.php as follows.

@function saveTabsContents( &$user, &$postdata, $reason ) {
global $_CB_framework, $_PLUGINS;

$fields                    =    $this->_getTabFieldsDb( null, $user, $reason, null, false );
    $result                    =    true;
    foreach ( $fields as $field ) {
        if ( ( ! ( ( $field->readonly > 0 ) && $_CB_framework->getUi()  1 ) ) || ( $reason  'register' ) || ( $reason == 'search' ) ) {
            $_PLUGINS->callField( $field->type, 'prepareFieldDataSave', array( &$field, &$user, &$postdata, $reason ), $field );
        }
    }
    return $result;
}@

The IF statement plainly blocks read only storage on front-end. Seams an additional check needs to be made for CB privacy OR new trigger to fire for raw preparefielddatasave for integrations to use.

Related issues 1 (0 open1 closed)

Related to CB Privacy - Bug #1998: fields set as read only will not save their privacy controlsClosedbeat23 September 2010

Actions
Actions
Copy link
 #1

Updated by krileon about 14 years ago

Suggest removing all IF statements from the trigger and performing those checks inside of the prepareFieldDataSave function itself.

Actions
Copy link
 #2

Updated by beat about 14 years ago

  • Status changed from Feedback to Assigned
  • % Done changed from 10 to 90
  • Estimated time set to 1:00 h

I have done a quick search on prepareFieldDataSave inside a full CB install, and found following issues when firing this event on read-only fields: it would open a security issue in following cases:

- ajax text field : saves $user
- images field: saves filtered image

It would also break all fields which do not validate (e.g. due to new filters), without possibility for the front-end user saving the field to fix the content.

Thus the request as suggested (moved original title into description) can not be implemented.

Thus I did implement what's needed for privacy field fix: a new event: prepareFieldDataNotSaved which is called when prepareFieldDataSave is not called.

It has same parameters as prepareFieldDataSave, and is simply an "} else {" statement to the code in the description.

Actions
Copy link
 #3

Updated by beat about 14 years ago

  • Tracker changed from Bug to Feature proposal
Actions
Copy link
 #4

Updated by beat about 14 years ago

  • Subject changed from trigger prepareFieldDataSave does not fire for readonly fields to New event prepareFieldDataNotSaved as else-case for trigger prepareFieldDataSave does not fire for readonly fields in frontend
Actions
Copy link
 #5

Updated by beat about 14 years ago

Implemented in CB in r1276 and r1277 .

Now off to cb privacy plugin to implement the new way.

Actions
Copy link
 #6

Updated by beat about 14 years ago

  • Assignee changed from beat to krileon

Fixed bug #1998 in CB Privacy correspondingly.

Now requires testing.

Actions
Copy link
 #7

Updated by beat about 14 years ago

  • Status changed from Assigned to Closed
  • Assignee changed from krileon to beat
  • % Done changed from 90 to 100

As tests are conclusive, closing this bug.

Actions
Copy link

Also available in: Atom PDF