Project

General

Profile

Actions

Feature proposal #2030

closed

New event prepareFieldDataNotSaved as else-case for trigger prepareFieldDataSave does not fire for readonly fields in frontend

Added by krileon over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
22 October 2010
Due date:
% Done:

100%

Estimated time:
1:00 h

Description

With prepareFieldDataSave not firing for read only fields it results in integrations such as CB Privacy failing. Source is shown in comprofiler.class.php as follows.

@function saveTabsContents( &$user, &$postdata, $reason ) {
global $_CB_framework, $_PLUGINS;

$fields                    =    $this->_getTabFieldsDb( null, $user, $reason, null, false );
$result = true;
foreach ( $fields as $field ) {
if ( ( ! ( ( $field->readonly > 0 ) && $_CB_framework->getUi() 1 ) ) || ( $reason 'register' ) || ( $reason == 'search' ) ) {
$_PLUGINS->callField( $field->type, 'prepareFieldDataSave', array( &$field, &$user, &$postdata, $reason ), $field );
}
}
return $result;
}@

The IF statement plainly blocks read only storage on front-end. Seams an additional check needs to be made for CB privacy OR new trigger to fire for raw preparefielddatasave for integrations to use.


Related issues 1 (0 open1 closed)

Related to CB Privacy - Bug #1998: fields set as read only will not save their privacy controlsClosedbeat23 September 2010

Actions
Actions #1

Updated by krileon over 13 years ago

Suggest removing all IF statements from the trigger and performing those checks inside of the prepareFieldDataSave function itself.

Actions #2

Updated by beat over 13 years ago

  • Status changed from Feedback to Assigned
  • % Done changed from 10 to 90
  • Estimated time set to 1:00 h

I have done a quick search on prepareFieldDataSave inside a full CB install, and found following issues when firing this event on read-only fields: it would open a security issue in following cases:

- ajax text field : saves $user
- images field: saves filtered image

It would also break all fields which do not validate (e.g. due to new filters), without possibility for the front-end user saving the field to fix the content.

Thus the request as suggested (moved original title into description) can not be implemented.

Thus I did implement what's needed for privacy field fix: a new event: prepareFieldDataNotSaved which is called when prepareFieldDataSave is not called.

It has same parameters as prepareFieldDataSave, and is simply an "} else {" statement to the code in the description.

Actions #3

Updated by beat over 13 years ago

  • Tracker changed from Bug to Feature proposal
Actions #4

Updated by beat over 13 years ago

  • Subject changed from trigger prepareFieldDataSave does not fire for readonly fields to New event prepareFieldDataNotSaved as else-case for trigger prepareFieldDataSave does not fire for readonly fields in frontend
Actions #5

Updated by beat over 13 years ago

Implemented in CB in r1276 and r1277 .

Now off to cb privacy plugin to implement the new way.

Actions #6

Updated by beat over 13 years ago

  • Assignee changed from beat to krileon

Fixed bug #1998 in CB Privacy correspondingly.

Now requires testing.

Actions #7

Updated by beat over 13 years ago

  • Status changed from Assigned to Closed
  • Assignee changed from krileon to beat
  • % Done changed from 90 to 100

As tests are conclusive, closing this bug.

Actions

Also available in: Atom PDF