fix security bug

Ciki · web-flow · commit 991753cd83f0 · 2020-02-27T11:12:04.000+01:00
fix bug, ze ak v DependentCallback vratim prazdne pole (alebo `null`, `empty_string`), tak pre SelectBox sa na server odosle a prejde lubovolna hodnota..
diff --git a/src/Controls/DependentSelectBox.php b/src/Controls/DependentSelectBox.php
@@ -102,16 +102,15 @@ private function tryLoadItems()
 			}
 
 
-			if (count($items) > 0) {
-				$this->loadHttpData();
+			$this->loadHttpData();
+			$this->setItems($items)
+				->setPrompt($data->getPrompt() === null ? $this->getPrompt() : $data->getPrompt());
 
-				$this->setItems($items)
-					->setPrompt($data->getPrompt() === null ? $this->getPrompt() : $data->getPrompt());
-			} else {
+			if (count($items) === 0) {
 				if ($this->disabledWhenEmpty === true && !$this->isDisabled()) {
 					$this->setDisabled();
 				}
-			}
+			}			
 		}
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -102,16 +102,15 @@ private function tryLoadItems()`
`102`	`102`	`}`
`103`	`103`
`104`	`104`
`105`		`- if (count($items) > 0) {`
`106`		`- $this->loadHttpData();`
	`105`	`+ $this->loadHttpData();`
	`106`	`+ $this->setItems($items)`
	`107`	`+ ->setPrompt($data->getPrompt() === null ? $this->getPrompt() : $data->getPrompt());`
`107`	`108`
`108`		`- $this->setItems($items)`
`109`		`- ->setPrompt($data->getPrompt() === null ? $this->getPrompt() : $data->getPrompt());`
`110`		`- } else {`
	`109`	`+ if (count($items) === 0) {`
`111`	`110`	`if ($this->disabledWhenEmpty === true && !$this->isDisabled()) {`
`112`	`111`	`$this->setDisabled();`
`113`	`112`	`}`
`114`		`- }`
	`113`	`+ }`
`115`	`114`	`}`
`116`	`115`	`}`
`117`	`116`	`}`