maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Merge pull request from GHSA-625g-fm5w-w7w4

Browse Source 
* fix possibility to have empty name/surname and empty company

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

* let js validation for customer add/edit form also trim() entered data to avoid empty values pass the client-side validation

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

---------

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2023-12-15 09:36:06 +01:00
committed by GitHub
parent 778fd3ba65
commit 4b1846883d
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Froxlor/Api/Commands/Customers.php
View File

@@ -1053,7 +1053,7 @@ class Customers extends ApiCommand implements ResourceEntity
$email = $this->getParam('email', true, $idna_convert->decode($result['email'])); $email = $this->getParam('email', true, $idna_convert->decode($result['email']));
$name = $this->getParam('name', true, $result['name']); $name = $this->getParam('name', true, $result['name']);
$firstname = $this->getParam('firstname', true, $result['firstname']); $firstname = $this->getParam('firstname', true, $result['firstname']);
$company_required = empty($result['company']) && ((!empty($name) && empty($firstname)) || (empty($name) && !empty($firstname)) || (empty($name) && empty($firstname))); $company_required = (!empty($name) && empty($firstname)) || (empty($name) && !empty($firstname)) || (empty($name) && empty($firstname));
$company = $this->getParam('company', !$company_required, $result['company']); $company = $this->getParam('company', !$company_required, $result['company']);
$street = $this->getParam('street', true, $result['street']); $street = $this->getParam('street', true, $result['street']);
$zipcode = $this->getParam('zipcode', true, $result['zipcode']); $zipcode = $this->getParam('zipcode', true, $result['zipcode']);

8
templates/Froxlor/assets/js/jquery/validation.js vendored
View File

@@ -8,18 +8,18 @@ export default function () {
rules: { rules: {
'name': { 'name': {
required: function () { required: function () {
return $('#company').val().length === 0 || $('#firstname').val().length > 0; return $('#company').val().trim().length === 0 || $('#firstname').val().trim().length > 0;
} }
}, },
'firstname': { 'firstname': {
required: function () { required: function () {
return $('#company').val().length === 0 || $('#name').val().length > 0; return $('#company').val().trim().length === 0 || $('#name').val().trim().length > 0;
} }
}, },
'company': { 'company': {
required: function () { required: function () {
return $('#name').val().length === 0 return $('#name').val().trim().length === 0
&& $('#firstname').val().length === 0; && $('#firstname').val().trim().length === 0;
} }
} }
}, },