Commits

Insolita Donna committed f5509ea

Range of values save in cache with unique queueid now - more security

  • Participants
  • Parent commits 966876a

Comments (0)

Files changed (2)

File JToggleColumn.php

      */
     public $queueTitles=array();
 
+    public $queueType='toggle';//May by toggle or select
+
+    public $queueid;//!!!!!Important - unique id for caching range -> must be different for different attributes
+
     /**
      * @var array the HTML options for the data cell tags.
      */
         {
             if  (empty($this->queue))
             throw new CException(Yii::t('toggle_column', 'Please set correct queue array!!!'));
+            if  (empty($this->queueid))
+                throw new CException(Yii::t('toggle_column', 'Please set  queueid - it`s important setting !!!'));
             if  (empty($this->queueTitles))
                 throw new CException(Yii::t('toggle_column', 'Please set correct queueTitles array!!!'));
              $archeq=array_diff_key($this->queue,$this->queueTitles);
         if($this->action=='qtoggle'){
             $range=array_keys($this->queue);
             $range=implode(',',$range);
+            Yii::app()->cache->set($this->queueid,$range);
             $this->toggle_button = array(
-                'url' => 'Yii::app()->controller->createUrl("' . $this->action . '",array("id"=>$data->primaryKey,"attribute"=>"' . $this->name . '","range"=>"'.$range.'"))',
+                'url' => 'Yii::app()->controller->createUrl("' . $this->action . '",array("id"=>$data->primaryKey,"attribute"=>"' . $this->name . '","que"=>"'.$this->queueid.'"))',
                 'options' => array('class' => $this->name . '_toggle'),
             );
         }else{

File QtoggleAction.php

  */
 class QtoggleAction extends CAction {
 	 
-    public function run($id,$attribute,$range) {
+    public function run($id,$attribute,$que) {
 		
         if(Yii::app()->request->isPostRequest)
         {
             // we only allow deletion via POST request
             $model = $this->controller->loadModel($id);
+            $range=Yii::app()->cache->get($que);
+            if(empty($range)){
+                throw new CHttpException(400,'Invalid queuetoggle identificator!!! Check JtoggleColumn settings queueid.');
+            }
             $range=explode(',',$range);
             $curr=array_search($model->$attribute,$range);
             $next=(isset($range[$curr+1]))?$range[$curr+1]:$range[0];