projects / civicrm-core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Validate JSON input in configurator
[civicrm-core.git] / CRM / Admin / Page / CKEditorConfig.php
diff --git a/CRM/Admin/Page/CKEditorConfig.php b/CRM/Admin/Page/CKEditorConfig.php
index 8286bfe06cebbab36206ac053756285d71089e78..3cb00094dd8fa0b755b6e63b86a0e883542c23b1 100644 (file)
--- a/CRM/Admin/Page/CKEditorConfig.php
+++ b/CRM/Admin/Page/CKEditorConfig.php
@@ -134,6 +134,12 @@ class CRM_Admin_Page_CKEditorConfig extends CRM_Core_Page {
         if ($val != 'true' && $val != 'false' && $val != 'null' && $val[0] != '{' && $val[0] != '[' && !is_numeric($val)) {
           $val = json_encode($val, JSON_UNESCAPED_SLASHES);
         }
+        elseif ($val[0] == '{' || $val[0] == '[') {
+          if (!is_array(json_decode($val, TRUE))) {
+            // Invalid JSON. Do not save.
+            continue;
+          }
+        }
         $pos = strrpos($config, '};');
         $key = preg_replace('/^config_/', 'config.', $key);
         $setting = "\n\t{$key} = {$val};\n";