From 4ce3e897278c25506c90fd28c0f8ce84e859be23 Mon Sep 17 00:00:00 2001 From: Coleman Watts Date: Fri, 2 Mar 2018 12:50:26 -0500 Subject: [PATCH] Validate JSON input in configurator --- CRM/Admin/Page/CKEditorConfig.php | 6 ++++++ js/wysiwyg/admin.ckeditor-configurator.js | 15 ++++++++++++++- templates/CRM/Admin/Page/CKEditorConfig.tpl | 4 ++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/CRM/Admin/Page/CKEditorConfig.php b/CRM/Admin/Page/CKEditorConfig.php index 8286bfe06c..3cb00094dd 100644 --- a/CRM/Admin/Page/CKEditorConfig.php +++ b/CRM/Admin/Page/CKEditorConfig.php @@ -134,6 +134,12 @@ class CRM_Admin_Page_CKEditorConfig extends CRM_Core_Page { if ($val != 'true' && $val != 'false' && $val != 'null' && $val[0] != '{' && $val[0] != '[' && !is_numeric($val)) { $val = json_encode($val, JSON_UNESCAPED_SLASHES); } + elseif ($val[0] == '{' || $val[0] == '[') { + if (!is_array(json_decode($val, TRUE))) { + // Invalid JSON. Do not save. + continue; + } + } $pos = strrpos($config, '};'); $key = preg_replace('/^config_/', 'config.', $key); $setting = "\n\t{$key} = {$val};\n"; diff --git a/js/wysiwyg/admin.ckeditor-configurator.js b/js/wysiwyg/admin.ckeditor-configurator.js index b7ff14825b..6c44806754 100644 --- a/js/wysiwyg/admin.ckeditor-configurator.js +++ b/js/wysiwyg/admin.ckeditor-configurator.js @@ -45,6 +45,7 @@ } else { $el.after('  =  '); + $el.next('span').find('input.crm-form-text[type=text]').change(validateJson); } } else { $el.closest('div').remove(); @@ -63,9 +64,21 @@ return {results: list, text: 'id'}; } + function validateJson() { + var val = $(this).val(); + $(this).parent().removeClass('crm-error'); + if (val[0] === '[' || val[0] === '{') { + try { + JSON.parse(val); + } catch (e) { + $(this).parent().addClass('crm-error'); + } + } + } + function addOption() { $('#crm-custom-config-options').append($(configRowTpl({}))); - $('div:last input.crm-config-option-name', '#crm-custom-config-options').crmSelect2({ + $('.crm-config-option-row:last input.crm-config-option-name', '#crm-custom-config-options').crmSelect2({ data: getOptionList, formatSelection: function(field) { return '' + field.id + ' (' + field.type + ')'; diff --git a/templates/CRM/Admin/Page/CKEditorConfig.tpl b/templates/CRM/Admin/Page/CKEditorConfig.tpl index 496a963c07..b92082c3bd 100644 --- a/templates/CRM/Admin/Page/CKEditorConfig.tpl +++ b/templates/CRM/Admin/Page/CKEditorConfig.tpl @@ -60,6 +60,10 @@ border-bottom: 0 none; padding: 3px 10px 1px !important; } + .crm-config-option-row span.crm-error:after { + font-family: FontAwesome; + content: " \f071 Invalid JSON" + } {/literal} {* Force the custom config file to reload by appending a new query string *}