Skip to content

Commit

Permalink
check configuration keys and values before applying update
Browse files Browse the repository at this point in the history
  • Loading branch information
matthieu-rolland authored and Matthieu Rolland committed Nov 8, 2023
1 parent c593281 commit 21ad475
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 6 deletions.
5 changes: 5 additions & 0 deletions blockreassurance.php
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,11 @@ class blockreassurance extends Module implements WidgetInterface
const POSITION_BELOW_HEADER = 1;
const POSITION_ABOVE_HEADER = 2;

const PSR_HOOK_HEADER = 'PSR_HOOK_HEADER';
const PSR_HOOK_FOOTER = 'PSR_HOOK_FOOTER';
const PSR_HOOK_PRODUCT = 'PSR_HOOK_PRODUCT';
const PSR_HOOK_CHECKOUT = 'PSR_HOOK_CHECKOUT';

/** @var string */
public $name;
/** @var string */
Expand Down
39 changes: 33 additions & 6 deletions controllers/admin/AdminBlockListingController.php
Original file line number Diff line number Diff line change
Expand Up @@ -100,12 +100,7 @@ public function displayAjaxSavePositionByHook()
$value = Tools::getValue('value');
$result = false;

if (!empty($hook) && in_array($value, [
blockreassurance::POSITION_NONE,
blockreassurance::POSITION_BELOW_HEADER,
blockreassurance::POSITION_ABOVE_HEADER,
])
) {
if ($this->isAuthorizedHookConfigurationKey($hook) && $this->isAuthorizedPositionValue($value)) {
$result = Configuration::updateValue($hook, $value);
}

Expand Down Expand Up @@ -255,4 +250,36 @@ public function displayAjaxUpdatePosition()
// Response
$this->ajaxRenderJson($result ? 'success' : 'error');
}

/**
* @param string $hook
*
* @return bool
*/
private function isAuthorizedHookConfigurationKey($hook)
{
return
!empty($hook) &&
in_array($hook, [
blockreassurance::PSR_HOOK_HEADER,
blockreassurance::PSR_HOOK_FOOTER,
blockreassurance::PSR_HOOK_PRODUCT,
blockreassurance::PSR_HOOK_CHECKOUT,
], true)
;
}

/**
* @param string $value
*
* @return bool
*/
private function isAuthorizedPositionValue($value)
{
return in_array((int) $value, [
blockreassurance::POSITION_NONE,
blockreassurance::POSITION_BELOW_HEADER,
blockreassurance::POSITION_ABOVE_HEADER,
], true);
}
}

0 comments on commit 21ad475

Please sign in to comment.