From 28fcf93d353b571c2a2db3e3bfc590300efcb717 Mon Sep 17 00:00:00 2001 From: "matthieu.rolland" Date: Tue, 2 May 2023 11:31:49 +0200 Subject: [PATCH] check configuration keys and values before applying update --- blockreassurance.php | 5 +++ .../admin/AdminBlockListingController.php | 39 ++++++++++++++++--- 2 files changed, 38 insertions(+), 6 deletions(-) diff --git a/blockreassurance.php b/blockreassurance.php index c8633771..a329ebb7 100644 --- a/blockreassurance.php +++ b/blockreassurance.php @@ -41,6 +41,11 @@ class blockreassurance extends Module implements WidgetInterface const POSITION_BELOW_HEADER = 1; const POSITION_ABOVE_HEADER = 2; + const PSR_HOOK_HEADER = 'PSR_HOOK_HEADER'; + const PSR_HOOK_FOOTER = 'PSR_HOOK_FOOTER'; + const PSR_HOOK_PRODUCT = 'PSR_HOOK_PRODUCT'; + const PSR_HOOK_CHECKOUT = 'PSR_HOOK_CHECKOUT'; + /** @var string */ public $name; /** @var string */ diff --git a/controllers/admin/AdminBlockListingController.php b/controllers/admin/AdminBlockListingController.php index 572eb0d2..fd3899d0 100644 --- a/controllers/admin/AdminBlockListingController.php +++ b/controllers/admin/AdminBlockListingController.php @@ -100,12 +100,7 @@ public function displayAjaxSavePositionByHook() $value = Tools::getValue('value'); $result = false; - if (!empty($hook) && in_array($value, [ - blockreassurance::POSITION_NONE, - blockreassurance::POSITION_BELOW_HEADER, - blockreassurance::POSITION_ABOVE_HEADER, - ]) - ) { + if ($this->isAuthorizedHookConfigurationKey($hook) && $this->isAuthorizedPositionValue($value)) { $result = Configuration::updateValue($hook, $value); } @@ -255,4 +250,36 @@ public function displayAjaxUpdatePosition() // Response $this->ajaxRenderJson($result ? 'success' : 'error'); } + + /** + * @param $hook + * + * @return bool + */ + private function isAuthorizedHookConfigurationKey($hook) + { + return + !empty($hook) && + in_array($hook, [ + blockreassurance::PSR_HOOK_HEADER, + blockreassurance::PSR_HOOK_FOOTER, + blockreassurance::PSR_HOOK_PRODUCT, + blockreassurance::PSR_HOOK_CHECKOUT, + ], true) + ; + } + + /** + * @param $value + * + * @return bool + */ + private function isAuthorizedPositionValue($value) + { + return in_array((int) $value, [ + blockreassurance::POSITION_NONE, + blockreassurance::POSITION_BELOW_HEADER, + blockreassurance::POSITION_ABOVE_HEADER, + ], true); + } }