dinislage/PrestaShop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[-] MO sendtoafriend: The method used to check all required input fields could lead to errors

Browse Source
This commit is contained in:
Fabio Chelly
2013-09-27 11:27:58 +02:00
parent 6449ecfb32
commit 9d94337c9b
2 changed files with 9 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
modules/sendtoafriend/sendtoafriend-extra.tpl
View File

@@ -31,23 +31,17 @@ $('document').ready(function(){
});
$('#sendEmail').click(function(){
var datas = [];
$('#send_friend_form_content').find(':input').each(function(index){
var o = {};
o.key = $(this).attr('name');
o.value = $(this).val();
if (o.value != '')
datas.push(o);
});
if (datas.length >= 3)
var name = $('#friend_name').val();
var email = $('#friend_email').val();
var id_product = $('#id_product_comment_send').val();
if (name && email && !isNaN(id_product))
{
$.ajax({
{/literal}url: "{$module_dir}sendtoafriend_ajax.php",{literal}
type: "POST",
headers: {"cache-control": "no-cache"},
data: {action: 'sendToMyFriend', secure_key: '{/literal}{$stf_secure_key}{literal}', friend: unescape(JSON.stringify(datas).replace(/\\u/g, '%u'))},{/literal}{literal}
data: {action: 'sendToMyFriend', secure_key: '{/literal}{$stf_secure_key}{literal}', name: name, email: email, id_product: id_product},{/literal}{literal}
dataType: "json",
success: function(result) {
$.fancybox.close();

16
modules/sendtoafriend/sendtoafriend_ajax.php
View File

@@ -33,19 +33,9 @@ $module = new SendToAFriend();
if (Tools::getValue('action') == 'sendToMyFriend' && Tools::getValue('secure_key') == $module->secure_key)
{
$friend_infos = Tools::jsonDecode(Tools::getValue('friend'));
$friendName = "";
$friendMail = "";
$id_product = null;
foreach ($friend_infos as $entry)
{
if ($entry->key == "friend_name")
$friendName = $entry->value;
else if ($entry->key == "friend_email")
$friendMail = $entry->value;
else if ($entry->key == "id_product")
$id_product = $entry->value;
}
$friendName = Tools::getValue('name');
$friendMail = Tools::getValue('email');
$id_product = Tools::getValue('id_product');
if (!$friendName || !$friendMail || !$id_product)
die('0');