[ticket/14272] Only use maxlength and size for allowed input elements

PHPBB3-14272
author: Marc Alexander <admin@m-a-styles.de> 2015-11-06 10:20:05 +0100
committer: Marc Alexander <admin@m-a-styles.de> 2015-11-06 10:20:05 +0100
commit: aca6e64669079abc385f3094d8b6c186d9b46082 (patch)
tree: c1470fdb697be918ae4247e405946afcd9fe1055 /phpBB/includes/functions_acp.php
parent: 8dbf3976fd40b295175a34a2605571b0786385db (diff)
download: forums-aca6e64669079abc385f3094d8b6c186d9b46082.tar
forums-aca6e64669079abc385f3094d8b6c186d9b46082.tar.gz
forums-aca6e64669079abc385f3094d8b6c186d9b46082.tar.bz2
forums-aca6e64669079abc385f3094d8b6c186d9b46082.tar.xz
forums-aca6e64669079abc385f3094d8b6c186d9b46082.zip
1 files changed, 15 insertions, 12 deletions
diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php
index d566336d26..bd12c3dd5c 100644
--- a/phpBB/includes/functions_acp.php
+++ b/phpBB/includes/functions_acp.php
@@ -254,6 +254,16 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 		case 'text':
 		case 'url':
 		case 'email':
+		case 'tel':
+		case 'search':
+			// maxlength and size are only valid for these types and will be
+			// ignored for other input types.
+			$size = (int) $tpl_type[1];
+			$maxlength = (int) $tpl_type[2];
+
+			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '"' . (($tpl_type[0] === 'password') ?  ' autocomplete="off"' : '') . ' />';
+		break;
+
 		case 'color':
 		case 'date':
 		case 'time':
@@ -261,39 +271,32 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 		case 'datetime-local':
 		case 'month':
 		case 'range':
-		case 'search':
-		case 'tel':
 		case 'week':
-			$size = (int) $tpl_type[1];
-			$maxlength = (int) $tpl_type[2];
-
-			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '"' . (($tpl_type[0] === 'password') ?  ' autocomplete="off"' : '') . ' />';
+			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '" name="' . $name . '" value="' . $new[$config_key] . '"' . (($tpl_type[0] === 'password') ?  ' autocomplete="off"' : '') . ' />';
 		break;
 
 		case 'number':
-			$min = $max = $maxlength = '';
+			$max = '';
 			$min = ( isset($tpl_type[1]) ) ? (int) $tpl_type[1] : false;
 			if ( isset($tpl_type[2]) )
 			{
 				$max = (int) $tpl_type[2];
-				$maxlength = strlen( (string) $max );
 			}
 
-			$tpl = '<input id="' . $key . '" type="number" maxlength="' . (( $maxlength != '' ) ? $maxlength : 255) . '"' . (( $min != '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="' . $name . '" value="' . $new[$config_key] . '" />';
+			$tpl = '<input id="' . $key . '" type="number"' . (( $min != '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="' . $name . '" value="' . $new[$config_key] . '" />';
 		break;
 
 		case 'dimension':
-			$min = $max = $maxlength = $size = '';
+			$max = '';
 
 			$min = (int) $tpl_type[1];
 
 			if ( isset($tpl_type[2]) )
 			{
 				$max = (int) $tpl_type[2];
-				$size = $maxlength = strlen( (string) $max );
 			}
 
-			$tpl = '<input id="' . $key . '" type="number"' . (( $size != '' ) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength != '') ? $maxlength : 255) . '"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_width]" value="' . $new[$config_key . '_width'] . '" /> x <input type="number"' . (( $size != '' ) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength != '') ? $maxlength : 255) . '"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_height]" value="' . $new[$config_key . '_height'] . '" />';
+			$tpl = '<input id="' . $key . '" type="number"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_width]" value="' . $new[$config_key . '_width'] . '" /> x <input type="number"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_height]" value="' . $new[$config_key . '_height'] . '" />';
 		break;
 
 		case 'textarea':
author	Marc Alexander <admin@m-a-styles.de>	2015-11-06 10:20:05 +0100
committer	Marc Alexander <admin@m-a-styles.de>	2015-11-06 10:20:05 +0100
commit	aca6e64669079abc385f3094d8b6c186d9b46082 (patch)
tree	c1470fdb697be918ae4247e405946afcd9fe1055 /phpBB/includes/functions_acp.php
parent	8dbf3976fd40b295175a34a2605571b0786385db (diff)
download	forums-aca6e64669079abc385f3094d8b6c186d9b46082.tar forums-aca6e64669079abc385f3094d8b6c186d9b46082.tar.gz forums-aca6e64669079abc385f3094d8b6c186d9b46082.tar.bz2 forums-aca6e64669079abc385f3094d8b6c186d9b46082.tar.xz forums-aca6e64669079abc385f3094d8b6c186d9b46082.zip