From 6960a08de04bedc1594dbfdef57d58505bcc13cc Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Mon, 29 Dec 2014 09:39:23 +0100 Subject: [PATCH] Revert "Escape restriction names manually in Forms\Security\RoleForm" This reverts commit 706e5504e651e63b7fee1e5a116f924452bf33d3. HTML5 does allow any non-empty value for the name attribute but Zend only permits alphanumerics, the underscore, the circumflex and any ASCII character in range \x7f to \xff (127 to 255). Thus only escaping the slash (/) is wrong. refs #8086 --- application/forms/Security/RoleForm.php | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/application/forms/Security/RoleForm.php b/application/forms/Security/RoleForm.php index 4edb33d07..0fb53e858 100644 --- a/application/forms/Security/RoleForm.php +++ b/application/forms/Security/RoleForm.php @@ -93,7 +93,7 @@ class RoleForm extends ConfigForm foreach ($this->providedRestrictions as $name => $description) { $this->addElement( 'text', - str_replace('/', '_', $name), + $name, array( 'label' => $name, 'description' => $description @@ -129,12 +129,6 @@ class RoleForm extends ConfigForm ? String::trimSplit($role['permissions']) : null; $role['name'] = $name; - foreach (array_keys($role) as $key) { - // Slashes are not allowed in a form's element name - $value = $role[$key]; - unset($role[$key]); - $role[str_replace('/', '_', $key)] = $value; - } $this->populate($role); return $this; } @@ -236,12 +230,6 @@ class RoleForm extends ConfigForm if (isset($values['permissions'])) { $values['permissions'] = implode(', ', $values['permissions']); } - foreach (array_keys($values) as $key) { - // Slashes are not allowed in a form's element name - $value = $values[$key]; - unset($values[$key]); - $values[str_replace('/', '_', $key)] = $value; - } return $values; } }