proper fix for ye olde issue where users can hack the generated rows …

…in demo mode
benkeen · Nov 16, 2019 · c261102 · c261102
1 parent 263867c
commit c261102
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/resources/scripts/constants.php b/resources/scripts/constants.php
@@ -47,6 +47,8 @@
 
 		DEMO_MODE: <?php echo Core::checkDemoMode() ? "true" : "false"; ?>,
 
+        MAX_DEMO_GENERATED_ROWS: <?php echo Core::getMaxDemoModeRows(); ?>,
+
 		THEME: "<?php Settings::safeDisplaySetting("theme") ?>",
 
 		/**

diff --git a/resources/scripts/generator.js b/resources/scripts/generator.js
@@ -184,7 +184,7 @@ define([
 
 
 	var _onClickNumRowsField = function () {
-		if (!_isLoggedIn) {
+		if (!_isLoggedIn && C.DEMO_MODE) {
 			_showPermissionDeniedDialog(L.cannot_change_num_rows);
 		}
 	};
@@ -825,7 +825,7 @@ define([
 	var _generateData = function (e) {
 
 		// TODO pretty poor. Validation should be performed on this var prior to setting it in the private var
-		_numRowsToGenerate = _getNumRowsToGenerate()
+		_numRowsToGenerate = _getNumRowsToGenerate();
 		utils.clearValidationErrors($("#gdMainTab1Content"));
 
 		// check the users specified a numeric value for the number of results
@@ -1161,7 +1161,15 @@ define([
 	};
 
 	var _getNumRowsToGenerate = function () {
-		return $("#gdNumRowsToGenerate").val();
+		var numRows = $("#gdNumRowsToGenerate").val();
+
+		if (C.DEMO_MODE && !_isLoggedIn) {
+			if (numRows > C.MAX_DEMO_GENERATED_ROWS) {
+				numRows = C.MAX_DEMO_GENERATED_ROWS.toString(); // yuck
+			}
+		}
+
+		return numRows;
 	};
 
 	var _getVisibleRowOrderByRowNum = function (rowNum) {