From c261102d81297bbc239e4e243afb98adae7ba6fa Mon Sep 17 00:00:00 2001 From: Ben Keen Date: Sat, 16 Nov 2019 13:18:21 -0800 Subject: [PATCH] proper fix for ye olde issue where users can hack the generated rows in demo mode --- resources/scripts/constants.php | 2 ++ resources/scripts/generator.js | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/resources/scripts/constants.php b/resources/scripts/constants.php index 8204c74fc..e8c1637ed 100644 --- a/resources/scripts/constants.php +++ b/resources/scripts/constants.php @@ -47,6 +47,8 @@ DEMO_MODE: , + MAX_DEMO_GENERATED_ROWS: , + THEME: "", /** diff --git a/resources/scripts/generator.js b/resources/scripts/generator.js index ba6075558..1f8089409 100755 --- a/resources/scripts/generator.js +++ b/resources/scripts/generator.js @@ -184,7 +184,7 @@ define([ var _onClickNumRowsField = function () { - if (!_isLoggedIn) { + if (!_isLoggedIn && C.DEMO_MODE) { _showPermissionDeniedDialog(L.cannot_change_num_rows); } }; @@ -825,7 +825,7 @@ define([ var _generateData = function (e) { // TODO pretty poor. Validation should be performed on this var prior to setting it in the private var - _numRowsToGenerate = _getNumRowsToGenerate() + _numRowsToGenerate = _getNumRowsToGenerate(); utils.clearValidationErrors($("#gdMainTab1Content")); // check the users specified a numeric value for the number of results @@ -1161,7 +1161,15 @@ define([ }; var _getNumRowsToGenerate = function () { - return $("#gdNumRowsToGenerate").val(); + var numRows = $("#gdNumRowsToGenerate").val(); + + if (C.DEMO_MODE && !_isLoggedIn) { + if (numRows > C.MAX_DEMO_GENERATED_ROWS) { + numRows = C.MAX_DEMO_GENERATED_ROWS.toString(); // yuck + } + } + + return numRows; }; var _getVisibleRowOrderByRowNum = function (rowNum) {