summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Roach <greg@subaqua.co.uk>2020-06-16 09:25:00 +0100
committerGreg Roach <greg@subaqua.co.uk>2020-06-16 09:26:35 +0100
commit5c073d1cfc71dbac0dbc6c3ea777ebaf3b49a628 (patch)
treea42ddac761cae76b3181dfed4a3f3ebd4fcb081c
parent430ed1cbddd3454cfaa963bec8fbbc0570fa9aea (diff)
downloadwebtrees-5c073d1cfc71dbac0dbc6c3ea777ebaf3b49a628.tar.gz
webtrees-5c073d1cfc71dbac0dbc6c3ea777ebaf3b49a628.tar.bz2
webtrees-5c073d1cfc71dbac0dbc6c3ea777ebaf3b49a628.zip
Fix: #3331 - Do not allow legacy placelist.php handler to create new places
-rw-r--r--app/Http/RequestHandlers/RedirectPlaceListPhp.php15
1 files changed, 12 insertions, 3 deletions
diff --git a/app/Http/RequestHandlers/RedirectPlaceListPhp.php b/app/Http/RequestHandlers/RedirectPlaceListPhp.php
index d2b4cdaf75..0143a74f1b 100644
--- a/app/Http/RequestHandlers/RedirectPlaceListPhp.php
+++ b/app/Http/RequestHandlers/RedirectPlaceListPhp.php
@@ -26,6 +26,7 @@ use Fisharebest\Webtrees\Place;
use Fisharebest\Webtrees\Services\TreeService;
use Fisharebest\Webtrees\Site;
use Fisharebest\Webtrees\Tree;
+use Illuminate\Database\Capsule\Manager as DB;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
@@ -63,14 +64,22 @@ class RedirectPlaceListPhp implements RequestHandlerInterface
$tree = $this->tree_service->all()->get($ged);
if ($tree instanceof Tree) {
- $place_name = implode(Gedcom::PLACE_SEPARATOR, array_reverse($parent));
- $place = new Place($place_name, $tree);
+ // Check the place exists in the database, to avoid creating new places.
+ $place_id = 0;
+
+ foreach ($parent as $place_name) {
+ $place_id = (int) DB::table('places')
+ ->where('p_file', '=', $tree->id())
+ ->where('p_place', '=', $place_name)
+ ->where('p_parent_id', '=', $place_id)
+ ->value('p_id');
+ }
$url = route('module', [
'module' => 'places_list',
'action' => 'List',
'action2' => $display,
- 'place_id' => $place->id(),
+ 'place_id' => $place_id,
'tree' => $tree->name(),
]);