Merge pull request #20 from humhub-contrib/fix/141-add-profile-attrib…

…utes-to-whitelist Add profile attributes to whitelist
humhub-contrib · Jan 30, 2024 · 3ea6cac · 3ea6cac
2 parents 3e82adc + a900c85
commit 3ea6cac
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -1,6 +1,10 @@
 Changelog
 =========
 
+1.1.5 (Unreleased)
+------------------------
+- Enh: Add profile attributes to whitelist
+
 1.1.4 (January 22, 2024)
 ------------------------
 - Enh: use color variables

diff --git a/module.json b/module.json
@@ -3,7 +3,7 @@
   "name": "Virtual Card Popover",
   "description": "Shows a virtual business card displaying brief information about the user when hovering over a user's profile picture or name",
   "keywords": ["business card, popover, hover, profile information"],
-  "version": "1.1.4",
+  "version": "1.1.5",
   "humhub": {
     "minVersion": "1.14"
   },

diff --git a/widgets/VCardUser.php b/widgets/VCardUser.php
@@ -10,6 +10,7 @@
 use humhub\components\Widget;
 use humhub\modules\popovervcard\Module;
 use humhub\modules\user\models\Profile;
+use humhub\modules\user\models\ProfileField;
 use Twig\Environment;
 use Twig\Error\LoaderError;
 use Twig\Error\RuntimeError;
@@ -34,7 +35,11 @@ public function run()
         $module = Yii::$app->getModule('popover-vcard');
 
         $twig = new Environment(new ArrayLoader());
-        $twig->addExtension(new SandboxExtension(new SecurityPolicy(['if', 'for'], ['escape', 'e'], [Profile::class => 'about']), true));
+        $twig->addExtension(new SandboxExtension(new SecurityPolicy(
+            ['if', 'for'],
+            ['escape', 'e'],
+            [Profile::class => ProfileField::find()->select('internal_name')->column()]
+        ), true));
 
         $templateParams = ['user' => $this->user, 'profile' => $this->user->profile];
 
@@ -51,4 +56,4 @@ public function run()
         ]);
     }
 
-}
+}