From 991753cd83f01e4c11ef7eda1a0d4fcdbc66e667 Mon Sep 17 00:00:00 2001
From: Ciki <matula.m@gmail.com>
Date: Thu, 27 Feb 2020 11:12:04 +0100
Subject: [PATCH] fix security bug

fix bug, ze ak v DependentCallback vratim prazdne pole (alebo `null`, `empty_string`), tak pre SelectBox sa na server odosle a prejde lubovolna hodnota..
---
 src/Controls/DependentSelectBox.php | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/Controls/DependentSelectBox.php b/src/Controls/DependentSelectBox.php
index 857703f..a81b81e 100644
--- a/src/Controls/DependentSelectBox.php
+++ b/src/Controls/DependentSelectBox.php
@@ -102,16 +102,15 @@ private function tryLoadItems()
 			}
 
 
-			if (count($items) > 0) {
-				$this->loadHttpData();
+			$this->loadHttpData();
+			$this->setItems($items)
+				->setPrompt($data->getPrompt() === null ? $this->getPrompt() : $data->getPrompt());
 
-				$this->setItems($items)
-					->setPrompt($data->getPrompt() === null ? $this->getPrompt() : $data->getPrompt());
-			} else {
+			if (count($items) === 0) {
 				if ($this->disabledWhenEmpty === true && !$this->isDisabled()) {
 					$this->setDisabled();
 				}
-			}
+			}			
 		}
 	}
 }