sanitize namespaced classes for page icon css

This commit is contained in:
Andrew Aitken-Fincham 2017-08-24 10:39:25 +01:00
parent f15a400462
commit 46abf8ffd5
3 changed files with 7 additions and 4 deletions

View File

@ -6,6 +6,7 @@ use SilverStripe\CMS\Model\SiteTree;
use SilverStripe\Control\Controller;
use SilverStripe\Control\Session;
use SilverStripe\Control\HTTPResponse;
use SilverStripe\Core\Convert;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\Form;
use SilverStripe\Forms\FormAction;
@ -44,7 +45,7 @@ class CMSPageAddController extends CMSPageEditController
foreach ($this->PageTypes() as $type) {
$html = sprintf(
'<span class="page-icon class-%s"></span><span class="title">%s</span><span class="form__field-description">%s</span>',
$type->getField('ClassName'),
Convert::raw2htmlid($type->getField('ClassName')),
$type->getField('AddAction'),
$type->getField('Description')
);

View File

@ -2,6 +2,7 @@
namespace SilverStripe\CMS\Controllers;
use SilverStripe\Core\Convert;
use SilverStripe\View\Requirements;
use SilverStripe\Core\ClassInfo;
use SilverStripe\Control\Director;
@ -45,8 +46,8 @@ class LeftAndMainPageIconsExtension extends Extension
$iconFile .= '-file.gif';
}
$class = Convert::raw2htmlid($class);
$selector = ".page-icon.class-$class, li.class-$class > a .jstree-pageicon";
if (Director::fileExists($iconFile)) {
$css .= "$selector { background: transparent url('$iconFile') 0 0 no-repeat; }\n";
} else {

View File

@ -2621,7 +2621,8 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
}
$flags = $this->getStatusFlags();
$treeTitle = sprintf(
"<span class=\"jstree-pageicon\"></span><span class=\"item\" data-allowedchildren=\"%s\">%s</span>",
"<span class=\"jstree-pageicon page-icon class-%s\"></span><span class=\"item\" data-allowedchildren=\"%s\">%s</span>",
Convert::raw2htmlid(static::class),
Convert::raw2att(Convert::raw2json($children)),
Convert::raw2xml(str_replace(array("\n","\r"), "", $this->MenuTitle))
);
@ -2715,7 +2716,7 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
*/
public function CMSTreeClasses()
{
$classes = sprintf('class-%s', static::class);
$classes = sprintf('class-%s', Convert::raw2htmlid(static::class));
if ($this->HasBrokenFile || $this->HasBrokenLink) {
$classes .= " BrokenLink";
}