sanitize class names for cms icons

This commit is contained in:
Andrew Aitken-Fincham 2017-08-24 12:12:37 +01:00
parent a7d3d82dd7
commit b78c163362
3 changed files with 5 additions and 9 deletions

View File

@ -20,7 +20,7 @@ class CMSPageAddController extends CMSPageEditController {
$pageTypes = array(); $pageTypes = array();
foreach($this->PageTypes() as $type) { foreach($this->PageTypes() as $type) {
$html = sprintf('<span class="page-icon class-%s"></span><strong class="title">%s</strong><span class="description">%s</span>', $html = sprintf('<span class="page-icon class-%s"></span><strong class="title">%s</strong><span class="description">%s</span>',
$type->getField('ClassName'), Convert::raw2htmlid($type->getField('ClassName')),
$type->getField('AddAction'), $type->getField('AddAction'),
$type->getField('Description') $type->getField('Description')
); );

View File

@ -33,12 +33,7 @@ class LeftAndMainPageIconsExtension extends Extension {
// Legacy support: Add file extension if none exists // Legacy support: Add file extension if none exists
if(!pathinfo($iconFile, PATHINFO_EXTENSION)) $iconFile .= '-file.gif'; if(!pathinfo($iconFile, PATHINFO_EXTENSION)) $iconFile .= '-file.gif';
$iconPathInfo = pathinfo($iconFile); $class = Convert::raw2htmlid($class);
// Base filename
$baseFilename = $iconPathInfo['dirname'] . '/' . $iconPathInfo['filename'];
$fileExtension = $iconPathInfo['extension'];
$selector = ".page-icon.class-$class, li.class-$class > a .jstree-pageicon"; $selector = ".page-icon.class-$class, li.class-$class > a .jstree-pageicon";
if(Director::fileExists($iconFile)) { if(Director::fileExists($iconFile)) {

View File

@ -2830,7 +2830,8 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
} }
$flags = $this->getStatusFlags(); $flags = $this->getStatusFlags();
$treeTitle = sprintf( $treeTitle = sprintf(
"<span class=\"jstree-pageicon\"></span><span class=\"item\" data-allowedchildren=\"%s\">%s</span>", "<span class=\"jstree-pageicon page-icon class-%s\"></span><span class=\"item\" data-allowedchildren=\"%s\">%s</span>",
Convert::raw2htmlid($this->class),
Convert::raw2att(Convert::raw2json($children)), Convert::raw2att(Convert::raw2json($children)),
Convert::raw2xml(str_replace(array("\n","\r"),"",$this->MenuTitle)) Convert::raw2xml(str_replace(array("\n","\r"),"",$this->MenuTitle))
); );
@ -2883,7 +2884,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
* @return string * @return string
*/ */
public function CMSTreeClasses($numChildrenMethod="numChildren") { public function CMSTreeClasses($numChildrenMethod="numChildren") {
$classes = sprintf('class-%s', $this->class); $classes = sprintf('class-%s', Convert::raw2htmlid($this->class));
if($this->HasBrokenFile || $this->HasBrokenLink) { if($this->HasBrokenFile || $this->HasBrokenLink) {
$classes .= " BrokenLink"; $classes .= " BrokenLink";
} }