- making form actions on edit forms safer

- re-adding removed methods
2024-10-22 06:05:56 +00:00 · 2017-04-12 11:42:21 +12:00 · 2017-04-12 11:42:21 +12:00 · bb3c09c359
commit bb3c09c359
parent 41eddfcc8e
2 changed files with 94 additions and 2 deletions
--- a/code/controllers/CMSMain.php
+++ b/code/controllers/CMSMain.php
@ -725,7 +725,11 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
 			}

 			// update form action to include $pageID
-			$form->setFormAction(Controller::join_links($form->FormAction(), $id));
+			$form->setFormAction(Controller::join_links(
+				$this->Link(),
+				$form->getName(),
+				$id
+			));

 			$this->extend('updateEditForm', $form);
 			return $form;
--- a/code/controllers/CMSPageHistoryController.php
+++ b/code/controllers/CMSPageHistoryController.php
@ -241,7 +241,12 @@ class CMSPageHistoryController extends CMSMain {

 		$form->removeExtraClass('cms-content');

-		$form->setFormAction(Controller::join_links($form->FormAction(), $id, $versionID));
+		$form->setFormAction(Controller::join_links(
+			$this->Link(),
+			$form->getName(),
+			$id,
+			$versionID
+		));

 		return $form;
 	}
@ -327,6 +332,89 @@ class CMSPageHistoryController extends CMSMain {
 		return $form;
 	}

+	/**
+	 * Process the {@link VersionsForm} compare function between two pages.
+	 *
+	 * @param array
+	 * @param Form
+	 *
+	 * @return html
+	 */
+	public function doCompare($data, $form) {
+		$versions = $data['Versions'];
+		if(count($versions) < 2) return null;
+
+		$id = $this->currentPageID();
+		$version1 = array_shift($versions);
+		$version2 = array_shift($versions);
+
+		$form = $this->CompareVersionsForm($version1, $version2);
+
+		// javascript solution, render into template
+		if($this->getRequest()->isAjax()) {
+			return $this->customise(array(
+				"EditForm" => $form
+			))->renderWith(array(
+				$this->class . '_EditForm',
+				'LeftAndMain_Content'
+			));
+		}
+
+		// non javascript, redirect the user to the page
+		$this->redirect(Controller::join_links(
+			$this->Link('compare'),
+			$version1,
+			$version2
+		));
+	}
+
+	/**
+	 * Process the {@link VersionsForm} show version function. Only requires
+	 * one page to be selected.
+	 *
+	 * @param array
+	 * @param Form
+	 *
+	 * @return html
+	 */
+	public function doShowVersion($data, $form) {
+		$versionID = null;
+
+		if(isset($data['Versions']) && is_array($data['Versions'])) {
+			$versionID  = array_shift($data['Versions']);
+		}
+
+		if(!$versionID) return;
+
+		if($request->isAjax()) {
+			return $this->customise(array(
+				"EditForm" => $this->ShowVersionForm($versionID)
+			))->renderWith(array(
+				$this->class . '_EditForm',
+				'LeftAndMain_Content'
+			));
+		}
+
+		// non javascript, redirect the user to the page
+		$this->redirect(Controller::join_links(
+			$this->Link('version'),
+			$versionID
+		));
+	}
+
+	/**
+	 * @param int|null $versionID
+	 * @return Form
+	 */
+	public function ShowVersionForm($versionID = null) {
+		if(!$versionID) return null;
+
+		$id = $this->currentPageID();
+		$form = $this->getEditForm($id, null, $versionID);
+
+		return $form;
+	}
+
 	/**
 	 * @param int $versionID
 	 * @param int $otherVersionID