mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-10-22 08:05:56 +02:00
Clearer escaping in CMSMain
No direct security issue, but makes intent clearer
This commit is contained in:
parent
ec9c15917d
commit
f477983bff
@ -783,13 +783,21 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
|
||||
if($num) {
|
||||
return sprintf(
|
||||
'<a class="cms-panel-link list-children-link" data-pjax-target="ListViewForm,Breadcrumbs" href="%s">%s</a>',
|
||||
Controller::join_links($controller->Link(), "?ParentID={$item->ID}&view=list"),
|
||||
Controller::join_links(
|
||||
$controller->Link(),
|
||||
sprintf("?ParentID=%d&view=list", (int)$item->ID)
|
||||
),
|
||||
$num
|
||||
);
|
||||
}
|
||||
},
|
||||
'getTreeTitle' => function($value, &$item) use($controller) {
|
||||
return '<a class="action-detail" href="' . singleton('CMSPageEditController')->Link('show') . '/' . $item->ID . '">' . $item->TreeTitle . '</a>';
|
||||
return sprintf(
|
||||
'<a class="action-detail" href="%s/%d">%s</a>',
|
||||
singleton('CMSPageEditController')->Link('show'),
|
||||
(int)$item->ID,
|
||||
$item->TreeTitle // returns HTML, does its own escaping
|
||||
);
|
||||
}
|
||||
));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user