From 854d1f9150367979a697c9da58ca568e033a6c4d Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Wed, 6 Dec 2017 13:37:13 +1300 Subject: [PATCH 1/3] FIX Ensure document set IDs are cast to integers --- code/cms/DMSDocumentAddController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/code/cms/DMSDocumentAddController.php b/code/cms/DMSDocumentAddController.php index dcba191..185f607 100644 --- a/code/cms/DMSDocumentAddController.php +++ b/code/cms/DMSDocumentAddController.php @@ -190,14 +190,14 @@ class DMSDocumentAddController extends LeftAndMain return Controller::join_links( $modelAdmin->Link('DMSDocumentSet'), 'EditForm/field/DMSDocumentSet/item', - $this->getRequest()->getVar('dsid'), + (int) $this->getRequest()->getVar('dsid'), 'edit' ); } return $modelAdmin->Link(); } - return $this->getPageEditLink($this->currentPageID(), $this->getRequest()->getVar('dsid')); + return $this->getPageEditLink($this->currentPageID(), (int) $this->getRequest()->getVar('dsid')); } /** @@ -212,7 +212,7 @@ class DMSDocumentAddController extends LeftAndMain return Controller::join_links( CMSPageEditController::singleton()->getEditForm($pageId)->FormAction(), 'field/Document Sets/item', - $documentSetId + (int) $documentSetId ); } From 0e84799f59ebf8d14f6b165f48ea04500fab646b Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Wed, 6 Dec 2017 13:40:46 +1300 Subject: [PATCH 2/3] FIX Ensure actions panel keys and values have possible HTML escaped --- code/model/DMSDocument.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/code/model/DMSDocument.php b/code/model/DMSDocument.php index a4ba0ca..8cd4bb5 100644 --- a/code/model/DMSDocument.php +++ b/code/model/DMSDocument.php @@ -1320,6 +1320,9 @@ class DMSDocument extends DataObject implements DMSDocumentInterface . '