Merged revisions 48164 via svnmerge from

svn://svn.silverstripe.com/silverstripe/modules/sapphire/branches/2.2.0-mesq

........
  r48164 | ischommer | 2008-01-17 17:05:49 +1300 (Thu, 17 Jan 2008) | 2 lines
  
  Deprecated use of DBField 'Text' for saving HTML-Content (added check in HTMLEditorField->saveInto())
  Added ViewableData->escapeFlagForField() to determine if the record-field needs escaping (currently only 'xml' supported)
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@48162 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2008-01-17 04:22:13 +00:00
parent f7b484658f
commit 0b5ab1fc7b
2 changed files with 24 additions and 12 deletions

View File

@ -270,6 +270,19 @@ class ViewableData extends Object implements Iterator {
}
}
/**
* Return the string-format type for the given field.
*
* @param string $fieldName
* @return string 'xml'|'raw'
*/
function escapeFlagForField($fieldName) {
$helperPair = $this->castingHelperPair($fieldName);
$castedClass = $helperPair['className'];
if(!$castedClass || $castedClass == 'HTMLText' || $castedClass == 'HTMLVarchar') return "xml";
else return "raw";
}
/**
* Return the object version of the given field/method.
* @param string $fieldName The name of the field/method.
@ -403,18 +416,8 @@ class ViewableData extends Object implements Iterator {
Profiler::mark('casting cost');
}
$helperPair = $this->castingHelperPair($fieldName);
$castedClass = $helperPair['className'];
// Note: these probably shouldn't be hard-coded. But right now it's not a problem, and I don't
// want to over-engineer
if(!$castedClass || $castedClass == 'HTMLText' || $castedClass == 'HTMLVarchar' || $castedClass == 'Text') {
// Case 2: the value is already XML-safe, just return it
} else {
// Case 3: the value is raw and must be made XML-safe
$val = Convert::raw2xml($val);
}
// Case 2: Check if the value is raw and must be made XML-safe
if($this->escapeFlagForField($fieldName) != 'xml') $val = Convert::raw2xml($val);
if(isset($_GET['debug_profile'])) {
Profiler::unmark('casting cost');

View File

@ -90,6 +90,15 @@ class HtmlEditorField extends TextareaField {
}
function saveInto($record) {
if(!$record->escapeFlagForField($this->name) != 'xml') {
user_error("HTMLEditorField should save into an HTMLText or HTMLVarchar field.
If you don't, your template won't display properly.
This changed in version 2.2.2, so please update
your database field '$this->name'",
E_USER_WARNING
);
}
$content = $this->value;
$content = preg_replace('/mce_real_src="[^"]+"/i', "", $content);