tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

SECURITY Escape links for SilverStripeNavigatorItem

Browse Source
This commit is contained in:
Ingo Schommer 2012-01-31 15:51:23 +01:00
parent 5fe7091dff
commit 252e187015
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/control/SilverStripeNavigatorItem.php
View File

@ -67,7 +67,7 @@ class SilverStripeNavigatorItem_CMSLink extends SilverStripeNavigatorItem {
if(is_a(Controller::curr(), 'CMSMain')) { if(is_a(Controller::curr(), 'CMSMain')) {
return '<a class="current">CMS</a>'; return '<a class="current">CMS</a>';
} else { } else {
$cmsLink = 'admin/show/' . $page->ID; $cmsLink = Convert::raw2att('admin/show/' . $page->ID);
$cmsLink = "<a href=\"$cmsLink\" class=\"newWindow\" target=\"cms\">". _t('ContentController.CMS', 'CMS') ."</a>"; $cmsLink = "<a href=\"$cmsLink\" class=\"newWindow\" target=\"cms\">". _t('ContentController.CMS', 'CMS') ."</a>";
return $cmsLink; return $cmsLink;
@ -96,7 +96,7 @@ class SilverStripeNavigatorItem_StageLink extends SilverStripeNavigatorItem {
} else { } else {
$draftPage = Versioned::get_one_by_stage('SiteTree', 'Stage', '"SiteTree"."ID" = ' . $page->ID); $draftPage = Versioned::get_one_by_stage('SiteTree', 'Stage', '"SiteTree"."ID" = ' . $page->ID);
if($draftPage) { if($draftPage) {
$pageLink = Controller::join_links($draftPage->AbsoluteLink(), "?stage=Stage"); $pageLink = Convert::raw2att(Controller::join_links($draftPage->AbsoluteLink(), "?stage=Stage"));
return "<a href=\"$pageLink\" class=\"newWindow\" target=\"site\" style=\"left : -1px;\">". _t('ContentController.DRAFTSITE', 'Draft Site') ."</a>"; return "<a href=\"$pageLink\" class=\"newWindow\" target=\"site\" style=\"left : -1px;\">". _t('ContentController.DRAFTSITE', 'Draft Site') ."</a>";
} }
} }
@ -128,7 +128,7 @@ class SilverStripeNavigatorItem_LiveLink extends SilverStripeNavigatorItem {
} else { } else {
$livePage = Versioned::get_one_by_stage('SiteTree', 'Live', '"SiteTree"."ID" = ' . $page->ID); $livePage = Versioned::get_one_by_stage('SiteTree', 'Live', '"SiteTree"."ID" = ' . $page->ID);
if($livePage) { if($livePage) {
$pageLink = Controller::join_links($livePage->AbsoluteLink(), "?stage=Live"); $pageLink = Convert::raw2att(Controller::join_links($livePage->AbsoluteLink(), "?stage=Live"));
return "<a href=\"$pageLink\" class=\"newWindow\" target=\"site\" style=\"left : -3px;\">". _t('ContentController.PUBLISHEDSITE', 'Published Site') ."</a>"; return "<a href=\"$pageLink\" class=\"newWindow\" target=\"site\" style=\"left : -3px;\">". _t('ContentController.PUBLISHEDSITE', 'Published Site') ."</a>";
} }
} }
@ -165,7 +165,7 @@ class SilverStripeNavigatorItem_ArchiveLink extends SilverStripeNavigatorItem {
(!$currentDraft || ($currentDraft && $page->Version != $currentDraft->Version)) (!$currentDraft || ($currentDraft && $page->Version != $currentDraft->Version))
&& (!$currentLive || ($currentLive && $page->Version != $currentLive->Version)) && (!$currentLive || ($currentLive && $page->Version != $currentLive->Version))
) { ) {
$pageLink = $page->AbsoluteLink(); $pageLink = Convert::raw2att($page->AbsoluteLink());
return "<a href=\"$pageLink?archiveDate={$page->LastEdited}\" class=\"newWindow\" target=\"site\" style=\"left : -3px;\">". _t('ContentController.ARCHIVEDSITE', 'Archived Site') ."</a>"; return "<a href=\"$pageLink?archiveDate={$page->LastEdited}\" class=\"newWindow\" target=\"site\" style=\"left : -3px;\">". _t('ContentController.ARCHIVEDSITE', 'Archived Site') ."</a>";
} }
} }