diff --git a/src/Core/Injector/Injector.php b/src/Core/Injector/Injector.php index 8c4c940d3..0b77d82d0 100644 --- a/src/Core/Injector/Injector.php +++ b/src/Core/Injector/Injector.php @@ -426,13 +426,13 @@ class Injector implements ContainerInterface // to ensure we get cached $spec['id'] = $id; -// We've removed this check because new functionality means that the 'class' field doesn't need to refer -// specifically to a class anymore - it could be a compound statement, ala SilverStripe's old Object::create -// functionality +// We've removed this check because new functionality means that the 'class' field doesn't need to refer +// specifically to a class anymore - it could be a compound statement, ala SilverStripe's old Object::create +// functionality // -// if (!class_exists($class)) { -// throw new Exception("Failed to load '$class' from $file"); -// } +// if (!class_exists($class)) { +// throw new Exception("Failed to load '$class' from $file"); +// } // store the specs for now - we lazy load on demand later on. $this->specs[$id] = $spec; diff --git a/src/Dev/BulkLoader.php b/src/Dev/BulkLoader.php index 989fc996d..3857fc173 100644 --- a/src/Dev/BulkLoader.php +++ b/src/Dev/BulkLoader.php @@ -136,11 +136,11 @@ abstract class BulkLoader extends ViewableData } /* - * Load the given file via {@link self::processAll()} and {@link self::processRecord()}. - * Optionally truncates (clear) the table before it imports. - * - * @return BulkLoader_Result See {@link self::processAll()} - */ + * Load the given file via {@link self::processAll()} and {@link self::processRecord()}. + * Optionally truncates (clear) the table before it imports. + * + * @return BulkLoader_Result See {@link self::processAll()} + */ public function load($filepath) { Environment::increaseTimeLimitTo(3600); diff --git a/src/Dev/DevelopmentAdmin.php b/src/Dev/DevelopmentAdmin.php index db0757df0..99741822b 100644 --- a/src/Dev/DevelopmentAdmin.php +++ b/src/Dev/DevelopmentAdmin.php @@ -140,8 +140,8 @@ class DevelopmentAdmin extends Controller /* - * Internal methods - */ + * Internal methods + */ /** * @return array of url => description @@ -175,8 +175,8 @@ class DevelopmentAdmin extends Controller /* - * Unregistered (hidden) actions - */ + * Unregistered (hidden) actions + */ /** * Build the default data, calling requireDefaultRecords on all diff --git a/src/Forms/FieldList.php b/src/Forms/FieldList.php index c683aa69b..21b9bd9d0 100644 --- a/src/Forms/FieldList.php +++ b/src/Forms/FieldList.php @@ -714,7 +714,7 @@ class FieldList extends ArrayList $fieldMap[$field->getName()] = $field; } - // Iterate through the ordered list of names, building a new array to be put into $this->items. + // Iterate through the ordered list of names, building a new array to be put into $this->items. // While we're doing this, empty out $fieldMap so that we can keep track of leftovers. // Unrecognised field names are okay; just ignore them $fields = array(); diff --git a/src/ORM/Connect/DBSchemaManager.php b/src/ORM/Connect/DBSchemaManager.php index 2eccafaa7..7bc23aa67 100644 --- a/src/ORM/Connect/DBSchemaManager.php +++ b/src/ORM/Connect/DBSchemaManager.php @@ -855,13 +855,13 @@ abstract class DBSchemaManager /* - * This is a lookup table for data types. - * For instance, Postgres uses 'INT', while MySQL uses 'UNSIGNED' - * So this is a DB-specific list of equivilents. - * - * @param string $type - * @return string - */ + * This is a lookup table for data types. + * For instance, Postgres uses 'INT', while MySQL uses 'UNSIGNED' + * So this is a DB-specific list of equivilents. + * + * @param string $type + * @return string + */ abstract public function dbDataType($type); /** @@ -1116,10 +1116,10 @@ abstract class DBSchemaManager abstract public function varchar($values); /* - * Returns data type for 'year' column - * - * @param array $values Contains a tokenised list of info about this data type - * @return string - */ + * Returns data type for 'year' column + * + * @param array $values Contains a tokenised list of info about this data type + * @return string + */ abstract public function year($values); } diff --git a/src/ORM/Connect/Database.php b/src/ORM/Connect/Database.php index ab6d56572..45d8b6c86 100644 --- a/src/ORM/Connect/Database.php +++ b/src/ORM/Connect/Database.php @@ -617,14 +617,14 @@ abstract class Database } /* - * Determines if the current database connection supports a given list of extensions - * - * @param array $extensions List of extensions to check for support of. The key of this array - * will be an extension name, and the value the configuration for that extension. This - * could be one of partitions, tablespaces, or clustering - * @return boolean Flag indicating support for all of the above - * @todo Write test cases - */ + * Determines if the current database connection supports a given list of extensions + * + * @param array $extensions List of extensions to check for support of. The key of this array + * will be an extension name, and the value the configuration for that extension. This + * could be one of partitions, tablespaces, or clustering + * @return boolean Flag indicating support for all of the above + * @todo Write test cases + */ public function supportsExtensions($extensions) { return false; diff --git a/src/ORM/Connect/MySQLSchemaManager.php b/src/ORM/Connect/MySQLSchemaManager.php index 30e827337..81f661ae2 100644 --- a/src/ORM/Connect/MySQLSchemaManager.php +++ b/src/ORM/Connect/MySQLSchemaManager.php @@ -614,11 +614,11 @@ class MySQLSchemaManager extends DBSchemaManager } /* - * Return the MySQL-proprietary 'Year' datatype - * - * @param array $values Contains a tokenised list of info about this data type - * @return string - */ + * Return the MySQL-proprietary 'Year' datatype + * + * @param array $values Contains a tokenised list of info about this data type + * @return string + */ public function year($values) { return 'year(4)'; diff --git a/src/ORM/DataObject.php b/src/ORM/DataObject.php index 2a2cb4092..9b6589fbe 100644 --- a/src/ORM/DataObject.php +++ b/src/ORM/DataObject.php @@ -3413,8 +3413,8 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity } /* - * @ignore - */ + * @ignore + */ private static $subclass_access = true; /** diff --git a/src/Security/Security.php b/src/Security/Security.php index 7cb1ced5c..9d4679434 100644 --- a/src/Security/Security.php +++ b/src/Security/Security.php @@ -317,6 +317,15 @@ class Security extends Controller implements TemplateGlobalProvider public static function permissionFailure($controller = null, $messageSet = null) { self::set_ignore_disallowed_actions(true); + $shouldEscapeHtml = function ($message) { + if ($message instanceof DBField) { + $escapeHtml = $message->config()->escape_type === 'raw'; + } else { + $escapeHtml = true; + } + + return $escapeHtml; + }; if (!$controller && Controller::has_curr()) { $controller = Controller::curr(); @@ -380,7 +389,7 @@ class Security extends Controller implements TemplateGlobalProvider $message = $messageSet['default']; } - static::singleton()->setSessionMessage($message, ValidationResult::TYPE_WARNING); + static::singleton()->setSessionMessage($message, ValidationResult::TYPE_WARNING, $shouldEscapeHtml($message) ? ValidationResult::CAST_TEXT : ValidationResult::CAST_HTML); $request = new HTTPRequest('GET', '/'); if ($controller) { $request->setSession($controller->getRequest()->getSession()); @@ -399,7 +408,13 @@ class Security extends Controller implements TemplateGlobalProvider $message = $messageSet['default']; } - static::singleton()->setSessionMessage($message, ValidationResult::TYPE_WARNING); + static::singleton()->setSessionMessage( + $message, + ValidationResult::TYPE_WARNING, + $shouldEscapeHtml($message) ? + ValidationResult::CAST_TEXT : + ValidationResult::CAST_HTML + ); $controller->getRequest()->getSession()->set("BackURL", $_SERVER['REQUEST_URI']); diff --git a/tests/behat/src/CmsFormsContext.php b/tests/behat/src/CmsFormsContext.php index 3391be6b5..c345cb891 100644 --- a/tests/behat/src/CmsFormsContext.php +++ b/tests/behat/src/CmsFormsContext.php @@ -241,11 +241,11 @@ JS; } /* - * @example Given the CMS settings has the following data - * | Title | My site title | - * | Theme | My site theme | - * @Given /^the CMS settings have the following data$/ - */ + * @example Given the CMS settings has the following data + * | Title | My site title | + * | Theme | My site theme | + * @Given /^the CMS settings have the following data$/ + */ public function theCmsSettingsHasData(TableNode $fieldsTable) { $fields = $fieldsTable->getRowsHash(); diff --git a/tests/php/Control/ControllerTest.php b/tests/php/Control/ControllerTest.php index daead0a31..c9228911c 100644 --- a/tests/php/Control/ControllerTest.php +++ b/tests/php/Control/ControllerTest.php @@ -390,8 +390,8 @@ class ControllerTest extends FunctionalTest 'Numeric actions do not slip through.' ); //$this->assertFalse( - // $controller->hasAction('lowercase_permission'), - // 'Lowercase permission does not slip through.' + // $controller->hasAction('lowercase_permission'), + // 'Lowercase permission does not slip through.' //); $this->assertFalse( $controller->hasAction('undefined'), diff --git a/tests/php/Dev/CsvBulkLoaderTest.php b/tests/php/Dev/CsvBulkLoaderTest.php index e6cd461c1..beb0f54e7 100644 --- a/tests/php/Dev/CsvBulkLoaderTest.php +++ b/tests/php/Dev/CsvBulkLoaderTest.php @@ -230,7 +230,7 @@ class CsvBulkLoaderTest extends SapphireTest // null values are valid imported // $this->assertEquals($player->Biography, 'He\'s a good guy', - // 'Test retaining of previous information on duplicate when overwriting with blank field'); + // 'Test retaining of previous information on duplicate when overwriting with blank field'); } public function testLoadWithCustomImportMethods() diff --git a/tests/php/Forms/ListboxFieldTest.php b/tests/php/Forms/ListboxFieldTest.php index 66bccc81f..a674999a0 100644 --- a/tests/php/Forms/ListboxFieldTest.php +++ b/tests/php/Forms/ListboxFieldTest.php @@ -226,11 +226,11 @@ class ListboxFieldTest extends SapphireTest * @todo re-enable these tests when field validation is removed from {@link ListboxField::setValue()} and moved * to the {@link ListboxField::validate()} function */ - // $field->setValue(4); - // $this->assertFalse( - // $field->validate($validator), - // 'Field does not validate values outside of source map' - // ); + // $field->setValue(4); + // $this->assertFalse( + // $field->validate($validator), + // 'Field does not validate values outside of source map' + // ); $field->setValue( false, new ArrayData( diff --git a/tests/php/View/SSViewerTest.php b/tests/php/View/SSViewerTest.php index 2260df02d..2f3351002 100644 --- a/tests/php/View/SSViewerTest.php +++ b/tests/php/View/SSViewerTest.php @@ -1775,8 +1775,8 @@ EOC; $this->assertContains($code, $result); // TODO Fix inline links in PHP mode // $this->assertContains( - // '',