mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-30 05:09:06 +02:00
Merge pull request #7699 from open-sausages/pulls/4/html-in-security-msg
ENHANCEMENT Allow html in security failure message
This commit is contained in:
commit
529e341dbc
@ -317,6 +317,15 @@ class Security extends Controller implements TemplateGlobalProvider
|
|||||||
public static function permissionFailure($controller = null, $messageSet = null)
|
public static function permissionFailure($controller = null, $messageSet = null)
|
||||||
{
|
{
|
||||||
self::set_ignore_disallowed_actions(true);
|
self::set_ignore_disallowed_actions(true);
|
||||||
|
$shouldEscapeHtml = function ($message) {
|
||||||
|
if ($message instanceof DBField) {
|
||||||
|
$escapeHtml = $message->config()->escape_type === 'raw';
|
||||||
|
} else {
|
||||||
|
$escapeHtml = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $escapeHtml;
|
||||||
|
};
|
||||||
|
|
||||||
if (!$controller && Controller::has_curr()) {
|
if (!$controller && Controller::has_curr()) {
|
||||||
$controller = Controller::curr();
|
$controller = Controller::curr();
|
||||||
@ -380,7 +389,7 @@ class Security extends Controller implements TemplateGlobalProvider
|
|||||||
$message = $messageSet['default'];
|
$message = $messageSet['default'];
|
||||||
}
|
}
|
||||||
|
|
||||||
static::singleton()->setSessionMessage($message, ValidationResult::TYPE_WARNING);
|
static::singleton()->setSessionMessage($message, ValidationResult::TYPE_WARNING, $shouldEscapeHtml($message) ? ValidationResult::CAST_TEXT : ValidationResult::CAST_HTML);
|
||||||
$request = new HTTPRequest('GET', '/');
|
$request = new HTTPRequest('GET', '/');
|
||||||
if ($controller) {
|
if ($controller) {
|
||||||
$request->setSession($controller->getRequest()->getSession());
|
$request->setSession($controller->getRequest()->getSession());
|
||||||
@ -399,7 +408,13 @@ class Security extends Controller implements TemplateGlobalProvider
|
|||||||
$message = $messageSet['default'];
|
$message = $messageSet['default'];
|
||||||
}
|
}
|
||||||
|
|
||||||
static::singleton()->setSessionMessage($message, ValidationResult::TYPE_WARNING);
|
static::singleton()->setSessionMessage(
|
||||||
|
$message,
|
||||||
|
ValidationResult::TYPE_WARNING,
|
||||||
|
$shouldEscapeHtml($message) ?
|
||||||
|
ValidationResult::CAST_TEXT :
|
||||||
|
ValidationResult::CAST_HTML
|
||||||
|
);
|
||||||
|
|
||||||
$controller->getRequest()->getSession()->set("BackURL", $_SERVER['REQUEST_URI']);
|
$controller->getRequest()->getSession()->set("BackURL", $_SERVER['REQUEST_URI']);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user