Merge branch '3.1' into 3.2

This commit is contained in:
Daniel Hensby 2016-11-18 11:29:19 +00:00
commit 5df077f24d
No known key found for this signature in database
GPG Key ID: B00D1E9767F0B06E
8 changed files with 88 additions and 16 deletions

View File

@ -355,8 +355,21 @@ class Form extends RequestHandler {
$vars = $request->requestVars();
}
// construct an array of allowed fields that can be populated from request data.
// readonly or disabled fields should not be loading data from requests
$allowedFields = array();
$dataFields = $this->Fields()->dataFields();
if ($dataFields) {
/** @var FormField $field */
foreach ($this->Fields()->dataFields() as $name => $field) {
if (!$field->isReadonly() && !$field->isDisabled()) {
$allowedFields[] = $name;
}
}
}
// Populate the form
$this->loadDataFrom($vars, true);
$this->loadDataFrom($vars, true, $allowedFields);
// Protection against CSRF attacks
$token = $this->getSecurityToken();

View File

@ -164,6 +164,14 @@ class FormField extends RequestHandler {
*/
protected $attributes = array();
/**
* @config
* @var array
*/
private static $casting = array(
'Value' => 'Text',
);
/**
* Takes a field name and converts camelcase to spaced words. Also resolves combined field
* names with dot syntax to spaced words.

View File

@ -26,6 +26,14 @@ class HtmlEditorField extends TextareaField {
*/
private static $sanitise_server_side = false;
/**
* @config
* @var array
*/
private static $casting = array(
'Value' => 'HTMLText',
);
protected $rows = 30;
/**

View File

@ -53,10 +53,28 @@ class ReadonlyField extends FormField {
}
public function Value() {
if($this->value) return $this->dontEscape ? $this->value : Convert::raw2xml($this->value);
if($this->value) return $this->value;
else return '<i>(' . _t('FormField.NONE', 'none') . ')</i>';
}
/**
* This is a legacy fix to ensure that the `dontEscape` flag has an impact on readonly fields
* now that we've moved to casting template values more rigidly
*
* @param string $field
* @return string
*/
public function castingHelper($field) {
if (
(strcasecmp($field, 'Value') === 0)
&& ($this->dontEscape || empty($this->value))
) {
// Value is either empty, or unescaped
return 'HTMLText';
}
return parent::castingHelper($field);
}
public function getAttributes() {
return array_merge(
parent::getAttributes(),

View File

@ -18,6 +18,11 @@
* @subpackage fields-basic
*/
class TextareaField extends FormField {
private static $casting = array(
'Value' => 'HTMLText',
);
/**
* Visible number of text lines.
*

View File

@ -211,7 +211,7 @@ PHP
'<p>Login success. If you are not automatically redirected '.
'<a target="_top" href="{link}">click here</a></p>',
'Login message displayed in the cms popup once a user has re-authenticated themselves',
array('link' => $backURL)
array('link' => Convert::raw2att($backURL))
)
));

View File

@ -61,6 +61,33 @@ class FormTest extends FunctionalTest {
$this->assertEquals($fields->fieldByName('othernamespace[key5][key6][key7]')->Value(), 'val7');
}
public function testSubmitReadonlyFields() {
$this->get('FormTest_Controller');
// Submitting a value for a readonly field should be ignored
$response = $this->post(
'FormTest_Controller/Form',
array(
'Email' => 'invalid',
'Number' => '888',
'ReadonlyField' => '<script>alert("hacxzored")</script>'
// leaving out "Required" field
)
);
// Number field updates its value
$this->assertContains('<input type="text" name="Number" value="888"', $response->getBody());
// Readonly field remains
$this->assertContains(
'<input type="text" name="ReadonlyField" value="This value is readonly"',
$response->getBody()
);
$this->assertNotContains('hacxzored', $response->getBody());
}
public function testLoadDataFromUnchangedHandling() {
$form = new Form(
new Controller(),
@ -321,7 +348,7 @@ class FormTest extends FunctionalTest {
public function testDisableSecurityTokenAcceptsSubmissionWithoutToken() {
SecurityToken::enable();
$expectedToken = SecurityToken::inst()->getValue();
$response = $this->get('FormTest_ControllerWithSecurityToken');
// can't use submitForm() as it'll automatically insert SecurityID into the POST data
$response = $this->post(
@ -619,7 +646,7 @@ class FormTest extends FunctionalTest {
$formData = $form->getData();
$this->assertEmpty($formData['ExtraFieldCheckbox']);
}
protected function getStubForm() {
return new Form(
new FormTest_Controller(),
@ -698,7 +725,10 @@ class FormTest_Controller extends Controller implements TestOnly {
new EmailField('Email'),
new TextField('SomeRequiredField'),
new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two')),
new NumericField('Number')
new NumericField('Number'),
TextField::create('ReadonlyField')
->setReadonly(true)
->setValue('This value is readonly')
),
new FieldList(
new FormAction('doSubmit')

View File

@ -2,16 +2,6 @@
class TextareaFieldTest extends SapphireTest {
/**
* Quick smoke test to ensure that text is being encoded properly.
*/
public function testTextEncoding() {
$inputText = "These are some unicodes: äöü";
$field = new TextareaField("Test", "Test");
$field->setValue($inputText);
$this->assertContains('These are some unicodes: &auml;&ouml;&uuml;', $field->Field());
}
/**
* Quick smoke test to ensure that text with unicodes is being displayed properly in readonly fields.
*/