mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
Merge branch '3.3' into 3.4
This commit is contained in:
commit
69974d940a
@ -355,8 +355,21 @@ class Form extends RequestHandler {
|
||||
$vars = $request->requestVars();
|
||||
}
|
||||
|
||||
// construct an array of allowed fields that can be populated from request data.
|
||||
// readonly or disabled fields should not be loading data from requests
|
||||
$allowedFields = array();
|
||||
$dataFields = $this->Fields()->dataFields();
|
||||
if ($dataFields) {
|
||||
/** @var FormField $field */
|
||||
foreach ($this->Fields()->dataFields() as $name => $field) {
|
||||
if (!$field->isReadonly() && !$field->isDisabled()) {
|
||||
$allowedFields[] = $name;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Populate the form
|
||||
$this->loadDataFrom($vars, true);
|
||||
$this->loadDataFrom($vars, true, $allowedFields);
|
||||
|
||||
// Protection against CSRF attacks
|
||||
$token = $this->getSecurityToken();
|
||||
|
@ -164,6 +164,14 @@ class FormField extends RequestHandler {
|
||||
*/
|
||||
protected $attributes = array();
|
||||
|
||||
/**
|
||||
* @config
|
||||
* @var array
|
||||
*/
|
||||
private static $casting = array(
|
||||
'Value' => 'Text',
|
||||
);
|
||||
|
||||
/**
|
||||
* Takes a field name and converts camelcase to spaced words. Also resolves combined field
|
||||
* names with dot syntax to spaced words.
|
||||
|
@ -26,6 +26,14 @@ class HtmlEditorField extends TextareaField {
|
||||
*/
|
||||
private static $sanitise_server_side = false;
|
||||
|
||||
/**
|
||||
* @config
|
||||
* @var array
|
||||
*/
|
||||
private static $casting = array(
|
||||
'Value' => 'HTMLText',
|
||||
);
|
||||
|
||||
protected $rows = 30;
|
||||
|
||||
/**
|
||||
|
@ -53,10 +53,28 @@ class ReadonlyField extends FormField {
|
||||
}
|
||||
|
||||
public function Value() {
|
||||
if($this->value) return $this->dontEscape ? $this->value : Convert::raw2xml($this->value);
|
||||
if($this->value) return $this->value;
|
||||
else return '<i>(' . _t('FormField.NONE', 'none') . ')</i>';
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a legacy fix to ensure that the `dontEscape` flag has an impact on readonly fields
|
||||
* now that we've moved to casting template values more rigidly
|
||||
*
|
||||
* @param string $field
|
||||
* @return string
|
||||
*/
|
||||
public function castingHelper($field) {
|
||||
if (
|
||||
(strcasecmp($field, 'Value') === 0)
|
||||
&& ($this->dontEscape || empty($this->value))
|
||||
) {
|
||||
// Value is either empty, or unescaped
|
||||
return 'HTMLText';
|
||||
}
|
||||
return parent::castingHelper($field);
|
||||
}
|
||||
|
||||
public function getAttributes() {
|
||||
return array_merge(
|
||||
parent::getAttributes(),
|
||||
|
@ -18,6 +18,11 @@
|
||||
* @subpackage fields-basic
|
||||
*/
|
||||
class TextareaField extends FormField {
|
||||
|
||||
private static $casting = array(
|
||||
'Value' => 'HTMLText',
|
||||
);
|
||||
|
||||
/**
|
||||
* Visible number of text lines.
|
||||
*
|
||||
|
@ -213,7 +213,7 @@ PHP
|
||||
'<p>Login success. If you are not automatically redirected '.
|
||||
'<a target="_top" href="{link}">click here</a></p>',
|
||||
'Login message displayed in the cms popup once a user has re-authenticated themselves',
|
||||
array('link' => $backURL)
|
||||
array('link' => Convert::raw2att($backURL))
|
||||
)
|
||||
));
|
||||
|
||||
|
@ -64,6 +64,33 @@ class FormTest extends FunctionalTest {
|
||||
$this->assertEquals($fields->fieldByName('othernamespace[key5][key6][key7]')->Value(), 'val7');
|
||||
}
|
||||
|
||||
public function testSubmitReadonlyFields() {
|
||||
$this->get('FormTest_Controller');
|
||||
|
||||
// Submitting a value for a readonly field should be ignored
|
||||
$response = $this->post(
|
||||
'FormTest_Controller/Form',
|
||||
array(
|
||||
'Email' => 'invalid',
|
||||
'Number' => '888',
|
||||
'ReadonlyField' => '<script>alert("hacxzored")</script>'
|
||||
// leaving out "Required" field
|
||||
)
|
||||
);
|
||||
|
||||
// Number field updates its value
|
||||
$this->assertContains('<input type="text" name="Number" value="888"', $response->getBody());
|
||||
|
||||
|
||||
// Readonly field remains
|
||||
$this->assertContains(
|
||||
'<input type="text" name="ReadonlyField" value="This value is readonly"',
|
||||
$response->getBody()
|
||||
);
|
||||
|
||||
$this->assertNotContains('hacxzored', $response->getBody());
|
||||
}
|
||||
|
||||
public function testLoadDataFromUnchangedHandling() {
|
||||
$form = new Form(
|
||||
new Controller(),
|
||||
@ -783,7 +810,10 @@ class FormTest_Controller extends Controller implements TestOnly {
|
||||
new EmailField('Email'),
|
||||
new TextField('SomeRequiredField'),
|
||||
new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two')),
|
||||
new NumericField('Number')
|
||||
new NumericField('Number'),
|
||||
TextField::create('ReadonlyField')
|
||||
->setReadonly(true)
|
||||
->setValue('This value is readonly')
|
||||
),
|
||||
new FieldList(
|
||||
new FormAction('doSubmit')
|
||||
|
@ -2,16 +2,6 @@
|
||||
|
||||
class TextareaFieldTest extends SapphireTest {
|
||||
|
||||
/**
|
||||
* Quick smoke test to ensure that text is being encoded properly.
|
||||
*/
|
||||
public function testTextEncoding() {
|
||||
$inputText = "These are some unicodes: äöü";
|
||||
$field = new TextareaField("Test", "Test");
|
||||
$field->setValue($inputText);
|
||||
$this->assertContains('These are some unicodes: äöü', $field->Field());
|
||||
}
|
||||
|
||||
/**
|
||||
* Quick smoke test to ensure that text with unicodes is being displayed properly in readonly fields.
|
||||
*/
|
||||
|
Loading…
x
Reference in New Issue
Block a user