From 81ccb8d78e3d0e0ecf02ba1a99c64bbade1a8a97 Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Tue, 24 Sep 2013 14:27:35 +0200 Subject: [PATCH] API Escape form validation messages (SS-2013-008) --- forms/Form.php | 4 ++++ forms/FormField.php | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/forms/Form.php b/forms/Form.php index 9aca133b0..f457352ad 100755 --- a/forms/Form.php +++ b/forms/Form.php @@ -137,6 +137,10 @@ class Form extends RequestHandler { */ protected $extraClasses = array(); + public static $casting = array( + 'Message' => 'Text' + ); + /** * Create a new form, with the given fields an action buttons. * diff --git a/forms/FormField.php b/forms/FormField.php index a28700db1..cc62c3748 100755 --- a/forms/FormField.php +++ b/forms/FormField.php @@ -72,6 +72,10 @@ class FormField extends RequestHandler { * @var Custom Validation Message for the Field */ protected $customValidationMessage = ""; + + public static $casting = array( + 'Message' => 'Text' + ); /** * Create a new field.