diff --git a/forms/HtmlEditorField.php b/forms/HtmlEditorField.php
index d0119ed2b..9e3e62e15 100644
--- a/forms/HtmlEditorField.php
+++ b/forms/HtmlEditorField.php
@@ -528,7 +528,7 @@ class HtmlEditorField_Toolbar extends RequestHandler {
}
$this->extend('updateFieldsForFile', $fields, $url, $file);
-
+
return $fields;
}
@@ -537,27 +537,35 @@ class HtmlEditorField_Toolbar extends RequestHandler {
*/
protected function getFieldsForOembed($url, $file) {
if(isset($file->Oembed->thumbnail_url)) {
- $thumbnailURL = $file->Oembed->thumbnail_url;
+ $thumbnailURL = Convert::raw2att($file->Oembed->thumbnail_url);
} elseif($file->Type == 'photo') {
- $thumbnailURL = $file->Oembed->url;
+ $thumbnailURL = Convert::raw2att($file->Oembed->url);
} else {
$thumbnailURL = FRAMEWORK_DIR . '/images/default_media.png';
}
-
+
+ $fileName = Convert::raw2att($file->Name);
+
$fields = new FieldList(
$filePreview = CompositeField::create(
CompositeField::create(
new LiteralField(
"ImageFull",
"![{$file->Name}]()
\n"
+ . "src='{$thumbnailURL}?r=" . rand(1,100000) . "' alt='$fileName' />\n"
)
)->setName("FilePreviewImage")->addExtraClass('cms-file-info-preview'),
CompositeField::create(
CompositeField::create(
new ReadonlyField("FileType", _t('AssetTableField.TYPE','File type') . ':', $file->Type),
- $urlField = ReadonlyField::create('ClickableURL', _t('AssetTableField.URL','URL'),
- sprintf('%s', $url, $url)
+ $urlField = ReadonlyField::create(
+ 'ClickableURL',
+ _t('AssetTableField.URL','URL'),
+ sprintf(
+ '%s',
+ Convert::raw2att($url),
+ Convert::raw2att($url)
+ )
)->addExtraClass('text-wrap')
)
)->setName("FilePreviewData")->addExtraClass('cms-file-info-data')
@@ -574,18 +582,19 @@ class HtmlEditorField_Toolbar extends RequestHandler {
)
)->addExtraClass('last')
);
+
if($file->Width != null){
$fields->push(
FieldGroup::create(
_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
TextField::create(
- 'Width',
- _t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
+ 'Width',
+ _t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
$file->InsertWidth
)->setMaxLength(5),
TextField::create(
- 'Height',
- _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
+ 'Height',
+ _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
$file->InsertHeight
)->setMaxLength(5)
)->addExtraClass('dimensions last')
@@ -595,13 +604,13 @@ class HtmlEditorField_Toolbar extends RequestHandler {
if($file->Type == 'photo') {
$fields->insertBefore(new TextField(
- 'AltText',
- _t('HtmlEditorField.IMAGEALTTEXT', 'Alternative text (alt) - shown if image cannot be displayed'),
- $file->Title,
+ 'AltText',
+ _t('HtmlEditorField.IMAGEALTTEXT', 'Alternative text (alt) - shown if image cannot be displayed'),
+ $file->Title,
80
), 'CaptionText');
$fields->insertBefore(new TextField(
- 'Title',
+ 'Title',
_t('HtmlEditorField.IMAGETITLE', 'Title text (tooltip) - for additional information about the image')
), 'CaptionText');
}
@@ -619,12 +628,12 @@ class HtmlEditorField_Toolbar extends RequestHandler {
FieldGroup::create(
_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
TextField::create(
- 'Width',
- _t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
+ 'Width',
+ _t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
$file->Width
)->setMaxLength(5),
TextField::create(
- 'Height',
+ 'Height',
" x " . _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
$file->Height
)->setMaxLength(5)
@@ -643,27 +652,35 @@ class HtmlEditorField_Toolbar extends RequestHandler {
if($file->File instanceof Image) {
$formattedImage = $file->File->generateFormattedImage('SetWidth',
Config::inst()->get('Image', 'asset_preview_width'));
- $thumbnailURL = $formattedImage ? $formattedImage->URL : $url;
+ $thumbnailURL = Convert::raw2att($formattedImage ? $formattedImage->URL : $url);
} else {
- $thumbnailURL = $url;
+ $thumbnailURL = Convert::raw2att($url);
}
-
+
+ $fileName = Convert::raw2att($file->Name);
+
$fields = new FieldList(
CompositeField::create(
CompositeField::create(
LiteralField::create(
"ImageFull",
- "![{$file->Name}]()
\n"
+ "![$fileName]()
\n"
)
)->setName("FilePreviewImage")->addExtraClass('cms-file-info-preview'),
CompositeField::create(
CompositeField::create(
new ReadonlyField("FileType", _t('AssetTableField.TYPE','File type'), $file->FileType),
new ReadonlyField("Size", _t('AssetTableField.SIZE','File size'), $file->getSize()),
- $urlField = new ReadonlyField('ClickableURL', _t('AssetTableField.URL','URL'),
- sprintf('%s',
- $file->Link(), $file->Link(), $file->RelativeLink())
+ $urlField = new ReadonlyField(
+ 'ClickableURL',
+ _t('AssetTableField.URL','URL'),
+ sprintf(
+ '%s',
+ Convert::raw2att($file->Link()),
+ Convert::raw2att($file->Link()),
+ Convert::raw2att($file->RelativeLink())
+ )
),
new DateField_Disabled("Created", _t('AssetTableField.CREATED','First uploaded'),
$file->Created),
@@ -671,18 +688,18 @@ class HtmlEditorField_Toolbar extends RequestHandler {
$file->LastEdited)
)
)->setName("FilePreviewData")->addExtraClass('cms-file-info-data')
- )->setName("FilePreview")->addExtraClass('cms-file-info'),
+ )->setName("FilePreview")->addExtraClass('cms-file-info'),
TextField::create(
- 'AltText',
- _t('HtmlEditorField.IMAGEALT', 'Alternative text (alt)'),
- $file->Title,
+ 'AltText',
+ _t('HtmlEditorField.IMAGEALT', 'Alternative text (alt)'),
+ $file->Title,
80
)->setDescription(
_t('HtmlEditorField.IMAGEALTTEXTDESC', 'Shown to screen readers or if image can not be displayed')),
TextField::create(
- 'Title',
+ 'Title',
_t('HtmlEditorField.IMAGETITLETEXT', 'Title text (tooltip)')
)->setDescription(
_t('HtmlEditorField.IMAGETITLETEXTDESC', 'For additional information about the image')),
@@ -699,16 +716,17 @@ class HtmlEditorField_Toolbar extends RequestHandler {
)
)->addExtraClass('last')
);
+
if($file->Width != null){
$fields->push(
FieldGroup::create(_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
TextField::create(
- 'Width',
- _t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
+ 'Width',
+ _t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
$file->InsertWidth
)->setMaxLength(5),
TextField::create(
- 'Height',
+ 'Height',
" x " . _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
$file->InsertHeight
)->setMaxLength(5)
@@ -764,6 +782,11 @@ class HtmlEditorField_Toolbar extends RequestHandler {
*/
class HtmlEditorField_File extends ViewableData {
+ private static $casting = array(
+ 'URL' => 'Varchar',
+ 'Name' => 'Varchar'
+ );
+
/** @var String */
protected $url;
@@ -823,7 +846,7 @@ class HtmlEditorField_File extends ViewableData {
} else {
// Hack to use the framework's built-in thumbnail support without creating a local file representation
$tmpFile = new File(array('Name' => $this->Name, 'Filename' => $this->Name));
- return $tmpFile->appCategory();
+ return $tmpFile->appCategory();
}
}
@@ -837,6 +860,12 @@ class HtmlEditorField_File extends ViewableData {
* @subpackage fields-formattedinput
*/
class HtmlEditorField_Embed extends HtmlEditorField_File {
+
+ private static $casting = array(
+ 'Type' => 'Varchar',
+ 'Info' => 'Varchar'
+ );
+
protected $oembed;
public function __construct($url, $file = null) {
@@ -867,7 +896,7 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {
/**
* Provide an initial width for inserted media, restricted based on $embed_width
- *
+ *
* @return int
*/
public function getInsertWidth() {
@@ -878,7 +907,7 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {
/**
* Provide an initial height for inserted media, scaled proportionally to the initial width
- *
+ *
* @return int
*/
public function getInsertHeight() {
@@ -890,7 +919,7 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {
public function getPreview() {
if(isset($this->oembed->thumbnail_url)) {
- return sprintf('
', $this->oembed->thumbnail_url);
+ return sprintf('', Convert::raw2att($this->oembed->thumbnail_url));
}
}
@@ -974,7 +1003,7 @@ class HtmlEditorField_Image extends HtmlEditorField_File {
}
public function getPreview() {
- return ($this->file) ? $this->file->CMSThumbnail() : sprintf('', $this->url);
+ return ($this->file) ? $this->file->CMSThumbnail() : sprintf('', Convert::raw2att($this->url));
}
}