mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #3196 from mateusz/patch-html-editor-field
BUG Sanitise the PHP output.
This commit is contained in:
commit
8c10e12529
@ -528,7 +528,7 @@ class HtmlEditorField_Toolbar extends RequestHandler {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$this->extend('updateFieldsForFile', $fields, $url, $file);
|
$this->extend('updateFieldsForFile', $fields, $url, $file);
|
||||||
|
|
||||||
return $fields;
|
return $fields;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -537,27 +537,35 @@ class HtmlEditorField_Toolbar extends RequestHandler {
|
|||||||
*/
|
*/
|
||||||
protected function getFieldsForOembed($url, $file) {
|
protected function getFieldsForOembed($url, $file) {
|
||||||
if(isset($file->Oembed->thumbnail_url)) {
|
if(isset($file->Oembed->thumbnail_url)) {
|
||||||
$thumbnailURL = $file->Oembed->thumbnail_url;
|
$thumbnailURL = Convert::raw2att($file->Oembed->thumbnail_url);
|
||||||
} elseif($file->Type == 'photo') {
|
} elseif($file->Type == 'photo') {
|
||||||
$thumbnailURL = $file->Oembed->url;
|
$thumbnailURL = Convert::raw2att($file->Oembed->url);
|
||||||
} else {
|
} else {
|
||||||
$thumbnailURL = FRAMEWORK_DIR . '/images/default_media.png';
|
$thumbnailURL = FRAMEWORK_DIR . '/images/default_media.png';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$fileName = Convert::raw2att($file->Name);
|
||||||
|
|
||||||
$fields = new FieldList(
|
$fields = new FieldList(
|
||||||
$filePreview = CompositeField::create(
|
$filePreview = CompositeField::create(
|
||||||
CompositeField::create(
|
CompositeField::create(
|
||||||
new LiteralField(
|
new LiteralField(
|
||||||
"ImageFull",
|
"ImageFull",
|
||||||
"<img id='thumbnailImage' class='thumbnail-preview' "
|
"<img id='thumbnailImage' class='thumbnail-preview' "
|
||||||
. "src='{$thumbnailURL}?r=" . rand(1,100000) . "' alt='{$file->Name}' />\n"
|
. "src='{$thumbnailURL}?r=" . rand(1,100000) . "' alt='$fileName' />\n"
|
||||||
)
|
)
|
||||||
)->setName("FilePreviewImage")->addExtraClass('cms-file-info-preview'),
|
)->setName("FilePreviewImage")->addExtraClass('cms-file-info-preview'),
|
||||||
CompositeField::create(
|
CompositeField::create(
|
||||||
CompositeField::create(
|
CompositeField::create(
|
||||||
new ReadonlyField("FileType", _t('AssetTableField.TYPE','File type') . ':', $file->Type),
|
new ReadonlyField("FileType", _t('AssetTableField.TYPE','File type') . ':', $file->Type),
|
||||||
$urlField = ReadonlyField::create('ClickableURL', _t('AssetTableField.URL','URL'),
|
$urlField = ReadonlyField::create(
|
||||||
sprintf('<a href="%s" target="_blank" class="file">%s</a>', $url, $url)
|
'ClickableURL',
|
||||||
|
_t('AssetTableField.URL','URL'),
|
||||||
|
sprintf(
|
||||||
|
'<a href="%s" target="_blank" class="file">%s</a>',
|
||||||
|
Convert::raw2att($url),
|
||||||
|
Convert::raw2att($url)
|
||||||
|
)
|
||||||
)->addExtraClass('text-wrap')
|
)->addExtraClass('text-wrap')
|
||||||
)
|
)
|
||||||
)->setName("FilePreviewData")->addExtraClass('cms-file-info-data')
|
)->setName("FilePreviewData")->addExtraClass('cms-file-info-data')
|
||||||
@ -574,18 +582,19 @@ class HtmlEditorField_Toolbar extends RequestHandler {
|
|||||||
)
|
)
|
||||||
)->addExtraClass('last')
|
)->addExtraClass('last')
|
||||||
);
|
);
|
||||||
|
|
||||||
if($file->Width != null){
|
if($file->Width != null){
|
||||||
$fields->push(
|
$fields->push(
|
||||||
FieldGroup::create(
|
FieldGroup::create(
|
||||||
_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
|
_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
|
||||||
TextField::create(
|
TextField::create(
|
||||||
'Width',
|
'Width',
|
||||||
_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
|
_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
|
||||||
$file->InsertWidth
|
$file->InsertWidth
|
||||||
)->setMaxLength(5),
|
)->setMaxLength(5),
|
||||||
TextField::create(
|
TextField::create(
|
||||||
'Height',
|
'Height',
|
||||||
_t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
|
_t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
|
||||||
$file->InsertHeight
|
$file->InsertHeight
|
||||||
)->setMaxLength(5)
|
)->setMaxLength(5)
|
||||||
)->addExtraClass('dimensions last')
|
)->addExtraClass('dimensions last')
|
||||||
@ -595,13 +604,13 @@ class HtmlEditorField_Toolbar extends RequestHandler {
|
|||||||
|
|
||||||
if($file->Type == 'photo') {
|
if($file->Type == 'photo') {
|
||||||
$fields->insertBefore(new TextField(
|
$fields->insertBefore(new TextField(
|
||||||
'AltText',
|
'AltText',
|
||||||
_t('HtmlEditorField.IMAGEALTTEXT', 'Alternative text (alt) - shown if image cannot be displayed'),
|
_t('HtmlEditorField.IMAGEALTTEXT', 'Alternative text (alt) - shown if image cannot be displayed'),
|
||||||
$file->Title,
|
$file->Title,
|
||||||
80
|
80
|
||||||
), 'CaptionText');
|
), 'CaptionText');
|
||||||
$fields->insertBefore(new TextField(
|
$fields->insertBefore(new TextField(
|
||||||
'Title',
|
'Title',
|
||||||
_t('HtmlEditorField.IMAGETITLE', 'Title text (tooltip) - for additional information about the image')
|
_t('HtmlEditorField.IMAGETITLE', 'Title text (tooltip) - for additional information about the image')
|
||||||
), 'CaptionText');
|
), 'CaptionText');
|
||||||
}
|
}
|
||||||
@ -619,12 +628,12 @@ class HtmlEditorField_Toolbar extends RequestHandler {
|
|||||||
FieldGroup::create(
|
FieldGroup::create(
|
||||||
_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
|
_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
|
||||||
TextField::create(
|
TextField::create(
|
||||||
'Width',
|
'Width',
|
||||||
_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
|
_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
|
||||||
$file->Width
|
$file->Width
|
||||||
)->setMaxLength(5),
|
)->setMaxLength(5),
|
||||||
TextField::create(
|
TextField::create(
|
||||||
'Height',
|
'Height',
|
||||||
" x " . _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
|
" x " . _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
|
||||||
$file->Height
|
$file->Height
|
||||||
)->setMaxLength(5)
|
)->setMaxLength(5)
|
||||||
@ -643,27 +652,35 @@ class HtmlEditorField_Toolbar extends RequestHandler {
|
|||||||
if($file->File instanceof Image) {
|
if($file->File instanceof Image) {
|
||||||
$formattedImage = $file->File->generateFormattedImage('SetWidth',
|
$formattedImage = $file->File->generateFormattedImage('SetWidth',
|
||||||
Config::inst()->get('Image', 'asset_preview_width'));
|
Config::inst()->get('Image', 'asset_preview_width'));
|
||||||
$thumbnailURL = $formattedImage ? $formattedImage->URL : $url;
|
$thumbnailURL = Convert::raw2att($formattedImage ? $formattedImage->URL : $url);
|
||||||
} else {
|
} else {
|
||||||
$thumbnailURL = $url;
|
$thumbnailURL = Convert::raw2att($url);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$fileName = Convert::raw2att($file->Name);
|
||||||
|
|
||||||
$fields = new FieldList(
|
$fields = new FieldList(
|
||||||
CompositeField::create(
|
CompositeField::create(
|
||||||
CompositeField::create(
|
CompositeField::create(
|
||||||
LiteralField::create(
|
LiteralField::create(
|
||||||
"ImageFull",
|
"ImageFull",
|
||||||
"<img id='thumbnailImage' class='thumbnail-preview' "
|
"<img id='thumbnailImage' class='thumbnail-preview' "
|
||||||
. "src='{$thumbnailURL}?r=" . rand(1,100000) . "' alt='{$file->Name}' />\n"
|
. "src='{$thumbnailURL}?r=" . rand(1,100000) . "' alt='$fileName' />\n"
|
||||||
)
|
)
|
||||||
)->setName("FilePreviewImage")->addExtraClass('cms-file-info-preview'),
|
)->setName("FilePreviewImage")->addExtraClass('cms-file-info-preview'),
|
||||||
CompositeField::create(
|
CompositeField::create(
|
||||||
CompositeField::create(
|
CompositeField::create(
|
||||||
new ReadonlyField("FileType", _t('AssetTableField.TYPE','File type'), $file->FileType),
|
new ReadonlyField("FileType", _t('AssetTableField.TYPE','File type'), $file->FileType),
|
||||||
new ReadonlyField("Size", _t('AssetTableField.SIZE','File size'), $file->getSize()),
|
new ReadonlyField("Size", _t('AssetTableField.SIZE','File size'), $file->getSize()),
|
||||||
$urlField = new ReadonlyField('ClickableURL', _t('AssetTableField.URL','URL'),
|
$urlField = new ReadonlyField(
|
||||||
sprintf('<a href="%s" title="%s" target="_blank" class="file-url">%s</a>',
|
'ClickableURL',
|
||||||
$file->Link(), $file->Link(), $file->RelativeLink())
|
_t('AssetTableField.URL','URL'),
|
||||||
|
sprintf(
|
||||||
|
'<a href="%s" title="%s" target="_blank" class="file-url">%s</a>',
|
||||||
|
Convert::raw2att($file->Link()),
|
||||||
|
Convert::raw2att($file->Link()),
|
||||||
|
Convert::raw2att($file->RelativeLink())
|
||||||
|
)
|
||||||
),
|
),
|
||||||
new DateField_Disabled("Created", _t('AssetTableField.CREATED','First uploaded'),
|
new DateField_Disabled("Created", _t('AssetTableField.CREATED','First uploaded'),
|
||||||
$file->Created),
|
$file->Created),
|
||||||
@ -671,18 +688,18 @@ class HtmlEditorField_Toolbar extends RequestHandler {
|
|||||||
$file->LastEdited)
|
$file->LastEdited)
|
||||||
)
|
)
|
||||||
)->setName("FilePreviewData")->addExtraClass('cms-file-info-data')
|
)->setName("FilePreviewData")->addExtraClass('cms-file-info-data')
|
||||||
)->setName("FilePreview")->addExtraClass('cms-file-info'),
|
)->setName("FilePreview")->addExtraClass('cms-file-info'),
|
||||||
|
|
||||||
TextField::create(
|
TextField::create(
|
||||||
'AltText',
|
'AltText',
|
||||||
_t('HtmlEditorField.IMAGEALT', 'Alternative text (alt)'),
|
_t('HtmlEditorField.IMAGEALT', 'Alternative text (alt)'),
|
||||||
$file->Title,
|
$file->Title,
|
||||||
80
|
80
|
||||||
)->setDescription(
|
)->setDescription(
|
||||||
_t('HtmlEditorField.IMAGEALTTEXTDESC', 'Shown to screen readers or if image can not be displayed')),
|
_t('HtmlEditorField.IMAGEALTTEXTDESC', 'Shown to screen readers or if image can not be displayed')),
|
||||||
|
|
||||||
TextField::create(
|
TextField::create(
|
||||||
'Title',
|
'Title',
|
||||||
_t('HtmlEditorField.IMAGETITLETEXT', 'Title text (tooltip)')
|
_t('HtmlEditorField.IMAGETITLETEXT', 'Title text (tooltip)')
|
||||||
)->setDescription(
|
)->setDescription(
|
||||||
_t('HtmlEditorField.IMAGETITLETEXTDESC', 'For additional information about the image')),
|
_t('HtmlEditorField.IMAGETITLETEXTDESC', 'For additional information about the image')),
|
||||||
@ -699,16 +716,17 @@ class HtmlEditorField_Toolbar extends RequestHandler {
|
|||||||
)
|
)
|
||||||
)->addExtraClass('last')
|
)->addExtraClass('last')
|
||||||
);
|
);
|
||||||
|
|
||||||
if($file->Width != null){
|
if($file->Width != null){
|
||||||
$fields->push(
|
$fields->push(
|
||||||
FieldGroup::create(_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
|
FieldGroup::create(_t('HtmlEditorField.IMAGEDIMENSIONS', 'Dimensions'),
|
||||||
TextField::create(
|
TextField::create(
|
||||||
'Width',
|
'Width',
|
||||||
_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
|
_t('HtmlEditorField.IMAGEWIDTHPX', 'Width'),
|
||||||
$file->InsertWidth
|
$file->InsertWidth
|
||||||
)->setMaxLength(5),
|
)->setMaxLength(5),
|
||||||
TextField::create(
|
TextField::create(
|
||||||
'Height',
|
'Height',
|
||||||
" x " . _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
|
" x " . _t('HtmlEditorField.IMAGEHEIGHTPX', 'Height'),
|
||||||
$file->InsertHeight
|
$file->InsertHeight
|
||||||
)->setMaxLength(5)
|
)->setMaxLength(5)
|
||||||
@ -764,6 +782,11 @@ class HtmlEditorField_Toolbar extends RequestHandler {
|
|||||||
*/
|
*/
|
||||||
class HtmlEditorField_File extends ViewableData {
|
class HtmlEditorField_File extends ViewableData {
|
||||||
|
|
||||||
|
private static $casting = array(
|
||||||
|
'URL' => 'Varchar',
|
||||||
|
'Name' => 'Varchar'
|
||||||
|
);
|
||||||
|
|
||||||
/** @var String */
|
/** @var String */
|
||||||
protected $url;
|
protected $url;
|
||||||
|
|
||||||
@ -823,7 +846,7 @@ class HtmlEditorField_File extends ViewableData {
|
|||||||
} else {
|
} else {
|
||||||
// Hack to use the framework's built-in thumbnail support without creating a local file representation
|
// Hack to use the framework's built-in thumbnail support without creating a local file representation
|
||||||
$tmpFile = new File(array('Name' => $this->Name, 'Filename' => $this->Name));
|
$tmpFile = new File(array('Name' => $this->Name, 'Filename' => $this->Name));
|
||||||
return $tmpFile->appCategory();
|
return $tmpFile->appCategory();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -837,6 +860,12 @@ class HtmlEditorField_File extends ViewableData {
|
|||||||
* @subpackage fields-formattedinput
|
* @subpackage fields-formattedinput
|
||||||
*/
|
*/
|
||||||
class HtmlEditorField_Embed extends HtmlEditorField_File {
|
class HtmlEditorField_Embed extends HtmlEditorField_File {
|
||||||
|
|
||||||
|
private static $casting = array(
|
||||||
|
'Type' => 'Varchar',
|
||||||
|
'Info' => 'Varchar'
|
||||||
|
);
|
||||||
|
|
||||||
protected $oembed;
|
protected $oembed;
|
||||||
|
|
||||||
public function __construct($url, $file = null) {
|
public function __construct($url, $file = null) {
|
||||||
@ -867,7 +896,7 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Provide an initial width for inserted media, restricted based on $embed_width
|
* Provide an initial width for inserted media, restricted based on $embed_width
|
||||||
*
|
*
|
||||||
* @return int
|
* @return int
|
||||||
*/
|
*/
|
||||||
public function getInsertWidth() {
|
public function getInsertWidth() {
|
||||||
@ -878,7 +907,7 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Provide an initial height for inserted media, scaled proportionally to the initial width
|
* Provide an initial height for inserted media, scaled proportionally to the initial width
|
||||||
*
|
*
|
||||||
* @return int
|
* @return int
|
||||||
*/
|
*/
|
||||||
public function getInsertHeight() {
|
public function getInsertHeight() {
|
||||||
@ -890,7 +919,7 @@ class HtmlEditorField_Embed extends HtmlEditorField_File {
|
|||||||
|
|
||||||
public function getPreview() {
|
public function getPreview() {
|
||||||
if(isset($this->oembed->thumbnail_url)) {
|
if(isset($this->oembed->thumbnail_url)) {
|
||||||
return sprintf('<img src="%s" />', $this->oembed->thumbnail_url);
|
return sprintf('<img src="%s" />', Convert::raw2att($this->oembed->thumbnail_url));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -974,7 +1003,7 @@ class HtmlEditorField_Image extends HtmlEditorField_File {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function getPreview() {
|
public function getPreview() {
|
||||||
return ($this->file) ? $this->file->CMSThumbnail() : sprintf('<img src="%s" />', $this->url);
|
return ($this->file) ? $this->file->CMSThumbnail() : sprintf('<img src="%s" />', Convert::raw2att($this->url));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user