mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
NEW: Add ReadonlyField::setIncludeHiddenField()
The new config setter restores the 2.4 behaviour of including <input type="hidden"> with a field. Although as a default, this option has security flaws; it is useful in a few circumstances and, if nothing else, is handy to make upgrading sites easier.
This commit is contained in:
parent
b63e55a77a
commit
abbee41b78
@ -11,10 +11,43 @@ class ReadonlyField extends FormField {
|
||||
|
||||
protected $readonly = true;
|
||||
|
||||
/**
|
||||
* Include a hidden field in the HTML for the readonly field
|
||||
* @var boolean
|
||||
*/
|
||||
protected $includeHiddenField = false;
|
||||
|
||||
/**
|
||||
* If true, a hidden field will be included in the HTML for the readonly field.
|
||||
*
|
||||
* This can be useful if you need to pass the data through on the form submission, as
|
||||
* long as it's okay than an attacker could change the data before it's submitted.
|
||||
*
|
||||
* This is disabled by default as it can introduce security holes if the data is not
|
||||
* allowed to be modified by the user.
|
||||
*
|
||||
* @param boolean $includeHiddenField
|
||||
*/
|
||||
public function setIncludeHiddenField($includeHiddenField) {
|
||||
$this->includeHiddenField = $includeHiddenField;
|
||||
}
|
||||
|
||||
public function performReadonlyTransformation() {
|
||||
return clone $this;
|
||||
}
|
||||
|
||||
public function Field($properties = array()) {
|
||||
// Include a hidden field in the HTML
|
||||
if($this->includeHiddenField && $this->readonly) {
|
||||
$hidden = clone $this;
|
||||
$hidden->setReadonly(false);
|
||||
return parent::Field($properties) . $hidden->Field($properties);
|
||||
|
||||
} else {
|
||||
return parent::Field($properties);
|
||||
}
|
||||
}
|
||||
|
||||
public function Value() {
|
||||
if($this->value) return $this->dontEscape ? $this->value : Convert::raw2xml($this->value);
|
||||
else return '<i>(' . _t('FormField.NONE', 'none') . ')</i>';
|
||||
@ -25,7 +58,7 @@ class ReadonlyField extends FormField {
|
||||
parent::getAttributes(),
|
||||
array(
|
||||
'type' => 'hidden',
|
||||
'value' => null,
|
||||
'value' => $this->readonly ? null : $this->value,
|
||||
)
|
||||
);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user