BUG Fixed escaping of name/value in options of form fields

DropdownField was currently escaping options, but CheckboxSetField and
OptionsetField were not. This fixes them to be consistent.
This commit is contained in:
Sean Harvey 2014-08-04 09:28:49 +12:00
parent 441a0c03f7
commit b2dac644a0
6 changed files with 39 additions and 7 deletions

View File

@ -2,8 +2,8 @@
<% if $Options.Count %> <% if $Options.Count %>
<% loop $Options %> <% loop $Options %>
<li class="$Class"> <li class="$Class">
<input id="$ID" class="checkbox" name="$Name" type="checkbox" value="$Value"<% if $isChecked %> checked="checked"<% end_if %><% if $isDisabled %> disabled="disabled"<% end_if %> /> <input id="$ID" class="checkbox" name="$Name.XML" type="checkbox" value="$Value.ATT"<% if $isChecked %> checked="checked"<% end_if %><% if $isDisabled %> disabled="disabled"<% end_if %> />
<label for="$ID">$Title</label> <label for="$ID">$Title.XML</label>
</li> </li>
<% end_loop %> <% end_loop %>
<% else %> <% else %>

View File

@ -1,5 +1,5 @@
<select $AttributesHTML> <select $AttributesHTML>
<% loop $Options %> <% loop $Options %>
<option value="$Value.XML"<% if $Selected %> selected="selected"<% end_if %><% if $Disabled %> disabled="disabled"<% end_if %>>$Title.XML</option> <option value="$Value.ATT"<% if $Selected %> selected="selected"<% end_if %><% if $Disabled %> disabled="disabled"<% end_if %>>$Title.XML</option>
<% end_loop %> <% end_loop %>
</select> </select>

View File

@ -1,8 +1,8 @@
<ul id="$ID" class="$extraClass"> <ul id="$ID" class="$extraClass">
<% loop $Options %> <% loop $Options %>
<li class="$Class"> <li class="$Class">
<input id="$ID" class="radio" name="$Name" type="radio" value="$Value"<% if $isChecked %> checked<% end_if %><% if $isDisabled %> disabled<% end_if %> /> <input id="$ID" class="radio" name="$Name.ATT" type="radio" value="$Value.ATT"<% if $isChecked %> checked<% end_if %><% if $isDisabled %> disabled<% end_if %> />
<label for="$ID">$Title</label> <label for="$ID">$Title.XML</label>
</li> </li>
<% end_loop %> <% end_loop %>
</ul> </ul>

View File

@ -144,6 +144,17 @@ class CheckboxSetFieldTest extends SapphireTest {
$this->assertEquals('Test,Another', $dbValue); $this->assertEquals('Test,Another', $dbValue);
} }
public function testEscapedOptions() {
$field = new CheckboxSetField('Content', 'Content', array(
'Test' => 'Test',
'Another<weirdvalue>' => 'Another',
));
$html = $field->Field();
$this->assertContains('Content[Another&lt;weirdvalue&gt;]', $html, 'Option name is escaped');
$this->assertContains('value="Another&lt;weirdvalue&gt;', $html, 'Option value is escaped');
}
} }
/** /**

View File

@ -208,7 +208,17 @@ class DropdownFieldTest extends SapphireTest {
$disabledOptions = $this->findDisabledOptionElements($field->Field()); $disabledOptions = $this->findDisabledOptionElements($field->Field());
$this->assertEquals(count($disabledOptions), 0, 'There are no disabled options'); $this->assertEquals(count($disabledOptions), 0, 'There are no disabled options');
} }
public function testEscapedOptions() {
$field = new DropdownField('Content', 'Content', array(
'Test' => 'Test',
'Another<weirdvalue>' => 'Another',
));
$html = $field->Field();
$this->assertContains('value="Another&lt;weirdvalue&gt;', $html, 'Option value is escaped');
}
/** /**
* Create a test dropdown field, with the option to * Create a test dropdown field, with the option to
* set what source and blank value it should contain * set what source and blank value it should contain
@ -293,4 +303,4 @@ class DropdownFieldTest extends SapphireTest {
return $foundDisabled; return $foundDisabled;
} }
} }

View File

@ -34,4 +34,15 @@ class OptionsetFieldTest extends SapphireTest {
preg_match('/Yes/', $field->Field(), $matches); preg_match('/Yes/', $field->Field(), $matches);
$this->assertEquals($matches[0], 'Yes'); $this->assertEquals($matches[0], 'Yes');
} }
public function testEscapedOptions() {
$field = new OptionsetField('Content', 'Content', array(
'Test' => 'Test',
'Another<weirdvalue>' => 'Another',
));
$html = $field->Field();
$this->assertContains('value="Another&lt;weirdvalue&gt;', $html, 'Option value is escaped');
}
} }