tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Don't link record in GridField form message

Browse Source 
This is no longer allows through Form->sessionMessage() to avoid XSS.
This commit is contained in:
Ingo Schommer 2013-09-30 23:55:32 +02:00
parent a68e0ba365
commit bda56eb9b0
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
forms/gridfield/GridFieldDetailForm.php
View File

@ -412,9 +412,11 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
// TODO Save this item into the given relationship
$link = '<a href="' . $this->Link('edit') . '">"'
. htmlspecialchars($this->record->Title, ENT_QUOTES)
. '"</a>';
// TODO Allow HTML in form messages
// $link = '<a href="' . $this->Link('edit') . '">"'
// . htmlspecialchars($this->record->Title, ENT_QUOTES)
// . '"</a>';
$link = '"' . $this->record->Title . '"';
$message = _t(
'GridFieldDetailForm.Saved',
'Saved {name} {link}',