tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

[SS-2017-001] FIX Unescaped title attribute in LeftAndMain_TreeNode::forTemplate

Browse Source
This commit is contained in:
Daniel Hensby 2017-01-13 00:12:22 +00:00
parent e1ee921ce7
commit c6c6c13fc2
No known key found for this signature in database
GPG Key ID: B00D1E9767F0B06E
4 changed files with 27 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
admin/code/LeftAndMain.php
View File

@ -1005,8 +1005,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
} }
$link = Controller::join_links($recordController->Link("show"), $record->ID); $link = Controller::join_links($recordController->Link("show"), $record->ID);
$html = LeftAndMain_TreeNode::create($record, $link, $this->isCurrentPage($record)) $html = LeftAndMain_TreeNode::create($record, $link, $this->isCurrentPage($record))->forTemplate();
->forTemplate() . '</li>';
$data[$id] = array( $data[$id] = array(
'html' => $html, 'html' => $html,
@ -1982,16 +1981,21 @@ class LeftAndMain_TreeNode extends ViewableData {
* *
* @todo Remove hardcoded assumptions around returning an <li>, by implementing recursive tree node rendering * @todo Remove hardcoded assumptions around returning an <li>, by implementing recursive tree node rendering
* *
* @return String * @return string
*/ */
public function forTemplate() { public function forTemplate() {
$obj = $this->obj; $obj = $this->obj;
return "<li id=\"record-$obj->ID\" data-id=\"$obj->ID\" data-pagetype=\"$obj->ClassName\" class=\""
. $this->getClasses() . "\">" . "<ins class=\"jstree-icon\">&nbsp;</ins>" return (string)SSViewer::execute_template('LeftAndMain_TreeNode', $obj, array(
. "<a href=\"" . $this->getLink() . "\" title=\"(" 'Classes' => $this->getClasses(),
. trim(_t('LeftAndMain.PAGETYPE','Page type'), " :") // account for inconsistencies in translations 'Link' => $this->getLink(),
. ": " . $obj->i18n_singular_name() . ") $obj->Title\" ><ins class=\"jstree-icon\">&nbsp;</ins><span class=\"text\">" . ($obj->TreeTitle) 'Title' => sprintf(
. "</span></a>"; '(%s: %s) %s',
trim(_t('LeftAndMain.PAGETYPE','Page type'), " :"),
$obj->i18n_singular_name(),
$obj->Title
),
));
} }
/** /**

6
admin/templates/Includes/LeftAndMain_TreeNode.ss Normal file
View File

@ -0,0 +1,6 @@
<li id="record-$ID" data-id="$ID" data-pagetype="$ClassName" class="$Classes">
<ins class="jstree-icon">&nbsp;</ins>
<a href="$Link" title="$Title.ATT"><ins class="jstree-icon">&nbsp;</ins>
<span class="text">$TreeTitle</span>
</a>
</li>

4
admin/tests/LeftAndMainTest.php
View File

@ -302,6 +302,8 @@ class LeftAndMainTest_Object extends DataObject implements TestOnly {
'Hierarchy' 'Hierarchy'
); );
public function CMSTreeClasses() {} public function CMSTreeClasses() {
return '';
}
} }

6
model/Hierarchy.php
View File

@ -101,7 +101,7 @@ class Hierarchy extends DataExtension {
* *
* @return string * @return string
*/ */
public function getChildrenAsUL($attributes = "", $titleEval = '"<li>" . $child->Title', $extraArg = null, public function getChildrenAsUL($attributes = "", $titleEval = '"<li>" . $child->Title . "</li>"', $extraArg = null,
$limitToMarked = false, $childrenMethod = "AllChildrenIncludingDeleted", $limitToMarked = false, $childrenMethod = "AllChildrenIncludingDeleted",
$numChildrenMethod = "numChildren", $rootCall = true, $numChildrenMethod = "numChildren", $rootCall = true,
$nodeCountThreshold = null, $nodeCountCallback = null) { $nodeCountThreshold = null, $nodeCountCallback = null) {
@ -144,6 +144,10 @@ class Hierarchy extends DataExtension {
} else { } else {
$output .= eval("return $titleEval;"); $output .= eval("return $titleEval;");
} }
$output = trim($output);
if (substr($output, -5) == '</li>') {
$output = trim(substr($output, 0, -5));
}
$output .= "\n"; $output .= "\n";
$numChildren = $child->$numChildrenMethod(); $numChildren = $child->$numChildrenMethod();