mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-30 05:09:06 +02:00
Don't link record in GridField form message
This is no longer allows through Form->sessionMessage() to avoid XSS.
This commit is contained in:
parent
298de5a67d
commit
deadc154ca
@ -508,9 +508,11 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
|
|||||||
|
|
||||||
// TODO Save this item into the given relationship
|
// TODO Save this item into the given relationship
|
||||||
|
|
||||||
$link = '<a href="' . $this->Link('edit') . '">"'
|
// TODO Allow HTML in form messages
|
||||||
. htmlspecialchars($this->record->Title, ENT_QUOTES)
|
// $link = '<a href="' . $this->Link('edit') . '">"'
|
||||||
. '"</a>';
|
// . htmlspecialchars($this->record->Title, ENT_QUOTES)
|
||||||
|
// . '"</a>';
|
||||||
|
$link = '"' . $this->record->Title . '"';
|
||||||
$message = _t(
|
$message = _t(
|
||||||
'GridFieldDetailForm.Saved',
|
'GridFieldDetailForm.Saved',
|
||||||
'Saved {name} {link}',
|
'Saved {name} {link}',
|
||||||
|
Loading…
Reference in New Issue
Block a user