tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-29 07:59:31 +02:00
Code Issues Projects Releases Wiki Activity

Don't link record in GridField form message

Browse Source 
This is no longer allows through Form->sessionMessage() to avoid XSS.
This commit is contained in:
Ingo Schommer 2013-09-30 23:55:32 +02:00
parent 298de5a67d
commit deadc154ca
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
forms/gridfield/GridFieldDetailForm.php
View File

@ -508,9 +508,11 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
// TODO Save this item into the given relationship // TODO Save this item into the given relationship
$link = '<a href="' . $this->Link('edit') . '">"' // TODO Allow HTML in form messages
. htmlspecialchars($this->record->Title, ENT_QUOTES) // $link = '<a href="' . $this->Link('edit') . '">"'
. '"</a>'; // . htmlspecialchars($this->record->Title, ENT_QUOTES)
// . '"</a>';
$link = '"' . $this->record->Title . '"';
$message = _t( $message = _t(
'GridFieldDetailForm.Saved', 'GridFieldDetailForm.Saved',
'Saved {name} {link}', 'Saved {name} {link}',