tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-26 06:29:24 +02:00
Code Issues Projects Releases Wiki Activity

BUG Fix Security page showing double escaped HTML

Browse Source
This commit is contained in:
Damian Mooyman 2016-07-13 19:08:09 +12:00
parent 26d46517ac
commit fb6f8a0a04
No known key found for this signature in database
GPG Key ID: 78B823A10DE27D1A
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Security/Security.php
View File

@ -7,6 +7,7 @@ use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DB;
use Controller;
use SilverStripe\ORM\FieldType\DBField;
use SS_HTTPRequest;
use TemplateGlobalProvider;
use Deprecation;
@ -579,8 +580,8 @@ class Security extends Controller implements TemplateGlobalProvider {
// Finally, customise the controller to add any form messages and the form.
$customisedController = $controller->customise(array(
"Content" => $message,
"Message" => $message,
"Content" => DBField::create_field('HTMLFragment', $message),
"Message" => DBField::create_field('HTMLFragment', $message),
"MessageType" => $messageType,
"Form" => $content,
));

4
forms/htmleditor/HTMLEditorField.php
View File

@ -809,9 +809,9 @@ abstract class HTMLEditorField_File extends ViewableData {
protected function getDetailFields() {
$fields = new FieldList(
ReadonlyField::create("FileType", _t('AssetTableField.TYPE','File type'), $this->getFileType()),
ReadonlyField::create(
HTMLReadonlyField::create(
'ClickableURL', _t('AssetTableField.URL','URL'), $this->getExternalLink()
)->setDontEscape(true)
)
);
// Get file size
if($this->getSize()) {