From fb6f8a0a049154da82c5bf4a4330d519727f0713 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Wed, 13 Jul 2016 19:08:09 +1200 Subject: [PATCH] BUG Fix Security page showing double escaped HTML --- Security/Security.php | 5 +++-- forms/htmleditor/HTMLEditorField.php | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Security/Security.php b/Security/Security.php index 100495da5..158731101 100644 --- a/Security/Security.php +++ b/Security/Security.php @@ -7,6 +7,7 @@ use SilverStripe\ORM\ArrayList; use SilverStripe\ORM\DataObject; use SilverStripe\ORM\DB; use Controller; +use SilverStripe\ORM\FieldType\DBField; use SS_HTTPRequest; use TemplateGlobalProvider; use Deprecation; @@ -579,8 +580,8 @@ class Security extends Controller implements TemplateGlobalProvider { // Finally, customise the controller to add any form messages and the form. $customisedController = $controller->customise(array( - "Content" => $message, - "Message" => $message, + "Content" => DBField::create_field('HTMLFragment', $message), + "Message" => DBField::create_field('HTMLFragment', $message), "MessageType" => $messageType, "Form" => $content, )); diff --git a/forms/htmleditor/HTMLEditorField.php b/forms/htmleditor/HTMLEditorField.php index deedd6fa8..60b904771 100644 --- a/forms/htmleditor/HTMLEditorField.php +++ b/forms/htmleditor/HTMLEditorField.php @@ -809,9 +809,9 @@ abstract class HTMLEditorField_File extends ViewableData { protected function getDetailFields() { $fields = new FieldList( ReadonlyField::create("FileType", _t('AssetTableField.TYPE','File type'), $this->getFileType()), - ReadonlyField::create( + HTMLReadonlyField::create( 'ClickableURL', _t('AssetTableField.URL','URL'), $this->getExternalLink() - )->setDontEscape(true) + ) ); // Get file size if($this->getSize()) {