tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-28 23:49:26 +02:00
Code Issues Projects Releases Wiki Activity

BUG Fix Security page showing double escaped HTML

Browse Source
This commit is contained in:
Damian Mooyman 2016-07-13 19:08:09 +12:00
parent 26d46517ac
commit fb6f8a0a04
No known key found for this signature in database
GPG Key ID: 78B823A10DE27D1A
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Security/Security.php
View File

@ -7,6 +7,7 @@ use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject; use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DB; use SilverStripe\ORM\DB;
use Controller; use Controller;
use SilverStripe\ORM\FieldType\DBField;
use SS_HTTPRequest; use SS_HTTPRequest;
use TemplateGlobalProvider; use TemplateGlobalProvider;
use Deprecation; use Deprecation;
@ -579,8 +580,8 @@ class Security extends Controller implements TemplateGlobalProvider {
// Finally, customise the controller to add any form messages and the form. // Finally, customise the controller to add any form messages and the form.
$customisedController = $controller->customise(array( $customisedController = $controller->customise(array(
"Content" => $message, "Content" => DBField::create_field('HTMLFragment', $message),
"Message" => $message, "Message" => DBField::create_field('HTMLFragment', $message),
"MessageType" => $messageType, "MessageType" => $messageType,
"Form" => $content, "Form" => $content,
)); ));

4
forms/htmleditor/HTMLEditorField.php
View File

@ -809,9 +809,9 @@ abstract class HTMLEditorField_File extends ViewableData {
protected function getDetailFields() { protected function getDetailFields() {
$fields = new FieldList( $fields = new FieldList(
ReadonlyField::create("FileType", _t('AssetTableField.TYPE','File type'), $this->getFileType()), ReadonlyField::create("FileType", _t('AssetTableField.TYPE','File type'), $this->getFileType()),
ReadonlyField::create( HTMLReadonlyField::create(
'ClickableURL', _t('AssetTableField.URL','URL'), $this->getExternalLink() 'ClickableURL', _t('AssetTableField.URL','URL'), $this->getExternalLink()
)->setDontEscape(true) )
); );
// Get file size // Get file size
if($this->getSize()) { if($this->getSize()) {