tonyair/silverstripe-reports
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-reports synced 2024-10-22 11:05:53 +02:00
Code Issues Projects Releases Wiki Activity

Clearer escaping in CMSMain

Browse Source 
No direct security issue, but makes intent clearer
This commit is contained in:
Ingo Schommer 2013-09-24 12:12:57 +02:00
parent e170f4c21b
commit 86339a551d
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
code/controllers/CMSMain.php
View File

@ -747,13 +747,21 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
if($num) { if($num) {
return sprintf( return sprintf(
'<a class="cms-panel-link list-children-link" data-pjax-target="ListViewForm,Breadcrumbs" href="%s">%s</a>', '<a class="cms-panel-link list-children-link" data-pjax-target="ListViewForm,Breadcrumbs" href="%s">%s</a>',
Controller::join_links($controller->Link(), "?ParentID={$item->ID}&view=list"), Controller::join_links(
$controller->Link(),
sprintf("?ParentID=%d&view=list", (int)$item->ID)
),
$num $num
); );
} }
}, },
'getTreeTitle' => function($value, &$item) use($controller) { 'getTreeTitle' => function($value, &$item) use($controller) {
return '<a class="action-detail" href="' . singleton('CMSPageEditController')->Link('show') . '/' . $item->ID . '">' . $item->TreeTitle . '</a>'; return sprintf(
'<a class="action-detail" href="%s/%d">%s</a>',
singleton('CMSPageEditController')->Link('show'),
(int)$item->ID,
$item->TreeTitle // returns HTML, does its own escaping
);
} }
)); ));