diff --git a/code/controllers/CMSMain.php b/code/controllers/CMSMain.php
index 8d2f96c1..860ea61d 100644
--- a/code/controllers/CMSMain.php
+++ b/code/controllers/CMSMain.php
@@ -747,13 +747,21 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
if($num) {
return sprintf(
'%s',
- Controller::join_links($controller->Link(), "?ParentID={$item->ID}&view=list"),
+ Controller::join_links(
+ $controller->Link(),
+ sprintf("?ParentID=%d&view=list", (int)$item->ID)
+ ),
$num
);
}
},
'getTreeTitle' => function($value, &$item) use($controller) {
- return '' . $item->TreeTitle . '';
+ return sprintf(
+ '%s',
+ singleton('CMSPageEditController')->Link('show'),
+ (int)$item->ID,
+ $item->TreeTitle // returns HTML, does its own escaping
+ );
}
));
diff --git a/code/controllers/ReportAdmin.php b/code/controllers/ReportAdmin.php
index 21067b78..946633ca 100644
--- a/code/controllers/ReportAdmin.php
+++ b/code/controllers/ReportAdmin.php
@@ -166,7 +166,13 @@ class ReportAdmin extends LeftAndMain implements PermissionProvider {
'title' => _t('ReportAdmin.ReportTitle', 'Title'),
));
$columns->setFieldFormatting(array(
- 'title' => '$value'
+ 'title' => function($value, &$item) {
+ return sprintf(
+ '%s',
+ Convert::raw2xml($item->Link),
+ Convert::raw2xml($value)
+ );
+ }
));
$gridField->addExtraClass('all-reports-gridfield');
$fields->push($gridField);
diff --git a/code/model/SiteTree.php b/code/model/SiteTree.php
index 9801f8ea..5f27fd8a 100644
--- a/code/model/SiteTree.php
+++ b/code/model/SiteTree.php
@@ -117,6 +117,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
'Link' => 'Text',
'RelativeLink' => 'Text',
'AbsoluteLink' => 'Text',
+ 'TreeTitle' => 'HTMLText',
);
static $defaults = array(
@@ -1826,8 +1827,20 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
);
$dependentTable->getConfig()->getComponentByType('GridFieldDataColumns')
->setFieldFormatting(array(
- 'Title' => '$Title',
- 'AbsoluteLink' => '$value',
+ 'Title' => function($value, &$item) {
+ return sprintf(
+ '%s',
+ (int)$item->ID,
+ Convert::raw2xml($item->Title)
+ );
+ },
+ 'AbsoluteLink' => function($value, &$item) {
+ return sprintf(
+ '%s',
+ Convert::raw2xml($value),
+ Convert::raw2xml($value)
+ );
+ }
));
}
diff --git a/code/reports/Report.php b/code/reports/Report.php
index 35fafadf..09e3ce0c 100644
--- a/code/reports/Report.php
+++ b/code/reports/Report.php
@@ -301,8 +301,13 @@ class SS_Report extends ViewableData {
if(isset($info['casting'])) $fieldCasting[$source] = $info['casting'];
if(isset($info['link']) && $info['link']) {
- $link = singleton('CMSPageEditController')->Link('show');
- $fieldFormatting[$source] = '$value';
+ $fieldFormatting[$source] = function($value, &$item) {
+ return sprintf(
+ '%s',
+ Controller::join_links(singleton('CMSPageEditController')->Link('show'), $item->ID),
+ Convert::raw2xml($value)
+ );
+ };
}
$displayFields[$source] = isset($info['title']) ? $info['title'] : $source;