mirror of
https://github.com/silverstripe/silverstripe-subsites
synced 2024-09-30 13:19:01 +02:00
Merge pull request #149 from silverstripe-elliot/SubDomain-XSS
Sanitise domain name field
This commit is contained in:
commit
4b54951e9e
@ -1,5 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @property text Domain domain name of this subsite. Do not include the URL scheme here
|
||||||
|
* @property bool IsPrimary Is this the primary subdomain?
|
||||||
|
*/
|
||||||
class SubsiteDomain extends DataObject {
|
class SubsiteDomain extends DataObject {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -46,6 +50,7 @@ class SubsiteDomain extends DataObject {
|
|||||||
new TextField('Domain', $this->fieldLabel('Domain'), null, 255),
|
new TextField('Domain', $this->fieldLabel('Domain'), null, 255),
|
||||||
new CheckboxField('IsPrimary', $this->fieldLabel('IsPrimary'))
|
new CheckboxField('IsPrimary', $this->fieldLabel('IsPrimary'))
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->extend('updateCMSFields', $fields);
|
$this->extend('updateCMSFields', $fields);
|
||||||
return $fields;
|
return $fields;
|
||||||
}
|
}
|
||||||
@ -62,4 +67,15 @@ class SubsiteDomain extends DataObject {
|
|||||||
|
|
||||||
return $labels;
|
return $labels;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Before writing the Subsite Domain, strip out any HTML the user has entered.
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function onBeforeWrite() {
|
||||||
|
parent::onBeforeWrite();
|
||||||
|
|
||||||
|
//strip out any HTML to avoid XSS attacks
|
||||||
|
$this->Domain = Convert::html2raw($this->Domain);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user