tonyair/silverstripe-subsites
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-subsites synced 2024-06-29 16:09:44 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #149 from silverstripe-elliot/SubDomain-XSS

Browse Source 
Sanitise domain name field
This commit is contained in:
Mateusz U 2014-07-16 16:18:22 +12:00
commit 4b54951e9e
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
code/model/SubsiteDomain.php
View File

@ -1,5 +1,9 @@
<?php <?php
/**
* @property text Domain domain name of this subsite. Do not include the URL scheme here
* @property bool IsPrimary Is this the primary subdomain?
*/
class SubsiteDomain extends DataObject { class SubsiteDomain extends DataObject {
/** /**
@ -46,6 +50,7 @@ class SubsiteDomain extends DataObject {
new TextField('Domain', $this->fieldLabel('Domain'), null, 255), new TextField('Domain', $this->fieldLabel('Domain'), null, 255),
new CheckboxField('IsPrimary', $this->fieldLabel('IsPrimary')) new CheckboxField('IsPrimary', $this->fieldLabel('IsPrimary'))
); );
$this->extend('updateCMSFields', $fields); $this->extend('updateCMSFields', $fields);
return $fields; return $fields;
} }
@ -62,4 +67,15 @@ class SubsiteDomain extends DataObject {
return $labels; return $labels;
} }
/**
* Before writing the Subsite Domain, strip out any HTML the user has entered.
* @return void
*/
public function onBeforeWrite() {
parent::onBeforeWrite();
//strip out any HTML to avoid XSS attacks
$this->Domain = Convert::html2raw($this->Domain);
}
} }