FIX Escape dollar signs in UserForm contents before inserting them with regex

2017-09-22 14:26:42 +12:00 · 2017-09-22 14:26:42 +12:00 · 7edc058121
parent 722f9d3f82
commit 7edc058121
2 changed files with 4 additions and 2 deletions
--- a/code/model/UserDefinedForm.php
+++ b/code/model/UserDefinedForm.php
@ -411,7 +411,9 @@ class UserDefinedForm_Controller extends Page_Controller
        if ($this->Content && $form = $this->Form()) {
            $hasLocation = stristr($this->Content, '$UserDefinedForm');
            if ($hasLocation) {
-                $content = preg_replace('/(<p[^>]*>)?\\$UserDefinedForm(<\\/p>)?/i', $form->forTemplate(), $this->Content);
+                /** @see Requirements_Backend::escapeReplacement */
+                $formEscapedForRegex = addcslashes($form->forTemplate(), '\\$');
+                $content = preg_replace('/(<p[^>]*>)?\\$UserDefinedForm(<\\/p>)?/i', $formEscapedForRegex, $this->Content);
                return array(
                    'Content' => DBField::create_field('HTMLText', $content),
                    'Form' => ""
--- a/templates/forms/UserFormsCheckboxSetField.ss
+++ b/templates/forms/UserFormsCheckboxSetField.ss
@ -3,7 +3,7 @@
        <div class="$Class">
            <input id="$ID" class="checkbox" name="$Name" type="checkbox" value="$Value.ATT"<% if $isChecked %>
                   checked="checked"<% end_if %><% if $isDisabled %> disabled="disabled"<% end_if %> />
-            <label for="$ID">$Title</label>
+            <label for="$ID">$Title.XML</label>
        </div>
    <% end_loop %>
 <% else %>