Skip to content

Commit

Permalink
[FEATURE] add more quoting
Browse files Browse the repository at this point in the history 
Signed-off-by: Kay Strobach <[email protected]>
  • Loading branch information
@kaystrobach
kaystrobach committed Oct 19, 2022
1 parent 505b414 commit e59b3e5
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 11 deletions.
2 changes: 1 addition & 1 deletion Classes/Tca/AbstractContentRow.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ protected function getMissedFields($values, $valuesAvailable)
{
$missedField = '';
$missedClasses = array_diff($values, $valuesAvailable);
$missedClass = htmlspecialchars(implode(', ', $missedClasses));
$missedClass = htmlspecialchars(implode(', ', $missedClasses), ENT_QUOTES | ENT_HTML5);
if (!empty($missedClass)) {
$label = $this->getLanguageService()->sL('LLL:EXT:themes/Resources/Private/Language/locallang.xlf:unavailable_classes');
$missedField = '<div class="alert alert-danger" role="alert"><strong>'.$label.':</strong> '.$missedClass.'</div>';
Expand Down
24 changes: 21 additions & 3 deletions Classes/Tca/ContentColumnSettings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

namespace KayStrobach\Themes\Tca;

use TYPO3\CMS\Backend\Form\NodeFactory;
use TYPO3\CMS\Core\Imaging\IconFactory;
use TYPO3\CMS\Core\Utility\GeneralUtility;

/***************************************************************
*
* Copyright notice
Expand Down Expand Up @@ -32,6 +36,20 @@
*/
class ContentColumnSettings extends AbstractContentRow
{
/**
* Container objects give $nodeFactory down to other containers.
*
* @param NodeFactory $nodeFactory
* @param array $data
*/
public function __construct(NodeFactory $nodeFactory = null, array $data = null)
{
if ($nodeFactory !== null) {
parent::__construct($nodeFactory, $data);
}
$this->iconFactory = GeneralUtility::makeInstance(IconFactory::class);
}

/**
* Render a row for enforcing equal height of a column.
*
Expand Down Expand Up @@ -101,8 +119,8 @@ public function render()
}
// Process current classes/identifiers
$setClasses = array_intersect($values, $valuesAvailable);
$setClass = htmlspecialchars(implode(' ', $setClasses));
$setValue = htmlspecialchars(implode(',', $setClasses));
$setClass = htmlspecialchars(implode(' ', $setClasses), ENT_QUOTES | ENT_HTML5);
$setValue = htmlspecialchars(implode(',', $setClasses), ENT_QUOTES | ENT_HTML5);
// Allow admins to see the internal identifiers
$inputType = 'hidden';
if ($this->isAdminAndDebug()) {
Expand All @@ -113,7 +131,7 @@ public function render()
$hiddenField .= '<div class="form-control-wrap">'.LF;
$hiddenField .= '<input class="form-control themes-hidden-admin-field '.$setClass.'" ';
$hiddenField .= 'readonly="readonly" type="'.$inputType.'" ';
$hiddenField .= 'name="'.htmlspecialchars($name).'" ';
$hiddenField .= 'name="'. htmlspecialchars($name, ENT_QUOTES | ENT_HTML5) .'" ';
$hiddenField .= 'value="'.$setValue.'" class="'.$setClass.'">'.LF;
$hiddenField .= '</div>'.LF;
$hiddenField .= '</div>'.LF;
Expand Down
8 changes: 4 additions & 4 deletions Classes/Tca/ContentEnforceEqualColumnHeight.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ public function render()
$checkboxes .= '<label class="t3js-formengine-label">'.$this->getLanguageService()->sL($label).'</label>'.LF;
if (isset($settings['rowSettings.']) && is_array($settings['rowSettings.'])) {

// check if theres already a value selected
// check if there is already a value selected
$valueSet = false;
foreach ($settings['rowSettings.'] as $visibilityKey => $_) {
$tempKey = $groupKey.'-'.$visibilityKey;
Expand All @@ -100,8 +100,8 @@ public function render()
}
// Process current classes/identifiers
$setClasses = array_intersect($values, $valuesAvailable);
$setClass = htmlspecialchars(implode(' ', $setClasses));
$setValue = htmlspecialchars(implode(',', $setClasses));
$setClass = htmlspecialchars(implode(' ', $setClasses), ENT_QUOTES | ENT_HTML5);
$setValue = htmlspecialchars(implode(',', $setClasses), ENT_QUOTES | ENT_HTML5);
// Allow admins to see the internal identifiers
$inputType = 'hidden';
if ($this->isAdminAndDebug()) {
Expand All @@ -112,7 +112,7 @@ public function render()
$hiddenField .= '<div class="form-control-wrap">'.LF;
$hiddenField .= '<input class="form-control themes-hidden-admin-field '.$setClass.'" ';
$hiddenField .= 'readonly="readonly" type="'.$inputType.'" ';
$hiddenField .= 'name="'.htmlspecialchars($name).'" ';
$hiddenField .= 'name="'. htmlspecialchars($name, ENT_QUOTES | ENT_HTML5) .'" ';
$hiddenField .= 'value="'.$setValue.'" class="'.$setClass.'">'.LF;
$hiddenField .= '</div>'.LF;
$hiddenField .= '</div>'.LF;
Expand Down
6 changes: 3 additions & 3 deletions Classes/Tca/ContentResponsive.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,8 +212,8 @@ public function render()
}
// Process current classes/identifiers
$setClasses = array_intersect($values, $valuesAvailable);
$setClass = htmlspecialchars(implode(' ', $setClasses));
$setValue = htmlspecialchars(implode(',', $setClasses));
$setClass = htmlspecialchars(implode(' ', $setClasses), ENT_QUOTES | ENT_HTML5);
$setValue = htmlspecialchars(implode(',', $setClasses), ENT_QUOTES | ENT_HTML5);
// Allow admins to see the internal identifiers
$inputType = 'hidden';
if ($this->isAdminAndDebug()) {
Expand All @@ -225,7 +225,7 @@ public function render()
$hiddenField .= '<div class="form-control-wrap">'.LF;
$hiddenField .= '<input class="form-control themes-hidden-admin-field '.$setClass.'" ';
$hiddenField .= 'readonly="readonly" type="'.$inputType.'" ';
$hiddenField .= 'name="'.htmlspecialchars($name).'" ';
$hiddenField .= 'name="'. htmlspecialchars($name, ENT_QUOTES | ENT_HTML5) .'" ';
$hiddenField .= 'value="'.$setValue.'" class="'.$setClass.'">'.LF;
$hiddenField .= '</div>'.LF;
$hiddenField .= '</div>'.LF;
Expand Down

0 comments on commit e59b3e5

Please sign in to comment.