Lipsiasoft / lipsiadmin

- 114
- 10

Lipsiadmin is a new revolutionary admin for your projects. Lipsiadmin is based on Ext Js 3+. framework (with prototype adapter) and is ready for Rails 2.+.

This admin is for newbie developper but also for experts, is not entirely written in javascript because the aim of developper wose build in a agile way web/site apps so we use extjs in a new intelligent way a mixin of “old” html and new ajax functions, for example ext manage the layout of page, grids, tree and errors, but form are in html code.

Sort by: Priority | Votes | Last Updated

Loading…

2.

0 votes

simple_error_messages_for broken for localized error strings with single quote
1 comment Created 2 months ago by joe1chen

Title

Body
When I try to save an object and there is an error, if the error string contains a single quote, then there is a Javascript error. The bug is that simple_error_messages_for does not properly escape single quote's. Here is my solution: Add a javascript_escape helper that escapes single quote to \x27 and (double quote to \x22 to be safe). module Lipsiadmin module View module Helpers module BackendHelper def javascript_escape(msg) msg = ERB::Util.html_escape(msg) msg.gsub!(/'/, "\\x27") msg.gsub!(/"/, "\\x22") msg end # This method work like builtin Rails error_message_for but use an Ext.Message.show({..}) def simple_error_messages_for(*params) options = params.extract_options!.symbolize_keys if object = options.delete(:object) objects = [object].flatten else objects = params.collect {|object_name| instance_variable_get("@#{object_name}") }.compact end count = objects.inject(0) {|sum, object| sum + object.errors.count } unless count.zero? html = {} [:id, :class].each do |key| if options.include?(key) value = options[key] html[key] = value unless value.blank? else html[key] = 'errorExplanation' end end options[:object_name] ||= params.first I18n.with_options :locale => options[:locale], :scope => [:activerecord, :errors, :template] do |locale| header_message = if options.include?(:header_message) javascript_escape(options[:header_message]) else object_name = options[:object_name].to_s.gsub('_', ' ') object_name = I18n.t(object_name, :default => object_name, :scope => [:activerecord, :models], :count => 1) locale.t :header, :count => count, :model => object_name end message = options.include?(:message) ? options[:message] : locale.t(:body) error_messages = objects.sum {|object| object.errors.full_messages.map {|msg| content_tag(:li, javascript_escape(msg)) } }.join contents = '' contents << content_tag(:p, javascript_escape(message)) unless message.blank? contents << content_tag(:ul, error_messages, :class => :list) content_tag(:script, "Ext.Msg.show({ title: '#{header_message}', msg: '<ul>#{contents}</ul>', buttons: Ext.Msg.OK, minWidth: 400 });", :type => Mime::JS) end else '' end end end end end end
or cancel
When I try to save an object and there is an error, if the error string contains a single quote, then there is a Javascript error.

The bug is that simple_error_messages_for does not properly escape single quote's.

Here is my solution:

Add a javascript_escape helper that escapes single quote to \x27 and (double quote to \x22 to be safe).
```
module Lipsiadmin
  module View
    module Helpers
      module BackendHelper

        def javascript_escape(msg)
          msg = ERB::Util.html_escape(msg)
          msg.gsub!(/'/, "\\x27")
          msg.gsub!(/"/, "\\x22")
          msg
        end

        # This method work like builtin Rails error_message_for but use an Ext.Message.show({..})
        def simple_error_messages_for(*params)
          options = params.extract_options!.symbolize_keys

          if object = options.delete(:object)
            objects = [object].flatten
          else
            objects = params.collect {|object_name| instance_variable_get("@#{object_name}") }.compact
          end

          count  = objects.inject(0) {|sum, object| sum + object.errors.count }
          unless count.zero?
            html = {}
            [:id, :class].each do |key|
              if options.include?(key)
                value = options[key]
                html[key] = value unless value.blank?
              else
                html[key] = 'errorExplanation'
              end
            end
            options[:object_name] ||= params.first

            I18n.with_options :locale => options[:locale], :scope => [:activerecord, :errors, :template] do |locale|
              header_message = if options.include?(:header_message)
                javascript_escape(options[:header_message])
              else
                object_name = options[:object_name].to_s.gsub('_', ' ')
                object_name = I18n.t(object_name, :default => object_name, :scope => [:activerecord, :models], :count => 1)
                locale.t :header, :count => count, :model => object_name
              end
              message = options.include?(:message) ? options[:message] : locale.t(:body)
              error_messages = objects.sum {|object| object.errors.full_messages.map {|msg| content_tag(:li, javascript_escape(msg)) } }.join

              contents = ''
              contents << content_tag(:p, javascript_escape(message)) unless message.blank?
              contents << content_tag(:ul, error_messages, :class => :list)

              content_tag(:script, "Ext.Msg.show({
                          title: '#{header_message}',
                          msg: '<ul>#{contents}</ul>',
                          buttons: Ext.Msg.OK,
                          minWidth: 400 
                        });", :type => Mime::JS)
            end
          else
            ''
          end
        end
      end
    end
  end
end
```
Comments

Lipsiasoft Thu Nov 05 07:52:22 -0800 2009 | link

Hi, I fixed this problem, but I used the builtin escape_javascript.

I do some tests but confirm me that it's okey also for you.

Thanks!

Comment
Hi, I fixed this problem, but I used the builtin escape_javascript. I do some tests but confirm me that it's okey also for you. Thanks!
or cancel

Parsed with GitHub Flavored Markdown
1.

1 vote

please rename named_scope :paginate to something else
6 comments Created 3 months ago by dru

Title

Body
please rename named_scope :paginate in UtilityScopes to somthing else it conflicts with paginate method of mislav-will_paginate on frontend side
or cancel

please rename named_scope :paginate in UtilityScopes to somthing else
it conflicts with paginate method of mislav-will_paginate on frontend side

Comments

Lipsiasoft Tue Sep 29 09:22:29 -0700 2009 | link

I think both do the same thing in the next version I will accept same params of will-paginate. Can be okey?

Comment
I think both do the same thing in the next version I will accept same params of will-paginate. Can be okey?
or cancel

dru Tue Sep 29 09:29:29 -0700 2009 | link

problem is that willpaginate's 'paginate' method returns WillPaginate::Collection with some extended methods such as 'total_pages' not ActiveRecord::NamedScope::Scope as standard scope

so just mimic parameters is not a solution :(

Comment
problem is that willpaginate's 'paginate' method returns WillPaginate::Collection with some extended methods such as 'total_pages' not ActiveRecord::NamedScope::Scope as standard scope so just mimic parameters is not a solution :(
or cancel

parolkar Thu Oct 01 04:14:36 -0700 2009 | link

Oshh, I also faced the same problem... mimicing parameters will not be solution, you must rename the paginate named scope which was introduced in commit # 9793430 ,

Comment
Oshh, I also faced the same problem... mimicing parameters will not be solution, you must rename the paginate named scope which was introduced in commit # 97934305bddab26984568aeee8d4194192eaf585 ,
or cancel

parolkar Thu Oct 01 04:16:50 -0700 2009 | link

This is the damage lipsiadmin installation does on app which uses will_paginate
http://gist.github.com/198876

Comment
This is the damage lipsiadmin installation does on app which uses will_paginate http://gist.github.com/198876
or cancel

Lipsiasoft Fri Oct 02 04:07:53 -0700 2009 | link

thanks, for this issue, we are working hard to fix them as soon as is possible. We need to mantain in some way backwards compatibility

Comment
thanks, for this issue, we are working hard to fix them as soon as is possible. We need to mantain in some way backwards compatibility
or cancel

Lipsiasoft Thu Nov 05 09:23:12 -0800 2009 | link

HI guys, now named scope are ext_search and ext_paginate, but for mantain backwards compatibility I aliased them to search and paginate. You or will paginate itself can easy override them.

Tell me if the problem it's solved.

Comment
HI guys, now named scope are ext_search and ext_paginate, but for mantain backwards compatibility I aliased them to search and paginate. You or will paginate itself can easy override them. Tell me if the problem it's solved.
or cancel

Parsed with GitHub Flavored Markdown

Labels

Lipsiasoft / lipsiadmin

Pledgie Donations

simple_error_messages_for broken for localized error strings with single quote

Comments

please rename named_scope :paginate to something else

Comments