diff --git a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php index 93a18a24d3d..ee080731393 100644 --- a/lib/Cake/Test/Case/View/Helper/FormHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/FormHelperTest.php @@ -7018,7 +7018,7 @@ public function testPostLink() { ), 'input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST'), '/form', - 'a' => array('href' => '#', 'onclick' => 'preg:/if \(confirm\('Confirm\?'\)\) \{ document\.post_\w+\.submit\(\); \} event\.returnValue = false; return false;/'), + 'a' => array('href' => '#', 'onclick' => 'preg:/if \(confirm\("Confirm\?"\)\) \{ document\.post_\w+\.submit\(\); \} event\.returnValue = false; return false;/'), 'Delete', '/a' )); diff --git a/lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php b/lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php index 054b09641c1..20dba237a86 100644 --- a/lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php @@ -215,7 +215,7 @@ public function testLink() { $result = $this->Html->link('Home', '/home', array('confirm' => 'Are you sure you want to do this?')); $expected = array( - 'a' => array('href' => '/home', 'onclick' => 'return confirm('Are you sure you want to do this?');'), + 'a' => array('href' => '/home', 'onclick' => 'if (confirm("Are you sure you want to do this?")) { return true; } return false;'), 'Home', '/a' ); diff --git a/lib/Cake/View/Helper.php b/lib/Cake/View/Helper.php index 4db342f5f2a..cc7e1ed001f 100644 --- a/lib/Cake/View/Helper.php +++ b/lib/Cake/View/Helper.php @@ -496,6 +496,19 @@ protected function _formatAttribute($key, $value, $escape = true) { return sprintf($this->_attributeFormat, $key, ($escape ? h($value) : $value)); } +/** + * Returns a string to be used as onclick handler for confirm dialogs. + * + * @param string $message Message to be displayed + * @param string $okCode Code to be executed after user chose 'OK' + * @param string $cancelCode Code to be executed after user chose 'Cancel' + * @return string onclick JS code + */ + protected function _confirm($message, $okCode, $cancelCode = '') { + $message = json_encode($message); + return "if (confirm({$message})) { {$okCode} } {$cancelCode}"; + } + /** * Sets this helper's model and field properties to the dot-separated value-pair in $entity. * diff --git a/lib/Cake/View/Helper/FormHelper.php b/lib/Cake/View/Helper/FormHelper.php index 6f404896b4d..f2809fca821 100644 --- a/lib/Cake/View/Helper/FormHelper.php +++ b/lib/Cake/View/Helper/FormHelper.php @@ -1784,12 +1784,11 @@ public function postLink($title, $url = null, $options = array(), $confirmMessag $url = '#'; $onClick = 'document.' . $formName . '.submit();'; if ($confirmMessage) { - $confirmMessage = str_replace(array("'", '"'), array("\'", '\"'), $confirmMessage); - $options['onclick'] = "if (confirm('{$confirmMessage}')) { {$onClick} }"; + $options['onclick'] = $this->_confirm($confirmMessage, $onClick); } else { - $options['onclick'] = $onClick; + $options['onclick'] = $onClick . ' '; } - $options['onclick'] .= ' event.returnValue = false; return false;'; + $options['onclick'] .= 'event.returnValue = false; return false;'; $out .= $this->Html->link($title, $url, $options); return $out; diff --git a/lib/Cake/View/Helper/HtmlHelper.php b/lib/Cake/View/Helper/HtmlHelper.php index 247cd60202b..4b19f0c4536 100644 --- a/lib/Cake/View/Helper/HtmlHelper.php +++ b/lib/Cake/View/Helper/HtmlHelper.php @@ -359,15 +359,14 @@ public function link($title, $url = null, $options = array(), $confirmMessage = unset($options['confirm']); } if ($confirmMessage) { - $confirmMessage = str_replace("'", "\'", $confirmMessage); - $confirmMessage = str_replace('"', '\"', $confirmMessage); - $options['onclick'] = "return confirm('{$confirmMessage}');"; + $options['onclick'] = $this->_confirm($confirmMessage, 'return true;', 'return false;'); } elseif (isset($options['default']) && !$options['default']) { if (isset($options['onclick'])) { - $options['onclick'] .= ' event.returnValue = false; return false;'; + $options['onclick'] .= ' '; } else { - $options['onclick'] = 'event.returnValue = false; return false;'; + $options['onclick'] = ''; } + $options['onclick'] .= 'event.returnValue = false; return false;'; unset($options['default']); } return sprintf($this->_tags['link'], $url, $this->_parseAttributes($options), $title);