Permalink
Browse files

FIX Escaping in "dependent pages" (SS-2013-009)

  • Loading branch information...
chillu committed Sep 24, 2013
1 parent 79996a7 commit e170f4c21b908b27d91a7f19d9dee4817b6e434c
Showing with 14 additions and 2 deletions.
  1. +14 −2 code/model/SiteTree.php
View
@@ -1827,8 +1827,20 @@ public function getCMSFields() {
);
$dependentTable->getConfig()->getComponentByType('GridFieldDataColumns')
->setFieldFormatting(array(
- 'Title' => '<a href=\"admin/pages/edit/show/$ID\">$Title</a>',
- 'AbsoluteLink' => '<a href=\"$value\">$value</a>',
+ 'Title' => function($value, &$item) {
+ return sprintf(
+ '<a href=\"admin/pages/edit/show/%d\">%s</a>',
+ (int)$item->ID,
+ Convert::raw2xml($item->Title)
+ );
+ },
+ 'AbsoluteLink' => function($value, &$item) {
+ return sprintf(
+ '<a href=\"%s\">%s</a>',
+ Convert::raw2xml($value),
+ Convert::raw2xml($value)
+ );
+ }
));
}

0 comments on commit e170f4c

Please sign in to comment.