Skip to content
This repository
Browse code

FIX Santise model classes in ModelAdmin

As ModelAdmin puts classes directly into links, a namespaced class
has its \s turned into /s, breaking the links. This escapes them by
converting each \ to a -, then converting them back when loading.
  • Loading branch information...
commit 8d670283c9203d450350193705b5b9783a98412f 1 parent 5271504
Simon Welsh authored June 29, 2012

Showing 1 changed file with 24 additions and 8 deletions. Show diff stats Hide diff stats

  1. 32  admin/code/ModelAdmin.php
32  admin/code/ModelAdmin.php
@@ -103,7 +103,7 @@ public function init() {
103 103
 		$models = $this->getManagedModels();
104 104
 
105 105
 		if($this->request->param('ModelClass')) {
106  
-			$this->modelClass = $this->request->param('ModelClass');
  106
+			$this->modelClass = $this->unsanitiseClassName($this->request->param('ModelClass'));
107 107
 		} else {
108 108
 			reset($models);
109 109
 			$this->modelClass = key($models);
@@ -118,7 +118,7 @@ public function init() {
118 118
 	}
119 119
 
120 120
 	public function Link($action = null) {
121  
-		if(!$action) $action = $this->modelClass;
  121
+		if(!$action) $action = $this->sanitiseClassName($this->modelClass);
122 122
 		return parent::Link($action);
123 123
 	}
124 124
 
@@ -127,7 +127,7 @@ function getEditForm($id = null, $fields = null) {
127 127
 		$exportButton = new GridFieldExportButton('before');
128 128
 		$exportButton->setExportColumns($this->getExportFields());
129 129
 		$listField = GridField::create(
130  
-			$this->modelClass,
  130
+			$this->sanitiseClassName($this->modelClass),
131 131
 			false,
132 132
 			$list,
133 133
 			$fieldConfig = GridFieldConfig_RecordEditor::create($this->stat('page_length'))
@@ -150,7 +150,7 @@ function getEditForm($id = null, $fields = null) {
150 150
 		);
151 151
 		$form->addExtraClass('cms-edit-form cms-panel-padded center');
152 152
 		$form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
153  
-		$form->setFormAction(Controller::join_links($this->Link($this->modelClass), 'EditForm'));
  153
+		$form->setFormAction(Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), 'EditForm'));
154 154
 		$form->setAttribute('data-pjax-fragment', 'CurrentForm');
155 155
 
156 156
 		$this->extend('updateEditForm', $form);
@@ -199,7 +199,7 @@ public function SearchForm() {
199 199
 			new RequiredFields()
200 200
 		);
201 201
 		$form->setFormMethod('get');
202  
-		$form->setFormAction($this->Link($this->modelClass));
  202
+		$form->setFormAction($this->Link($this->sanitiseClassName($this->modelClass)));
203 203
 		$form->addExtraClass('cms-search-form');
204 204
 		$form->disableSecurityToken();
205 205
 		$form->loadDataFrom($this->request->getVars());
@@ -234,13 +234,29 @@ protected function getManagedModelTabs() {
234 234
 			$forms->push(new ArrayData(array (
235 235
 				'Title'     => $options['title'],
236 236
 				'ClassName' => $class,
237  
-				'Link' => $this->Link($class),
  237
+				'Link' => $this->Link($this->sanitiseClassName($class)),
238 238
 				'LinkOrCurrent' => ($class == $this->modelClass) ? 'current' : 'link'
239 239
 			)));
240 240
 		}
241 241
 		
242 242
 		return $forms;
243 243
 	}
  244
+
  245
+	/**
  246
+	 * Sanitise a model class' name for inclusion in a link
  247
+	 * @return string
  248
+	 */
  249
+	protected function sanitiseClassName($class) {
  250
+		return str_replace('\\', '-', $class);
  251
+	}
  252
+
  253
+	/**
  254
+	 * Unsanitise a model class' name from a URL param
  255
+	 * @return string
  256
+	 */
  257
+	protected function unsanitiseClassName($class) {
  258
+		return str_replace('-', '\\', $class);
  259
+	}
244 260
 	
245 261
 	/**
246 262
 	 * @return array Map of class name to an array of 'title' (see {@link $managed_models})
@@ -350,7 +366,7 @@ public function ImportForm() {
350 366
 			$fields,
351 367
 			$actions
352 368
 		);
353  
-		$form->setFormAction(Controller::join_links($this->Link($this->modelClass), 'ImportForm'));
  369
+		$form->setFormAction(Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), 'ImportForm'));
354 370
 
355 371
 		$this->extend('updateImportForm', $form);
356 372
 
@@ -419,7 +435,7 @@ public function Breadcrumbs($unlinked = false) {
419 435
 		// Show the class name rather than ModelAdmin title as root node
420 436
 		$models = $this->getManagedModels();
421 437
 		$items[0]->Title = $models[$this->modelClass]['title'];
422  
-		$items[0]->Link = $this->Link($this->modelClass);
  438
+		$items[0]->Link = $this->Link($this->sanitiseClassName($this->modelClass));
423 439
 		
424 440
 		return $items;
425 441
 	}

3 notes on commit 8d67028

Simon Erkelens

This sanitiseClassName breaks the "add image" popup in the WYSIWYG.

Ingo Schommer
Owner

@Firesphere Did you file a bug for that? Its likely to get lost as a github comment. Or maybe a pull request?

Simon Erkelens

@chillu No, not yet, it seems to be failing at random on the sanitised classname, it's a bit too vague to make a real issue of it.

Please sign in to comment.
Something went wrong with that request. Please try again.