Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

FIX Santise model classes in ModelAdmin

As ModelAdmin puts classes directly into links, a namespaced class
has its \s turned into /s, breaking the links. This escapes them by
converting each \ to a -, then converting them back when loading.
  • Loading branch information...
commit 8d670283c9203d450350193705b5b9783a98412f 1 parent 5271504
Simon Welsh simonwelsh authored
Showing with 24 additions and 8 deletions.
  1. +24 −8 admin/code/ModelAdmin.php
32 admin/code/ModelAdmin.php
View
@@ -103,7 +103,7 @@ public function init() {
$models = $this->getManagedModels();
if($this->request->param('ModelClass')) {
- $this->modelClass = $this->request->param('ModelClass');
+ $this->modelClass = $this->unsanitiseClassName($this->request->param('ModelClass'));
} else {
reset($models);
$this->modelClass = key($models);
@@ -118,7 +118,7 @@ public function init() {
}
public function Link($action = null) {
- if(!$action) $action = $this->modelClass;
+ if(!$action) $action = $this->sanitiseClassName($this->modelClass);
return parent::Link($action);
}
@@ -127,7 +127,7 @@ function getEditForm($id = null, $fields = null) {
$exportButton = new GridFieldExportButton('before');
$exportButton->setExportColumns($this->getExportFields());
$listField = GridField::create(
- $this->modelClass,
+ $this->sanitiseClassName($this->modelClass),
false,
$list,
$fieldConfig = GridFieldConfig_RecordEditor::create($this->stat('page_length'))
@@ -150,7 +150,7 @@ function getEditForm($id = null, $fields = null) {
);
$form->addExtraClass('cms-edit-form cms-panel-padded center');
$form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
- $form->setFormAction(Controller::join_links($this->Link($this->modelClass), 'EditForm'));
+ $form->setFormAction(Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), 'EditForm'));
$form->setAttribute('data-pjax-fragment', 'CurrentForm');
$this->extend('updateEditForm', $form);
@@ -199,7 +199,7 @@ public function SearchForm() {
new RequiredFields()
);
$form->setFormMethod('get');
- $form->setFormAction($this->Link($this->modelClass));
+ $form->setFormAction($this->Link($this->sanitiseClassName($this->modelClass)));
$form->addExtraClass('cms-search-form');
$form->disableSecurityToken();
$form->loadDataFrom($this->request->getVars());
@@ -234,13 +234,29 @@ protected function getManagedModelTabs() {
$forms->push(new ArrayData(array (
'Title' => $options['title'],
'ClassName' => $class,
- 'Link' => $this->Link($class),
+ 'Link' => $this->Link($this->sanitiseClassName($class)),
'LinkOrCurrent' => ($class == $this->modelClass) ? 'current' : 'link'
)));
}
return $forms;
}
+
+ /**
+ * Sanitise a model class' name for inclusion in a link
+ * @return string
+ */
+ protected function sanitiseClassName($class) {
+ return str_replace('\\', '-', $class);
+ }
+
+ /**
+ * Unsanitise a model class' name from a URL param
+ * @return string
+ */
+ protected function unsanitiseClassName($class) {
+ return str_replace('-', '\\', $class);
+ }
/**
* @return array Map of class name to an array of 'title' (see {@link $managed_models})
@@ -350,7 +366,7 @@ public function ImportForm() {
$fields,
$actions
);
- $form->setFormAction(Controller::join_links($this->Link($this->modelClass), 'ImportForm'));
+ $form->setFormAction(Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), 'ImportForm'));
$this->extend('updateImportForm', $form);
@@ -419,7 +435,7 @@ public function Breadcrumbs($unlinked = false) {
// Show the class name rather than ModelAdmin title as root node
$models = $this->getManagedModels();
$items[0]->Title = $models[$this->modelClass]['title'];
- $items[0]->Link = $this->Link($this->modelClass);
+ $items[0]->Link = $this->Link($this->sanitiseClassName($this->modelClass));
return $items;
}

3 comments on commit 8d67028

Simon Erkelens

This sanitiseClassName breaks the "add image" popup in the WYSIWYG.

Ingo Schommer
Owner

@Firesphere Did you file a bug for that? Its likely to get lost as a github comment. Or maybe a pull request?

Simon Erkelens

@chillu No, not yet, it seems to be failing at random on the sanitised classname, it's a bit too vague to make a real issue of it.

Please sign in to comment.
Something went wrong with that request. Please try again.