Permalink
Browse files

FIX Santise model classes in ModelAdmin

As ModelAdmin puts classes directly into links, a namespaced class
has its \s turned into /s, breaking the links. This escapes them by
converting each \ to a -, then converting them back when loading.
  • Loading branch information...
simonwelsh committed Jun 29, 2012
1 parent 5271504 commit 8d670283c9203d450350193705b5b9783a98412f
Showing with 24 additions and 8 deletions.
  1. +24 −8 admin/code/ModelAdmin.php
View
@@ -103,7 +103,7 @@ public function init() {
$models = $this->getManagedModels();
if($this->request->param('ModelClass')) {
- $this->modelClass = $this->request->param('ModelClass');
+ $this->modelClass = $this->unsanitiseClassName($this->request->param('ModelClass'));
} else {
reset($models);
$this->modelClass = key($models);
@@ -118,7 +118,7 @@ public function init() {
}
public function Link($action = null) {
- if(!$action) $action = $this->modelClass;
+ if(!$action) $action = $this->sanitiseClassName($this->modelClass);
return parent::Link($action);
}
@@ -127,7 +127,7 @@ function getEditForm($id = null, $fields = null) {
$exportButton = new GridFieldExportButton('before');
$exportButton->setExportColumns($this->getExportFields());
$listField = GridField::create(
- $this->modelClass,
+ $this->sanitiseClassName($this->modelClass),
false,
$list,
$fieldConfig = GridFieldConfig_RecordEditor::create($this->stat('page_length'))
@@ -150,7 +150,7 @@ function getEditForm($id = null, $fields = null) {
);
$form->addExtraClass('cms-edit-form cms-panel-padded center');
$form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
- $form->setFormAction(Controller::join_links($this->Link($this->modelClass), 'EditForm'));
+ $form->setFormAction(Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), 'EditForm'));
$form->setAttribute('data-pjax-fragment', 'CurrentForm');
$this->extend('updateEditForm', $form);
@@ -199,7 +199,7 @@ public function SearchForm() {
new RequiredFields()
);
$form->setFormMethod('get');
- $form->setFormAction($this->Link($this->modelClass));
+ $form->setFormAction($this->Link($this->sanitiseClassName($this->modelClass)));
$form->addExtraClass('cms-search-form');
$form->disableSecurityToken();
$form->loadDataFrom($this->request->getVars());
@@ -234,13 +234,29 @@ protected function getManagedModelTabs() {
$forms->push(new ArrayData(array (
'Title' => $options['title'],
'ClassName' => $class,
- 'Link' => $this->Link($class),
+ 'Link' => $this->Link($this->sanitiseClassName($class)),
'LinkOrCurrent' => ($class == $this->modelClass) ? 'current' : 'link'
)));
}
return $forms;
}
+
+ /**
+ * Sanitise a model class' name for inclusion in a link
+ * @return string
+ */
+ protected function sanitiseClassName($class) {
+ return str_replace('\\', '-', $class);
+ }
+
+ /**
+ * Unsanitise a model class' name from a URL param
+ * @return string
+ */
+ protected function unsanitiseClassName($class) {
+ return str_replace('-', '\\', $class);
+ }
/**
* @return array Map of class name to an array of 'title' (see {@link $managed_models})
@@ -350,7 +366,7 @@ public function ImportForm() {
$fields,
$actions
);
- $form->setFormAction(Controller::join_links($this->Link($this->modelClass), 'ImportForm'));
+ $form->setFormAction(Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), 'ImportForm'));
$this->extend('updateImportForm', $form);
@@ -419,7 +435,7 @@ public function Breadcrumbs($unlinked = false) {
// Show the class name rather than ModelAdmin title as root node
$models = $this->getManagedModels();
$items[0]->Title = $models[$this->modelClass]['title'];
- $items[0]->Link = $this->Link($this->modelClass);
+ $items[0]->Link = $this->Link($this->sanitiseClassName($this->modelClass));
return $items;
}

3 comments on commit 8d67028

@Firesphere

This comment has been minimized.

Show comment
Hide comment
@Firesphere

Firesphere Jul 9, 2012

Contributor

This sanitiseClassName breaks the "add image" popup in the WYSIWYG.

Contributor

Firesphere replied Jul 9, 2012

This sanitiseClassName breaks the "add image" popup in the WYSIWYG.

@chillu

This comment has been minimized.

Show comment
Hide comment
@chillu

chillu Jul 10, 2012

Member

@Firesphere Did you file a bug for that? Its likely to get lost as a github comment. Or maybe a pull request?

Member

chillu replied Jul 10, 2012

@Firesphere Did you file a bug for that? Its likely to get lost as a github comment. Or maybe a pull request?

@Firesphere

This comment has been minimized.

Show comment
Hide comment
@Firesphere

Firesphere Jul 10, 2012

Contributor

@chillu No, not yet, it seems to be failing at random on the sanitised classname, it's a bit too vague to make a real issue of it.

Contributor

Firesphere replied Jul 10, 2012

@chillu No, not yet, it seems to be failing at random on the sanitised classname, it's a bit too vague to make a real issue of it.

Please sign in to comment.