Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

FIX Santise model classes in ModelAdmin

As ModelAdmin puts classes directly into links, a namespaced class
has its \s turned into /s, breaking the links. This escapes them by
converting each \ to a -, then converting them back when loading.
  • Loading branch information...
commit 8d670283c9203d450350193705b5b9783a98412f 1 parent 5271504
@simonwelsh simonwelsh authored
Showing with 24 additions and 8 deletions.
  1. +24 −8 admin/code/ModelAdmin.php
View
32 admin/code/ModelAdmin.php
@@ -103,7 +103,7 @@ public function init() {
$models = $this->getManagedModels();
if($this->request->param('ModelClass')) {
- $this->modelClass = $this->request->param('ModelClass');
+ $this->modelClass = $this->unsanitiseClassName($this->request->param('ModelClass'));
} else {
reset($models);
$this->modelClass = key($models);
@@ -118,7 +118,7 @@ public function init() {
}
public function Link($action = null) {
- if(!$action) $action = $this->modelClass;
+ if(!$action) $action = $this->sanitiseClassName($this->modelClass);
return parent::Link($action);
}
@@ -127,7 +127,7 @@ function getEditForm($id = null, $fields = null) {
$exportButton = new GridFieldExportButton('before');
$exportButton->setExportColumns($this->getExportFields());
$listField = GridField::create(
- $this->modelClass,
+ $this->sanitiseClassName($this->modelClass),
false,
$list,
$fieldConfig = GridFieldConfig_RecordEditor::create($this->stat('page_length'))
@@ -150,7 +150,7 @@ function getEditForm($id = null, $fields = null) {
);
$form->addExtraClass('cms-edit-form cms-panel-padded center');
$form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
- $form->setFormAction(Controller::join_links($this->Link($this->modelClass), 'EditForm'));
+ $form->setFormAction(Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), 'EditForm'));
$form->setAttribute('data-pjax-fragment', 'CurrentForm');
$this->extend('updateEditForm', $form);
@@ -199,7 +199,7 @@ public function SearchForm() {
new RequiredFields()
);
$form->setFormMethod('get');
- $form->setFormAction($this->Link($this->modelClass));
+ $form->setFormAction($this->Link($this->sanitiseClassName($this->modelClass)));
$form->addExtraClass('cms-search-form');
$form->disableSecurityToken();
$form->loadDataFrom($this->request->getVars());
@@ -234,13 +234,29 @@ protected function getManagedModelTabs() {
$forms->push(new ArrayData(array (
'Title' => $options['title'],
'ClassName' => $class,
- 'Link' => $this->Link($class),
+ 'Link' => $this->Link($this->sanitiseClassName($class)),
'LinkOrCurrent' => ($class == $this->modelClass) ? 'current' : 'link'
)));
}
return $forms;
}
+
+ /**
+ * Sanitise a model class' name for inclusion in a link
+ * @return string
+ */
+ protected function sanitiseClassName($class) {
+ return str_replace('\\', '-', $class);
+ }
+
+ /**
+ * Unsanitise a model class' name from a URL param
+ * @return string
+ */
+ protected function unsanitiseClassName($class) {
+ return str_replace('-', '\\', $class);
+ }
/**
* @return array Map of class name to an array of 'title' (see {@link $managed_models})
@@ -350,7 +366,7 @@ public function ImportForm() {
$fields,
$actions
);
- $form->setFormAction(Controller::join_links($this->Link($this->modelClass), 'ImportForm'));
+ $form->setFormAction(Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), 'ImportForm'));
$this->extend('updateImportForm', $form);
@@ -419,7 +435,7 @@ public function Breadcrumbs($unlinked = false) {
// Show the class name rather than ModelAdmin title as root node
$models = $this->getManagedModels();
$items[0]->Title = $models[$this->modelClass]['title'];
- $items[0]->Link = $this->Link($this->modelClass);
+ $items[0]->Link = $this->Link($this->sanitiseClassName($this->modelClass));
return $items;
}

3 comments on commit 8d67028

@Firesphere

This sanitiseClassName breaks the "add image" popup in the WYSIWYG.

@chillu
Owner

@Firesphere Did you file a bug for that? Its likely to get lost as a github comment. Or maybe a pull request?

@Firesphere

@chillu No, not yet, it seems to be failing at random on the sanitised classname, it's a bit too vague to make a real issue of it.

Please sign in to comment.
Something went wrong with that request. Please try again.