Skip to content

Commit

Permalink
[BUGFIX] Add more safety checks when dealing with buttons in the BE
Browse files Browse the repository at this point in the history 
This patch adds more sanity checks to the SplitButton when rendering
its items. Specifically the existence of getters is checked if those
are not part of the AbstractButton already.

Resolves: #89729
Releases: master, 9.5
Change-Id: I654238e1c9d606596348119374ac283dda1c1713
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62360
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Johannes Kasberger <johannes.kasberger@reelworx.at>
Tested-by: Susanne Moog <look@susi.dev>
Reviewed-by: Johannes Kasberger <johannes.kasberger@reelworx.at>
Reviewed-by: Susanne Moog <look@susi.dev>
  • Loading branch information
@liayn @susannemoog
liayn authored and susannemoog committed Jan 24, 2020
1 parent 82a23c3 commit 9b0beb7
Showing 1 changed file with 37 additions and 28 deletions.
65 changes: 37 additions & 28 deletions typo3/sysext/backend/Classes/Template/Components/Buttons/SplitButton.php
View file
Expand Up @@ -119,13 +119,9 @@ public function getButton()
public function isValid()
{
$subject = $this->getButton();
if (isset($subject['primary'])
&& ($subject['primary'] instanceof AbstractButton)
&& isset($subject['options'])
) {
return true;
}
return false;
return isset($subject['primary'])
&& ($subject['primary'] instanceof AbstractButton)
&& isset($subject['options']);
}

/**
Expand All @@ -139,13 +135,17 @@ public function render()
$attributes = [
'type' => 'submit',
'class' => 'btn btn-sm btn-default ' . $items['primary']->getClasses(),
'name' => $items['primary']->getName(),
'value' => $items['primary']->getValue()
];
if (method_exists($items['primary'], 'getName')) {
$attributes['name'] = $items['primary']->getName();
}
if (method_exists($items['primary'], 'getValue')) {
$attributes['value'] = $items['primary']->getValue();
}
if (!empty($items['primary']->getOnClick())) {
$attributes['onclick'] = $items['primary']->getOnClick();
}
if (!empty($items['primary']->getForm())) {
if (method_exists($items['primary'], 'getForm') && !empty($items['primary']->getForm())) {
$attributes['form'] = $items['primary']->getForm();
}
$attributesString = '';
Expand All @@ -164,28 +164,37 @@ public function render()
</button>
<ul class="dropdown-menu">';

/** @var InputButton $option */
/** @var AbstractButton $option */
foreach ($items['options'] as $option) {
$optionAttributes = [
'href' => '#',
'data-name' => $option->getName(),
'data-value' => $option->getValue(),
'data-form' => $option->getForm()
];
if (!empty($option->getClasses())) {
$optionAttributes['class'] = $option->getClasses();
}
if (!empty($option->getOnClick())) {
$optionAttributes['onclick'] = $option->getOnClick();
}
$optionAttributesString = '';
foreach ($optionAttributes as $key => $value) {
$optionAttributesString .= ' ' . htmlspecialchars($key) . '="' . htmlspecialchars($value) . '"';
if ($option instanceof InputButton) {
// if the option is an InputButton we have to create a custom rendering
$optionAttributes = [
'href' => '#',
'data-name' => $option->getName(),
'data-value' => $option->getValue(),
'data-form' => $option->getForm()
];

if (!empty($option->getClasses())) {
$optionAttributes['class'] = $option->getClasses();
}
if (!empty($option->getOnClick())) {
$optionAttributes['onclick'] = $option->getOnClick();
}
$optionAttributesString = '';
foreach ($optionAttributes as $key => $value) {
$optionAttributesString .= ' ' . htmlspecialchars($key) . '="' . htmlspecialchars($value) . '"';
}
$html = '<a' . $optionAttributesString . '>' . $option->getIcon()->render('inline') . ' '
. htmlspecialchars($option->getTitle()) . '</a>';
} else {
// for any other kind of button we simply use what comes along (e.g. LinkButton)
$html = $option->render();
}

$content .= '
<li>
<a' . $optionAttributesString . '>' . $option->getIcon()->render('inline') . ' '
. htmlspecialchars($option->getTitle()) . '</a>
' . $html . '
</li>
';
}
Expand Down

0 comments on commit 9b0beb7

Please sign in to comment.