Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Correctly encode confirm handlers

With encode set to false the onclick handler will be sent through
h() regardless, making links and postLinks work again.
Alexander Hofbauer 12 years ago
parent
1c1701813b
commit
80e589f19d
5 changed files with 30 additions and 4 deletions
Split View Show Diff Stats
  1. 13 0
      lib/Cake/Test/Case/View/Helper/FormHelperTest.php
  2. 8 0
      lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php
  3. 7 2
      lib/Cake/View/Helper.php
  4. 1 1
      lib/Cake/View/Helper/FormHelper.php
  5. 1 1
      lib/Cake/View/Helper/HtmlHelper.php

+ 13 - 0
lib/Cake/Test/Case/View/Helper/FormHelperTest.php
View File 

@@ -7050,6 +7050,19 @@ class FormHelperTest extends CakeTestCase {
 
 			'/a'
 
 		));
 
 
+		$result = $this->Form->postLink('Delete', '/posts/delete/1', array('escape' => false), '\'Confirm\' this "deletion"?');
 
+		$this->assertTags($result, array(
 
+			'form' => array(
 
+				'method' => 'post', 'action' => '/posts/delete/1',
 
+				'name' => 'preg:/post_\w+/', 'id' => 'preg:/post_\w+/', 'style' => 'display:none;'
 
+			),
 
+			'input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST'),
 
+			'/form',
 
+			'a' => array('href' => '#', 'onclick' => 'preg:/if \(confirm\("'Confirm' this \\\\"deletion\\\\"\?"\)\) \{ document\.post_\w+\.submit\(\); \} event\.returnValue = false; return false;/'),
 
+			'Delete',
 
+			'/a'
 
+		));
 
+
 
 		$result = $this->Form->postLink('Delete', '/posts/delete', array('data' => array('id' => 1)));
 
 		$this->assertContains('<input type="hidden" name="data[id]" value="1"/>', $result);

+ 8 - 0
lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php
View File 

@@ -221,6 +221,14 @@ class HtmlHelperTest extends CakeTestCase {
 
 		);
 
 		$this->assertTags($result, $expected);
 
 
+		$result = $this->Html->link('Home', '/home', array('escape' => false, 'confirm' => 'Confirm\'s "nightmares"'));
 
+		$expected = array(
 
+			'a' => array('href' => '/home', 'onclick' => 'if (confirm(&quot;Confirm&#039;s \&quot;nightmares\&quot;&quot;)) { return true; } return false;'),
 
+			'Home',
 
+			'/a'
 
+		);
 
+		$this->assertTags($result, $expected);
 
+
 
 		$result = $this->Html->link('Home', '/home', array('default' => false));
 
 		$expected = array(
 
 			'a' => array('href' => '/home', 'onclick' => 'event.returnValue = false; return false;'),

+ 7 - 2
lib/Cake/View/Helper.php
View File 

@@ -505,11 +505,16 @@ class Helper extends Object {
 
  * @param string $message Message to be displayed
 
  * @param string $okCode Code to be executed after user chose 'OK'
 
  * @param string $cancelCode Code to be executed after user chose 'Cancel'
 
+ * @param array $options Array of options
 
  * @return string onclick JS code
 
  */
 
-	protected function _confirm($message, $okCode, $cancelCode = '') {
 
+	protected function _confirm($message, $okCode, $cancelCode = '', $options = array()) {
 
 		$message = json_encode($message);
 
-		return "if (confirm({$message})) { {$okCode} } {$cancelCode}";
 
+		$confirm = "if (confirm({$message})) { {$okCode} } {$cancelCode}";
 
+		if (isset($options['escape']) && $options['escape'] === false) {
 
+			$confirm = h($confirm);
 
+		}
 
+		return $confirm;
 
 	}
 
 
 /**

+ 1 - 1
lib/Cake/View/Helper/FormHelper.php
View File 

@@ -1784,7 +1784,7 @@ class FormHelper extends AppHelper {
 
 		$url = '#';
 
 		$onClick = 'document.' . $formName . '.submit();';
 
 		if ($confirmMessage) {
 
-			$options['onclick'] = $this->_confirm($confirmMessage, $onClick);
 
+			$options['onclick'] = $this->_confirm($confirmMessage, $onClick, '', $options);
 
 		} else {
 
 			$options['onclick'] = $onClick . ' ';
 
 		}

+ 1 - 1
lib/Cake/View/Helper/HtmlHelper.php
View File 

@@ -359,7 +359,7 @@ class HtmlHelper extends AppHelper {
 
 			unset($options['confirm']);
 
 		}
 
 		if ($confirmMessage) {
 
-			$options['onclick'] = $this->_confirm($confirmMessage, 'return true;', 'return false;');
 
+			$options['onclick'] = $this->_confirm($confirmMessage, 'return true;', 'return false;', $options);
 
 		} elseif (isset($options['default']) && !$options['default']) {
 
 			if (isset($options['onclick'])) {
 
 				$options['onclick'] .= ' ';