mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 03:18:26 +00:00
Correctly encode confirm handlers
With encode set to false the onclick handler will be sent through h() regardless, making links and postLinks work again.
This commit is contained in:
Alexander Hofbauer
parent
1c1701813b
commit
80e589f19d
5 changed files with 30 additions and 4 deletions
|
|
@ -7050,6 +7050,19 @@ class FormHelperTest extends CakeTestCase {
|
|||
'/a'
|
||||
));
|
||||
|
||||
$result = $this->Form->postLink('Delete', '/posts/delete/1', array('escape' => false), '\'Confirm\' this "deletion"?');
|
||||
$this->assertTags($result, array(
|
||||
'form' => array(
|
||||
'method' => 'post', 'action' => '/posts/delete/1',
|
||||
'name' => 'preg:/post_\w+/', 'id' => 'preg:/post_\w+/', 'style' => 'display:none;'
|
||||
),
|
||||
'input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST'),
|
||||
'/form',
|
||||
'a' => array('href' => '#', 'onclick' => 'preg:/if \(confirm\("'Confirm' this \\\\"deletion\\\\"\?"\)\) \{ document\.post_\w+\.submit\(\); \} event\.returnValue = false; return false;/'),
|
||||
'Delete',
|
||||
'/a'
|
||||
));
|
||||
|
||||
$result = $this->Form->postLink('Delete', '/posts/delete', array('data' => array('id' => 1)));
|
||||
$this->assertContains('<input type="hidden" name="data[id]" value="1"/>', $result);
|
||||
|
||||
|
|
|
|||
|
|
@ -221,6 +221,14 @@ class HtmlHelperTest extends CakeTestCase {
|
|||
);
|
||||
$this->assertTags($result, $expected);
|
||||
|
||||
$result = $this->Html->link('Home', '/home', array('escape' => false, 'confirm' => 'Confirm\'s "nightmares"'));
|
||||
$expected = array(
|
||||
'a' => array('href' => '/home', 'onclick' => 'if (confirm("Confirm's \"nightmares\"")) { return true; } return false;'),
|
||||
'Home',
|
||||
'/a'
|
||||
);
|
||||
$this->assertTags($result, $expected);
|
||||
|
||||
$result = $this->Html->link('Home', '/home', array('default' => false));
|
||||
$expected = array(
|
||||
'a' => array('href' => '/home', 'onclick' => 'event.returnValue = false; return false;'),
|
||||
|
|
|
|||
|
|
@ -505,11 +505,16 @@ class Helper extends Object {
|
|||
* @param string $message Message to be displayed
|
||||
* @param string $okCode Code to be executed after user chose 'OK'
|
||||
* @param string $cancelCode Code to be executed after user chose 'Cancel'
|
||||
* @param array $options Array of options
|
||||
* @return string onclick JS code
|
||||
*/
|
||||
protected function _confirm($message, $okCode, $cancelCode = '') {
|
||||
protected function _confirm($message, $okCode, $cancelCode = '', $options = array()) {
|
||||
$message = json_encode($message);
|
||||
return "if (confirm({$message})) { {$okCode} } {$cancelCode}";
|
||||
$confirm = "if (confirm({$message})) { {$okCode} } {$cancelCode}";
|
||||
if (isset($options['escape']) && $options['escape'] === false) {
|
||||
$confirm = h($confirm);
|
||||
}
|
||||
return $confirm;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1784,7 +1784,7 @@ class FormHelper extends AppHelper {
|
|||
$url = '#';
|
||||
$onClick = 'document.' . $formName . '.submit();';
|
||||
if ($confirmMessage) {
|
||||
$options['onclick'] = $this->_confirm($confirmMessage, $onClick);
|
||||
$options['onclick'] = $this->_confirm($confirmMessage, $onClick, '', $options);
|
||||
} else {
|
||||
$options['onclick'] = $onClick . ' ';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -359,7 +359,7 @@ class HtmlHelper extends AppHelper {
|
|||
unset($options['confirm']);
|
||||
}
|
||||
if ($confirmMessage) {
|
||||
$options['onclick'] = $this->_confirm($confirmMessage, 'return true;', 'return false;');
|
||||
$options['onclick'] = $this->_confirm($confirmMessage, 'return true;', 'return false;', $options);
|
||||
} elseif (isset($options['default']) && !$options['default']) {
|
||||
if (isset($options['onclick'])) {
|
||||
$options['onclick'] .= ' ';
|
||||
|
|
|
|||
Loading…
Reference in a new issue