Skip to content

Commit

Permalink
[Admin UI] DataObject Class - escape general settings input values (#…
Browse files Browse the repository at this point in the history 
…10991)

* [Admin UI] DataObject Class - escape general settings input values

* Update bundles/AdminBundle/Resources/public/js/pimcore/object/classes/class.js

* [Admin UI] DataObject Class - escape general settings input values

* [Admin UI] DataObject Class - escape general settings input values
  • Loading branch information
@dvesh3
dvesh3 committed Dec 9, 2021
1 parent a5e13be commit 3c2a14e
Showing 1 changed file with 20 additions and 1 deletion.
21 changes: 20 additions & 1 deletion bundles/AdminBundle/Resources/public/js/pimcore/object/classes/class.js
View file
Expand Up @@ -607,7 +607,12 @@ pimcore.object.classes.klass = Class.create({
for (var i = 0; i < items.length; i++) {
var item = items[i];
if (typeof item.getValue == "function") {
this.data[item.name] = item.getValue();
let value = item.getValue();
if (typeof item.config.xtype !== 'undefined' && item.config.xtype === 'textfield') {
value = Ext.util.Format.htmlEncode(value);
}

this.data[item.name] = value;
}
}

Expand Down Expand Up @@ -705,6 +710,7 @@ pimcore.object.classes.klass = Class.create({
id: "iconfield-" + this.getId(),
name: "icon",
width: 396,
renderer: Ext.util.Format.htmlEncode,
value: this.data.icon,
listeners: {
"afterrender": function (el) {
Expand Down Expand Up @@ -752,6 +758,7 @@ pimcore.object.classes.klass = Class.create({
width: 500,
enableKeyEvents: true,
value: this.data.name,
renderer: Ext.util.Format.htmlEncode,
listeners: {
keyup: function (el) {
this.rootPanel.getComponent("phpClassName").setValue(getPhpClassName(el.getValue()))
Expand All @@ -763,12 +770,14 @@ pimcore.object.classes.klass = Class.create({
fieldLabel: t("description"),
name: "description",
width: 500,
renderer: Ext.util.Format.htmlEncode,
value: this.data.description
},
{
xtype: "textfield",
fieldLabel: t("unique_identifier"),
disabled: true,
renderer: Ext.util.Format.htmlEncode,
value: this.data.id,
width: 500
},
Expand All @@ -779,62 +788,71 @@ pimcore.object.classes.klass = Class.create({
itemId: "phpClassName",
width: 500,
disabled: true,
renderer: Ext.util.Format.htmlEncode,
value: getPhpClassName(this.data.name)
},
{
xtype: "textfield",
fieldLabel: t("parent_php_class"),
name: "parentClass",
width: 600,
renderer: Ext.util.Format.htmlEncode,
value: this.data.parentClass
},
{
xtype: "textfield",
width: 600,
name: "implementsInterfaces",
fieldLabel: t("implements_interfaces"),
renderer: Ext.util.Format.htmlEncode,
value: this.data.implementsInterfaces
},
{
xtype: "textfield",
fieldLabel: t("use_traits"),
name: "useTraits",
width: 600,
renderer: Ext.util.Format.htmlEncode,
value: this.data.useTraits
},
{
xtype: "textfield",
fieldLabel: t("listing_parent_php_class"),
name: "listingParentClass",
width: 600,
renderer: Ext.util.Format.htmlEncode,
value: this.data.listingParentClass
},
{
xtype: "textfield",
fieldLabel: t("listing_use_traits"),
name: "listingUseTraits",
width: 600,
renderer: Ext.util.Format.htmlEncode,
value: this.data.listingUseTraits
},
{
xtype: "textfield",
fieldLabel: t("link_generator_reference"),
name: "linkGeneratorReference",
width: 600,
renderer: Ext.util.Format.htmlEncode,
value: this.data.linkGeneratorReference
},
{
xtype: "textfield",
fieldLabel: t("preview_generator_reference"),
name: "previewGeneratorReference",
width: 600,
renderer: Ext.util.Format.htmlEncode,
value: this.data.previewGeneratorReference
},
{
xtype: "textfield",
fieldLabel: t("preview_url"),
name: "previewUrl",
width: 600,
renderer: Ext.util.Format.htmlEncode,
value: this.data.previewUrl
},
{
Expand Down Expand Up @@ -885,6 +903,7 @@ pimcore.object.classes.klass = Class.create({
fieldLabel: t("group"),
name: "group",
width: 600,
renderer: Ext.util.Format.htmlEncode,
value: this.data.group
},
this.allowInheritance,
Expand Down

0 comments on commit 3c2a14e

Please sign in to comment.