/**
* Return an RSS feed of comments for a given set of comments or all
* comments on the website.
*
* To maintain backwards compatibility with 2.4 this supports mapping
* of PageComment/rss?pageid= as well as the new RSS format for comments
* of CommentingController/rss/{classname}/{id}
*
* @return RSS
*/
public function rss()
{
$link = $this->Link('rss');
$class = $this->urlParams['ID'];
$id = $this->urlParams['OtherID'];
if (isset($_GET['pageid'])) {
$id = Convert::raw2sql($_GET['pageid']);
$comments = Comment::get()->where(sprintf("BaseClass = 'SiteTree' AND ParentID = '%s' AND Moderated = 1 AND IsSpam = 0", $id));
$link = $this->Link('rss', 'SiteTree', $id);
} else {
if ($class && $id) {
if (Commenting::has_commenting($class)) {
$comments = Comment::get()->where(sprintf("BaseClass = '%s' AND ParentID = '%s' AND Moderated = 1 AND IsSpam = 0", Convert::raw2sql($class), Convert::raw2sql($id)));
$link = $this->Link('rss', Convert::raw2xml($class), (int) $id);
} else {
return $this->httpError(404);
}
} else {
if ($class) {
if (Commenting::has_commenting($class)) {
$comments = Comment::get()->where(sprintf("BaseClass = '%s' AND Moderated = 1 AND IsSpam = 0", Convert::raw2sql($class)));
} else {
return $this->httpError(404);
}
} else {
$comments = Comment::get();
}
}
}
$title = _t('CommentingController.RSSTITLE', "Comments RSS Feed");
$feed = new RSSFeed($comments, $link, $title, $link, 'Title', 'Comment', 'AuthorName');
$feed->outputToBrowser();
}
/**
* Returns a readonly span containing the correct value.
*/
function Field()
{
$source = $this->getSource();
// Normalize value to array to simplify further processing
$values = is_array($this->value) ? $this->value : array(trim($this->value));
$mapped = array();
if ($source instanceof SQLMap) {
foreach ($values as $value) {
$mapped[] = $source->getItem($value);
}
} elseif (is_array($source)) {
$mapped = array_intersect_key($source, array_combine($values, $values));
} else {
$mapped = array();
}
// Don't check if string arguments are matching against the source,
// as they might be generated HTML diff views instead of the actual values
if ($this->value && !$mapped) {
$mapped = array(trim($this->value));
$values = array();
}
if ($mapped) {
$attrValue = implode(', ', array_values($mapped));
if (!$this->dontEscape) {
$attrValue = Convert::raw2xml($attrValue);
}
$inputValue = implode(', ', array_values($values));
} else {
$attrValue = "<i>(none)</i>";
$inputValue = '';
}
return "<span class=\"readonly\" id=\"" . $this->id() . "\">{$attrValue}</span><input type=\"hidden\" name=\"" . $this->name . "\" value=\"" . $inputValue . "\" />";
}
function MetaTitle()
{
if ($this->HasCustomTitle()) {
return Convert::raw2xml(urldecode($this->evcDataSet->Title));
}
return Convert::raw2xml($this->MetaTitle);
}
public function Field()
{
$options = '';
$source = $this->getSource();
if ($source) {
// For SQLMap sources, the empty string needs to be added specially
if (is_object($source) && $this->emptyString) {
$options .= $this->createTag('option', array('value' => ''), $this->emptyString);
}
foreach ($source as $value => $title) {
// Blank value of field and source (e.g. "" => "(Any)")
if ($value === '' && ($this->value === '' || $this->value === null)) {
$selected = 'selected';
} else {
// Normal value from the source
if ($value) {
$selected = $value == $this->value ? 'selected' : null;
} else {
// Do a type check comparison, we might have an array key of 0
$selected = $value === $this->value ? 'selected' : null;
}
$this->isSelected = $selected ? true : false;
}
$options .= $this->createTag('option', array('selected' => $selected, 'value' => $value), Convert::raw2xml($title));
}
}
$attributes = array_merge(array('class' => $this->extraClass() ? $this->extraClass() : '', 'id' => $this->id(), 'name' => $this->name, 'tabindex' => $this->getTabIndex()), $this->extraAttributes);
if ($this->disabled) {
$attributes['disabled'] = 'disabled';
}
return $this->createTag('select', $attributes, $options);
}
/**
* Create a UL tag containing sets of radio buttons and labels. The IDs are set to
* FieldID_ItemKey, where ItemKey is the key with all non-alphanumerics removed.
*
* @param array $properties not in unse, just declared to be compatible with parent
*
* @return string
*
* @author Sascha Köhler <*****@*****.**>, Sebastian Diel <*****@*****.**>
* @since 03.04.2013
*/
public function Field($properties = array())
{
$odd = 0;
$itemIdx = 0;
$source = $this->getSource();
$items = array();
$templateVars = array('ID' => $this->id(), 'extraClass' => $this->extraClass(), 'items' => array());
foreach ($source as $key => $value) {
// get payment method
$paymentMethod = DataObject::get_by_id('SilvercartPaymentMethod', $key);
if ($paymentMethod) {
$odd = ($odd + 1) % 2;
$extraClass = $odd ? "odd" : "even";
$checked = false;
// check if field should be checked
if ($this->value == $key) {
$checked = true;
}
$items['item_' . $itemIdx] = new ArrayData(array('ID' => $this->id() . "_" . preg_replace('@[^a-zA-Z0-9]+@', '', $key), 'checked' => $checked, 'odd' => $odd, 'even' => !$odd, 'disabled' => $this->disabled || in_array($key, $this->disabledItems), 'value' => $key, 'label' => $value, 'name' => $this->name, 'htmlId' => $this->id() . "_" . preg_replace('@[^a-zA-Z0-9]+@', '', $key), 'description' => Convert::raw2xml($paymentMethod->getPaymentDescription()), 'showPaymentLogos' => $paymentMethod->showPaymentLogos, 'PaymentLogos' => $paymentMethod->PaymentLogos()));
}
$itemIdx++;
}
$templateVars['items'] = new ArrayList($items);
$output = $this->customise($templateVars)->renderWith('SilvercartCheckoutOptionsetField');
return $output;
}
/**
* Updates the fields used in the CMS
* @see DataExtension::updateCMSFields()
*/
public function updateCMSFields(FieldList $fields)
{
Requirements::CSS('blogcategories/css/cms-blog-categories.css');
// Try to fetch categories from cache
$categories = $this->getAllBlogCategories();
if ($categories->count() >= 1) {
$cacheKey = md5($categories->sort('LastEdited', 'DESC')->First()->LastEdited);
$cache = SS_Cache::factory('BlogCategoriesList');
if (!($categoryList = $cache->load($cacheKey))) {
$categoryList = "<ul>";
foreach ($categories->column('Title') as $title) {
$categoryList .= "<li>" . Convert::raw2xml($title) . "</li>";
}
$categoryList .= "</ul>";
$cache->save($categoryList, $cacheKey);
}
} else {
$categoryList = "<ul><li>No categories exist. Categories can be added from the BlogTree or the BlogHolder page.</li></ul>";
}
//categories tab
$gridFieldConfig = GridFieldConfig_RelationEditor::create();
$fields->addFieldToTab('Root.Categories', GridField::create('BlogCategories', 'Blog Categories', $this->owner->BlogCategories(), $gridFieldConfig));
$fields->addFieldToTab('Root.Categories', ToggleCompositeField::create('ExistingCategories', 'View Existing Categories', array(new LiteralField("CategoryList", $categoryList)))->setHeadingLevel(4));
// Optionally default category to current holder
if (Config::inst()->get('BlogCategory', 'limit_to_holder')) {
$holder = $this->owner->Parent();
$gridFieldConfig->getComponentByType('GridFieldDetailForm')->setItemEditFormCallback(function ($form, $component) use($holder) {
$form->Fields()->push(HiddenField::create('ParentID', false, $holder->ID));
});
}
}
/**
* Return the title, description, keywords and language metatags.
*
* @todo Move <title> tag in separate getter for easier customization and more obvious usage
*
* @param boolean|string $includeTitle Show default <title>-tag, set to false for custom templating
* @return string The XHTML metatags
*/
public function MetaTags($includeTitle = true)
{
$tags = "";
if ($includeTitle === true || $includeTitle == 'true') {
$tags .= "<title>" . Convert::raw2xml($this->Title) . "</title>\n";
}
$generator = trim(Config::inst()->get('SiteTree', 'meta_generator'));
if (!empty($generator)) {
$tags .= "<meta name=\"generator\" content=\"" . Convert::raw2att($generator) . "\" />\n";
}
$charset = Config::inst()->get('ContentNegotiator', 'encoding');
$tags .= "<meta http-equiv=\"Content-type\" content=\"text/html; charset={$charset}\" />\n";
if ($this->MetaDescription) {
$tags .= "<meta name=\"description\" content=\"" . Convert::raw2att($this->MetaDescription) . "\" />\n";
}
if ($this->ExtraMeta) {
$tags .= $this->ExtraMeta . "\n";
}
if (Permission::check('CMS_ACCESS_CMSMain') && in_array('CMSPreviewable', class_implements($this)) && !$this instanceof ErrorPage) {
$tags .= "<meta name=\"x-page-id\" content=\"{$this->ID}\" />\n";
$tags .= "<meta name=\"x-cms-edit-link\" content=\"" . $this->CMSEditLink() . "\" />\n";
}
$this->extend('MetaTags', $tags);
return $tags;
}
public function index($request)
{
$id = $request->param('ID');
$token = $request->getVar('token');
if (!$id || !ctype_digit($id)) {
$this->httpError(404, 'A member ID was not specified.');
}
$member = DataObject::get_by_id('Member', $id);
if (!$member) {
$this->httpError(404, 'The specified member could not be found.');
}
if (!$member->canEdit()) {
return Security::permissionFailure();
}
if ($token != $member->ValidationKey) {
$this->httpError(400, 'An invalid token was specified.');
}
if (!$member->NeedsApproval) {
$title = _t('MemberProfiles.ALREADYAPPROVED', 'Already Approved');
$content = _t('MemberProfiles.ALREADYAPPROVEDNOTE', 'This member has already been approved');
return $this->render(array('Title' => $title, 'Content' => "<p>{$content}</p>"));
}
$member->NeedsApproval = false;
$member->write();
$title = _t('MemberProfiles.MEMBERAPPROVED', 'Member Approved');
$content = _t('MemberProfiles.MEMBERAPPROVEDCONTENT', 'The member "%s" has been approved and can now log in.');
$content = sprintf($content, Convert::raw2xml("{$member->Name} <{$member->Email}>"));
return $this->render(array('Title' => $title, 'Content' => $content));
}
/**
* Returns a readonly span containing the correct value.
*
* @param array $properties
*
* @return string
*/
public function Field($properties = array())
{
$source = ArrayLib::flatten($this->getSource());
$values = $this->getValueArray();
// Get selected values
$mapped = array();
foreach ($values as $value) {
if (isset($source[$value])) {
$mapped[] = $source[$value];
}
}
// Don't check if string arguments are matching against the source,
// as they might be generated HTML diff views instead of the actual values
if ($this->value && is_string($this->value) && empty($mapped)) {
$mapped = array(trim($this->value));
$values = array();
}
if ($mapped) {
$attrValue = implode(', ', array_values($mapped));
if (!$this->dontEscape) {
$attrValue = Convert::raw2xml($attrValue);
}
$inputValue = implode(', ', array_values($values));
} else {
$attrValue = '<i>(' . _t('FormField.NONE', 'none') . ')</i>';
$inputValue = '';
}
$properties = array_merge($properties, array('AttrValue' => $attrValue, 'InputValue' => $inputValue));
return parent::Field($properties);
}
protected function formatValue($record, $source, $info)
{
// Field sources
//if(is_string($source)) {
$val = Convert::raw2xml($record->{$source});
//} else {
// $val = $record->val($source[0], $source[1]);
//}
// Casting, a la TableListField. We're deep-calling a helper method on TableListField that
// should probably be pushed elsewhere...
if (!empty($info['casting'])) {
$val = TableListField::getCastedValue($val, $info['casting']);
}
// Formatting, a la TableListField
if (!empty($info['formatting'])) {
$format = str_replace('$value', "__VAL__", $info['formatting']);
$format = preg_replace('/\\$([A-Za-z0-9-_]+)/', '$record->$1', $format);
$format = str_replace('__VAL__', '$val', $format);
$val = eval('return "' . $format . '";');
}
$prefix = empty($info['newline']) ? "" : "<br>";
$classClause = "";
if (isset($info['title'])) {
$cssClass = preg_replace('/[^A-Za-z0-9]+/', '', $info['title']);
$classClause = "class=\"{$cssClass}\"";
}
if (isset($info['link']) && $info['link']) {
$link = $info['link'] === true && $record->hasMethod('CMSEditLink') ? $record->CMSEditLink() : $info['link'];
return $prefix . "<a {$classClause} href=\"{$link}\">{$val}</a>";
} else {
return $prefix . "<span {$classClause}>{$val}</span>";
}
}
/**
* Tests {@link Convert::raw2xml()}
*/
function testRaw2Xml()
{
$val1 = '<input type="text">';
$this->assertEquals('<input type="text">', Convert::raw2xml($val1), 'Special characters are escaped');
$val2 = 'This is some normal text.';
$this->assertEquals('This is some normal text.', Convert::raw2xml($val2), 'Normal text is not escaped');
}
public function Field($properties = array())
{
Requirements::javascript(FRAMEWORK_ADMIN_DIR . '/javascript/MemberDatetimeOptionsetField.js');
$options = '';
$odd = 0;
$source = $this->getSource();
foreach ($source as $key => $value) {
// convert the ID to an HTML safe value (dots are not replaced, as they are valid in an ID attribute)
$itemID = $this->id() . '_' . preg_replace('/[^\\.a-zA-Z0-9\\-\\_]/', '_', $key);
if ($key == $this->value) {
$useValue = false;
$checked = " checked=\"checked\"";
} else {
$checked = "";
}
$odd = ($odd + 1) % 2;
$extraClass = $odd ? "odd" : "even";
$extraClass .= " val" . preg_replace('/[^a-zA-Z0-9\\-\\_]/', '_', $key);
$disabled = $this->disabled || in_array($key, $this->disabledItems) ? "disabled=\"disabled\"" : "";
$ATT_key = Convert::raw2att($key);
$options .= "<li class=\"" . $extraClass . "\">" . "<input id=\"{$itemID}\" name=\"{$this->name}\" type=\"radio\" value=\"{$key}\"{$checked} {$disabled}" . " class=\"radio\" /> <label title=\"{$ATT_key}\" for=\"{$itemID}\">{$value}</label></li>\n";
}
// Add "custom" input field
$value = $this->value && !array_key_exists($this->value, $this->source) ? $this->value : null;
$checked = $value ? " checked=\"checked\"" : '';
$options .= "<li class=\"valCustom\">" . sprintf("<input id=\"%s_custom\" name=\"%s\" type=\"radio\" value=\"__custom__\" class=\"radio\" %s />", $itemID, $this->name, $checked) . sprintf('<label for="%s_custom">%s:</label>', $itemID, _t('MemberDatetimeOptionsetField.Custom', 'Custom')) . sprintf("<input class=\"customFormat cms-help cms-help-tooltip\" name=\"%s_custom\" value=\"%s\" />\n", $this->name, Convert::raw2xml($value)) . sprintf("<input type=\"hidden\" class=\"formatValidationURL\" value=\"%s\" />", $this->Link() . '/validate');
$options .= $value ? sprintf('<span class="preview">(%s: "%s")</span>', _t('MemberDatetimeOptionsetField.Preview', 'Preview'), Convert::raw2xml(Zend_Date::now()->toString($value))) : '';
$id = $this->id();
return "<ul id=\"{$id}\" class=\"optionset {$this->extraClass()}\">\n{$options}</ul>\n";
}
public static function parse_flickr($arguments, $caption = null, $parser = null)
{
// first things first, if we dont have a video ID, then we don't need to
// go any further
if (empty($arguments['id'])) {
return;
}
$customise = array();
/*** SET DEFAULTS ***/
$fp = DataList::create('FlickrPhoto')->where('FlickrID=' . $arguments['id'])->first();
if (!$fp) {
return '';
}
$customise['FlickrImage'] = $fp;
//set the caption
if ($caption === null || $caption === '') {
if (isset($arguments['caption'])) {
$caption = $arguments['caption'];
}
}
$customise['Caption'] = $caption ? Convert::raw2xml($caption) : $fp->Title;
$customise['Position'] = !empty($arguments['position']) ? $arguments['position'] : 'center';
$customise['Small'] = true;
if ($customise['Position'] == 'center') {
$customise['Small'] = false;
}
$fp = null;
//overide the defaults with the arguments supplied
$customise = array_merge($customise, $arguments);
//get our YouTube template
$template = new SSViewer('ShortCodeFlickrPhoto');
//return the customised template
return $template->process(new ArrayData($customise));
}
/**
* Displays a random image with colorbox effect from a given assets subfolder
* Uses template "csoft-shortcode/templates/Includes/RandomImage.ss" for output
*
* @param mixed $arguments (folder='subfolder_in_assets' align='left|right')
* @param $content = null
* @param $parser = null
* @return processed template RandomImage.ss
*/
public static function cwsShortCodeRandomImageHandler($arguments, $content = null, $parser = null)
{
// only proceed if subfolder was defined
if (!isset($arguments['folder'])) {
return;
}
// sanitize user inputs
$folder = Convert::raw2sql($arguments['folder']);
$align = isset($arguments['align']) ? strtolower(Convert::raw2xml($arguments['align'])) : '';
// fetch all images in random order from the user defined folder
$folder = Folder::get()->filter('Filename', "assets/{$folder}/")->First();
$randomImage = $folder ? Image::get()->filter('ParentID', $folder->ID)->sort('RAND()') : false;
// exit if user defined folder does not contain any image
if (!$randomImage) {
return;
}
// extract image caption from image filename
$caption = $randomImage->Title;
if (preg_match('#(\\d*-)?(.+)\\.(jpg|gif|png)#i', $caption, $matches)) {
$caption = ucfirst(str_replace('-', ' ', $matches[2]));
}
// prepare data for output
$data = array('RandomImage' => $randomImage->First(), 'Alignment' => $align, 'Caption' => $caption);
// load template and process data
$template = new SSViewer('RandomImage');
return $template->process(new ArrayData($data));
}
public function preRequest(SS_HTTPRequest $request, Session $session, DataModel $model)
{
// Bootstrap session so that Session::get() accesses the right instance
$dummyController = new Controller();
$dummyController->setSession($session);
$dummyController->setRequest($request);
$dummyController->pushCurrent();
// Block non-authenticated users from setting the stage mode
if (!Versioned::can_choose_site_stage($request)) {
$permissionMessage = sprintf(_t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", 'You must log in with your CMS password in order to view the draft or archived content. ' . '<a href="%s">Click here to go back to the published site.</a>'), Convert::raw2xml(Controller::join_links(Director::baseURL(), $request->getURL(), "?stage=Live")));
// Force output since RequestFilter::preRequest doesn't support response overriding
$response = Security::permissionFailure($dummyController, $permissionMessage);
$session->inst_save();
$dummyController->popCurrent();
// Prevent output in testing
if (class_exists('SapphireTest', false) && SapphireTest::is_running_test()) {
throw new SS_HTTPResponse_Exception($response);
}
$response->output();
die;
}
Versioned::choose_site_stage();
$dummyController->popCurrent();
return true;
}
function Field()
{
$XML_title = $this->allowHTML ? $this->title : Convert::raw2xml($this->title);
// extraclass
$XML_class = $this->extraClass() ? " class=\"{$this->extraClass()}\"" : '';
return "<h{$this->headingLevel}{$XML_class}>{$XML_title}</h{$this->headingLevel}>";
}
public function getEditForm($id = null, $fields = null)
{
// TODO Duplicate record fetching (see parent implementation)
if (!$id) {
$id = $this->currentPageID();
}
$form = parent::getEditForm($id);
// TODO Duplicate record fetching (see parent implementation)
$record = $this->getRecord($id);
if ($record && !$record->canView()) {
return Security::permissionFailure($this);
}
$memberList = GridField::create('Members', false, Member::get(), $memberListConfig = GridFieldConfig_RecordEditor::create()->addComponent(new GridFieldButtonRow('after'))->addComponent(new GridFieldExportButton('buttons-after-left')))->addExtraClass("members_grid");
if ($record && method_exists($record, 'getValidator')) {
$validator = $record->getValidator();
} else {
$validator = Member::singleton()->getValidator();
}
$memberListConfig->getComponentByType('GridFieldDetailForm')->setValidator($validator);
$groupList = GridField::create('Groups', false, Group::get(), GridFieldConfig_RecordEditor::create());
$columns = $groupList->getConfig()->getComponentByType('GridFieldDataColumns');
$columns->setDisplayFields(array('Breadcrumbs' => singleton('SilverStripe\\Security\\Group')->fieldLabel('Title')));
$columns->setFieldFormatting(array('Breadcrumbs' => function ($val, $item) {
return Convert::raw2xml($item->getBreadcrumbs(' > '));
}));
$fields = new FieldList($root = new TabSet('Root', $usersTab = new Tab('Users', _t('SecurityAdmin.Users', 'Users'), new LiteralField('MembersCautionText', sprintf('<div class="alert alert-warning" role="alert">%s</div>', _t('SecurityAdmin.MemberListCaution', 'Caution: Removing members from this list will remove them from all groups and the database'))), $memberList), $groupsTab = new Tab('Groups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name(), $groupList)), new HiddenField('ID', false, 0));
// Add import capabilities. Limit to admin since the import logic can affect assigned permissions
if (Permission::check('ADMIN')) {
$fields->addFieldsToTab('Root.Users', array(new HeaderField(_t('SecurityAdmin.IMPORTUSERS', 'Import users'), 3), new LiteralField('MemberImportFormIframe', sprintf('<iframe src="%s" id="MemberImportFormIframe" width="100%%" height="250px" frameBorder="0">' . '</iframe>', $this->Link('memberimport')))));
$fields->addFieldsToTab('Root.Groups', array(new HeaderField(_t('SecurityAdmin.IMPORTGROUPS', 'Import groups'), 3), new LiteralField('GroupImportFormIframe', sprintf('<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="250px" frameBorder="0">' . '</iframe>', $this->Link('groupimport')))));
}
// Tab nav in CMS is rendered through separate template
$root->setTemplate('CMSTabSet');
// Add roles editing interface
if (Permission::check('APPLY_ROLES')) {
$rolesField = GridField::create('Roles', false, PermissionRole::get(), GridFieldConfig_RecordEditor::create());
$rolesTab = $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.TABROLES', 'Roles'));
$rolesTab->push($rolesField);
}
$actionParam = $this->getRequest()->param('Action');
if ($actionParam == 'groups') {
$groupsTab->addExtraClass('ui-state-active');
} elseif ($actionParam == 'users') {
$usersTab->addExtraClass('ui-state-active');
} elseif ($actionParam == 'roles') {
$rolesTab->addExtraClass('ui-state-active');
}
$actions = new FieldList();
$form = Form::create($this, 'EditForm', $fields, $actions)->setHTMLID('Form_EditForm');
$form->addExtraClass('cms-edit-form');
$form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
// Tab nav in CMS is rendered through separate template
if ($form->Fields()->hasTabset()) {
$form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet');
}
$form->addExtraClass('center ss-tabset cms-tabset ' . $this->BaseCSSClasses());
$form->setAttribute('data-pjax-fragment', 'CurrentForm');
$this->extend('updateEditForm', $form);
return $form;
}
function getSearchQuery($data = NULL)
{
// legacy usage: $data was defaulting to $_REQUEST, parameter not passed in doc.silverstripe.org tutorials
if (!isset($data)) {
$data = $_REQUEST;
}
return Convert::raw2xml($data['SearchQuery']);
}
/**
* Escapes string content to prevent XSS etc. on frontend
* @param string $string
* @return string $string
*/
private function escapeJS($string)
{
$escape = array("'");
$replace = array("\\'");
$string = Convert::raw2xml($string);
$string = str_replace($escape, $replace, $string);
return $string;
}
public function scaffoldFormField($title = null, $params = null)
{
$field = TimeField::create($this->name, $title);
// Show formatting hints for better usability
$field->setDescription(sprintf(_t('FormField.Example', 'e.g. %s', 'Example format'), Convert::raw2xml(Zend_Date::now()->toString($field->getConfig('timeformat')))));
$field->setAttribute('placeholder', $field->getConfig('timeformat'));
return $field;
}
public function Value()
{
if ($this->value) {
return $this->dontEscape ? $this->value : Convert::raw2xml($this->value);
} else {
return '<i>(' . _t('FormField.NONE', 'none') . ')</i>';
}
}
/**
* Tests {@link Convert::raw2xml()}
*/
public function testRaw2Xml()
{
$val1 = '<input type="text">';
$this->assertEquals('<input type="text">', Convert::raw2xml($val1), 'Special characters are escaped');
$val2 = 'This is some normal text.';
$this->assertEquals('This is some normal text.', Convert::raw2xml($val2), 'Normal text is not escaped');
$val3 = "This is test\nNow on a new line.";
$this->assertEquals("This is test\nNow on a new line.", Convert::raw2xml($val3), 'Newlines are retained. They should not be replaced with <br /> as it is not XML valid');
}
/**
* If this group belongs to a subsite,
* append the subsites title to the group title
* to make it easy to distinguish in the tree-view
* of the security admin interface.
*/
function alternateTreeTitle()
{
if ($this->owner->AccessAllSubsites) {
return htmlspecialchars($this->owner->Title, ENT_QUOTES) . ' <i>(global group)</i>';
} else {
$subsites = Convert::raw2xml(implode(", ", $this->owner->Subsites()->column('Title')));
return htmlspecialchars($this->owner->Title) . " <i>({$subsites})</i>";
}
}
public function columns()
{
return array("Created" => "Checked", 'Link' => array('title' => 'External Link', 'formatting' => function ($value, $item) {
return sprintf('<a target="_blank" href="%s">%s</a>', Convert::raw2att($item->Link), Convert::raw2xml($item->Link));
}), 'HTTPCodeDescription' => 'HTTP Error Code', "Title" => array("title" => 'Page link is on', 'formatting' => function ($value, $item) {
$page = $item->Page();
return sprintf('<a href="%s">%s</a>', Convert::raw2att($page->CMSEditLink()), Convert::raw2xml($page->Title));
}));
}
/**
* Formats text so it can be displayed as raw HTML. Also replaces smileys
* with images.
* @return string
*/
public function FormattedText($text)
{
$text = Convert::raw2xml($text);
if ($this->Guestbook()->EnableEmoticons) {
$text = $this->ReplaceSmileys($text);
}
$text = nl2br($text);
return $text;
}
static function codeExists($data)
{
$SQL_unique = Convert::raw2xml($data['VerificationCode']);
$existingTempUniqueMember = DataObject::get_one("TempMember", "\"TempMember\".\"VerificationCode\" = '{$SQL_unique}'");
if (!$existingTempUniqueMember) {
return false;
}
return $existingTempUniqueMember;
}
public function approvealert(SS_HTTPRequest $request)
{
$this->owner->setCurrentActionType(self::ACTION_ALERT);
$project = $this->getCurrentProject();
if (!$project) {
return new SS_HTTPResponse("Project '" . Convert::raw2xml($request->latestParam('Project')) . "' not found.", 404);
}
return $this->owner->customise(['Title' => 'Alert approval', 'CurrentProject' => $project])->render();
}
/**
* Return the currently viewing tag from the URL
*
* @return string
*/
public function getTag()
{
if ($this->request->param('Action') == 'tag') {
$tag = $this->request->param('ID');
$tag = ucwords(str_replace("-", " ", urldecode($tag)));
return Convert::raw2xml($tag);
} else {
return "";
}
}
/**
* Generate an HTML list which provides links to where a file is used.
*
* @return string
*/
public function BackLinkHTMLList()
{
$html = '<em>' . _t('SiteTreeFileExtension.BACKLINK_LIST_DESCRIPTION', 'This list shows all pages where the file has been added through a WYSIWYG editor.') . '</em>';
$html .= '<ul>';
foreach ($this->BackLinkTracking() as $backLink) {
// Add the page link and CMS link
$html .= sprintf('<li><a href="%s" target="_blank">%s</a> – <a href="%s">%s</a></li>', Convert::raw2att($backLink->Link()), Convert::raw2xml($backLink->MenuTitle), Convert::raw2att($backLink->CMSEditLink()), _t('SiteTreeFileExtension.EDIT', 'Edit'));
}
return $html .= '</ul>';
}
/**
* Write in a format expected by the output medium (CLI/HTML).
*
* @param string $line Line to be written out, without the newline character.
* @param null|string $prefix
*/
protected function writeLogLine($line, $prefix = null)
{
if (!$prefix) {
$prefix = '[' . date('Y-m-d H:i:s') . '] ';
}
if (Director::is_cli()) {
echo $prefix . $line . "\n";
} else {
echo Convert::raw2xml($prefix . $line) . "<br>";
}
}
