public function validator_unique($name, $parameter) { $data = $this->model->getWithField($name, $this->model->escape($this->data[$name])); if (count($data) == 0 || $this->model->datastore->checkTemp($name, $this->data[$name])) { return true; } else { return "The value of the %field_name% field must be unique."; } }
public function testEscape() { $this->assertEquals("some text", Model::escape("some text")); $this->assertEquals("υτφ8 τεχτ", Model::escape("υτφ8 τεχτ")); $this->assertEquals("<script>alert('i will h4x0r u')</script>", Model::escape("<script>alert('i will h4x0r u')</script>")); $this->assertEquals(""hack"=-1", Model::escape('"hack"=-1')); }
/** * Get the content of the link to show * * @param \Model $model The model we want to link to * @param string $icon A font awesome icon identifier to show instead of text * @param bool $forceText Whether to show both the icon and text * @return string The link's content */ private function getContent($model, $icon, $forceText) { $content = ""; if ($icon) { $content .= "<i class=\"fa fa-{$icon}\"></i>"; if ($forceText) { $content .= " "; } } if (!$icon || $forceText) { $content .= \Model::escape($this->getModelName($model)); } return $content; }
/** * Get a message to show to the user * @todo Use the $escape parameter * @param \ModelInterface|string $model The model (or type) to show a message for * @param string $action The action that will be performed (softDelete, hardDelete, create or edit) * @param string $status The message's status (confirm, error or success) * @return string */ private function getMessage($model, $action, $status, $escape = true) { if ($model instanceof Model) { $type = strtolower($model->getTypeForHumans()); if ($model instanceof NamedModel) { // Twig will not escape the message on confirmation forms $name = $model->getName(); if ($status == 'confirm') { $name = Model::escape($name); } $messages = $this->getMessages($type, $name); return $messages[$action][$status]['named']; } else { $messages = $this->getMessages($type); return $messages[$action][$status]['unnamed']; } } else { $messages = $this->getMessages(strtolower($model)); return $messages[$action][$status]; } }