[!!!][TASK] Cleanup Flash message rendering in FlashMessageQueue 41/40341/3
authorHelmut Hummel <helmut.hummel@typo3.org>
Tue, 16 Jun 2015 21:02:19 +0000 (23:02 +0200)
committerBenjamin Mack <benni@typo3.org>
Sat, 20 Jun 2015 18:40:28 +0000 (20:40 +0200)
Streamline rendering of FlashMessages to the same output
the view helper creates by default currently.

This makes usage of HTML in flash messages not possible any more
when FlashMessageQueue::renderFlashMessages() is used, because
all HTML entities will now be properly HTML encoded.

Also adapt DocumentTemplate to use the new rendering
and remove the deprecated div wrapper with id.

Resolves: #67546
Related: #63453
Releases: master
Change-Id: I999f1b394c23e964cced30e74351fd6bfb2cd645
Reviewed-on: http://review.typo3.org/40341
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/backend/Classes/Template/DocumentTemplate.php
typo3/sysext/core/Classes/Messaging/FlashMessageQueue.php
typo3/sysext/core/Documentation/Changelog/master/Breaking-67546-CleanupFlashMessageRendering.rst [new file with mode: 0644]

index 403e1f8..1fa46b8 100644 (file)
@@ -1746,11 +1746,7 @@ function jumpToUrl(URL) {
                $flashMessageService = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Messaging\FlashMessageService::class);
                /** @var $defaultFlashMessageQueue \TYPO3\CMS\Core\Messaging\FlashMessageQueue */
                $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
-               $flashMessages = $defaultFlashMessageQueue->renderFlashMessages();
-               if (!empty($flashMessages)) {
-                       $flashMessages = '<div id="typo3-messages">' . $flashMessages . '</div>';
-               }
-               return $flashMessages;
+               return $defaultFlashMessageQueue->renderFlashMessages();
        }
 
        /**
index f20061f..ab613d1 100644 (file)
@@ -164,9 +164,16 @@ class FlashMessageQueue extends \SplQueue {
                $content = '';
                $flashMessages = $this->getAllMessagesAndFlush();
                if (!empty($flashMessages)) {
+                       $content = '<ul class="typo3-messages">';
                        foreach ($flashMessages as $flashMessage) {
-                               $content .= $flashMessage->render();
+                               $severityClass = sprintf('alert %s', $flashMessage->getClass());
+                               $messageContent = htmlspecialchars($flashMessage->getMessage());
+                               if ($flashMessage->getTitle() !== '') {
+                                       $messageContent = sprintf('<h4>%s</h4>', htmlspecialchars($flashMessage->getTitle())) . $messageContent;
+                               }
+                               $content .= sprintf('<li class="%s">%s</li>', htmlspecialchars($severityClass), $messageContent);
                        }
+                       $content .= '</ul>';
                }
                return $content;
        }
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Breaking-67546-CleanupFlashMessageRendering.rst b/typo3/sysext/core/Documentation/Changelog/master/Breaking-67546-CleanupFlashMessageRendering.rst
new file mode 100644 (file)
index 0000000..aacccb2
--- /dev/null
@@ -0,0 +1,34 @@
+=======================================================================
+Breaking: #67546 - Cleanup Flash message rendering in FlashMessageQueue
+=======================================================================
+
+Description
+===========
+
+The rendering of flash messages was changed when using the view helper.
+Now the rendering output of  ``\TYPO3\CMS\Core\Messaging\FlashMessageQueue::renderFlashMessages()``
+is adapted to being exactly the same.
+
+
+Impact
+======
+
+Extensions using the rendered output of ``\TYPO3\CMS\Core\Messaging\FlashMessageQueue::renderFlashMessages()``
+and in addition using HTML tags in flash messages for styling purposes, will get their HTML flash message output
+properly HTML encoded. Thus the HTML tags will be visible in the rendered flash message output.
+
+Since ``\TYPO3\CMS\Backend\Template\DocumentTemplate`` also uses this rendering type, modules using this class
+will also be affected.
+
+
+Affected Installations
+======================
+
+All extensions are affected that use modules with ``\TYPO3\CMS\Backend\Template\DocumentTemplate``
+or are using ``\TYPO3\CMS\Core\Messaging\FlashMessageQueue::renderFlashMessages()`` directly
+
+
+Migration
+=========
+
+Remove all HTML from flash messages
\ No newline at end of file