Commit 0402811e authored by Frank Nägler's avatar Frank Nägler Committed by Christian Kuhn
Browse files

[BUGFIX] Properly encode HTML attributes in Toolbar

Resolves: #84561
Releases: master, 8.7
Change-Id: Iacb5dbf1fc5b709acd9db1c4463a991212a26a91
Reviewed-on: https://review.typo3.org/56482

Reviewed-by: Mathias Brodala's avatarMathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala's avatarMathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
parent 289a8bc8
......@@ -342,27 +342,27 @@ class BackendController
$classes[] = $additionalAttributes['class'];
unset($additionalAttributes['class']);
}
$liAttributes[] = 'class="' . implode(' ', $classes) . '"';
$liAttributes['class'] = implode(' ', $classes);
// Add further attributes
foreach ($additionalAttributes as $name => $value) {
$liAttributes[] = $name . '="' . $value . '"';
$liAttributes[$name] = $value;
}
// Create a unique id from class name
$fullyQualifiedClassName = get_class($toolbarItem);
$fullyQualifiedClassName = \get_class($toolbarItem);
$className = GeneralUtility::underscoredToLowerCamelCase($fullyQualifiedClassName);
$className = GeneralUtility::camelCaseToLowerCaseUnderscored($className);
$className = str_replace(['_', '\\'], '-', $className);
$liAttributes[] = 'id="' . $className . '"';
$liAttributes['id'] = $className;
// Create data attribute identifier
$shortName = substr($fullyQualifiedClassName, strrpos($fullyQualifiedClassName, '\\') + 1);
$dataToolbarIdentifier = GeneralUtility::camelCaseToLowerCaseUnderscored($shortName);
$dataToolbarIdentifier = str_replace('_', '-', $dataToolbarIdentifier);
$liAttributes[] = 'data-toolbar-identifier="' . htmlspecialchars($dataToolbarIdentifier) . '"';
$liAttributes['data-toolbar-identifier'] = $dataToolbarIdentifier;
$toolbar[] = '<li ' . implode(' ', $liAttributes) . '>';
$toolbar[] = '<li ' . GeneralUtility::implodeAttributes($liAttributes, true) . '>';
if ($hasDropDown) {
$toolbar[] = '<a href="#" class="toolbar-item-link dropdown-toggle" data-toggle="dropdown">';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment