Commit 5cf4f329 authored by Wouter Wolters's avatar Wouter Wolters Committed by Christian Kuhn
Browse files

[TASK] Use GeneralUtility::quoteJSvalue() where needed part 2

This patch resolves it for all FormEngine related classes.

Resolves: #66635
Releases: master
Change-Id: I436e8990aa3c003dd5005937a429168825b56fb5
Reviewed-on: http://review.typo3.org/39037

Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
parent d49c7b46
...@@ -488,14 +488,14 @@ class InlineRecordContainer extends AbstractContainer { ...@@ -488,14 +488,14 @@ class InlineRecordContainer extends AbstractContainer {
// "Up/Down" links // "Up/Down" links
if ($enabledControls['sort'] && $permsEdit && $enableManualSorting) { if ($enabledControls['sort'] && $permsEdit && $enableManualSorting) {
// Up // Up
$onClick = 'return inline.changeSorting(\'' . $nameObjectFtId . '\', \'1\')'; $onClick = 'return inline.changeSorting(' . GeneralUtility::quoteJSvalue($nameObjectFtId) . ', \'1\')';
$style = $config['inline']['first'] == $rec['uid'] ? 'style="visibility: hidden;"' : ''; $style = $config['inline']['first'] == $rec['uid'] ? 'style="visibility: hidden;"' : '';
$cells['sort.up'] = ' $cells['sort.up'] = '
<a class="btn btn-default sortingUp" href="#" onclick="' . htmlspecialchars($onClick) . '" ' . $style . '> <a class="btn btn-default sortingUp" href="#" onclick="' . htmlspecialchars($onClick) . '" ' . $style . '>
' . IconUtility::getSpriteIcon('actions-move-up', array('title' => $languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:moveUp', TRUE))) . ' ' . IconUtility::getSpriteIcon('actions-move-up', array('title' => $languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:moveUp', TRUE))) . '
</a>'; </a>';
// Down // Down
$onClick = 'return inline.changeSorting(\'' . $nameObjectFtId . '\', \'-1\')'; $onClick = 'return inline.changeSorting(' . GeneralUtility::quoteJSvalue($nameObjectFtId) . ', \'-1\')';
$style = $config['inline']['last'] == $rec['uid'] ? 'style="visibility: hidden;"' : ''; $style = $config['inline']['last'] == $rec['uid'] ? 'style="visibility: hidden;"' : '';
$cells['sort.down'] = ' $cells['sort.down'] = '
<a class="btn btn-default sortingDown" href="#" onclick="' . htmlspecialchars($onClick) . '" ' . $style . '> <a class="btn btn-default sortingDown" href="#" onclick="' . htmlspecialchars($onClick) . '" ' . $style . '>
......
...@@ -152,7 +152,7 @@ class SingleFieldContainer extends AbstractContainer { ...@@ -152,7 +152,7 @@ class SingleFieldContainer extends AbstractContainer {
$row['uid'] $row['uid']
) )
); );
$parameterArray['fieldChangeFunc']['inline'] = 'inline.handleChangedField(\'' . $parameterArray['itemFormElName'] . '\',\'' . $inlineObjectId . '\');'; $parameterArray['fieldChangeFunc']['inline'] = 'inline.handleChangedField(' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElName']) . ',' . GeneralUtility::quoteJSvalue($inlineObjectId) . ');';
} }
// Based on the type of the item, call a render function on a child element // Based on the type of the item, call a render function on a child element
......
...@@ -282,7 +282,7 @@ abstract class AbstractFormElement extends AbstractNode { ...@@ -282,7 +282,7 @@ abstract class AbstractFormElement extends AbstractNode {
if (isset($wizardConfiguration['popup_onlyOpenIfSelected']) && $wizardConfiguration['popup_onlyOpenIfSelected']) { if (isset($wizardConfiguration['popup_onlyOpenIfSelected']) && $wizardConfiguration['popup_onlyOpenIfSelected']) {
$notSelectedText = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:mess.noSelItemForEdit'); $notSelectedText = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:mess.noSelItemForEdit');
$onlyIfSelectedJS = $onlyIfSelectedJS =
'if (!TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\')){' . 'if (!TBE_EDITOR.curSelected(' . GeneralUtility::quoteJSvalue($itemName . $listFlag) . ')){' .
'alert(' . GeneralUtility::quoteJSvalue($notSelectedText) . ');' . 'alert(' . GeneralUtility::quoteJSvalue($notSelectedText) . ');' .
'return false;' . 'return false;' .
'}'; '}';
...@@ -290,13 +290,12 @@ abstract class AbstractFormElement extends AbstractNode { ...@@ -290,13 +290,12 @@ abstract class AbstractFormElement extends AbstractNode {
$aOnClick = $aOnClick =
'this.blur();' . 'this.blur();' .
$onlyIfSelectedJS . $onlyIfSelectedJS .
'vHWin=window.open(' . 'vHWin=window.open(' . GeneralUtility::quoteJSvalue($url) . '+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' .
'\'' . $url . '\'+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' . 'document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value,200' .
'document.editform[\'' . $itemName . '\'].value,200' .
')' . ')' .
'+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\'),' . '+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(' . GeneralUtility::quoteJSvalue($itemName . $listFlag) . '),' .
'\'popUp' . $md5ID . '\',' . GeneralUtility::quoteJSvalue('popUp' . $md5ID) . ',' .
'\'' . $wizardConfiguration['JSopenParams'] . '\'' . GeneralUtility::quoteJSvalue($wizardConfiguration['JSopenParams']) .
');' . ');' .
'vHWin.focus();' . 'vHWin.focus();' .
'return false;'; 'return false;';
...@@ -336,13 +335,12 @@ abstract class AbstractFormElement extends AbstractNode { ...@@ -336,13 +335,12 @@ abstract class AbstractFormElement extends AbstractNode {
$aOnClick = $aOnClick =
'this.blur();' . 'this.blur();' .
'vHWin=window.open(' . 'vHWin=window.open('. GeneralUtility::quoteJSvalue($url) . '+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' .
'\'' . $url . '\'+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' .
'document.editform[\'' . $itemName . '\'].value,200' . 'document.editform[\'' . $itemName . '\'].value,200' .
')' . ')' .
'+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\'),' . '+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(' . GeneralUtility::quoteJSvalue($itemName . $listFlag) . '),' .
'\'popUp' . $md5ID . '\',' . GeneralUtility::quoteJSvalue('popUp' . $md5ID) . ',' .
'\'' . $wizardConfiguration['JSopenParams'] . '\'' . GeneralUtility::quoteJSvalue($wizardConfiguration['JSopenParams']) .
');' . ');' .
'vHWin.focus();' . 'vHWin.focus();' .
'return false;'; 'return false;';
...@@ -399,11 +397,11 @@ abstract class AbstractFormElement extends AbstractNode { ...@@ -399,11 +397,11 @@ abstract class AbstractFormElement extends AbstractNode {
$options[] = '<option value="' . htmlspecialchars($p[1]) . '">' . htmlspecialchars($p[0]) . '</option>'; $options[] = '<option value="' . htmlspecialchars($p[1]) . '">' . htmlspecialchars($p[0]) . '</option>';
} }
if ($wizardConfiguration['mode'] == 'append') { if ($wizardConfiguration['mode'] == 'append') {
$assignValue = 'document.editform[\'' . $itemName . '\'].value=\'\'+this.options[this.selectedIndex].value+document.editform[\'' . $itemName . '\'].value'; $assignValue = 'document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value=\'\'+this.options[this.selectedIndex].value+document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value';
} elseif ($wizardConfiguration['mode'] == 'prepend') { } elseif ($wizardConfiguration['mode'] == 'prepend') {
$assignValue = 'document.editform[\'' . $itemName . '\'].value+=\'\'+this.options[this.selectedIndex].value'; $assignValue = 'document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value+=\'\'+this.options[this.selectedIndex].value';
} else { } else {
$assignValue = 'document.editform[\'' . $itemName . '\'].value=this.options[this.selectedIndex].value'; $assignValue = 'document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value=this.options[this.selectedIndex].value';
} }
$otherWizards[] = $otherWizards[] =
'<select' . '<select' .
...@@ -582,7 +580,7 @@ abstract class AbstractFormElement extends AbstractNode { ...@@ -582,7 +580,7 @@ abstract class AbstractFormElement extends AbstractNode {
if ($inlineParent['config']['foreign_table'] == $table && $inlineParent['config']['foreign_unique'] == $field) { if ($inlineParent['config']['foreign_table'] == $table && $inlineParent['config']['foreign_unique'] == $field) {
$objectPrefix = $inlineStackProcessor->getCurrentStructureDomObjectIdPrefix($this->globalOptions['inlineFirstPid']) . '-' . $table; $objectPrefix = $inlineStackProcessor->getCurrentStructureDomObjectIdPrefix($this->globalOptions['inlineFirstPid']) . '-' . $table;
$aOnClickInline = $objectPrefix . '|inline.checkUniqueElement|inline.setUniqueElement'; $aOnClickInline = $objectPrefix . '|inline.checkUniqueElement|inline.setUniqueElement';
$rOnClickInline = 'inline.revertUnique(\'' . $objectPrefix . '\',null,\'' . $uid . '\');'; $rOnClickInline = 'inline.revertUnique(' . GeneralUtility::quoteJSvalue($objectPrefix) . ',null,' . GeneralUtility::quoteJSvalue($uid) . ');';
} }
} }
if (is_array($config['appearance']) && isset($config['appearance']['elementBrowserType'])) { if (is_array($config['appearance']) && isset($config['appearance']['elementBrowserType'])) {
...@@ -595,8 +593,8 @@ abstract class AbstractFormElement extends AbstractNode { ...@@ -595,8 +593,8 @@ abstract class AbstractFormElement extends AbstractNode {
} else { } else {
$elementBrowserAllowed = $allowed; $elementBrowserAllowed = $allowed;
} }
$aOnClick = 'setFormValueOpenBrowser(\'' . $elementBrowserType . '\',\'' $aOnClick = 'setFormValueOpenBrowser(' . GeneralUtility::quoteJSvalue($elementBrowserType) . ','
. ($fName . '|||' . $elementBrowserAllowed . '|' . $aOnClickInline) . '\'); return false;'; . GeneralUtility::quoteJSvalue(($fName . '|||' . $elementBrowserAllowed . '|' . $aOnClickInline)) . '); return false;';
$icons['R'][] = ' $icons['R'][] = '
<a href="#" <a href="#"
onclick="' . htmlspecialchars($aOnClick) . '" onclick="' . htmlspecialchars($aOnClick) . '"
...@@ -651,10 +649,10 @@ abstract class AbstractFormElement extends AbstractNode { ...@@ -651,10 +649,10 @@ abstract class AbstractFormElement extends AbstractNode {
$elValue = $itemTable . '_' . $itemUid; $elValue = $itemTable . '_' . $itemUid;
} else { } else {
// 'file', 'file_reference' and 'folder' mode // 'file', 'file_reference' and 'folder' mode
$itemTitle = 'unescape(\'' . rawurlencode(basename($elValue)) . '\')'; $itemTitle = 'unescape(' . GeneralUtility::quoteJSvalue(rawurlencode(basename($elValue))) . ')';
} }
$aOnClick .= 'setFormValueFromBrowseWin(\'' . $fName . '\',unescape(\'' $aOnClick .= 'setFormValueFromBrowseWin(' . GeneralUtility::quoteJSvalue($fName) . ',unescape('
. rawurlencode(str_replace('%20', ' ', $elValue)) . '\'),' . $itemTitle . ',' . $itemTitle . ');'; . GeneralUtility::quoteJSvalue(rawurlencode(str_replace('%20', ' ', $elValue))) . '),' . $itemTitle . ',' . $itemTitle . ');';
} }
$aOnClick .= 'return false;'; $aOnClick .= 'return false;';
$icons['R'][] = ' $icons['R'][] = '
......
...@@ -82,15 +82,15 @@ class GroupElement extends AbstractFormElement { ...@@ -82,15 +82,15 @@ class GroupElement extends AbstractFormElement {
// If maxitems==1 then automatically replace the current item (in list and file selector) // If maxitems==1 then automatically replace the current item (in list and file selector)
if ($maxitems === 1) { if ($maxitems === 1) {
$resultArray['additionalJavaScriptPost'][] = $resultArray['additionalJavaScriptPost'][] =
'TBE_EDITOR.clearBeforeSettingFormValueFromBrowseWin[\'' . $parameterArray['itemFormElName'] . '\'] = { 'TBE_EDITOR.clearBeforeSettingFormValueFromBrowseWin[' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElName']) . '] = {
itemFormElID_file: ' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElID_file']) . ' itemFormElID_file: ' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElID_file']) . '
}'; }';
$parameterArray['fieldChangeFunc']['TBE_EDITOR_fieldChanged'] = 'setFormValueManipulate(\'' . $parameterArray['itemFormElName'] $parameterArray['fieldChangeFunc']['TBE_EDITOR_fieldChanged'] = 'setFormValueManipulate(' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElName'])
. '\', \'Remove\'); ' . $parameterArray['fieldChangeFunc']['TBE_EDITOR_fieldChanged']; . ', \'Remove\'); ' . $parameterArray['fieldChangeFunc']['TBE_EDITOR_fieldChanged'];
} elseif ($noList) { } elseif ($noList) {
// If the list controls have been removed and the maximum number is reached, remove the first entry to avoid "write once" field // If the list controls have been removed and the maximum number is reached, remove the first entry to avoid "write once" field
$parameterArray['fieldChangeFunc']['TBE_EDITOR_fieldChanged'] = 'setFormValueManipulate(\'' . $parameterArray['itemFormElName'] $parameterArray['fieldChangeFunc']['TBE_EDITOR_fieldChanged'] = 'setFormValueManipulate(' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElName'])
. '\', \'RemoveFirstIfFull\', \'' . $maxitems . '\'); ' . $parameterArray['fieldChangeFunc']['TBE_EDITOR_fieldChanged']; . ', \'RemoveFirstIfFull\', ' . GeneralUtility::quoteJSvalue($maxitems) . '); ' . $parameterArray['fieldChangeFunc']['TBE_EDITOR_fieldChanged'];
} }
$html = '<input type="hidden" name="' . $parameterArray['itemFormElName'] . '_mul" value="' . ($config['multiple'] ? 1 : 0) . '"' . $disabled . ' />'; $html = '<input type="hidden" name="' . $parameterArray['itemFormElName'] . '_mul" value="' . ($config['multiple'] ? 1 : 0) . '"' . $disabled . ' />';
...@@ -269,7 +269,7 @@ class GroupElement extends AbstractFormElement { ...@@ -269,7 +269,7 @@ class GroupElement extends AbstractFormElement {
$allowedTables[] = array( $allowedTables[] = array(
'name' => htmlspecialchars($languageService->sL($GLOBALS['TCA'][$allowedTable]['ctrl']['title'])), 'name' => htmlspecialchars($languageService->sL($GLOBALS['TCA'][$allowedTable]['ctrl']['title'])),
'icon' => IconUtility::getSpriteIconForRecord($allowedTable, array()), 'icon' => IconUtility::getSpriteIconForRecord($allowedTable, array()),
'onClick' => 'setFormValueOpenBrowser(\'db\', \'' . ($parameterArray['itemFormElName'] . '|||' . $allowedTable) . '\'); return false;' 'onClick' => 'setFormValueOpenBrowser(\'db\', ' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElName'] . '|||' . $allowedTable) . '); return false;'
); );
} }
} }
......
...@@ -187,7 +187,7 @@ class SelectSingleElement extends AbstractFormElement { ...@@ -187,7 +187,7 @@ class SelectSingleElement extends AbstractFormElement {
if ($icon && !$suppressIcons && (!$onlySelectedIconShown || $selected)) { if ($icon && !$suppressIcons && (!$onlySelectedIconShown || $selected)) {
$onClick = 'document.editform[' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElName']) . '].selectedIndex=' . $selectItemCounter . ';'; $onClick = 'document.editform[' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElName']) . '].selectedIndex=' . $selectItemCounter . ';';
if ($config['iconsInOptionTags']) { if ($config['iconsInOptionTags']) {
$onClick .= 'document.getElementById(\'' . $selectId . '_icon\').innerHTML = ' $onClick .= 'document.getElementById(' . GeneralUtility::quoteJSvalue($selectId . '_icon') . ').innerHTML = '
. 'document.editform[' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElName']) . ']' . 'document.editform[' . GeneralUtility::quoteJSvalue($parameterArray['itemFormElName']) . ']'
. '.options[' . $selectItemCounter . '].getAttribute(\'data-icon\'); '; . '.options[' . $selectItemCounter . '].getAttribute(\'data-icon\'); ';
} }
...@@ -230,7 +230,7 @@ class SelectSingleElement extends AbstractFormElement { ...@@ -230,7 +230,7 @@ class SelectSingleElement extends AbstractFormElement {
// Create item form fields: // Create item form fields:
$sOnChange = 'if (this.options[this.selectedIndex].value==\'--div--\') {this.selectedIndex=' . $selectedIndex . ';} '; $sOnChange = 'if (this.options[this.selectedIndex].value==\'--div--\') {this.selectedIndex=' . $selectedIndex . ';} ';
if ($config['iconsInOptionTags']) { if ($config['iconsInOptionTags']) {
$sOnChange .= 'document.getElementById(\'' . $selectId . '_icon\').innerHTML = this.options[this.selectedIndex].getAttribute(\'data-icon\'); '; $sOnChange .= 'document.getElementById(' . GeneralUtility::quoteJSvalue($selectId . '_icon') . ').innerHTML = this.options[this.selectedIndex].getAttribute(\'data-icon\'); ';
} }
$sOnChange .= implode('', $parameterArray['fieldChangeFunc']); $sOnChange .= implode('', $parameterArray['fieldChangeFunc']);
......
...@@ -570,14 +570,14 @@ class FormEngine { ...@@ -570,14 +570,14 @@ class FormEngine {
); );
$jsonArray['scriptCall'][] = 'inline.domAddRecordDetails(' . GeneralUtility::quoteJSvalue($domObjectId) . ',' . GeneralUtility::quoteJSvalue($objectPrefix) . ',' . ($expandSingle ? '1' : '0') . ',json.data);'; $jsonArray['scriptCall'][] = 'inline.domAddRecordDetails(' . GeneralUtility::quoteJSvalue($domObjectId) . ',' . GeneralUtility::quoteJSvalue($objectPrefix) . ',' . ($expandSingle ? '1' : '0') . ',json.data);';
if ($config['foreign_unique']) { if ($config['foreign_unique']) {
$jsonArray['scriptCall'][] = 'inline.removeUsed(\'' . $objectPrefix . '\',\'' . $record['uid'] . '\');'; $jsonArray['scriptCall'][] = 'inline.removeUsed(' . GeneralUtility::quoteJSvalue($objectPrefix) . ',' . GeneralUtility::quoteJSvalue($record['uid']) . ');';
} }
$jsonArray = $this->getInlineAjaxCommonScriptCalls($jsonArray, $config, $inlineFirstPid); $jsonArray = $this->getInlineAjaxCommonScriptCalls($jsonArray, $config, $inlineFirstPid);
// Collapse all other records if requested: // Collapse all other records if requested:
if (!$collapseAll && $expandSingle) { if (!$collapseAll && $expandSingle) {
$jsonArray['scriptCall'][] = 'inline.collapseAllRecords(\'' . $objectId . '\',\'' . $objectPrefix . '\',\'' . $record['uid'] . '\');'; $jsonArray['scriptCall'][] = 'inline.collapseAllRecords(' . GeneralUtility::quoteJSvalue($objectId) . ',' . GeneralUtility::quoteJSvalue($objectPrefix) . ',' . GeneralUtility::quoteJSvalue($record['uid']) . ');';
} }
return $jsonArray; return $jsonArray;
...@@ -702,24 +702,24 @@ class FormEngine { ...@@ -702,24 +702,24 @@ class FormEngine {
); );
if (!$current['uid']) { if (!$current['uid']) {
$jsonArray['scriptCall'][] = 'inline.domAddNewRecord(\'bottom\',\'' . $objectName . '_records\',\'' . $objectPrefix . '\',json.data);'; $jsonArray['scriptCall'][] = 'inline.domAddNewRecord(\'bottom\',' . GeneralUtility::quoteJSvalue($objectName . '_records') . ',' . GeneralUtility::quoteJSvalue($objectPrefix) . ',json.data);';
$jsonArray['scriptCall'][] = 'inline.memorizeAddRecord(\'' . $objectPrefix . '\',\'' . $record['uid'] . '\',null,\'' . $foreignUid . '\');'; $jsonArray['scriptCall'][] = 'inline.memorizeAddRecord(' . GeneralUtility::quoteJSvalue($objectPrefix) . ',' . GeneralUtility::quoteJSvalue($record['uid']) . ',null,' . GeneralUtility::quoteJSvalue($foreignUid) . ');';
} else { } else {
$jsonArray['scriptCall'][] = 'inline.domAddNewRecord(\'after\',\'' . $domObjectId . '_div' . '\',\'' . $objectPrefix . '\',json.data);'; $jsonArray['scriptCall'][] = 'inline.domAddNewRecord(\'after\',' . GeneralUtility::quoteJSvalue($domObjectId . '_div') . ',' . GeneralUtility::quoteJSvalue($objectPrefix) . ',json.data);';
$jsonArray['scriptCall'][] = 'inline.memorizeAddRecord(\'' . $objectPrefix . '\',\'' . $record['uid'] . '\',\'' . $current['uid'] . '\',\'' . $foreignUid . '\');'; $jsonArray['scriptCall'][] = 'inline.memorizeAddRecord(' . GeneralUtility::quoteJSvalue($objectPrefix) . ',' . GeneralUtility::quoteJSvalue($record['uid']) . ',' . GeneralUtility::quoteJSvalue($current['uid']) . ',' . GeneralUtility::quoteJSvalue($foreignUid) . ');';
} }
$jsonArray = $this->getInlineAjaxCommonScriptCalls($jsonArray, $config, $inlineFirstPid); $jsonArray = $this->getInlineAjaxCommonScriptCalls($jsonArray, $config, $inlineFirstPid);
// Collapse all other records if requested: // Collapse all other records if requested:
if (!$collapseAll && $expandSingle) { if (!$collapseAll && $expandSingle) {
$jsonArray['scriptCall'][] = 'inline.collapseAllRecords(\'' . $objectId . '\', \'' . $objectPrefix . '\', \'' . $record['uid'] . '\');'; $jsonArray['scriptCall'][] = 'inline.collapseAllRecords(' . GeneralUtility::quoteJSvalue($objectId) . ', ' . GeneralUtility::quoteJSvalue($objectPrefix) . ', ' . GeneralUtility::quoteJSvalue($record['uid']) . ');';
} }
// Tell the browser to scroll to the newly created record // Tell the browser to scroll to the newly created record
$jsonArray['scriptCall'][] = 'Element.scrollTo(\'' . $objectId . '_div\');'; $jsonArray['scriptCall'][] = 'Element.scrollTo(' . GeneralUtility::quoteJSvalue($objectId . '_div') . ');';
// Fade out and fade in the new record in the browser view to catch the user's eye // Fade out and fade in the new record in the browser view to catch the user's eye
$jsonArray['scriptCall'][] = 'inline.fadeOutFadeIn(\'' . $objectId . '_div\');'; $jsonArray['scriptCall'][] = 'inline.fadeOutFadeIn(' . GeneralUtility::quoteJSvalue($objectId . '_div') . ');';
return $jsonArray; return $jsonArray;
} }
...@@ -768,7 +768,7 @@ class FormEngine { ...@@ -768,7 +768,7 @@ class FormEngine {
$localizedItems = array_diff($newItems, $oldItems); $localizedItems = array_diff($newItems, $oldItems);
// Set the items that should be removed in the forms view: // Set the items that should be removed in the forms view:
foreach ($removedItems as $item) { foreach ($removedItems as $item) {
$jsonArray['scriptCall'][] = 'inline.deleteRecord(\'' . $nameObjectForeignTable . '-' . $item . '\', {forceDirectRemoval: true});'; $jsonArray['scriptCall'][] = 'inline.deleteRecord(' . GeneralUtility::quoteJSvalue($nameObjectForeignTable . '-' . $item) . ', {forceDirectRemoval: true});';
} }
// Set the items that should be added in the forms view: // Set the items that should be added in the forms view:
$html = ''; $html = '';
...@@ -776,7 +776,7 @@ class FormEngine { ...@@ -776,7 +776,7 @@ class FormEngine {
// @todo: This should be another container ... // @todo: This should be another container ...
foreach ($localizedItems as $item) { foreach ($localizedItems as $item) {
$row = $inlineRelatedRecordResolver->getRecord($current['table'], $item); $row = $inlineRelatedRecordResolver->getRecord($current['table'], $item);
$selectedValue = $foreignSelector ? '\'' . $row[$foreignSelector] . '\'' : 'null'; $selectedValue = $foreignSelector ? GeneralUtility::quoteJSvalue($row[$foreignSelector]) : 'null';
$options = $this->getConfigurationOptionsForChildElements(); $options = $this->getConfigurationOptionsForChildElements();
$options['databaseRow'] = array('uid' => $parent['uid']); $options['databaseRow'] = array('uid' => $parent['uid']);
...@@ -824,15 +824,15 @@ class FormEngine { ...@@ -824,15 +824,15 @@ class FormEngine {
} }
} }
$jsonArray['scriptCall'][] = 'inline.memorizeAddRecord(\'' . $nameObjectForeignTable . '\', \'' . $item . '\', null, ' . $selectedValue . ');'; $jsonArray['scriptCall'][] = 'inline.memorizeAddRecord(' . GeneralUtility::quoteJSvalue($nameObjectForeignTable) . ', ' . GeneralUtility::quoteJSvalue($item) . ', null, ' . $selectedValue . ');';
// Remove possible virtual records in the form which showed that a child records could be localized: // Remove possible virtual records in the form which showed that a child records could be localized:
if (isset($row[$transOrigPointerField]) && $row[$transOrigPointerField]) { if (isset($row[$transOrigPointerField]) && $row[$transOrigPointerField]) {
$jsonArray['scriptCall'][] = 'inline.fadeAndRemove(\'' . $nameObjectForeignTable . '-' . $row[$transOrigPointerField] . '_div' . '\');'; $jsonArray['scriptCall'][] = 'inline.fadeAndRemove(' . GeneralUtility::quoteJSvalue($nameObjectForeignTable . '-' . $row[$transOrigPointerField] . '_div') . ');';
} }
} }
if (!empty($html)) { if (!empty($html)) {
$jsonArray['data'] = $html; $jsonArray['data'] = $html;
array_unshift($jsonArray['scriptCall'], 'inline.domAddNewRecord(\'bottom\', \'' . $nameObject . '_records\', \'' . $nameObjectForeignTable . '\', json.data);'); array_unshift($jsonArray['scriptCall'], 'inline.domAddNewRecord(\'bottom\', ' . GeneralUtility::quoteJSvalue($nameObject . '_records') . ', ' . GeneralUtility::quoteJSvalue($nameObjectForeignTable) . ', json.data);');
} }
// @todo: Refactor this mess ... see other methods like getMainFields, too // @todo: Refactor this mess ... see other methods like getMainFields, too
...@@ -1045,7 +1045,7 @@ class FormEngine { ...@@ -1045,7 +1045,7 @@ class FormEngine {
// If script.aculo.us Sortable is used, update the Observer to know the record: // If script.aculo.us Sortable is used, update the Observer to know the record:
if ($config['appearance']['useSortable']) { if ($config['appearance']['useSortable']) {
$inlineObjectName = $this->inlineStackProcessor->getCurrentStructureDomObjectIdPrefix($inlineFirstPid); $inlineObjectName = $this->inlineStackProcessor->getCurrentStructureDomObjectIdPrefix($inlineFirstPid);
$jsonArray['scriptCall'][] = 'inline.createDragAndDropSorting(\'' . $inlineObjectName . '_records\');'; $jsonArray['scriptCall'][] = 'inline.createDragAndDropSorting(' . GeneralUtility::quoteJSvalue($inlineObjectName . '_records') . ');';
} }
// If FormEngine has some JavaScript code to be executed, just do it // If FormEngine has some JavaScript code to be executed, just do it
// @todo: this is done by JSBottom() already?! // @todo: this is done by JSBottom() already?!
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment