[Rt-commit] rt branch, 4.4/custom-field-html-option, created. rt-4.4.4-6-g905b65e3d
Craig Kaiser
craig at bestpractical.com
Mon Apr 8 11:47:28 EDT 2019
The branch, 4.4/custom-field-html-option has been created
at 905b65e3df96d9a26cf1722548b6413930e753d5 (commit)
- Log -----------------------------------------------------------------
commit 905b65e3df96d9a26cf1722548b6413930e753d5
Author: Craig Kaiser <craig at bestpractical.com>
Date: Wed Mar 20 11:25:43 2019 -0400
Allow HTML to be escaped for custom fields on display
If we are displaying the content of a customfield and the content is
HTML content, it is useful to see the whole content escaped.
diff --git a/etc/schema.Oracle b/etc/schema.Oracle
index b3e677b82..beac4cb01 100644
--- a/etc/schema.Oracle
+++ b/etc/schema.Oracle
@@ -364,7 +364,8 @@ CREATE TABLE CustomFields (
Created DATE,
LastUpdatedBy NUMBER(11,0) DEFAULT 0 NOT NULL,
LastUpdated DATE,
- Disabled NUMBER(11,0) DEFAULT 0 NOT NULL
+ Disabled NUMBER(11,0) DEFAULT 0 NOT NULL,
+ EscapeHTML NUMBER(11,0) DEFAULT 0 NOT NULL
);
diff --git a/etc/schema.Pg b/etc/schema.Pg
index aa4b437e0..7143ac749 100644
--- a/etc/schema.Pg
+++ b/etc/schema.Pg
@@ -550,6 +550,7 @@ CREATE TABLE CustomFields (
LastUpdatedBy integer NOT NULL DEFAULT 0 ,
LastUpdated TIMESTAMP NULL ,
Disabled integer NOT NULL DEFAULT 0 ,
+ EscapeHTML integer NOT NULL DEFAULT 0 ,
PRIMARY KEY (id)
);
diff --git a/etc/schema.SQLite b/etc/schema.SQLite
index f8e6ae932..f34827ec9 100644
--- a/etc/schema.SQLite
+++ b/etc/schema.SQLite
@@ -396,6 +396,7 @@ CREATE TABLE CustomFields (
LastUpdatedBy integer NOT NULL DEFAULT 0 ,
LastUpdated DATETIME NULL ,
Disabled int2 NOT NULL DEFAULT 0 ,
+ EscapeHTML int2 NOT NULL DEFAULT 0 ,
PRIMARY KEY (id)
) ;
diff --git a/etc/schema.mysql b/etc/schema.mysql
index eefc145ca..807f0c919 100644
--- a/etc/schema.mysql
+++ b/etc/schema.mysql
@@ -368,6 +368,7 @@ CREATE TABLE CustomFields (
LastUpdatedBy integer NOT NULL DEFAULT 0 ,
LastUpdated DATETIME NULL ,
Disabled int2 NOT NULL DEFAULT 0 ,
+ EscapeHTML int2 NOT NULL DEFAULT 0 ,
PRIMARY KEY (id)
) ENGINE=InnoDB CHARACTER SET utf8;
diff --git a/etc/upgrade/4.4.5/schema.Oracle b/etc/upgrade/4.4.5/schema.Oracle
new file mode 100644
index 000000000..f6d732664
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.Oracle
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD EscapeHTML NUMBER(11,0) DEFAULT 0 NOT NULL;
diff --git a/etc/upgrade/4.4.5/schema.Pg b/etc/upgrade/4.4.5/schema.Pg
new file mode 100644
index 000000000..5a1bc26f1
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.Pg
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD COLUMN EscapeHTML integer NOT NULL DEFAULT 0;
diff --git a/etc/upgrade/4.4.5/schema.SQLite b/etc/upgrade/4.4.5/schema.SQLite
new file mode 100644
index 000000000..fc5413b2f
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.SQLite
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD COLUMN EscapeHTML int2 NOT NULL DEFAULT 0;
diff --git a/etc/upgrade/4.4.5/schema.mysql b/etc/upgrade/4.4.5/schema.mysql
new file mode 100644
index 000000000..fc5413b2f
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.mysql
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD COLUMN EscapeHTML int2 NOT NULL DEFAULT 0;
diff --git a/lib/RT/CustomField.pm b/lib/RT/CustomField.pm
index c0dfd3d34..d9c0765d4 100644
--- a/lib/RT/CustomField.pm
+++ b/lib/RT/CustomField.pm
@@ -271,6 +271,7 @@ sub Create {
EntryHint => undef,
UniqueValues => 0,
CanonicalizeClass => undef,
+ EscapeHTML => 0,
@_,
);
@@ -364,6 +365,7 @@ sub Create {
LookupType => $args{'LookupType'},
UniqueValues => $args{'UniqueValues'},
CanonicalizeClass => $args{'CanonicalizeClass'},
+ EscapeHTML => $args{'EscapeHTML'}
);
if ($rv) {
@@ -1188,6 +1190,30 @@ sub SetDisabled {
}
}
+sub EscapeHTML {
+ my $self = shift;
+ my $val = shift;
+
+ return $self->_Value('EscapeHTML');
+}
+
+sub SetEscapeHTML {
+ my $self = shift;
+ my $val = shift;
+
+ my ($status, $msg) = $self->_Set(Field => 'EscapeHTML', Value => $val);
+
+ unless ($status) {
+ return ($status, $msg);
+ }
+
+ if ( $val == 1 ) {
+ return (1, $self->loc("HTML escaping on display enabled"));
+ } else {
+ return (1, $self->loc("HTML escaping on display disabled"));
+ }
+}
+
=head2 SetTypeComposite
Set this custom field's type and maximum values as a composite value
diff --git a/share/html/Admin/CustomFields/Modify.html b/share/html/Admin/CustomFields/Modify.html
index 9067140ae..2b1e006e8 100644
--- a/share/html/Admin/CustomFields/Modify.html
+++ b/share/html/Admin/CustomFields/Modify.html
@@ -177,6 +177,14 @@ jQuery( function() {
% $m->callback(CallbackName => 'BeforeEnabled', CustomField => $CustomFieldObj, CFvalidations => \@CFvalidations);
+% if ( grep { $CustomFieldObj->Type eq $_ } qw/Freeform Text/ ) {
+ <tr><td class="label"> </td><td>
+ <input type="hidden" class="hidden" name="SetEscapeHTML" value="1" />
+ <input type="checkbox" class="checkbox" id="EscapeHTML" name="EscapeHTML" value="1" <% $EscapeHTMLChecked |n %> />
+ <label for="EscapeHTML"><&|/l&>Escape HTML of custom field value</&></label>
+ </td></tr>
+% }
+
<tr><td class="label"> </td><td>
<input type="hidden" class="hidden" name="SetEnabled" value="1" />
<input type="checkbox" class="checkbox" id="Enabled" name="Enabled" value="1" <% $EnabledChecked |n %> />
@@ -224,6 +232,7 @@ else {
Disabled => ($Enabled ? 0 : 1),
EntryHint => $EntryHint,
UniqueValues => $UniqueValues,
+ EscapeHTML => $EscapeHTML
);
if (!$val) {
push @results, loc("Could not create CustomField: [_1]", $msg);
@@ -248,8 +257,9 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
# make sure the unchecked checkbox still causes an update
$ARGS{UniqueValues} ||= 0 if $SetUniqueValues;
+ $ARGS{EscapeHTML} ||= 0 if $SetEscapeHTML;
- my @attribs = qw(Disabled Pattern Name TypeComposite LookupType Description LinkValueTo IncludeContentForValue EntryHint UniqueValues);
+ my @attribs = qw(EscapeHTML Disabled Pattern Name TypeComposite LookupType Description LinkValueTo IncludeContentForValue EntryHint UniqueValues);
push @results, UpdateRecordObject(
AttributesRef => \@attribs,
@@ -410,6 +420,9 @@ MaybeRedirectForResults(
my $EnabledChecked = qq[checked="checked"];
$EnabledChecked = '' if $CustomFieldObj->Disabled;
+my $EscapeHTMLChecked = '';
+$EscapeHTMLChecked = qq[checked="checked"] if $CustomFieldObj->EscapeHTML;
+
my $UniqueValuesChecked = qq[checked="checked"];
$UniqueValuesChecked = '' if !$CustomFieldObj->UniqueValues;
@@ -442,4 +455,6 @@ $LinkValueTo => undef
$IncludeContentForValue => undef
$BasedOn => undef
$EntryHint => undef
+$EscapeHTML => 0
+$SetEscapeHTML => undef
</%ARGS>
diff --git a/share/html/Elements/ShowCustomFieldText b/share/html/Elements/ShowCustomFieldText
index 7b763e601..a2d97de1e 100644
--- a/share/html/Elements/ShowCustomFieldText
+++ b/share/html/Elements/ShowCustomFieldText
@@ -47,10 +47,15 @@
%# END BPS TAGGED BLOCK }}}
<%init>
my $content = $Object->LargeContent || $Object->Content;
- $content = $m->comp('/Elements/ScrubHTML', Content => $content);
- $content =~ s|\n|<br />|g;
+ if ( $EscapeHTML ) {
+ RT::Interface::Web::EscapeHTML(\$content);
+ } else {
+ $content = $m->comp('/Elements/ScrubHTML', Content => $content);
+ $content =~ s|\n|<br />|g;
+ }
</%init>
<%$content|n%>
<%ARGS>
$Object
+$EscapeHTML => 0
</%ARGS>
-----------------------------------------------------------------------
More information about the rt-commit
mailing list