[Rt-commit] rt branch, 4.4/custom-field-html-option, created. rt-4.4.4-6-geb34176e5

Craig Kaiser craig at bestpractical.com
Wed Mar 20 11:50:08 EDT 2019


The branch, 4.4/custom-field-html-option has been created
        at  eb34176e56adf4ff806b4c3b130b7c1e8d8413b2 (commit)

- Log -----------------------------------------------------------------
commit eb34176e56adf4ff806b4c3b130b7c1e8d8413b2
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Wed Mar 20 11:25:43 2019 -0400

    Allow HTML to be escaped for custom fields on display
    
    If we are displaying the content of a customfield and the content is
    HTML content, it is useful to see the whole content escaped.

diff --git a/etc/upgrade/4.4.5/schema.Oracle b/etc/upgrade/4.4.5/schema.Oracle
new file mode 100644
index 000000000..9a1f0d778
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.Oracle
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD Escaped NUMBER(11,0) DEFAULT 0 NOT NULL;
diff --git a/etc/upgrade/4.4.5/schema.Pg b/etc/upgrade/4.4.5/schema.Pg
new file mode 100644
index 000000000..51bb06a44
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.Pg
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD COLUMN Escaped integer NOT NULL DEFAULT 0;
diff --git a/etc/upgrade/4.4.5/schema.SQLite b/etc/upgrade/4.4.5/schema.SQLite
new file mode 100644
index 000000000..d1a6e7368
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.SQLite
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD COLUMN Escaped int2 NOT NULL DEFAULT 0;
diff --git a/etc/upgrade/4.4.5/schema.mysql b/etc/upgrade/4.4.5/schema.mysql
new file mode 100644
index 000000000..d1a6e7368
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.mysql
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD COLUMN Escaped int2 NOT NULL DEFAULT 0;
diff --git a/lib/RT/CustomField.pm b/lib/RT/CustomField.pm
index c0dfd3d34..3bb9c12b1 100644
--- a/lib/RT/CustomField.pm
+++ b/lib/RT/CustomField.pm
@@ -271,6 +271,7 @@ sub Create {
         EntryHint              => undef,
         UniqueValues           => 0,
         CanonicalizeClass      => undef,
+        Escaped                => 0,
         @_,
     );
 
@@ -364,6 +365,7 @@ sub Create {
         LookupType        => $args{'LookupType'},
         UniqueValues      => $args{'UniqueValues'},
         CanonicalizeClass => $args{'CanonicalizeClass'},
+        Escaped           => $args{'Escaped'}
     );
 
     if ($rv) {
@@ -1188,6 +1190,30 @@ sub SetDisabled {
     }
 }
 
+sub Escaped {
+    my $self = shift;
+    my $val  = shift;
+
+    return $self->_Value('Escaped');
+}
+
+sub SetEscaped {
+    my $self = shift;
+    my $val  = shift;
+
+    my ($status, $msg) = $self->_Set(Field => 'Escaped', Value => $val);
+
+    unless ($status) {
+        return ($status, $msg);
+    }
+
+    if ( $val == 1 ) {
+        return (1, $self->loc("HTML escaping on display enabled"));
+    } else {
+        return (1, $self->loc("HTML escaping on display disabled"));
+    }
+}
+
 =head2 SetTypeComposite
 
 Set this custom field's type and maximum values as a composite value
diff --git a/share/html/Admin/CustomFields/Modify.html b/share/html/Admin/CustomFields/Modify.html
index 9067140ae..0cad660b4 100644
--- a/share/html/Admin/CustomFields/Modify.html
+++ b/share/html/Admin/CustomFields/Modify.html
@@ -74,14 +74,14 @@
 
 % if ( $CustomFieldObj->Id and $CustomFieldObj->HasRenderTypes ) {
 <tr>
-  <td class="label"><&|/l&>Render Type</&></td>
-  <td>
+    <td class="label"><&|/l&>Render Type</&></td>
+    <td>
     <& /Admin/Elements/SelectCustomFieldRenderType,
         Name            => "RenderType",
         TypeComposite   => $CustomFieldObj->TypeComposite,
         Default         => $CustomFieldObj->RenderType, 
         BasedOn         => $CustomFieldObj->BasedOnObj->id, &>
-  </td>
+    </td>
 </tr>
 % }
 
@@ -177,6 +177,14 @@ jQuery( function() {
 
 % $m->callback(CallbackName => 'BeforeEnabled', CustomField => $CustomFieldObj, CFvalidations => \@CFvalidations);
 
+% if ( grep { $CustomFieldObj->Type eq $_ } qw/Freeform Text/ ) {
+    <tr><td class="label"> </td><td>
+    <input type="hidden" class="hidden" name="SetEscaped" value="1" />
+    <input type="checkbox" class="checkbox" id="Escaped" name="Escaped" value="1" <% $EscapedChecked |n %> />
+    <label for="Escaped"><&|/l&>Escape HTML of custom field value</&></label>
+    </td></tr>
+% }
+
 <tr><td class="label"> </td><td>
 <input type="hidden" class="hidden" name="SetEnabled" value="1" />
 <input type="checkbox" class="checkbox" id="Enabled" name="Enabled" value="1" <% $EnabledChecked |n %> />
@@ -224,6 +232,7 @@ else {
             Disabled      => ($Enabled ? 0 : 1),
             EntryHint     => $EntryHint,
             UniqueValues  => $UniqueValues,
+            Escaped       => $Escaped
         );
         if (!$val) {
             push @results, loc("Could not create CustomField: [_1]", $msg);
@@ -248,8 +257,9 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
 
     # make sure the unchecked checkbox still causes an update
     $ARGS{UniqueValues} ||= 0 if $SetUniqueValues;
+    $ARGS{Escaped} ||= 0 if $SetEscaped;
 
-    my @attribs = qw(Disabled Pattern Name TypeComposite LookupType Description LinkValueTo IncludeContentForValue EntryHint UniqueValues);
+    my @attribs = qw(Escaped Disabled Pattern Name TypeComposite LookupType Description LinkValueTo IncludeContentForValue EntryHint UniqueValues);
 
     push @results, UpdateRecordObject(
         AttributesRef => \@attribs,
@@ -410,6 +420,9 @@ MaybeRedirectForResults(
 my $EnabledChecked = qq[checked="checked"];
 $EnabledChecked = '' if $CustomFieldObj->Disabled;
 
+my $EscapedChecked = '';
+$EscapedChecked = qq[checked="checked"] if $CustomFieldObj->Escaped;
+
 my $UniqueValuesChecked = qq[checked="checked"];
 $UniqueValuesChecked = '' if !$CustomFieldObj->UniqueValues;
 
@@ -442,4 +455,6 @@ $LinkValueTo => undef
 $IncludeContentForValue => undef
 $BasedOn => undef
 $EntryHint => undef
+$Escaped    => 0
+$SetEscaped => undef
 </%ARGS>
diff --git a/share/html/Elements/ShowCustomFieldText b/share/html/Elements/ShowCustomFieldText
index 7b763e601..47ed07e55 100644
--- a/share/html/Elements/ShowCustomFieldText
+++ b/share/html/Elements/ShowCustomFieldText
@@ -47,10 +47,15 @@
 %# END BPS TAGGED BLOCK }}}
 <%init>
  my $content = $Object->LargeContent || $Object->Content;
- $content = $m->comp('/Elements/ScrubHTML', Content => $content);
- $content =~ s|\n|<br />|g;
+ if ( $Escaped ) {
+    RT::Interface::Web::EscapeHTML(\$content);
+ } else {
+    $content = $m->comp('/Elements/ScrubHTML', Content => $content);
+    $content =~ s|\n|<br />|g;
+ }
 </%init>
 <%$content|n%>
 <%ARGS>
 $Object
+$Escaped  => 0
 </%ARGS>

-----------------------------------------------------------------------


More information about the rt-commit mailing list