[Rt-commit] rt branch, 4.4/custom-field-html-option, created. rt-4.4.4-6-gc0a17ddad
Craig Kaiser
craig at bestpractical.com
Wed Mar 20 13:43:06 EDT 2019
The branch, 4.4/custom-field-html-option has been created
at c0a17ddad900308fe7989ef2df8136f4ebd06c59 (commit)
- Log -----------------------------------------------------------------
commit c0a17ddad900308fe7989ef2df8136f4ebd06c59
Author: Craig Kaiser <craig at bestpractical.com>
Date: Wed Mar 20 11:25:43 2019 -0400
Allow HTML to be escaped for custom fields on display
If we are displaying the content of a customfield and the content is
HTML content, it is useful to see the whole content escaped.
diff --git a/etc/schema.Oracle b/etc/schema.Oracle
index b3e677b82..c8b79f6d9 100644
--- a/etc/schema.Oracle
+++ b/etc/schema.Oracle
@@ -364,7 +364,8 @@ CREATE TABLE CustomFields (
Created DATE,
LastUpdatedBy NUMBER(11,0) DEFAULT 0 NOT NULL,
LastUpdated DATE,
- Disabled NUMBER(11,0) DEFAULT 0 NOT NULL
+ Disabled NUMBER(11,0) DEFAULT 0 NOT NULL,
+ Escaped NUMBER(11,0) DEFAULT 0 NOT NULL
);
diff --git a/etc/schema.Pg b/etc/schema.Pg
index aa4b437e0..85da31243 100644
--- a/etc/schema.Pg
+++ b/etc/schema.Pg
@@ -550,6 +550,7 @@ CREATE TABLE CustomFields (
LastUpdatedBy integer NOT NULL DEFAULT 0 ,
LastUpdated TIMESTAMP NULL ,
Disabled integer NOT NULL DEFAULT 0 ,
+ Escaped integer NOT NULL DEFAULT 0 ,
PRIMARY KEY (id)
);
diff --git a/etc/schema.SQLite b/etc/schema.SQLite
index f8e6ae932..2384de52a 100644
--- a/etc/schema.SQLite
+++ b/etc/schema.SQLite
@@ -396,6 +396,7 @@ CREATE TABLE CustomFields (
LastUpdatedBy integer NOT NULL DEFAULT 0 ,
LastUpdated DATETIME NULL ,
Disabled int2 NOT NULL DEFAULT 0 ,
+ Escaped int2 NOT NULL DEFAULT 0 ,
PRIMARY KEY (id)
) ;
diff --git a/etc/schema.mysql b/etc/schema.mysql
index eefc145ca..70a9f4e28 100644
--- a/etc/schema.mysql
+++ b/etc/schema.mysql
@@ -368,6 +368,7 @@ CREATE TABLE CustomFields (
LastUpdatedBy integer NOT NULL DEFAULT 0 ,
LastUpdated DATETIME NULL ,
Disabled int2 NOT NULL DEFAULT 0 ,
+ Escaped int2 NOT NULL DEFAULT 0 ,
PRIMARY KEY (id)
) ENGINE=InnoDB CHARACTER SET utf8;
diff --git a/etc/upgrade/4.4.5/schema.Oracle b/etc/upgrade/4.4.5/schema.Oracle
new file mode 100644
index 000000000..9a1f0d778
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.Oracle
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD Escaped NUMBER(11,0) DEFAULT 0 NOT NULL;
diff --git a/etc/upgrade/4.4.5/schema.Pg b/etc/upgrade/4.4.5/schema.Pg
new file mode 100644
index 000000000..51bb06a44
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.Pg
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD COLUMN Escaped integer NOT NULL DEFAULT 0;
diff --git a/etc/upgrade/4.4.5/schema.SQLite b/etc/upgrade/4.4.5/schema.SQLite
new file mode 100644
index 000000000..d1a6e7368
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.SQLite
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD COLUMN Escaped int2 NOT NULL DEFAULT 0;
diff --git a/etc/upgrade/4.4.5/schema.mysql b/etc/upgrade/4.4.5/schema.mysql
new file mode 100644
index 000000000..d1a6e7368
--- /dev/null
+++ b/etc/upgrade/4.4.5/schema.mysql
@@ -0,0 +1 @@
+ALTER TABLE CustomFields ADD COLUMN Escaped int2 NOT NULL DEFAULT 0;
diff --git a/lib/RT/CustomField.pm b/lib/RT/CustomField.pm
index c0dfd3d34..3bb9c12b1 100644
--- a/lib/RT/CustomField.pm
+++ b/lib/RT/CustomField.pm
@@ -271,6 +271,7 @@ sub Create {
EntryHint => undef,
UniqueValues => 0,
CanonicalizeClass => undef,
+ Escaped => 0,
@_,
);
@@ -364,6 +365,7 @@ sub Create {
LookupType => $args{'LookupType'},
UniqueValues => $args{'UniqueValues'},
CanonicalizeClass => $args{'CanonicalizeClass'},
+ Escaped => $args{'Escaped'}
);
if ($rv) {
@@ -1188,6 +1190,30 @@ sub SetDisabled {
}
}
+sub Escaped {
+ my $self = shift;
+ my $val = shift;
+
+ return $self->_Value('Escaped');
+}
+
+sub SetEscaped {
+ my $self = shift;
+ my $val = shift;
+
+ my ($status, $msg) = $self->_Set(Field => 'Escaped', Value => $val);
+
+ unless ($status) {
+ return ($status, $msg);
+ }
+
+ if ( $val == 1 ) {
+ return (1, $self->loc("HTML escaping on display enabled"));
+ } else {
+ return (1, $self->loc("HTML escaping on display disabled"));
+ }
+}
+
=head2 SetTypeComposite
Set this custom field's type and maximum values as a composite value
diff --git a/share/html/Admin/CustomFields/Modify.html b/share/html/Admin/CustomFields/Modify.html
index 9067140ae..0cad660b4 100644
--- a/share/html/Admin/CustomFields/Modify.html
+++ b/share/html/Admin/CustomFields/Modify.html
@@ -74,14 +74,14 @@
% if ( $CustomFieldObj->Id and $CustomFieldObj->HasRenderTypes ) {
<tr>
- <td class="label"><&|/l&>Render Type</&></td>
- <td>
+ <td class="label"><&|/l&>Render Type</&></td>
+ <td>
<& /Admin/Elements/SelectCustomFieldRenderType,
Name => "RenderType",
TypeComposite => $CustomFieldObj->TypeComposite,
Default => $CustomFieldObj->RenderType,
BasedOn => $CustomFieldObj->BasedOnObj->id, &>
- </td>
+ </td>
</tr>
% }
@@ -177,6 +177,14 @@ jQuery( function() {
% $m->callback(CallbackName => 'BeforeEnabled', CustomField => $CustomFieldObj, CFvalidations => \@CFvalidations);
+% if ( grep { $CustomFieldObj->Type eq $_ } qw/Freeform Text/ ) {
+ <tr><td class="label"> </td><td>
+ <input type="hidden" class="hidden" name="SetEscaped" value="1" />
+ <input type="checkbox" class="checkbox" id="Escaped" name="Escaped" value="1" <% $EscapedChecked |n %> />
+ <label for="Escaped"><&|/l&>Escape HTML of custom field value</&></label>
+ </td></tr>
+% }
+
<tr><td class="label"> </td><td>
<input type="hidden" class="hidden" name="SetEnabled" value="1" />
<input type="checkbox" class="checkbox" id="Enabled" name="Enabled" value="1" <% $EnabledChecked |n %> />
@@ -224,6 +232,7 @@ else {
Disabled => ($Enabled ? 0 : 1),
EntryHint => $EntryHint,
UniqueValues => $UniqueValues,
+ Escaped => $Escaped
);
if (!$val) {
push @results, loc("Could not create CustomField: [_1]", $msg);
@@ -248,8 +257,9 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
# make sure the unchecked checkbox still causes an update
$ARGS{UniqueValues} ||= 0 if $SetUniqueValues;
+ $ARGS{Escaped} ||= 0 if $SetEscaped;
- my @attribs = qw(Disabled Pattern Name TypeComposite LookupType Description LinkValueTo IncludeContentForValue EntryHint UniqueValues);
+ my @attribs = qw(Escaped Disabled Pattern Name TypeComposite LookupType Description LinkValueTo IncludeContentForValue EntryHint UniqueValues);
push @results, UpdateRecordObject(
AttributesRef => \@attribs,
@@ -410,6 +420,9 @@ MaybeRedirectForResults(
my $EnabledChecked = qq[checked="checked"];
$EnabledChecked = '' if $CustomFieldObj->Disabled;
+my $EscapedChecked = '';
+$EscapedChecked = qq[checked="checked"] if $CustomFieldObj->Escaped;
+
my $UniqueValuesChecked = qq[checked="checked"];
$UniqueValuesChecked = '' if !$CustomFieldObj->UniqueValues;
@@ -442,4 +455,6 @@ $LinkValueTo => undef
$IncludeContentForValue => undef
$BasedOn => undef
$EntryHint => undef
+$Escaped => 0
+$SetEscaped => undef
</%ARGS>
diff --git a/share/html/Elements/ShowCustomFieldText b/share/html/Elements/ShowCustomFieldText
index 7b763e601..47ed07e55 100644
--- a/share/html/Elements/ShowCustomFieldText
+++ b/share/html/Elements/ShowCustomFieldText
@@ -47,10 +47,15 @@
%# END BPS TAGGED BLOCK }}}
<%init>
my $content = $Object->LargeContent || $Object->Content;
- $content = $m->comp('/Elements/ScrubHTML', Content => $content);
- $content =~ s|\n|<br />|g;
+ if ( $Escaped ) {
+ RT::Interface::Web::EscapeHTML(\$content);
+ } else {
+ $content = $m->comp('/Elements/ScrubHTML', Content => $content);
+ $content =~ s|\n|<br />|g;
+ }
</%init>
<%$content|n%>
<%ARGS>
$Object
+$Escaped => 0
</%ARGS>
-----------------------------------------------------------------------
More information about the rt-commit
mailing list