diff options
Diffstat (limited to 'framework/Web/UI')
-rw-r--r-- | framework/Web/UI/THtmlWriter.php | 46 | ||||
-rw-r--r-- | framework/Web/UI/TTemplateManager.php | 23 |
2 files changed, 15 insertions, 54 deletions
diff --git a/framework/Web/UI/THtmlWriter.php b/framework/Web/UI/THtmlWriter.php index 2b2bbd4f..d9c0732b 100644 --- a/framework/Web/UI/THtmlWriter.php +++ b/framework/Web/UI/THtmlWriter.php @@ -113,61 +113,22 @@ class THtmlWriter extends TComponent implements ITextWriter private static $_attrEncode=array(
'abbr'=>true,
'accesskey'=>true,
- 'align'=>false,
'alt'=>true,
- 'autocomplete'=>false,
'axis'=>true,
'background'=>true,
- 'bgcolor'=>false,
- 'border'=>false,
- 'bordercolor'=>false,
- 'cellpadding'=>false,
- 'cellspacing'=>false,
- 'checked'=>false,
'class'=>true,
- 'cols'=>false,
- 'colspan'=>false,
'content'=>true,
- 'coords'=>false,
- 'dir'=>false,
- 'disabled'=>false,
- 'for'=>false,
'headers'=>true,
- 'height'=>false,
'href'=>true,
- 'id'=>false,
'longdesc'=>true,
- 'maxlength'=>false,
- 'multiple'=>false,
- 'name'=>false,
- 'nowrap'=>false,
'onclick'=>true,
'onchange'=>true,
- 'readonly'=>false,
- 'rel'=>false,
- 'rows'=>false,
- 'rowspan'=>false,
- 'rules'=>false,
- 'scope'=>false,
- 'selected'=>false,
- 'shape'=>false,
- 'size'=>false,
'src'=>true,
- 'style'=>false,
- 'tabindex'=>false,
- 'target'=>false,
'title'=>true,
- 'type'=>false,
- 'usemap'=>false,
- 'valign'=>false,
- 'value'=>true,
- 'vcard_name'=>false,
- 'width'=>false,
- 'wrap'=>false
+ 'value'=>true
);
private static $_styleEncode=array(
'background-image'=>true,
- 'font-family'=>false,
'list-style-image'=>true
);
private $_attributes=array();
@@ -198,10 +159,7 @@ class THtmlWriter extends TComponent implements ITextWriter public function addStyleAttribute($name,$value)
{
- if(isset(self::$_styleEncode[$name]))
- $this->_styles[$name]=THttpUtility::htmlEncode($value);
- else
- $this->_styles[$name]=$value;
+ $this->_styles[$name]=isset(self::$_styleEncode[$name])?THttpUtility::htmlEncode($value):$value;
}
public function flush()
diff --git a/framework/Web/UI/TTemplateManager.php b/framework/Web/UI/TTemplateManager.php index 7aa6f3b0..21a01b25 100644 --- a/framework/Web/UI/TTemplateManager.php +++ b/framework/Web/UI/TTemplateManager.php @@ -317,6 +317,7 @@ class TTemplate extends TComponent implements ITemplate */
protected function configureEvent($component,$name,$value)
{
+ $value=THttpUtility::htmlDecode($value);
if(strpos($value,'.')===false)
$component->attachEventHandler($name,array($component,'TemplateControl.'.$value));
else
@@ -336,27 +337,28 @@ class TTemplate extends TComponent implements ITemplate $setter='set'.$name;
if(is_array($value))
{
+ $v=THttpUtility::htmlDecode($value[1]);
switch($value[0])
{
case self::CONFIG_DATABIND:
- $component->bindProperty($name,$value[1]);
+ $component->bindProperty($name,$v);
break;
case self::CONFIG_EXPRESSION:
- $component->$setter($component->evaluateExpression($value[1]));
+ $component->$setter($component->evaluateExpression($v));
break;
case self::CONFIG_ASSET: // asset URL
- $url=$this->_assetManager->publishFilePath($this->_contextPath.'/'.$value[1]);
+ $url=$this->_assetManager->publishFilePath($this->_contextPath.'/'.$v);
$component->$setter($url);
break;
case self::CONFIG_PARAMETER: // application parameter
- $component->$setter(Prado::getApplication()->getParameters()->itemAt($value[1]));
+ $component->$setter(Prado::getApplication()->getParameters()->itemAt($v));
break;
default: // an error if reaching here
break;
}
}
else
- $component->$setter($value);
+ $component->$setter(THttpUtility::htmlDecode($value));
}
else
throw new TTemplateRuntimeException('template_property_readonly',get_class($component),$name);
@@ -372,27 +374,28 @@ class TTemplate extends TComponent implements ITemplate {
if(is_array($value))
{
+ $v=THttpUtility::htmlDecode($value[1]);
switch($value[0])
{
case self::CONFIG_DATABIND: // databinding
- $component->bindProperty($name,$value[1]);
+ $component->bindProperty($name,$v);
break;
case self::CONFIG_EXPRESSION: // expression
- $component->setSubProperty($name,$component->evaluateExpression($value[1]));
+ $component->setSubProperty($name,$component->evaluateExpression($v));
break;
case self::CONFIG_ASSET: // asset URL
- $url=$this->_assetManager->publishFilePath($this->_contextPath.'/'.$value[1]);
+ $url=$this->_assetManager->publishFilePath($this->_contextPath.'/'.$v);
$component->setSubProperty($name,$url);
break;
case self::CONFIG_PARAMETER: // application parameter
- $component->setSubProperty($name,Prado::getApplication()->getParameters()->itemAt($value[1]));
+ $component->setSubProperty($name,Prado::getApplication()->getParameters()->itemAt($v));
break;
default: // an error if reaching here
break;
}
}
else
- $component->setSubProperty($name,$value);
+ $component->setSubProperty($name,THttpUtility::htmlDecode($value));
}
/**
|