From a3f64a4214fe0ae29ecea298542a15c6a0071a45 Mon Sep 17 00:00:00 2001 From: "ctrlaltca@gmail.com" <> Date: Sun, 25 Mar 2012 20:51:49 +0000 Subject: Reworked the patch for #391; now a TComponent-based controls can contain methods prefixed by "js" to indicate that those methods can receive raw javascript. Such methods can be called both in a xss-safe, javascript-encoded way: $xxx->Property="yyy" and in a raw-javascript way: $xxx->jsProperty="zzz". Patch by gabor, documentation is on the way --- framework/Web/UI/TTemplateManager.php | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) (limited to 'framework/Web/UI/TTemplateManager.php') diff --git a/framework/Web/UI/TTemplateManager.php b/framework/Web/UI/TTemplateManager.php index 566f6876..41ff76e1 100644 --- a/framework/Web/UI/TTemplateManager.php +++ b/framework/Web/UI/TTemplateManager.php @@ -423,17 +423,10 @@ class TTemplate extends TApplicationComponent implements ITemplate { if(strncasecmp($name,'on',2)===0) // is an event $this->configureEvent($control,$name,$value,$control); - else { - if(strncasecmp($name,'js',2)===0) - { - $name=substr($name,2); - $value=TJavaScript::quoteJsLiteral($value); - } - if(($pos=strrpos($name,'.'))===false) // is a simple property or custom attribute - $this->configureProperty($control,$name,$value); - else // is a subproperty - $this->configureSubProperty($control,$name,$value); - } + else if(($pos=strrpos($name,'.'))===false) // is a simple property or custom attribute + $this->configureProperty($control,$name,$value); + else // is a subproperty + $this->configureSubProperty($control,$name,$value); } /** @@ -513,6 +506,9 @@ class TTemplate extends TApplicationComponent implements ITemplate } else { + if (substr($name,0,2)=='js') + if ($value and !($value instanceof TJavaScriptLiteral)) + $value = new TJavaScriptLiteral($value); $setter='set'.$name; $component->$setter($value); } @@ -944,12 +940,10 @@ class TTemplate extends TApplicationComponent implements ITemplate } else { - if(strncasecmp($name,'js',2)===0) - $name=substr($name, 2); // a simple property - if(!$class->hasMethod('set'.$name)) + if (! ($class->hasMethod('set'.$name) || $class->hasMethod('setjs'.$name)) ) { - if($class->hasMethod('get'.$name)) + if ($class->hasMethod('get'.$name) || $class->hasMethod('getjs'.$name)) throw new TConfigurationException('template_property_readonly',$type,$name); else throw new TConfigurationException('template_property_unknown',$type,$name); -- cgit v1.2.3