php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-06 14:19:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix #19462: Fix validator client options to encode HTML tags

Browse Source
This commit is contained in:
Bizley
2022-07-29 12:15:54 +02:00
committed by GitHub
parent 009961963c
commit 59f69fc9cd
13 changed files with 52 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
framework/validators/BooleanValidator.php
View File

@ -8,6 +8,7 @@
namespace yii\validators;
use Yii;
use yii\helpers\Json;
/**
* BooleanValidator checks if the attribute value is a boolean value.
@ -76,7 +77,7 @@ class BooleanValidator extends Validator
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'yii.validation.boolean(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
return 'yii.validation.boolean(value, messages, ' . Json::htmlEncode($options) . ');';
}
/**

3
framework/validators/CompareValidator.php
View File

@ -10,6 +10,7 @@ namespace yii\validators;
use Yii;
use yii\base\InvalidConfigException;
use yii\helpers\Html;
use yii\helpers\Json;
/**
* CompareValidator compares the specified attribute value with another value.
@ -234,7 +235,7 @@ class CompareValidator extends Validator
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'yii.validation.compare(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ', $form);';
return 'yii.validation.compare(value, messages, ' . Json::htmlEncode($options) . ', $form);';
}
/**

2
framework/validators/FileValidator.php
View File

@ -432,7 +432,7 @@ class FileValidator extends Validator
{
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'yii.validation.file(attribute, messages, ' . Json::encode($options) . ');';
return 'yii.validation.file(attribute, messages, ' . Json::htmlEncode($options) . ');';
}
/**

3
framework/validators/FilterValidator.php
View File

@ -8,6 +8,7 @@
namespace yii\validators;
use yii\base\InvalidConfigException;
use yii\helpers\Json;
/**
* FilterValidator converts the attribute value according to a filter.
@ -93,7 +94,7 @@ class FilterValidator extends Validator
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'value = yii.validation.trim($form, attribute, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ', value);';
return 'value = yii.validation.trim($form, attribute, ' . Json::htmlEncode($options) . ', value);';
}
/**

3
framework/validators/ImageValidator.php
View File

@ -8,6 +8,7 @@
namespace yii\validators;
use Yii;
use yii\helpers\Json;
use yii\web\UploadedFile;
/**
@ -166,7 +167,7 @@ class ImageValidator extends FileValidator
{
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'yii.validation.image(attribute, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ', deferred);';
return 'yii.validation.image(attribute, messages, ' . Json::htmlEncode($options) . ', deferred);';
}
/**

3
framework/validators/RangeValidator.php
View File

@ -10,6 +10,7 @@ namespace yii\validators;
use Yii;
use yii\base\InvalidConfigException;
use yii\helpers\ArrayHelper;
use yii\helpers\Json;
/**
* RangeValidator validates that the attribute value is among a list of values.
@ -111,7 +112,7 @@ class RangeValidator extends Validator
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'yii.validation.range(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
return 'yii.validation.range(value, messages, ' . Json::htmlEncode($options) . ');';
}
/**

3
framework/validators/RequiredValidator.php
View File

@ -8,6 +8,7 @@
namespace yii\validators;
use Yii;
use yii\helpers\Json;
/**
* RequiredValidator validates that the specified attribute does not have null or empty value.
@ -93,7 +94,7 @@ class RequiredValidator extends Validator
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'yii.validation.required(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
return 'yii.validation.required(value, messages, ' . Json::htmlEncode($options) . ');';
}
/**

3
framework/validators/StringValidator.php
View File

@ -8,6 +8,7 @@
namespace yii\validators;
use Yii;
use yii\helpers\Json;
/**
* StringValidator validates that the attribute value is of certain length.
@ -168,7 +169,7 @@ class StringValidator extends Validator
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'yii.validation.string(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
return 'yii.validation.string(value, messages, ' . Json::htmlEncode($options) . ');';
}
/**

4
framework/validators/TrimValidator.php
View File

@ -7,6 +7,8 @@
namespace yii\validators;
use yii\helpers\Json;
/**
* This class converts the attribute value(s) to string(s) and strip characters.
*
@ -65,7 +67,7 @@ class TrimValidator extends Validator
ValidationAsset::register($view);
$options = $this->getClientOptions($model, $attribute);
return 'value = yii.validation.trim($form, attribute, ' . json_encode($options) . ', value);';
return 'value = yii.validation.trim($form, attribute, ' . Json::htmlEncode($options) . ', value);';
}
/**