Skip to content

Commit

Permalink
Merge pull request #1852 from sharifzadesina/8.0
Browse files Browse the repository at this point in the history
[8.0] Only escape callable output of add and edit column.
  • Loading branch information
yajra authored Nov 23, 2018
2 parents f9a9714 + 530f264 commit 040eef2
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 41 deletions.
87 changes: 50 additions & 37 deletions src/Processors/DataProcessor.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,11 @@ class DataProcessor
*/
protected $includeIndex;

/**
* @var string
*/
protected $indexColumn;

/**
* @var array
*/
Expand Down Expand Up @@ -98,21 +103,17 @@ public function process($object = false)
$indexColumn = config('datatables.index_column', 'DT_RowIndex');

foreach ($this->results as $row) {
$data = Helper::convertToArray($row);
$value = $this->addColumns($data, $row);
$value = $this->editColumns($value, $row);
$value = $this->setupRowVariables($value, $row);
$value = $this->selectOnlyNeededColumns($value);
$value = $this->removeExcessColumns($value);

if ($this->includeIndex) {
$value[$indexColumn] = ++$this->start;
}

$data = $this->escapeRow(Helper::convertToArray($row));
$value = $this->addColumns($data, $row);
$value = $this->editColumns($value, $row);
$value = $this->setupRowVariables($value, $row);
$value = $this->selectOnlyNeededColumns($value);
$value = $this->removeExcessColumns($value);
$value = $this->addIndexColumn($value);
$this->output[] = $object ? $value : $this->flatten($value);
}

return $this->escapeColumns($this->output);
return $this->output;
}

/**
Expand All @@ -125,13 +126,28 @@ public function process($object = false)
protected function addColumns($data, $row)
{
foreach ($this->appendColumns as $key => $value) {
$value['content'] = Helper::compileContent($value['content'], $data, $row);
$value['content'] = Helper::compileContent($value['content'], $data, $row, $this->shouldEscapeColumn($key));
$data = Helper::includeInArray($value, $data);
}

return $data;
}

/**
* Process add index column.
*
* @param mixed $data
* @return array
*/
protected function addIndexColumn($data)
{
if ($this->includeIndex) {
$data[$this->indexColumn] = ++$this->start;
}

return $data;
}

/**
* Process edit columns.
*
Expand All @@ -142,7 +158,7 @@ protected function addColumns($data, $row)
protected function editColumns($data, $row)
{
foreach ($this->editColumns as $key => $value) {
$value['content'] = Helper::compileContent($value['content'], $data, $row);
$value['content'] = Helper::compileContent($value['content'], $data, $row, $this->shouldEscapeColumn($key));
Arr::set($data, $value['name'], $value['content']);
}

Expand Down Expand Up @@ -207,6 +223,7 @@ protected function removeExcessColumns(array $data)
public function flatten(array $array)
{
$return = [];

foreach ($array as $key => $value) {
if (in_array($key, $this->exceptions)) {
$return[$key] = $value;
Expand All @@ -218,28 +235,6 @@ public function flatten(array $array)
return $return;
}

/**
* Escape column values as declared.
*
* @param array $output
* @return array
*/
protected function escapeColumns(array $output)
{
return array_map(function ($row) {
if ($this->escapeColumns == '*') {
$row = $this->escapeRow($row);
} elseif (is_array($this->escapeColumns)) {
$columns = array_diff($this->escapeColumns, $this->rawColumns);
foreach ($columns as $key) {
array_set($row, $key, e(array_get($row, $key)));
}
}

return $row;
}, $output);
}

/**
* Escape all values of row.
*
Expand All @@ -249,8 +244,9 @@ protected function escapeColumns(array $output)
protected function escapeRow(array $row)
{
$arrayDot = array_filter(array_dot($row));

foreach ($arrayDot as $key => $value) {
if (! in_array($key, $this->rawColumns)) {
if ($this->shouldEscapeColumn($key)) {
$arrayDot[$key] = e($value);
}
}
Expand All @@ -261,4 +257,21 @@ protected function escapeRow(array $row)

return $row;
}

/**
* Whether to escape column or no.
*
* @param string $key
* @return bool
*/
protected function shouldEscapeColumn($key)
{
if ($this->escapeColumns === '*') {
return ! in_array($key, $this->rawColumns); // escape if is not a raw column
} elseif (is_array($this->escapeColumns)) {
return in_array($key, array_diff($this->escapeColumns, $this->rawColumns));
} else {
return false;
}
}
}
9 changes: 5 additions & 4 deletions src/Utilities/Helper.php
Original file line number Diff line number Diff line change
Expand Up @@ -54,17 +54,18 @@ protected static function isItemOrderInvalid($item, $array)
* @param mixed $content Pre-processed content
* @param array $data data to use with blade template
* @param mixed $param parameter to call with callable
* @param bool $escape whether to escape the output of the callable
* @return mixed
*/
public static function compileContent($content, array $data, $param)
public static function compileContent($content, array $data, $param, $escape = true)
{
if (is_string($content)) {
return static::compileBlade($content, static::getMixedValue($data, $param));
} elseif (is_callable($content)) {
return $content($param);
return $escape ? e($content($param)) : $content($param);
} else {
return $content;
}

return $content;
}

/**
Expand Down
1 change: 1 addition & 0 deletions src/config/datatables.php
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<?php

return [

/*
* DataTables search options.
*/
Expand Down

0 comments on commit 040eef2

Please sign in to comment.