Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.0] Only escape callable output of add and edit column. #1852

Merged
merged 12 commits into from
Nov 23, 2018
Merged

[8.0] Only escape callable output of add and edit column. #1852

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
55a8cfb
Only escape callable output
sharifzadesina Sep 22, 2018
d4bf989
Bug fix
sharifzadesina Sep 25, 2018
feb034a
Trying to fix failed test
Oct 12, 2018
b1e98d5
Fix CS, Fix Bug
Oct 12, 2018
194255a
Merge branch '8.0' into 8.0
sharifzadesina Oct 13, 2018
9a2bca4
Move index column to last
sharifzadesina Oct 17, 2018
416d64b
Removes the raw param
sharifzadesina Oct 17, 2018
75349dc
Fix bug
sharifzadesina Oct 17, 2018
c13af4b
Improve
sharifzadesina Oct 17, 2018
93ed4e3
Use old index column name
sharifzadesina Oct 17, 2018
afc4b4e
Fix escape operation
sharifzadesina Oct 18, 2018
530f264
Merge branch '8.0' into 8.0
yajra Nov 7, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 50 additions & 37 deletions src/Processors/DataProcessor.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,11 @@ class DataProcessor
*/
protected $includeIndex;

/**
* @var string
*/
protected $indexColumn;

/**
* @var array
*/
Expand Down Expand Up @@ -98,21 +103,17 @@ public function process($object = false)
$indexColumn = config('datatables.index_column', 'DT_RowIndex');

foreach ($this->results as $row) {
$data = Helper::convertToArray($row);
$value = $this->addColumns($data, $row);
$value = $this->editColumns($value, $row);
$value = $this->setupRowVariables($value, $row);
$value = $this->selectOnlyNeededColumns($value);
$value = $this->removeExcessColumns($value);

if ($this->includeIndex) {
$value[$indexColumn] = ++$this->start;
}

$data = $this->escapeRow(Helper::convertToArray($row));
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be the last process in order to capture added / edited data.

$value = $this->addColumns($data, $row);
$value = $this->editColumns($value, $row);
$value = $this->setupRowVariables($value, $row);
$value = $this->selectOnlyNeededColumns($value);
$value = $this->removeExcessColumns($value);
$value = $this->addIndexColumn($value);
$this->output[] = $object ? $value : $this->flatten($value);
}

return $this->escapeColumns($this->output);
return $this->output;
}

/**
Expand All @@ -125,13 +126,28 @@ public function process($object = false)
protected function addColumns($data, $row)
{
foreach ($this->appendColumns as $key => $value) {
$value['content'] = Helper::compileContent($value['content'], $data, $row);
$value['content'] = Helper::compileContent($value['content'], $data, $row, $this->shouldEscapeColumn($key));
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the escape flag here is not needed since escaping will be done on escapeRow process.

$data = Helper::includeInArray($value, $data);
}

return $data;
}

/**
* Process add index column.
*
* @param mixed $data
* @return array
*/
protected function addIndexColumn($data)
{
if ($this->includeIndex) {
$data[$this->indexColumn] = ++$this->start;
}

return $data;
}

/**
* Process edit columns.
*
Expand All @@ -142,7 +158,7 @@ protected function addColumns($data, $row)
protected function editColumns($data, $row)
{
foreach ($this->editColumns as $key => $value) {
$value['content'] = Helper::compileContent($value['content'], $data, $row);
$value['content'] = Helper::compileContent($value['content'], $data, $row, $this->shouldEscapeColumn($key));
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed like on addColumns.

Arr::set($data, $value['name'], $value['content']);
}

Expand Down Expand Up @@ -207,6 +223,7 @@ protected function removeExcessColumns(array $data)
public function flatten(array $array)
{
$return = [];

foreach ($array as $key => $value) {
if (in_array($key, $this->exceptions)) {
$return[$key] = $value;
Expand All @@ -218,28 +235,6 @@ public function flatten(array $array)
return $return;
}

/**
* Escape column values as declared.
*
* @param array $output
* @return array
*/
protected function escapeColumns(array $output)
{
return array_map(function ($row) {
if ($this->escapeColumns == '*') {
$row = $this->escapeRow($row);
} elseif (is_array($this->escapeColumns)) {
$columns = array_diff($this->escapeColumns, $this->rawColumns);
foreach ($columns as $key) {
array_set($row, $key, e(array_get($row, $key)));
}
}

return $row;
}, $output);
}

/**
* Escape all values of row.
*
Expand All @@ -249,8 +244,9 @@ protected function escapeColumns(array $output)
protected function escapeRow(array $row)
{
$arrayDot = array_filter(array_dot($row));

foreach ($arrayDot as $key => $value) {
if (! in_array($key, $this->rawColumns)) {
if ($this->shouldEscapeColumn($key)) {
$arrayDot[$key] = e($value);
}
}
Expand All @@ -261,4 +257,21 @@ protected function escapeRow(array $row)

return $row;
}

/**
* Whether to escape column or no.
*
* @param string $key
* @return bool
*/
protected function shouldEscapeColumn($key)
{
if ($this->escapeColumns === '*') {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can add the logic here to figure out if added/edited columns are to be escaped.

        foreach ($this->appendColumns as $column) {
            if ($column['name'] == $key && is_string($column['content'])) {
                return false;
            }
        }

        foreach ($this->editColumns as $column) {
            if ($column['name'] == $key && is_string($column['content'])) {
                return false;
            }
        }

return ! in_array($key, $this->rawColumns); // escape if is not a raw column
} elseif (is_array($this->escapeColumns)) {
return in_array($key, array_diff($this->escapeColumns, $this->rawColumns));
} else {
return false;
}
}
}
9 changes: 5 additions & 4 deletions src/Utilities/Helper.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,17 +54,18 @@ protected static function isItemOrderInvalid($item, $array)
* @param mixed $content Pre-processed content
* @param array $data data to use with blade template
* @param mixed $param parameter to call with callable
* @param bool $escape whether to escape the output of the callable
* @return mixed
*/
public static function compileContent($content, array $data, $param)
public static function compileContent($content, array $data, $param, $escape = true)
{
if (is_string($content)) {
return static::compileBlade($content, static::getMixedValue($data, $param));
} elseif (is_callable($content)) {
return $content($param);
return $escape ? e($content($param)) : $content($param);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be reverted back to original since all data here is callable.

} else {
return $content;
}

return $content;
}

/**
Expand Down
1 change: 1 addition & 0 deletions src/config/datatables.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<?php

return [

/*
* DataTables search options.
*/
Expand Down