-
-
Notifications
You must be signed in to change notification settings - Fork 858
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[8.0] Only escape callable output of add and edit column. #1852
Changes from all commits
55a8cfb
d4bf989
feb034a
b1e98d5
194255a
9a2bca4
416d64b
75349dc
c13af4b
93ed4e3
afc4b4e
530f264
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -56,6 +56,11 @@ class DataProcessor | |
*/ | ||
protected $includeIndex; | ||
|
||
/** | ||
* @var string | ||
*/ | ||
protected $indexColumn; | ||
|
||
/** | ||
* @var array | ||
*/ | ||
|
@@ -98,21 +103,17 @@ public function process($object = false) | |
$indexColumn = config('datatables.index_column', 'DT_RowIndex'); | ||
|
||
foreach ($this->results as $row) { | ||
$data = Helper::convertToArray($row); | ||
$value = $this->addColumns($data, $row); | ||
$value = $this->editColumns($value, $row); | ||
$value = $this->setupRowVariables($value, $row); | ||
$value = $this->selectOnlyNeededColumns($value); | ||
$value = $this->removeExcessColumns($value); | ||
|
||
if ($this->includeIndex) { | ||
$value[$indexColumn] = ++$this->start; | ||
} | ||
|
||
$data = $this->escapeRow(Helper::convertToArray($row)); | ||
$value = $this->addColumns($data, $row); | ||
$value = $this->editColumns($value, $row); | ||
$value = $this->setupRowVariables($value, $row); | ||
$value = $this->selectOnlyNeededColumns($value); | ||
$value = $this->removeExcessColumns($value); | ||
$value = $this->addIndexColumn($value); | ||
$this->output[] = $object ? $value : $this->flatten($value); | ||
} | ||
|
||
return $this->escapeColumns($this->output); | ||
return $this->output; | ||
} | ||
|
||
/** | ||
|
@@ -125,13 +126,28 @@ public function process($object = false) | |
protected function addColumns($data, $row) | ||
{ | ||
foreach ($this->appendColumns as $key => $value) { | ||
$value['content'] = Helper::compileContent($value['content'], $data, $row); | ||
$value['content'] = Helper::compileContent($value['content'], $data, $row, $this->shouldEscapeColumn($key)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think the escape flag here is not needed since escaping will be done on |
||
$data = Helper::includeInArray($value, $data); | ||
} | ||
|
||
return $data; | ||
} | ||
|
||
/** | ||
* Process add index column. | ||
* | ||
* @param mixed $data | ||
* @return array | ||
*/ | ||
protected function addIndexColumn($data) | ||
{ | ||
if ($this->includeIndex) { | ||
$data[$this->indexColumn] = ++$this->start; | ||
} | ||
|
||
return $data; | ||
} | ||
|
||
/** | ||
* Process edit columns. | ||
* | ||
|
@@ -142,7 +158,7 @@ protected function addColumns($data, $row) | |
protected function editColumns($data, $row) | ||
{ | ||
foreach ($this->editColumns as $key => $value) { | ||
$value['content'] = Helper::compileContent($value['content'], $data, $row); | ||
$value['content'] = Helper::compileContent($value['content'], $data, $row, $this->shouldEscapeColumn($key)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not needed like on |
||
Arr::set($data, $value['name'], $value['content']); | ||
} | ||
|
||
|
@@ -207,6 +223,7 @@ protected function removeExcessColumns(array $data) | |
public function flatten(array $array) | ||
{ | ||
$return = []; | ||
|
||
foreach ($array as $key => $value) { | ||
if (in_array($key, $this->exceptions)) { | ||
$return[$key] = $value; | ||
|
@@ -218,28 +235,6 @@ public function flatten(array $array) | |
return $return; | ||
} | ||
|
||
/** | ||
* Escape column values as declared. | ||
* | ||
* @param array $output | ||
* @return array | ||
*/ | ||
protected function escapeColumns(array $output) | ||
{ | ||
return array_map(function ($row) { | ||
if ($this->escapeColumns == '*') { | ||
$row = $this->escapeRow($row); | ||
} elseif (is_array($this->escapeColumns)) { | ||
$columns = array_diff($this->escapeColumns, $this->rawColumns); | ||
foreach ($columns as $key) { | ||
array_set($row, $key, e(array_get($row, $key))); | ||
} | ||
} | ||
|
||
return $row; | ||
}, $output); | ||
} | ||
|
||
/** | ||
* Escape all values of row. | ||
* | ||
|
@@ -249,8 +244,9 @@ protected function escapeColumns(array $output) | |
protected function escapeRow(array $row) | ||
{ | ||
$arrayDot = array_filter(array_dot($row)); | ||
|
||
foreach ($arrayDot as $key => $value) { | ||
if (! in_array($key, $this->rawColumns)) { | ||
if ($this->shouldEscapeColumn($key)) { | ||
$arrayDot[$key] = e($value); | ||
} | ||
} | ||
|
@@ -261,4 +257,21 @@ protected function escapeRow(array $row) | |
|
||
return $row; | ||
} | ||
|
||
/** | ||
* Whether to escape column or no. | ||
* | ||
* @param string $key | ||
* @return bool | ||
*/ | ||
protected function shouldEscapeColumn($key) | ||
{ | ||
if ($this->escapeColumns === '*') { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We can add the logic here to figure out if added/edited columns are to be escaped. foreach ($this->appendColumns as $column) {
if ($column['name'] == $key && is_string($column['content'])) {
return false;
}
}
foreach ($this->editColumns as $column) {
if ($column['name'] == $key && is_string($column['content'])) {
return false;
}
} |
||
return ! in_array($key, $this->rawColumns); // escape if is not a raw column | ||
} elseif (is_array($this->escapeColumns)) { | ||
return in_array($key, array_diff($this->escapeColumns, $this->rawColumns)); | ||
} else { | ||
return false; | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -54,17 +54,18 @@ protected static function isItemOrderInvalid($item, $array) | |
* @param mixed $content Pre-processed content | ||
* @param array $data data to use with blade template | ||
* @param mixed $param parameter to call with callable | ||
* @param bool $escape whether to escape the output of the callable | ||
* @return mixed | ||
*/ | ||
public static function compileContent($content, array $data, $param) | ||
public static function compileContent($content, array $data, $param, $escape = true) | ||
{ | ||
if (is_string($content)) { | ||
return static::compileBlade($content, static::getMixedValue($data, $param)); | ||
} elseif (is_callable($content)) { | ||
return $content($param); | ||
return $escape ? e($content($param)) : $content($param); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should be reverted back to original since all data here is callable. |
||
} else { | ||
return $content; | ||
} | ||
|
||
return $content; | ||
} | ||
|
||
/** | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,7 @@ | ||
<?php | ||
|
||
return [ | ||
|
||
/* | ||
* DataTables search options. | ||
*/ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be the last process in order to capture added / edited data.