diff options
| author | Thomas Steur <thomas.steur@gmail.com> | 2013-11-12 04:06:09 +0400 |
|---|---|---|
| committer | Thomas Steur <thomas.steur@gmail.com> | 2013-11-12 04:06:09 +0400 |
| commit | 6abcb0db75324ff39f6557a1bcfcf90bc1a03d69 (patch) | |
| tree | f50d9bad9150e92c6847835caf724f0cc51a6567 /core | |
| parent | 84bc3eb3bba66823fe679db023b8b03cba9f0d10 (diff) | |
refs #4256 by default escape notification message
Diffstat (limited to 'core')
| -rw-r--r-- | core/Notification.php | 9 | ||||
| -rw-r--r-- | core/Plugin/ControllerAdmin.php | 2 | ||||
| -rw-r--r-- | core/Twig.php | 8 |
3 files changed, 15 insertions, 4 deletions
diff --git a/core/Notification.php b/core/Notification.php index 6fb733b527..a3e9ac51e1 100644 --- a/core/Notification.php +++ b/core/Notification.php @@ -108,17 +108,22 @@ class Notification */ public $priority; + public $raw = false; + /** - * @param string $message The notification message. Make sure to escape the message if needed. + * @param string $message The notification message. + * @param boolean $raw Set to true in case you want the raw message output. Make sure to escape the text in + * this case by yourself. * @throws \Exception In case the message is empty. */ - public function __construct($message) + public function __construct($message, $raw = false) { if (empty($message)) { throw new \Exception('No notification message given'); } $this->message = $message; + $this->raw = $raw; } public function hasNoClear() diff --git a/core/Plugin/ControllerAdmin.php b/core/Plugin/ControllerAdmin.php index 31f42c3eba..d7d47201cc 100644 --- a/core/Plugin/ControllerAdmin.php +++ b/core/Plugin/ControllerAdmin.php @@ -108,7 +108,7 @@ abstract class ControllerAdmin extends Controller )); if (Piwik::isUserIsSuperUser()) { - $notification = new Notification($invalidPluginsWarning); + $notification = new Notification($invalidPluginsWarning, true); $notification->context = Notification::CONTEXT_WARNING; $notification->title = Piwik::translate('General_Warning') . ':'; Notification\Manager::notify('ControllerAdmin_InvalidPluginsWarning', $notification); diff --git a/core/Twig.php b/core/Twig.php index 389a579a63..01282ef35d 100644 --- a/core/Twig.php +++ b/core/Twig.php @@ -172,7 +172,13 @@ class Twig } $template .= '>'; - $template .= $message; + + if (!empty($options['raw'])) { + $template .= $message; + } else { + $template .= twig_escape_filter($twigEnv, $message, 'html'); + } + $template .= '</div>'; return $template; |