@@ -10,133 +10,133 @@ |
||
10 | 10 | |
11 | 11 | class IFramePageTest extends SapphireTest |
12 | 12 | { |
13 | - protected $usesDatabase = true; |
|
14 | - |
|
15 | - public function testGetClass() |
|
16 | - { |
|
17 | - $iframe = new IFramePage(); |
|
18 | - $iframe->AutoHeight = 1; |
|
19 | - $iframe->getClass(); |
|
20 | - |
|
21 | - $this->assertContains('iframepage-height-auto', $iframe->getClass()); |
|
22 | - |
|
23 | - $iframe->AutoHeight = 0; |
|
24 | - $iframe->getClass(); |
|
25 | - |
|
26 | - $this->assertNotContains('iframepage-height-auto', $iframe->getClass()); |
|
27 | - } |
|
28 | - |
|
29 | - public function testGetStyle() |
|
30 | - { |
|
31 | - $iframe = new IFramePage(); |
|
32 | - |
|
33 | - $iframe->FixedHeight = 0; |
|
34 | - $iframe->getStyle(); |
|
35 | - $this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.'); |
|
36 | - |
|
37 | - $iframe->FixedHeight = 100; |
|
38 | - $iframe->getStyle(); |
|
39 | - $this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable'); |
|
40 | - |
|
41 | - $iframe->AutoWidth = 1; |
|
42 | - $iframe->FixedWidth = '200'; |
|
43 | - $this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width'); |
|
44 | - |
|
45 | - $iframe->AutoWidth = 0; |
|
46 | - $iframe->FixedWidth = '200'; |
|
47 | - $this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable'); |
|
48 | - } |
|
49 | - |
|
50 | - public function testAllowedUrls() |
|
51 | - { |
|
52 | - $iframe = new IFramePage(); |
|
53 | - |
|
54 | - $tests = array( |
|
55 | - 'allowed' => array( |
|
56 | - 'http://anything', |
|
57 | - 'https://anything', |
|
58 | - 'page', |
|
59 | - 'sub-page/link', |
|
60 | - 'page/link', |
|
61 | - 'page.html', |
|
62 | - 'page.htm', |
|
63 | - 'page.phpissoawesomewhywouldiuseanythingelse', |
|
64 | - '//url.com/page', |
|
65 | - '/root/page/link', |
|
66 | - 'http://intranet:8888', |
|
67 | - 'http://javascript:8080', |
|
68 | - 'http://username:password@hostname/path?arg=value#anchor' |
|
69 | - ), |
|
70 | - 'banned' => array( |
|
71 | - 'javascript:alert', |
|
72 | - 'tel:0210001234', |
|
73 | - 'ftp://url', |
|
74 | - 'ssh://1.2.3.4', |
|
75 | - 'ssh://url.com/page' |
|
76 | - ) |
|
77 | - ); |
|
78 | - |
|
79 | - foreach ($tests['allowed'] as $url) { |
|
80 | - $iframe->IFrameURL = $url; |
|
81 | - $iframe->write(); |
|
82 | - $this->assertContains($iframe->IFrameURL, $url); |
|
83 | - } |
|
84 | - |
|
85 | - foreach ($tests['banned'] as $url) { |
|
86 | - $iframe->IFrameURL = $url; |
|
87 | - $this->setExpectedException(ValidationException::class); |
|
88 | - $iframe->write(); |
|
89 | - } |
|
90 | - } |
|
91 | - |
|
92 | - public function testForceProtocol() |
|
93 | - { |
|
94 | - $origServer = $_SERVER; |
|
95 | - |
|
96 | - $page = new IFramePage(); |
|
97 | - $page->URLSegment = 'iframe'; |
|
98 | - $page->IFrameURL = 'http://target.com'; |
|
99 | - |
|
100 | - Config::modify()->set(Director::class, 'alternate_protocol', 'http'); |
|
101 | - Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com'); |
|
102 | - $page->ForceProtocol = ''; |
|
103 | - $controller = new IFramePageController($page); |
|
104 | - $controller->doInit(); |
|
105 | - $response = $controller->getResponse(); |
|
106 | - $this->assertNull($response->getHeader('Location')); |
|
107 | - |
|
108 | - Config::modify()->set(Director::class, 'alternate_protocol', 'https'); |
|
109 | - Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com'); |
|
110 | - $page->ForceProtocol = ''; |
|
111 | - $controller = new IFramePageController($page); |
|
112 | - $controller->doInit(); |
|
113 | - $response = $controller->getResponse(); |
|
114 | - $this->assertNull($response->getHeader('Location')); |
|
115 | - |
|
116 | - Config::modify()->set(Director::class, 'alternate_protocol', 'http'); |
|
117 | - Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com'); |
|
118 | - $page->ForceProtocol = 'http://'; |
|
119 | - $controller = new IFramePageController($page); |
|
120 | - $controller->doInit(); |
|
121 | - $response = $controller->getResponse(); |
|
122 | - $this->assertNull($response->getHeader('Location')); |
|
123 | - |
|
124 | - Config::modify()->set(Director::class, 'alternate_protocol', 'http'); |
|
125 | - Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com'); |
|
126 | - $page->ForceProtocol = 'https://'; |
|
127 | - $controller = new IFramePageController($page); |
|
128 | - $controller->doInit(); |
|
129 | - $response = $controller->getResponse(); |
|
130 | - $this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/'); |
|
131 | - |
|
132 | - Config::modify()->set(Director::class, 'alternate_protocol', 'https'); |
|
133 | - Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com'); |
|
134 | - $page->ForceProtocol = 'http://'; |
|
135 | - $controller = new IFramePageController($page); |
|
136 | - $controller->doInit(); |
|
137 | - $response = $controller->getResponse(); |
|
138 | - $this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/'); |
|
139 | - |
|
140 | - $_SERVER = $origServer; |
|
141 | - } |
|
13 | + protected $usesDatabase = true; |
|
14 | + |
|
15 | + public function testGetClass() |
|
16 | + { |
|
17 | + $iframe = new IFramePage(); |
|
18 | + $iframe->AutoHeight = 1; |
|
19 | + $iframe->getClass(); |
|
20 | + |
|
21 | + $this->assertContains('iframepage-height-auto', $iframe->getClass()); |
|
22 | + |
|
23 | + $iframe->AutoHeight = 0; |
|
24 | + $iframe->getClass(); |
|
25 | + |
|
26 | + $this->assertNotContains('iframepage-height-auto', $iframe->getClass()); |
|
27 | + } |
|
28 | + |
|
29 | + public function testGetStyle() |
|
30 | + { |
|
31 | + $iframe = new IFramePage(); |
|
32 | + |
|
33 | + $iframe->FixedHeight = 0; |
|
34 | + $iframe->getStyle(); |
|
35 | + $this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.'); |
|
36 | + |
|
37 | + $iframe->FixedHeight = 100; |
|
38 | + $iframe->getStyle(); |
|
39 | + $this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable'); |
|
40 | + |
|
41 | + $iframe->AutoWidth = 1; |
|
42 | + $iframe->FixedWidth = '200'; |
|
43 | + $this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width'); |
|
44 | + |
|
45 | + $iframe->AutoWidth = 0; |
|
46 | + $iframe->FixedWidth = '200'; |
|
47 | + $this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable'); |
|
48 | + } |
|
49 | + |
|
50 | + public function testAllowedUrls() |
|
51 | + { |
|
52 | + $iframe = new IFramePage(); |
|
53 | + |
|
54 | + $tests = array( |
|
55 | + 'allowed' => array( |
|
56 | + 'http://anything', |
|
57 | + 'https://anything', |
|
58 | + 'page', |
|
59 | + 'sub-page/link', |
|
60 | + 'page/link', |
|
61 | + 'page.html', |
|
62 | + 'page.htm', |
|
63 | + 'page.phpissoawesomewhywouldiuseanythingelse', |
|
64 | + '//url.com/page', |
|
65 | + '/root/page/link', |
|
66 | + 'http://intranet:8888', |
|
67 | + 'http://javascript:8080', |
|
68 | + 'http://username:password@hostname/path?arg=value#anchor' |
|
69 | + ), |
|
70 | + 'banned' => array( |
|
71 | + 'javascript:alert', |
|
72 | + 'tel:0210001234', |
|
73 | + 'ftp://url', |
|
74 | + 'ssh://1.2.3.4', |
|
75 | + 'ssh://url.com/page' |
|
76 | + ) |
|
77 | + ); |
|
78 | + |
|
79 | + foreach ($tests['allowed'] as $url) { |
|
80 | + $iframe->IFrameURL = $url; |
|
81 | + $iframe->write(); |
|
82 | + $this->assertContains($iframe->IFrameURL, $url); |
|
83 | + } |
|
84 | + |
|
85 | + foreach ($tests['banned'] as $url) { |
|
86 | + $iframe->IFrameURL = $url; |
|
87 | + $this->setExpectedException(ValidationException::class); |
|
88 | + $iframe->write(); |
|
89 | + } |
|
90 | + } |
|
91 | + |
|
92 | + public function testForceProtocol() |
|
93 | + { |
|
94 | + $origServer = $_SERVER; |
|
95 | + |
|
96 | + $page = new IFramePage(); |
|
97 | + $page->URLSegment = 'iframe'; |
|
98 | + $page->IFrameURL = 'http://target.com'; |
|
99 | + |
|
100 | + Config::modify()->set(Director::class, 'alternate_protocol', 'http'); |
|
101 | + Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com'); |
|
102 | + $page->ForceProtocol = ''; |
|
103 | + $controller = new IFramePageController($page); |
|
104 | + $controller->doInit(); |
|
105 | + $response = $controller->getResponse(); |
|
106 | + $this->assertNull($response->getHeader('Location')); |
|
107 | + |
|
108 | + Config::modify()->set(Director::class, 'alternate_protocol', 'https'); |
|
109 | + Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com'); |
|
110 | + $page->ForceProtocol = ''; |
|
111 | + $controller = new IFramePageController($page); |
|
112 | + $controller->doInit(); |
|
113 | + $response = $controller->getResponse(); |
|
114 | + $this->assertNull($response->getHeader('Location')); |
|
115 | + |
|
116 | + Config::modify()->set(Director::class, 'alternate_protocol', 'http'); |
|
117 | + Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com'); |
|
118 | + $page->ForceProtocol = 'http://'; |
|
119 | + $controller = new IFramePageController($page); |
|
120 | + $controller->doInit(); |
|
121 | + $response = $controller->getResponse(); |
|
122 | + $this->assertNull($response->getHeader('Location')); |
|
123 | + |
|
124 | + Config::modify()->set(Director::class, 'alternate_protocol', 'http'); |
|
125 | + Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com'); |
|
126 | + $page->ForceProtocol = 'https://'; |
|
127 | + $controller = new IFramePageController($page); |
|
128 | + $controller->doInit(); |
|
129 | + $response = $controller->getResponse(); |
|
130 | + $this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/'); |
|
131 | + |
|
132 | + Config::modify()->set(Director::class, 'alternate_protocol', 'https'); |
|
133 | + Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com'); |
|
134 | + $page->ForceProtocol = 'http://'; |
|
135 | + $controller = new IFramePageController($page); |
|
136 | + $controller->doInit(); |
|
137 | + $response = $controller->getResponse(); |
|
138 | + $this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/'); |
|
139 | + |
|
140 | + $_SERVER = $origServer; |
|
141 | + } |
|
142 | 142 | } |
@@ -8,22 +8,22 @@ |
||
8 | 8 | |
9 | 9 | class IFramePageController extends PageController |
10 | 10 | { |
11 | - protected function init() |
|
12 | - { |
|
13 | - parent::init(); |
|
14 | - $currentProtocol = Director::protocol(); |
|
15 | - $desiredProtocol = $this->ForceProtocol; |
|
16 | - if ($desiredProtocol && $currentProtocol !== $desiredProtocol) { |
|
17 | - $enforcedLocation = preg_replace( |
|
18 | - "#^${currentProtocol}#", |
|
19 | - $desiredProtocol, |
|
20 | - $this->AbsoluteLink() |
|
21 | - ); |
|
22 | - return $this->redirect($enforcedLocation); |
|
23 | - } |
|
11 | + protected function init() |
|
12 | + { |
|
13 | + parent::init(); |
|
14 | + $currentProtocol = Director::protocol(); |
|
15 | + $desiredProtocol = $this->ForceProtocol; |
|
16 | + if ($desiredProtocol && $currentProtocol !== $desiredProtocol) { |
|
17 | + $enforcedLocation = preg_replace( |
|
18 | + "#^${currentProtocol}#", |
|
19 | + $desiredProtocol, |
|
20 | + $this->AbsoluteLink() |
|
21 | + ); |
|
22 | + return $this->redirect($enforcedLocation); |
|
23 | + } |
|
24 | 24 | |
25 | - if ($this->IFrameURL) { |
|
26 | - Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js'); |
|
27 | - } |
|
28 | - } |
|
25 | + if ($this->IFrameURL) { |
|
26 | + Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js'); |
|
27 | + } |
|
28 | + } |
|
29 | 29 | } |
@@ -18,135 +18,135 @@ |
||
18 | 18 | |
19 | 19 | class IFramePage extends Page |
20 | 20 | { |
21 | - private static $db = array( |
|
22 | - 'IFrameURL' => 'Text', |
|
23 | - 'IFrameTitle' => 'Varchar', |
|
24 | - 'AutoHeight' => 'Boolean(1)', |
|
25 | - 'AutoWidth' => 'Boolean(1)', |
|
26 | - 'FixedHeight' => 'Int(500)', |
|
27 | - 'FixedWidth' => 'Int(0)', |
|
28 | - 'AlternateContent' => 'HTMLText', |
|
29 | - 'BottomContent' => 'HTMLText', |
|
30 | - 'ForceProtocol' => 'Varchar', |
|
31 | - ); |
|
32 | - |
|
33 | - private static $defaults = array( |
|
34 | - 'AutoHeight' => '1', |
|
35 | - 'AutoWidth' => '1', |
|
36 | - 'FixedHeight' => '500', |
|
37 | - 'FixedWidth' => '0' |
|
38 | - ); |
|
39 | - |
|
40 | - private static $table_name = 'IFramePage'; |
|
41 | - |
|
42 | - private static $description = 'Embeds an iframe into the body of the page.'; |
|
43 | - |
|
44 | - private static $singular_name = 'IFrame Page'; |
|
45 | - |
|
46 | - public function getCMSFields() |
|
47 | - { |
|
48 | - $fields = parent::getCMSFields(); |
|
49 | - |
|
50 | - $fields->removeFieldFromTab('Root.Main', 'Content'); |
|
51 | - $fields->addFieldsToTab('Root.Main', [ |
|
52 | - $url = TextField::create('IFrameURL', 'Iframe URL'), |
|
53 | - TextField::create('IFrameTitle', 'Description of contents (title)') |
|
54 | - ->setDescription(_t(__CLASS__ . '.TITLE_DESCRIPTION', 'Used by screen readers')), |
|
55 | - ]); |
|
56 | - $url->setRightTitle( |
|
57 | - DBField::create_field( |
|
58 | - 'HTMLText', |
|
59 | - 'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).' |
|
60 | - ) |
|
61 | - ); |
|
62 | - $fields->addFieldToTab( |
|
63 | - 'Root.Main', |
|
64 | - DropdownField::create('ForceProtocol', 'Force protocol?') |
|
65 | - ->setSource(array('http://' => 'http://', 'https://' => 'https://')) |
|
66 | - ->setEmptyString('') |
|
67 | - ->setDescription( |
|
68 | - 'Avoids mixed content warnings when iframe content is just available under a specific protocol' |
|
69 | - ), |
|
70 | - 'Metadata' |
|
71 | - ); |
|
72 | - $fields->addFieldsToTab('Root.Main', [ |
|
73 | - CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'), |
|
74 | - CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'), |
|
75 | - NumericField::create('FixedHeight', 'Fixed height (in pixels)'), |
|
76 | - NumericField::create('FixedWidth', 'Fixed width (in pixels)'), |
|
77 | - HtmlEditorField::create('Content', 'Content (appears above iframe)'), |
|
78 | - HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'), |
|
79 | - HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)') |
|
80 | - ]); |
|
81 | - |
|
82 | - // Move the Metadata field to last position, but make a check for it's |
|
83 | - // existence first. |
|
84 | - // |
|
85 | - // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18 |
|
86 | - $mainTab = $fields->findOrMakeTab('Root.Main'); |
|
87 | - $mainTabFields = $mainTab->FieldList(); |
|
88 | - $metaDataField = $mainTabFields->fieldByName('Metadata'); |
|
89 | - if ($metaDataField) { |
|
90 | - $mainTabFields->removeByName('Metadata'); |
|
91 | - $mainTabFields->push($metaDataField); |
|
92 | - } |
|
93 | - return $fields; |
|
94 | - } |
|
95 | - |
|
96 | - /** |
|
97 | - * Compute class from the size parameters. |
|
98 | - */ |
|
99 | - public function getClass() |
|
100 | - { |
|
101 | - $class = ''; |
|
102 | - if ($this->AutoHeight) { |
|
103 | - $class .= 'iframepage-height-auto'; |
|
104 | - } |
|
105 | - |
|
106 | - return $class; |
|
107 | - } |
|
108 | - |
|
109 | - /** |
|
110 | - * Compute style from the size parameters. |
|
111 | - */ |
|
112 | - public function getStyle() |
|
113 | - { |
|
114 | - $style = ''; |
|
115 | - |
|
116 | - // Always add fixed height as a fallback if autosetting or JS fails. |
|
117 | - $height = $this->FixedHeight; |
|
118 | - if (!$height) { |
|
119 | - $height = 800; |
|
120 | - } |
|
121 | - $style .= "height: {$height}px; "; |
|
122 | - |
|
123 | - if ($this->AutoWidth) { |
|
124 | - $style .= "width: 100%; "; |
|
125 | - } elseif ($this->FixedWidth) { |
|
126 | - $style .= "width: {$this->FixedWidth}px; "; |
|
127 | - } |
|
128 | - |
|
129 | - return $style; |
|
130 | - } |
|
131 | - |
|
132 | - /** |
|
133 | - * Ensure that the IFrameURL is a valid url and prevents XSS |
|
134 | - * |
|
135 | - * @throws ValidationException |
|
136 | - * @return ValidationResult |
|
137 | - */ |
|
138 | - public function validate() |
|
139 | - { |
|
140 | - $result = parent::validate(); |
|
141 | - |
|
142 | - //whitelist allowed URL schemes |
|
143 | - $allowed_schemes = array('http', 'https'); |
|
144 | - if ($matches = parse_url($this->IFrameURL)) { |
|
145 | - if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) { |
|
146 | - $result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed.")); |
|
147 | - } |
|
148 | - } |
|
149 | - |
|
150 | - return $result; |
|
151 | - } |
|
21 | + private static $db = array( |
|
22 | + 'IFrameURL' => 'Text', |
|
23 | + 'IFrameTitle' => 'Varchar', |
|
24 | + 'AutoHeight' => 'Boolean(1)', |
|
25 | + 'AutoWidth' => 'Boolean(1)', |
|
26 | + 'FixedHeight' => 'Int(500)', |
|
27 | + 'FixedWidth' => 'Int(0)', |
|
28 | + 'AlternateContent' => 'HTMLText', |
|
29 | + 'BottomContent' => 'HTMLText', |
|
30 | + 'ForceProtocol' => 'Varchar', |
|
31 | + ); |
|
32 | + |
|
33 | + private static $defaults = array( |
|
34 | + 'AutoHeight' => '1', |
|
35 | + 'AutoWidth' => '1', |
|
36 | + 'FixedHeight' => '500', |
|
37 | + 'FixedWidth' => '0' |
|
38 | + ); |
|
39 | + |
|
40 | + private static $table_name = 'IFramePage'; |
|
41 | + |
|
42 | + private static $description = 'Embeds an iframe into the body of the page.'; |
|
43 | + |
|
44 | + private static $singular_name = 'IFrame Page'; |
|
45 | + |
|
46 | + public function getCMSFields() |
|
47 | + { |
|
48 | + $fields = parent::getCMSFields(); |
|
49 | + |
|
50 | + $fields->removeFieldFromTab('Root.Main', 'Content'); |
|
51 | + $fields->addFieldsToTab('Root.Main', [ |
|
52 | + $url = TextField::create('IFrameURL', 'Iframe URL'), |
|
53 | + TextField::create('IFrameTitle', 'Description of contents (title)') |
|
54 | + ->setDescription(_t(__CLASS__ . '.TITLE_DESCRIPTION', 'Used by screen readers')), |
|
55 | + ]); |
|
56 | + $url->setRightTitle( |
|
57 | + DBField::create_field( |
|
58 | + 'HTMLText', |
|
59 | + 'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).' |
|
60 | + ) |
|
61 | + ); |
|
62 | + $fields->addFieldToTab( |
|
63 | + 'Root.Main', |
|
64 | + DropdownField::create('ForceProtocol', 'Force protocol?') |
|
65 | + ->setSource(array('http://' => 'http://', 'https://' => 'https://')) |
|
66 | + ->setEmptyString('') |
|
67 | + ->setDescription( |
|
68 | + 'Avoids mixed content warnings when iframe content is just available under a specific protocol' |
|
69 | + ), |
|
70 | + 'Metadata' |
|
71 | + ); |
|
72 | + $fields->addFieldsToTab('Root.Main', [ |
|
73 | + CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'), |
|
74 | + CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'), |
|
75 | + NumericField::create('FixedHeight', 'Fixed height (in pixels)'), |
|
76 | + NumericField::create('FixedWidth', 'Fixed width (in pixels)'), |
|
77 | + HtmlEditorField::create('Content', 'Content (appears above iframe)'), |
|
78 | + HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'), |
|
79 | + HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)') |
|
80 | + ]); |
|
81 | + |
|
82 | + // Move the Metadata field to last position, but make a check for it's |
|
83 | + // existence first. |
|
84 | + // |
|
85 | + // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18 |
|
86 | + $mainTab = $fields->findOrMakeTab('Root.Main'); |
|
87 | + $mainTabFields = $mainTab->FieldList(); |
|
88 | + $metaDataField = $mainTabFields->fieldByName('Metadata'); |
|
89 | + if ($metaDataField) { |
|
90 | + $mainTabFields->removeByName('Metadata'); |
|
91 | + $mainTabFields->push($metaDataField); |
|
92 | + } |
|
93 | + return $fields; |
|
94 | + } |
|
95 | + |
|
96 | + /** |
|
97 | + * Compute class from the size parameters. |
|
98 | + */ |
|
99 | + public function getClass() |
|
100 | + { |
|
101 | + $class = ''; |
|
102 | + if ($this->AutoHeight) { |
|
103 | + $class .= 'iframepage-height-auto'; |
|
104 | + } |
|
105 | + |
|
106 | + return $class; |
|
107 | + } |
|
108 | + |
|
109 | + /** |
|
110 | + * Compute style from the size parameters. |
|
111 | + */ |
|
112 | + public function getStyle() |
|
113 | + { |
|
114 | + $style = ''; |
|
115 | + |
|
116 | + // Always add fixed height as a fallback if autosetting or JS fails. |
|
117 | + $height = $this->FixedHeight; |
|
118 | + if (!$height) { |
|
119 | + $height = 800; |
|
120 | + } |
|
121 | + $style .= "height: {$height}px; "; |
|
122 | + |
|
123 | + if ($this->AutoWidth) { |
|
124 | + $style .= "width: 100%; "; |
|
125 | + } elseif ($this->FixedWidth) { |
|
126 | + $style .= "width: {$this->FixedWidth}px; "; |
|
127 | + } |
|
128 | + |
|
129 | + return $style; |
|
130 | + } |
|
131 | + |
|
132 | + /** |
|
133 | + * Ensure that the IFrameURL is a valid url and prevents XSS |
|
134 | + * |
|
135 | + * @throws ValidationException |
|
136 | + * @return ValidationResult |
|
137 | + */ |
|
138 | + public function validate() |
|
139 | + { |
|
140 | + $result = parent::validate(); |
|
141 | + |
|
142 | + //whitelist allowed URL schemes |
|
143 | + $allowed_schemes = array('http', 'https'); |
|
144 | + if ($matches = parse_url($this->IFrameURL)) { |
|
145 | + if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) { |
|
146 | + $result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed.")); |
|
147 | + } |
|
148 | + } |
|
149 | + |
|
150 | + return $result; |
|
151 | + } |
|
152 | 152 | } |
@@ -51,7 +51,7 @@ discard block |
||
51 | 51 | $fields->addFieldsToTab('Root.Main', [ |
52 | 52 | $url = TextField::create('IFrameURL', 'Iframe URL'), |
53 | 53 | TextField::create('IFrameTitle', 'Description of contents (title)') |
54 | - ->setDescription(_t(__CLASS__ . '.TITLE_DESCRIPTION', 'Used by screen readers')), |
|
54 | + ->setDescription(_t(__CLASS__.'.TITLE_DESCRIPTION', 'Used by screen readers')), |
|
55 | 55 | ]); |
56 | 56 | $url->setRightTitle( |
57 | 57 | DBField::create_field( |
@@ -143,7 +143,7 @@ discard block |
||
143 | 143 | $allowed_schemes = array('http', 'https'); |
144 | 144 | if ($matches = parse_url($this->IFrameURL)) { |
145 | 145 | if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) { |
146 | - $result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed.")); |
|
146 | + $result->addError(_t(__CLASS__.'.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed.")); |
|
147 | 147 | } |
148 | 148 | } |
149 | 149 |