Bug #50414
closed
IRRE javascript title update for DB relational field: no htmlspecialchars used
0%
Description
If I defined an Inline Relational Record Editing (IRRE) in my TCA and the title of the inline table is a database relation field, it produces an HTML error, if I select an entry in the database relation field. This only happens, if I have an entry with HTML tags in the title. For example: Test&<h1>.
To demonstrate this, I have created the following example TCA configuration:
- ext_tables.php
$TCA['tx_extkey_parenttable'] = array (
'ctrl' => array (
'title' => 'LLL:EXT:extkey/locallang_db.xml:tx_extkey_parenttable',
'label' => 'title',
'tstamp' => 'tstamp',
'crdate' => 'crdate',
'cruser_id' => 'cruser_id',
'sortby' => 'sorting',
'delete' => 'deleted',
'enablecolumns' => array (
'disabled' => 'hidden',
),
'searchFields' => 'title',
'dynamicConfigFile' => t3lib_extMgm::extPath($_EXTKEY).'tca.php',
'iconfile' => t3lib_extMgm::extRelPath($_EXTKEY).'icon_tx_extkey_parenttable.gif',
),
);
$TCA['tx_extkey_childtable'] = array (
'ctrl' => array (
'title' => 'LLL:EXT:extkey/locallang_db.xml:tx_extkey_childtable',
'label' => 'fk_relation',
'tstamp' => 'tstamp',
'crdate' => 'crdate',
'cruser_id' => 'cruser_id',
'sortby' => 'sorting',
'delete' => 'deleted',
'enablecolumns' => array (
'disabled' => 'hidden',
),
'hideTable' => TRUE,
'searchFields' => 'title',
'dynamicConfigFile' => t3lib_extMgm::extPath($_EXTKEY).'tca.php',
'iconfile' => t3lib_extMgm::extRelPath($_EXTKEY).'icon_tx_extkey_childtable.gif',
),
);
$TCA['tx_extkey_relationtable'] = array (
'ctrl' => array (
'title' => 'LLL:EXT:extkey/locallang_db.xml:tx_extkey_relationtable',
'label' => 'title',
'tstamp' => 'tstamp',
'crdate' => 'crdate',
'cruser_id' => 'cruser_id',
'sortby' => 'sorting',
'delete' => 'deleted',
'enablecolumns' => array (
'disabled' => 'hidden',
),
'searchFields' => 'title',
'dynamicConfigFile' => t3lib_extMgm::extPath($_EXTKEY).'tca.php',
'iconfile' => t3lib_extMgm::extRelPath($_EXTKEY).'icon_tx_extkey_relationtable.gif',
),
);
- tca.php
$TCA['tx_extkey_parenttable'] = array (
'ctrl' => $TCA['tx_extkey_parenttable']['ctrl'],
'interface' => array (
'showRecordFieldList' => 'hidden,title,fk_relation'
),
'feInterface' => $TCA['tx_extkey_parenttable']['feInterface'],
'columns' => array (
'hidden' => array (
'exclude' => 1,
'label' => 'LLL:EXT:lang/locallang_general.xml:LGL.hidden',
'config' => array (
'type' => 'check',
'default' => '0'
)
),
'title' => array (
'exclude' => 1,
'label' => 'LLL:EXT:extkey/locallang_db.xml:tx_extkey_parenttable.title',
'config' => array (
'type' => 'input',
'size' => '50',
'max' => '150',
'eval' => 'required,trim',
)
),
'fk_childs' => array (
'exclude' => 1,
'label' => 'LLL:EXT:extkey/locallang_db.xml:tx_extkey_parenttable.fk_childs',
'config' => array (
'type' => 'inline',
'foreign_table' => 'tx_extkey_childtable',
'foreign_field' => 'parentid',
'foreign_table_field' => 'parenttable',
'foreign_sortby' => 'sorting',
'minitems' => 1,
'maxitems' => 99,
)
),
),
'types' => array (
'0' => array('showitem' => 'hidden;;1;;1-1-1, title, fk_childs')
),
'palettes' => array (
'1' => array('showitem' => '')
)
);
Updated by Philipp Gampe over 11 years ago
- Status changed from New to Accepted
- Priority changed from Should have to Must have
- Target version set to next-patchlevel
- Complexity changed from medium to easy
Would you mind to push a patch? http://wiki.typo3.org/Git
Updated by Mathias Schreiber almost 10 years ago
- Target version changed from next-patchlevel to 7.4 (Backend)
- Is Regression set to No
Updated by Susanne Moog over 9 years ago
- Target version changed from 7.4 (Backend) to 7.5
Updated by Benni Mack about 9 years ago
- Target version changed from 7.5 to 7 LTS
Updated by Benni Mack about 9 years ago
- Status changed from Accepted to Needs Feedback
- Target version deleted (
7 LTS)
Can you please recheck with the current master? The title tag is no HSCed IMHO
Updated by Alexander Opitz over 8 years ago
- Status changed from Needs Feedback to Closed
No feedback within the last 90 days => closing this issue.
If you think that this is the wrong decision or experience this issue again, then please write to the mailing list typo3.teams.bugs with issue number and an explanation or open a new ticket and add a relation to this ticket number.