From a08de951772603ec4333c5a3ec339af193e2f612 Mon Sep 17 00:00:00 2001 From: Qiang Xue Date: Sun, 22 Dec 2013 01:27:03 -0500 Subject: [PATCH] Fixes #1582: Error messages shown via client-side validation should not be double encoded --- framework/CHANGELOG.md | 1 + framework/yii/assets/yii.activeForm.js | 8 ++++---- framework/yii/captcha/CaptchaValidator.php | 4 ++-- framework/yii/validators/BooleanValidator.php | 4 ++-- framework/yii/validators/CompareValidator.php | 4 ++-- framework/yii/validators/EmailValidator.php | 4 ++-- framework/yii/validators/NumberValidator.php | 12 ++++++------ framework/yii/validators/RangeValidator.php | 4 ++-- framework/yii/validators/RegularExpressionValidator.php | 4 ++-- framework/yii/validators/RequiredValidator.php | 4 ++-- framework/yii/validators/StringValidator.php | 16 ++++++++-------- framework/yii/validators/UrlValidator.php | 4 ++-- 12 files changed, 35 insertions(+), 34 deletions(-) diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 0d2bd31..cf6eb5a 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -10,6 +10,7 @@ Yii Framework 2 Change Log - Bug #1509: The SQL for creating Postgres RBAC tables is incorrect (qiangxue) - Bug #1545: It was not possible to execute db Query twice, params where missing (cebe) - Bug #1550: fixed the issue that JUI input widgets did not property input IDs. +- Bug #1582: Error messages shown via client-side validation should not be double encoded (qiangxue) - Bug #1591: StringValidator is accessing undefined property (qiangxue) - Bug: Fixed `Call to a member function registerAssetFiles() on a non-object` in case of wrong `sourcePath` for an asset bundle (samdark) - Bug: Fixed incorrect event name for `yii\jui\Spinner` (samdark) diff --git a/framework/yii/assets/yii.activeForm.js b/framework/yii/assets/yii.activeForm.js index c1d5bf5..e898efc 100644 --- a/framework/yii/assets/yii.activeForm.js +++ b/framework/yii/assets/yii.activeForm.js @@ -348,7 +348,7 @@ $container.removeClass(data.settings.validatingCssClass + ' ' + data.settings.successCssClass) .addClass(data.settings.errorCssClass); } else { - $error.html(''); + $error.text(''); $container.removeClass(data.settings.validatingCssClass + ' ' + data.settings.errorCssClass + ' ') .addClass(data.settings.successCssClass); } @@ -365,15 +365,15 @@ var updateSummary = function ($form, messages) { var data = $form.data('yiiActiveForm'), $summary = $form.find(data.settings.errorSummary), - content = ''; + $ul = $summary.find('ul'); if ($summary.length && messages) { $.each(data.attributes, function () { if ($.isArray(messages[this.name]) && messages[this.name].length) { - content += '
  • ' + messages[this.name][0] + '
    • '; + $ul.append($('
  • ').text(messages[this.name][0])); } }); - $summary.toggle(content !== '').find('ul').html(content); + $summary.toggle($ul.find('li').length > 0); } }; diff --git a/framework/yii/captcha/CaptchaValidator.php b/framework/yii/captcha/CaptchaValidator.php index 83996d5..57665ec 100644 --- a/framework/yii/captcha/CaptchaValidator.php +++ b/framework/yii/captcha/CaptchaValidator.php @@ -93,9 +93,9 @@ class CaptchaValidator extends Validator 'hash' => $hash, 'hashKey' => 'yiiCaptcha/' . $this->captchaAction, 'caseSensitive' => $this->caseSensitive, - 'message' => Html::encode(strtr($this->message, [ + 'message' => strtr($this->message, [ '{attribute}' => $object->getAttributeLabel($attribute), - ])), + ]), ]; if ($this->skipOnEmpty) { $options['skipOnEmpty'] = 1; diff --git a/framework/yii/validators/BooleanValidator.php b/framework/yii/validators/BooleanValidator.php index 961ed14..8bca827 100644 --- a/framework/yii/validators/BooleanValidator.php +++ b/framework/yii/validators/BooleanValidator.php @@ -72,11 +72,11 @@ class BooleanValidator extends Validator $options = [ 'trueValue' => $this->trueValue, 'falseValue' => $this->falseValue, - 'message' => Html::encode(strtr($this->message, [ + 'message' => strtr($this->message, [ '{attribute}' => $object->getAttributeLabel($attribute), '{true}' => $this->trueValue, '{false}' => $this->falseValue, - ])), + ]), ]; if ($this->skipOnEmpty) { $options['skipOnEmpty'] = 1; diff --git a/framework/yii/validators/CompareValidator.php b/framework/yii/validators/CompareValidator.php index 69bd6d5..cbd12d2 100644 --- a/framework/yii/validators/CompareValidator.php +++ b/framework/yii/validators/CompareValidator.php @@ -195,11 +195,11 @@ class CompareValidator extends Validator $options['skipOnEmpty'] = 1; } - $options['message'] = Html::encode(strtr($this->message, [ + $options['message'] = strtr($this->message, [ '{attribute}' => $object->getAttributeLabel($attribute), '{compareAttribute}' => $compareValue, '{compareValue}' => $compareValue, - ])); + ]); ValidationAsset::register($view); return 'yii.validation.compare(value, messages, ' . json_encode($options) . ');'; diff --git a/framework/yii/validators/EmailValidator.php b/framework/yii/validators/EmailValidator.php index 24eeaec..e5d9b75 100644 --- a/framework/yii/validators/EmailValidator.php +++ b/framework/yii/validators/EmailValidator.php @@ -98,9 +98,9 @@ class EmailValidator extends Validator 'pattern' => new JsExpression($this->pattern), 'fullPattern' => new JsExpression($this->fullPattern), 'allowName' => $this->allowName, - 'message' => Html::encode(strtr($this->message, [ + 'message' => strtr($this->message, [ '{attribute}' => $object->getAttributeLabel($attribute), - ])), + ]), 'enableIDN' => (boolean)$this->enableIDN, ]; if ($this->skipOnEmpty) { diff --git a/framework/yii/validators/NumberValidator.php b/framework/yii/validators/NumberValidator.php index 60e920a..1bb2360 100644 --- a/framework/yii/validators/NumberValidator.php +++ b/framework/yii/validators/NumberValidator.php @@ -124,24 +124,24 @@ class NumberValidator extends Validator $options = [ 'pattern' => new JsExpression($this->integerOnly ? $this->integerPattern : $this->numberPattern), - 'message' => Html::encode(strtr($this->message, [ + 'message' => strtr($this->message, [ '{attribute}' => $label, - ])), + ]), ]; if ($this->min !== null) { $options['min'] = $this->min; - $options['tooSmall'] = Html::encode(strtr($this->tooSmall, [ + $options['tooSmall'] = strtr($this->tooSmall, [ '{attribute}' => $label, '{min}' => $this->min, - ])); + ]); } if ($this->max !== null) { $options['max'] = $this->max; - $options['tooBig'] = Html::encode(strtr($this->tooBig, [ + $options['tooBig'] = strtr($this->tooBig, [ '{attribute}' => $label, '{max}' => $this->max, - ])); + ]); } if ($this->skipOnEmpty) { $options['skipOnEmpty'] = 1; diff --git a/framework/yii/validators/RangeValidator.php b/framework/yii/validators/RangeValidator.php index cfd1f51..a4da139 100644 --- a/framework/yii/validators/RangeValidator.php +++ b/framework/yii/validators/RangeValidator.php @@ -73,9 +73,9 @@ class RangeValidator extends Validator $options = [ 'range' => $range, 'not' => $this->not, - 'message' => Html::encode(strtr($this->message, [ + 'message' => strtr($this->message, [ '{attribute}' => $object->getAttributeLabel($attribute), - ])), + ]), ]; if ($this->skipOnEmpty) { $options['skipOnEmpty'] = 1; diff --git a/framework/yii/validators/RegularExpressionValidator.php b/framework/yii/validators/RegularExpressionValidator.php index 7b02381..28e9bdc 100644 --- a/framework/yii/validators/RegularExpressionValidator.php +++ b/framework/yii/validators/RegularExpressionValidator.php @@ -80,9 +80,9 @@ class RegularExpressionValidator extends Validator $options = [ 'pattern' => new JsExpression($pattern), 'not' => $this->not, - 'message' => Html::encode(strtr($this->message, [ + 'message' => strtr($this->message, [ '{attribute}' => $object->getAttributeLabel($attribute), - ])), + ]), ]; if ($this->skipOnEmpty) { $options['skipOnEmpty'] = 1; diff --git a/framework/yii/validators/RequiredValidator.php b/framework/yii/validators/RequiredValidator.php index 43b40cf..f291f39 100644 --- a/framework/yii/validators/RequiredValidator.php +++ b/framework/yii/validators/RequiredValidator.php @@ -101,9 +101,9 @@ class RequiredValidator extends Validator $options['strict'] = 1; } - $options['message'] = Html::encode(strtr($options['message'], [ + $options['message'] = strtr($options['message'], [ '{attribute}' => $object->getAttributeLabel($attribute), - ])); + ]); ValidationAsset::register($view); return 'yii.validation.required(value, messages, ' . json_encode($options) . ');'; diff --git a/framework/yii/validators/StringValidator.php b/framework/yii/validators/StringValidator.php index dbc4001..279a189 100644 --- a/framework/yii/validators/StringValidator.php +++ b/framework/yii/validators/StringValidator.php @@ -151,31 +151,31 @@ class StringValidator extends Validator $label = $object->getAttributeLabel($attribute); $options = [ - 'message' => Html::encode(strtr($this->message, [ + 'message' => strtr($this->message, [ '{attribute}' => $label, - ])), + ]), ]; if ($this->min !== null) { $options['min'] = $this->min; - $options['tooShort'] = Html::encode(strtr($this->tooShort, [ + $options['tooShort'] = strtr($this->tooShort, [ '{attribute}' => $label, '{min}' => $this->min, - ])); + ]); } if ($this->max !== null) { $options['max'] = $this->max; - $options['tooLong'] = Html::encode(strtr($this->tooLong, [ + $options['tooLong'] = strtr($this->tooLong, [ '{attribute}' => $label, '{max}' => $this->max, - ])); + ]); } if ($this->length !== null) { $options['is'] = $this->length; - $options['notEqual'] = Html::encode(strtr($this->notEqual, [ + $options['notEqual'] = strtr($this->notEqual, [ '{attribute}' => $label, '{length}' => $this->length, - ])); + ]); } if ($this->skipOnEmpty) { $options['skipOnEmpty'] = 1; diff --git a/framework/yii/validators/UrlValidator.php b/framework/yii/validators/UrlValidator.php index 4023e2a..4cb20f6 100644 --- a/framework/yii/validators/UrlValidator.php +++ b/framework/yii/validators/UrlValidator.php @@ -121,9 +121,9 @@ class UrlValidator extends Validator $options = [ 'pattern' => new JsExpression($pattern), - 'message' => Html::encode(strtr($this->message, [ + 'message' => strtr($this->message, [ '{attribute}' => $object->getAttributeLabel($attribute), - ])), + ]), 'enableIDN' => (boolean)$this->enableIDN, ]; if ($this->skipOnEmpty) {