From d87afeb496b3f75431192e1a1c9250e22a5363f7 Mon Sep 17 00:00:00 2001 From: Qiang Xue Date: Tue, 25 Jun 2013 16:12:18 -0400 Subject: [PATCH] encode checkbox and radio list by default. --- framework/yii/helpers/base/Html.php | 14 ++++++++++---- tests/unit/framework/helpers/HtmlTest.php | 4 ++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/framework/yii/helpers/base/Html.php b/framework/yii/helpers/base/Html.php index c799918..9abf537 100644 --- a/framework/yii/helpers/base/Html.php +++ b/framework/yii/helpers/base/Html.php @@ -732,11 +732,12 @@ class Html * @param string|array $selection the selected value(s). * @param array $items the data item used to generate the checkboxes. * The array keys are the labels, while the array values are the corresponding checkbox values. - * Note that the labels will NOT be HTML-encoded, while the values will. * @param array $options options (name => config) for the checkbox list. The following options are supported: * * - unselect: string, the value that should be submitted when none of the checkboxes is selected. * By setting this option, a hidden input will be generated. + * - encode: boolean, whether to HTML-encode the checkbox labels. Defaults to true. + * This option is ignored if `item` option is set. * - separator: string, the HTML code that separates items. * - item: callable, a callback that can be used to customize the generation of the HTML code * corresponding to a single item in $items. The signature of this callback must be: @@ -757,6 +758,7 @@ class Html } $formatter = isset($options['item']) ? $options['item'] : null; + $encode = !isset($options['encode']) || $options['encode']; $lines = array(); $index = 0; foreach ($items as $value => $label) { @@ -766,7 +768,8 @@ class Html if ($formatter !== null) { $lines[] = call_user_func($formatter, $index, $label, $name, $checked, $value); } else { - $lines[] = static::label(static::checkbox($name, $checked, array('value' => $value)) . ' ' . $label); + $checkbox = static::checkbox($name, $checked, array('value' => $value)); + $lines[] = static::label($checkbox . ' ' . ($encode ? static::encode($label) : $label)); } $index++; } @@ -790,11 +793,12 @@ class Html * @param string|array $selection the selected value(s). * @param array $items the data item used to generate the radio buttons. * The array keys are the labels, while the array values are the corresponding radio button values. - * Note that the labels will NOT be HTML-encoded, while the values will. * @param array $options options (name => config) for the radio button list. The following options are supported: * * - unselect: string, the value that should be submitted when none of the radio buttons is selected. * By setting this option, a hidden input will be generated. + * - encode: boolean, whether to HTML-encode the checkbox labels. Defaults to true. + * This option is ignored if `item` option is set. * - separator: string, the HTML code that separates items. * - item: callable, a callback that can be used to customize the generation of the HTML code * corresponding to a single item in $items. The signature of this callback must be: @@ -810,6 +814,7 @@ class Html */ public static function radioList($name, $selection = null, $items = array(), $options = array()) { + $encode = !isset($options['encode']) || $options['encode']; $formatter = isset($options['item']) ? $options['item'] : null; $lines = array(); $index = 0; @@ -820,7 +825,8 @@ class Html if ($formatter !== null) { $lines[] = call_user_func($formatter, $index, $label, $name, $checked, $value); } else { - $lines[] = static::label(static::radio($name, $checked, array('value' => $value)) . ' ' . $label); + $radio = static::radio($name, $checked, array('value' => $value)); + $lines[] = static::label($radio . ' ' . ($encode ? static::encode($label) : $label)); } $index++; } diff --git a/tests/unit/framework/helpers/HtmlTest.php b/tests/unit/framework/helpers/HtmlTest.php index 93eb68c..dc6214f 100644 --- a/tests/unit/framework/helpers/HtmlTest.php +++ b/tests/unit/framework/helpers/HtmlTest.php @@ -305,7 +305,7 @@ EOD; $this->assertEqualsWithoutLE($expected, Html::checkboxList('test', array('value2'), $this->getDataItems())); $expected = << text1<> + EOD; $this->assertEqualsWithoutLE($expected, Html::checkboxList('test', array('value2'), $this->getDataItems2())); @@ -341,7 +341,7 @@ EOD; $this->assertEqualsWithoutLE($expected, Html::radioList('test', array('value2'), $this->getDataItems())); $expected = << text1<> + EOD; $this->assertEqualsWithoutLE($expected, Html::radioList('test', array('value2'), $this->getDataItems2()));