Skip to content

Commit 59f69fc

Browse files
author
Bizley
authored
Fix #19462: Fix validator client options to encode HTML tags
1 parent 0099619 commit 59f69fc

File tree

13 files changed

+52
-11
lines changed

13 files changed

+52
-11
lines changed

framework/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ Yii Framework 2 Change Log
4343
- Bug #19454: Fix PDO exception code not properly passed to `yii\db\Exception` (Roguyt)
4444
- Bug #19477: cast shell_exec() output to string (schmunk42)
4545
- Bug #19481: Exception is always empty in ErrorHandler when handling fatal error (Renkas)
46+
- Bug #19462: Fix validator client options to encode HTML tags (bizley)
4647

4748
2.0.45 February 11, 2022
4849
------------------------

framework/captcha/CaptchaValidator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99

1010
use Yii;
1111
use yii\base\InvalidConfigException;
12+
use yii\helpers\Json;
1213
use yii\validators\ValidationAsset;
1314
use yii\validators\Validator;
1415

@@ -89,7 +90,7 @@ public function clientValidateAttribute($model, $attribute, $view)
8990
ValidationAsset::register($view);
9091
$options = $this->getClientOptions($model, $attribute);
9192

92-
return 'yii.validation.captcha(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
93+
return 'yii.validation.captcha(value, messages, ' . Json::htmlEncode($options) . ');';
9394
}
9495

9596
/**

framework/validators/BooleanValidator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
namespace yii\validators;
99

1010
use Yii;
11+
use yii\helpers\Json;
1112

1213
/**
1314
* BooleanValidator checks if the attribute value is a boolean value.
@@ -76,7 +77,7 @@ public function clientValidateAttribute($model, $attribute, $view)
7677
ValidationAsset::register($view);
7778
$options = $this->getClientOptions($model, $attribute);
7879

79-
return 'yii.validation.boolean(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
80+
return 'yii.validation.boolean(value, messages, ' . Json::htmlEncode($options) . ');';
8081
}
8182

8283
/**

framework/validators/CompareValidator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
use Yii;
1111
use yii\base\InvalidConfigException;
1212
use yii\helpers\Html;
13+
use yii\helpers\Json;
1314

1415
/**
1516
* CompareValidator compares the specified attribute value with another value.
@@ -234,7 +235,7 @@ public function clientValidateAttribute($model, $attribute, $view)
234235
ValidationAsset::register($view);
235236
$options = $this->getClientOptions($model, $attribute);
236237

237-
return 'yii.validation.compare(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ', $form);';
238+
return 'yii.validation.compare(value, messages, ' . Json::htmlEncode($options) . ', $form);';
238239
}
239240

240241
/**

framework/validators/FileValidator.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -432,7 +432,7 @@ public function clientValidateAttribute($model, $attribute, $view)
432432
{
433433
ValidationAsset::register($view);
434434
$options = $this->getClientOptions($model, $attribute);
435-
return 'yii.validation.file(attribute, messages, ' . Json::encode($options) . ');';
435+
return 'yii.validation.file(attribute, messages, ' . Json::htmlEncode($options) . ');';
436436
}
437437

438438
/**

framework/validators/FilterValidator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
namespace yii\validators;
99

1010
use yii\base\InvalidConfigException;
11+
use yii\helpers\Json;
1112

1213
/**
1314
* FilterValidator converts the attribute value according to a filter.
@@ -93,7 +94,7 @@ public function clientValidateAttribute($model, $attribute, $view)
9394
ValidationAsset::register($view);
9495
$options = $this->getClientOptions($model, $attribute);
9596

96-
return 'value = yii.validation.trim($form, attribute, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ', value);';
97+
return 'value = yii.validation.trim($form, attribute, ' . Json::htmlEncode($options) . ', value);';
9798
}
9899

99100
/**

framework/validators/ImageValidator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
namespace yii\validators;
99

1010
use Yii;
11+
use yii\helpers\Json;
1112
use yii\web\UploadedFile;
1213

1314
/**
@@ -166,7 +167,7 @@ public function clientValidateAttribute($model, $attribute, $view)
166167
{
167168
ValidationAsset::register($view);
168169
$options = $this->getClientOptions($model, $attribute);
169-
return 'yii.validation.image(attribute, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ', deferred);';
170+
return 'yii.validation.image(attribute, messages, ' . Json::htmlEncode($options) . ', deferred);';
170171
}
171172

172173
/**

framework/validators/RangeValidator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
use Yii;
1111
use yii\base\InvalidConfigException;
1212
use yii\helpers\ArrayHelper;
13+
use yii\helpers\Json;
1314

1415
/**
1516
* RangeValidator validates that the attribute value is among a list of values.
@@ -111,7 +112,7 @@ public function clientValidateAttribute($model, $attribute, $view)
111112
ValidationAsset::register($view);
112113
$options = $this->getClientOptions($model, $attribute);
113114

114-
return 'yii.validation.range(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
115+
return 'yii.validation.range(value, messages, ' . Json::htmlEncode($options) . ');';
115116
}
116117

117118
/**

framework/validators/RequiredValidator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
namespace yii\validators;
99

1010
use Yii;
11+
use yii\helpers\Json;
1112

1213
/**
1314
* RequiredValidator validates that the specified attribute does not have null or empty value.
@@ -93,7 +94,7 @@ public function clientValidateAttribute($model, $attribute, $view)
9394
ValidationAsset::register($view);
9495
$options = $this->getClientOptions($model, $attribute);
9596

96-
return 'yii.validation.required(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
97+
return 'yii.validation.required(value, messages, ' . Json::htmlEncode($options) . ');';
9798
}
9899

99100
/**

framework/validators/StringValidator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
namespace yii\validators;
99

1010
use Yii;
11+
use yii\helpers\Json;
1112

1213
/**
1314
* StringValidator validates that the attribute value is of certain length.
@@ -168,7 +169,7 @@ public function clientValidateAttribute($model, $attribute, $view)
168169
ValidationAsset::register($view);
169170
$options = $this->getClientOptions($model, $attribute);
170171

171-
return 'yii.validation.string(value, messages, ' . json_encode($options, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ');';
172+
return 'yii.validation.string(value, messages, ' . Json::htmlEncode($options) . ');';
172173
}
173174

174175
/**

0 commit comments

Comments
 (0)