Commit f9775531 authored by webchick's avatar webchick
Browse files

Issue #2368653 by YesCT, pcambra, dawehner: Replace _l in all places (3) besides one

parent 7992d4f5
......@@ -28,10 +28,10 @@ class UrlTest extends WebTestBase {
* Confirms that invalid URLs are filtered in link generating functions.
*/
function testLinkXSS() {
// Test _l().
// Test \Drupal::l().
$text = $this->randomMachineName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$link = _l($text, $path);
$link = \Drupal::l($text, Url::fromUri('user-path:' . $path));
$sanitized_path = check_url(Url::fromUri('base:' . $path)->toString());
$this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered by _l().', array('@path' => $path)));
......
......@@ -17,6 +17,7 @@
use Drupal\Core\Cache\Cache;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Render\Renderer;
use Drupal\Core\Url as CoreUrl;
use Drupal\views\Plugin\views\HandlerBase;
use Drupal\views\Plugin\views\display\DisplayPluginBase;
use Drupal\views\ResultRow;
......@@ -1247,7 +1248,7 @@ public function renderText($alter) {
$more_link_path = Unicode::substr($more_link_path, Unicode::strlen($base_path));
}
$more_link = _l($more_link_text, $more_link_path, array('attributes' => array('class' => array('views-more-link'))));
$more_link = \Drupal::l($more_link_text, CoreUrl::fromUri('user-path:' . $more_link_path), array('attributes' => array('class' => array('views-more-link'))));
$suffix .= " " . $more_link;
}
......
......@@ -8,6 +8,7 @@
namespace Drupal\views\Plugin\views\field;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Url as CoreUrl;
use Drupal\views\ResultRow;
/**
......@@ -45,7 +46,7 @@ public function buildOptionsForm(&$form, FormStateInterface $form_state) {
public function render(ResultRow $values) {
$value = $this->getValue($values);
if (!empty($this->options['display_as_link'])) {
return _l($this->sanitizeValue($value), $value, array('html' => TRUE));
return \Drupal::l($this->sanitizeValue($value), CoreUrl::fromUri('user-path:' . $value), array('html' => TRUE));
}
else {
return $this->sanitizeValue($value, 'url');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment