Commit a7fc1a27 authored by catch's avatar catch

Issue #2557871 by alexpott: Remove all usages SafeMarkup::checkPlain() from...

Issue #2557871 by alexpott: Remove all usages SafeMarkup::checkPlain() from template preprocess functions and attributes
parent 248506e1
......@@ -5,7 +5,6 @@
* Preprocessors and theme functions of Aggregator module.
*/
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Render\Element;
/**
......@@ -26,7 +25,7 @@ function template_preprocess_aggregator_item(&$variables) {
}
$variables['url'] = check_url($item->getLink());
$variables['title'] = SafeMarkup::checkPlain($item->label());
$variables['title'] = $item->label();
}
/**
......@@ -46,5 +45,5 @@ function template_preprocess_aggregator_feed(&$variables) {
$variables['content'][$key] = $variables['elements'][$key];
}
$variables['full'] = $variables['elements']['#view_mode'] == 'full';
$variables['title'] = SafeMarkup::checkPlain($feed->label());
$variables['title'] = $feed->label();
}
......@@ -7,7 +7,6 @@
use Drupal\book\BookManager;
use Drupal\book\BookManagerInterface;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Render\Element;
......@@ -384,7 +383,7 @@ function template_preprocess_book_navigation(&$variables) {
// Provide extra variables for themers. Not needed by default.
$variables['book_id'] = $book_link['bid'];
$variables['book_title'] = SafeMarkup::checkPlain($book_link['link_title']);
$variables['book_title'] = $book_link['link_title'];
$variables['book_url'] = \Drupal::url('entity.node.canonical', array('node' => $book_link['bid']));
$variables['current_depth'] = $book_link['depth'];
$variables['tree'] = '';
......@@ -404,7 +403,7 @@ function template_preprocess_book_navigation(&$variables) {
'href' => $prev_href,
);
$variables['prev_url'] = $prev_href;
$variables['prev_title'] = SafeMarkup::checkPlain($prev['title']);
$variables['prev_title'] = $prev['title'];
}
/** @var \Drupal\book\BookManagerInterface $book_manager */
......@@ -416,7 +415,7 @@ function template_preprocess_book_navigation(&$variables) {
'href' => $parent_href,
);
$variables['parent_url'] = $parent_href;
$variables['parent_title'] = SafeMarkup::checkPlain($parent['title']);
$variables['parent_title'] = $parent['title'];
}
if ($next = $book_outline->nextLink($book_link)) {
......@@ -426,7 +425,7 @@ function template_preprocess_book_navigation(&$variables) {
'href' => $next_href,
);
$variables['next_url'] = $next_href;
$variables['next_title'] = SafeMarkup::checkPlain($next['title']);
$variables['next_title'] = $next['title'];
}
}
......@@ -464,7 +463,6 @@ function template_preprocess_book_export_html(&$variables) {
global $base_url;
$language_interface = \Drupal::languageManager()->getCurrentLanguage();
$variables['title'] = SafeMarkup::checkPlain($variables['title']);
$variables['base_url'] = $base_url;
$variables['language'] = $language_interface;
$variables['language_rtl'] = ($language_interface->getDirection() == LanguageInterface::DIRECTION_RTL);
......@@ -490,7 +488,7 @@ function template_preprocess_book_export_html(&$variables) {
*/
function template_preprocess_book_node_export_html(&$variables) {
$variables['depth'] = $variables['node']->book['depth'];
$variables['title'] = SafeMarkup::checkPlain($variables['node']->label());
$variables['title'] = $variables['node']->label();
}
/**
......
......@@ -6,7 +6,6 @@
*/
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Datetime\Entity\DateFormat;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Form\FormStateInterface;
......@@ -1249,7 +1248,7 @@ function template_preprocess_file_link(&$variables) {
}
else {
$link_text = $variables['description'];
$options['attributes']['title'] = SafeMarkup::checkPlain($file_entity->getFilename());
$options['attributes']['title'] = $file_entity->getFilename();
}
// Classes to add to the file field for icons.
......
......@@ -50,6 +50,12 @@ function testNodeDisplay() {
}
$test_file = $this->getTestFile('text');
simpletest_generate_file('escaped-&-text', 64, 10, 'text');
$test_file = File::create([
'uri' => 'public://escaped-&-text.txt',
'name' => 'escaped-&-text',
'filesize' => filesize('public://escaped-&-text.txt'),
]);
// Create a new node with the uploaded file.
$nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
......@@ -81,6 +87,9 @@ function testNodeDisplay() {
$this->drupalPostForm('node/' . $nid . '/edit', $edit, t('Save and keep published'));
$this->assertText($description);
// Ensure the filename in the link's title attribute is escaped.
$this->assertRaw('title="escaped-&-text.txt"');
// Test that fields appear as expected after during the preview.
// Add a second file.
$name = 'files[' . $field_name . '_1][]';
......
......@@ -7,7 +7,6 @@
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Render\Element;
......@@ -437,7 +436,7 @@ function template_preprocess_filter_tips(&$variables) {
$variables['tips'][$name] = array(
'attributes' => new Attribute(),
'name' => SafeMarkup::checkPlain($name),
'name' => $name,
'list' => $tiplist,
);
}
......
......@@ -10,7 +10,6 @@
use Drupal\Component\Utility\Xss;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Url;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\user\Entity\User;
......@@ -447,7 +446,7 @@ function template_preprocess_forums(&$variables) {
// them is a shadow copy.
if ($variables['tid'] != $topic->forum_tid) {
$variables['topics'][$id]->moved = TRUE;
$variables['topics'][$id]->title = SafeMarkup::checkPlain($topic->getTitle());
$variables['topics'][$id]->title = $topic->getTitle();
$variables['topics'][$id]->message = \Drupal::l(t('This topic has been moved'), new Url('forum.page', ['taxonomy_term' => $topic->forum_tid]));
}
else {
......@@ -542,7 +541,7 @@ function template_preprocess_forum_list(&$variables) {
foreach ($variables['forums'] as $id => $forum) {
$variables['forums'][$id]->description = array('#markup' => $forum->description->value);
$variables['forums'][$id]->link = forum_uri($forum);
$variables['forums'][$id]->name = SafeMarkup::checkPlain($forum->label());
$variables['forums'][$id]->name = $forum->label();
$variables['forums'][$id]->is_container = !empty($forum->forum_container->value);
$variables['forums'][$id]->zebra = $row % 2 == 0 ? 'odd' : 'even';
$row++;
......
......@@ -5,7 +5,6 @@
* Administration pages for image settings.
*/
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Render\Element;
/**
......@@ -20,8 +19,8 @@
function template_preprocess_image_style_preview(&$variables) {
// Style information.
$style = $variables['style'];
$variables['style_id'] = SafeMarkup::checkPlain($style->id());
$variables['style_name'] = SafeMarkup::checkPlain($style->label());
$variables['style_id'] = $style->id();
$variables['style_name'] = $style->label();
// Cache bypass token.
$variables['cache_bypass'] = REQUEST_TIME;
......
......@@ -5,7 +5,6 @@
* Defines simple link field types.
*/
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Routing\RouteMatchInterface;
/**
......@@ -62,9 +61,5 @@ function link_theme() {
* - url: A \Drupal\Core\Url object.
*/
function template_preprocess_link_formatter_link_separate(&$variables) {
if (!empty($variables['title'])) {
$variables['title'] = SafeMarkup::checkPlain($variables['title']);
}
$variables['link'] = \Drupal::l($variables['url_title'], $variables['url']);
}
......@@ -5,7 +5,6 @@
* Enables semantically enriched output for Drupal sites in the form of RDFa.
*/
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\Core\Template\Attribute;
......@@ -443,7 +442,7 @@ function rdf_preprocess_username(&$variables) {
// Long usernames are truncated by template_preprocess_username(). Store the
// full name in the content attribute so it can be extracted in RDFa.
if ($variables['truncated']) {
$variables['attributes']['content'] = SafeMarkup::checkPlain($variables['name_raw']);
$variables['attributes']['content'] = $variables['name_raw'];
}
}
......
......@@ -5,7 +5,6 @@
* User page callbacks for the Search module.
*/
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Language\LanguageInterface;
/**
......@@ -36,7 +35,7 @@ function template_preprocess_search_result(&$variables) {
$result = $variables['result'];
$variables['url'] = check_url($result['link']);
$variables['title'] = SafeMarkup::checkPlain($result['title']);
$variables['title'] = $result['title'];
if (isset($result['language']) && $result['language'] != $language_interface->getId() && $result['language'] != LanguageInterface::LANGCODE_NOT_SPECIFIED) {
$variables['title_attributes']['lang'] = $result['language'];
$variables['content_attributes']['lang'] = $result['language'];
......@@ -44,7 +43,7 @@ function template_preprocess_search_result(&$variables) {
$info = array();
if (!empty($result['plugin_id'])) {
$info['plugin_id'] = SafeMarkup::checkPlain($result['plugin_id']);
$info['plugin_id'] = $result['plugin_id'];
}
if (!empty($result['user'])) {
$info['user'] = $result['user'];
......
......@@ -388,6 +388,7 @@ public function testExternalLink() {
'title[0][value]' => 'External URL',
'link[0][uri]' => 'http://example.org',
'menu_parent' => 'admin:system.admin',
'description[0][value]' => 'External URL & escaped',
];
$this->drupalPostForm('admin/structure/menu/manage/admin/add', $edit, 'Save');
......@@ -398,6 +399,8 @@ public function testExternalLink() {
// Assert that the new menu link is shown in the toolbar on a regular page.
$this->drupalGet(Url::fromRoute('<front>'));
$this->assertText('External URL');
// Ensure the description is escaped as expected.
$this->assertRaw('title="External URL &amp; escaped"');
}
/**
......
......@@ -13,7 +13,6 @@
use Drupal\Core\Template\Attribute;
use Drupal\Component\Datetime\DateTimePlus;
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Url;
/**
......@@ -265,7 +264,7 @@ function toolbar_menu_navigation_links(array $tree) {
$element->options['attributes']['id'] = 'toolbar-link-' . $id;
$element->options['attributes']['class'][] = 'toolbar-icon';
$element->options['attributes']['class'][] = 'toolbar-icon-' . strtolower(str_replace(array('.', ' ', '_'), array('-', '-', '-'), $definition['id']));
$element->options['attributes']['title'] = SafeMarkup::checkPlain($link->getDescription());
$element->options['attributes']['title'] = $link->getDescription();
}
return $tree;
}
......
<?php
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Unicode;
use Drupal\Core\Asset\AttachedAssetsInterface;
use Drupal\Core\Cache\Cache;
......@@ -463,7 +462,7 @@ function template_preprocess_username(&$variables) {
else {
$variables['truncated'] = FALSE;
}
$variables['name'] = SafeMarkup::checkPlain($name);
$variables['name'] = $name;
$variables['profile_access'] = \Drupal::currentUser()->hasPermission('access user profiles');
$external = FALSE;
......
......@@ -6,7 +6,6 @@
*/
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Template\Attribute;
use Drupal\Core\Url;
......@@ -855,7 +854,7 @@ function template_preprocess_views_view_rss(&$variables) {
// The RSS 2.0 "spec" doesn't indicate HTML can be used in the description.
// We strip all HTML tags, but need to prevent double encoding from properly
// escaped source data (such as &amp becoming &amp;amp;).
$variables['description'] = SafeMarkup::checkPlain(Html::decodeEntities(strip_tags($style->getDescription())));
$variables['description'] = Html::decodeEntities(strip_tags($style->getDescription()));
if ($view->display_handler->getOption('sitename_title')) {
$title = $config->get('name');
......@@ -866,7 +865,7 @@ function template_preprocess_views_view_rss(&$variables) {
else {
$title = $view->getTitle();
}
$variables['title'] = SafeMarkup::checkPlain($title);
$variables['title'] = $title;
// Figure out which display which has a path we're using for this feed. If
// there isn't one, use the global $base_url
......@@ -892,7 +891,7 @@ function template_preprocess_views_view_rss(&$variables) {
$variables['link'] = $url_string;
}
$variables['langcode'] = SafeMarkup::checkPlain(\Drupal::languageManager()->getCurrentLanguage()->getId());
$variables['langcode'] = \Drupal::languageManager()->getCurrentLanguage()->getId();
$variables['namespaces'] = new Attribute($style->namespaces);
$variables['items'] = $items;
$variables['channel_elements'] = \Drupal::service('renderer')->render($style->channel_elements);
......@@ -957,7 +956,7 @@ function template_preprocess_views_view_opml(&$variables) {
else {
$title = $view->getTitle();
}
$variables['title'] = SafeMarkup::checkPlain($title);
$variables['title'] = $title;
$variables['items'] = $items;
$variables['updated'] = gmdate(DATE_RFC2822, REQUEST_TIME);
......
......@@ -5,7 +5,6 @@
* Functions to support theming in the Bartik theme.
*/
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Template\Attribute;
......@@ -120,7 +119,7 @@ function _bartik_process_page(&$variables) {
$variables['hide_site_slogan'] = theme_get_setting('features.slogan') ? FALSE : TRUE;
if ($variables['hide_site_name']) {
// If toggle_name is FALSE, the site_name will be empty, so we rebuild it.
$variables['site_name'] = SafeMarkup::checkPlain($site_config->get('name'));
$variables['site_name'] = $site_config->get('name');
}
if ($variables['hide_site_slogan']) {
// If toggle_site_slogan is FALSE, the site_slogan will be empty, so we
......
......@@ -6,7 +6,6 @@
*/
use Drupal\Component\Utility\Xss;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Form\FormStateInterface;
/**
......@@ -74,7 +73,7 @@ function seven_preprocess_node_add_list(&$variables) {
if (!empty($variables['content'])) {
/** @var \Drupal\node\NodeTypeInterface $type */
foreach ($variables['content'] as $type) {
$variables['types'][$type->id()]['label'] = SafeMarkup::checkPlain($type->label());
$variables['types'][$type->id()]['label'] = $type->label();
$variables['types'][$type->id()]['url'] = \Drupal::url('node.add', array('node_type' => $type->id()));
}
}
......@@ -89,7 +88,7 @@ function seven_preprocess_node_add_list(&$variables) {
function seven_preprocess_block_content_add_list(&$variables) {
if (!empty($variables['content'])) {
foreach ($variables['content'] as $type) {
$variables['types'][$type->id()]['label'] = SafeMarkup::checkPlain($type->label());
$variables['types'][$type->id()]['label'] = $type->label();
$options = array('query' => \Drupal::request()->query->all());
$variables['types'][$type->id()]['url'] = \Drupal::url('block_content.add_form', array('block_content_type' => $type->id()), $options);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment