Skip to content
Snippets Groups Projects
Commit 88d431fe authored by Wade Stewart's avatar Wade Stewart
Browse files

Issue #3366359 by themodularlab: After installing: error on edit and save changes to the menu

parent 9dfc95a8
No related branches found
No related tags found
2 merge requests!86Resolve #3370275 "Upgrading from 8x1.7",!71Issue #3366359 by themodularlab: After installing: error on edit and save changes to the menu
......@@ -149,7 +149,7 @@ class TBMegaMenuAdminController extends ControllerBase {
$renderable_array = $this->menuBuilder->renderBlock($menu_name, $theme);
$result = $this->renderer
->render($renderable_array)
->__toString();
->jsonSerialize();
}
// Display an error if the config can't be loaded.
else {
......@@ -297,7 +297,7 @@ class TBMegaMenuAdminController extends ControllerBase {
];
$content = $this->renderer
->render($render)
->__toString();
->jsonSerialize();
$result = Json::encode(['content' => $content, 'id' => $id]);
}
// Display an error if the block can't be loaded.
......
......@@ -2,7 +2,9 @@
namespace Drupal\tb_megamenu\Entity;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Config\Entity\ConfigEntityBase;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\tb_megamenu\MegaMenuConfigInterface;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\Html;
......@@ -43,6 +45,8 @@ use Drupal\Component\Utility\Html;
*/
class MegaMenuConfig extends ConfigEntityBase implements MegaMenuConfigInterface {
use StringTranslationTrait;
/**
* The MegaMenu ID.
*
......@@ -67,16 +71,16 @@ class MegaMenuConfig extends ConfigEntityBase implements MegaMenuConfigInterface
/**
* The json encoded string of block settings.
*
* @var string
* @var string|array
*/
public string $block_config;
public string|array $block_config;
/**
* The json encoded string of menu settings.
*
* @var string
* @var string|array
*/
public string $menu_config;
public string|array $menu_config;
/**
* Flags used for encoding JSON values.
......@@ -162,20 +166,14 @@ class MegaMenuConfig extends ConfigEntityBase implements MegaMenuConfigInterface
$config = isset($this->menu_config) ? Json::decode($this->menu_config) : [];
// Iterate through config in order to santitize items that could be
// Iterate through config in order to sanitize items that could be
// vulnerable to XSS attacks.
foreach ($config as $key => $value) {
$config[$key]['submenu_config']['class'] = isset($value['submenu_config']['class']) ? Html::escape($value['submenu_config']['class']) : '';
$config[$key]['item_config']['class'] = isset($value['item_config']['class']) ? Html::escape($value['item_config']['class']) : '';
$config[$key]['item_config']['xicon'] = isset($value['item_config']['xicon']) ? Html::escape($value['item_config']['xicon']) : '';
$config[$key]['item_config']['label'] = isset($value['item_config']['label']) ? Html::escape($value['item_config']['label']) : '';
// Because the caption gets rendered on the frontend and may include
// special characters, we add it to a plain text render array. Any
// insecure tags will be autoescaped by twig.
$config[$key]['item_config']['caption'] = [
'#plain_text' => $value['item_config']['caption'],
];
$config[$key]['item_config']['class'] = isset($value['item_config']['class']) ? Html::escape($value['item_config']['class']) :'';
$config[$key]['item_config']['xicon'] = isset($value['item_config']['xicon']) ? Html::escape($value['item_config']['xicon']) : '';
$config[$key]['item_config']['label'] = isset($value['item_config']['label']) ? Html::escape($value['item_config']['label']) : '';
$config[$key]['item_config']['caption'] = isset($value['item_config']['caption']) ? Xss::filter($value['item_config']['caption']) : '';
}
if ($config === NULL) {
......
......@@ -21,7 +21,10 @@
{% endif %}
{{ link.title_translate }}
{% if item_config['caption'] %}
<span class="tbm-caption">{{ item_config['caption'] }}</span>
{% autoescape %}
{# Passed through Xss::filter prior to reaching twig. We want to allow some html here. #}
<span class="tbm-caption">{{ item_config['caption']|raw }}</span>
{% endautoescape %}
{% endif %}
</{{ tag }}>
{% if section == 'frontend' %}
......
......@@ -29,10 +29,10 @@ if (window.matchMedia("(max-width: {{ block_config['breakpoint']}}px)").matches)
document.getElementById("{{ attributes.id }}").classList.add('tbm--mobile')
}
{# If the menu should be hidden on mobile, add the appropriate class before
there is a chance for a flash of unstyled content. #}
{% set hide_mobile = block_config['hide-mobile-menu'] %}
if ({{ hide_mobile }}) {
var hideMobile = {{ hide_mobile }}
if (hideMobile === 1) {
document.getElementById('{{ attributes.id }}').classList.add('tbm--mobile-hide')
}
</script>
\ No newline at end of file
</script>
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment