security updated for entity api
This commit is contained in:
@@ -18,7 +18,7 @@ class EntityFieldHandlerHelper {
|
||||
* Provide appropriate default options for a handler.
|
||||
*/
|
||||
public static function option_definition($handler) {
|
||||
if (entity_property_list_extract_type($handler->definition['type'])) {
|
||||
if (isset($handler->definition['type']) && entity_property_list_extract_type($handler->definition['type'])) {
|
||||
$options['list']['contains']['mode'] = array('default' => 'collapse');
|
||||
$options['list']['contains']['separator'] = array('default' => ', ');
|
||||
$options['list']['contains']['type'] = array('default' => 'ul');
|
||||
@@ -32,7 +32,7 @@ class EntityFieldHandlerHelper {
|
||||
* Provide an appropriate default option form for a handler.
|
||||
*/
|
||||
public static function options_form($handler, &$form, &$form_state) {
|
||||
if (entity_property_list_extract_type($handler->definition['type'])) {
|
||||
if (isset($handler->definition['type']) && entity_property_list_extract_type($handler->definition['type'])) {
|
||||
$form['list']['mode'] = array(
|
||||
'#type' => 'select',
|
||||
'#title' => t('List handling'),
|
||||
|
||||
@@ -40,7 +40,7 @@ class entity_views_handler_area_entity extends views_handler_area {
|
||||
$form['entity_id'] = array(
|
||||
'#type' => 'textfield',
|
||||
'#title' => t('Entity id'),
|
||||
'#description' => t('Choose the entity you want to display in the area.'),
|
||||
'#description' => t('Choose the entity you want to display in the area. To render an entity given by a contextual filter use "%1" for the first argument, "%2" for the second, etc.'),
|
||||
'#default_value' => $this->options['entity_id'],
|
||||
);
|
||||
|
||||
@@ -105,6 +105,9 @@ class entity_views_handler_area_entity extends views_handler_area {
|
||||
* Render an entity using the view mode.
|
||||
*/
|
||||
public function render_entity($entity_type, $entity_id, $view_mode) {
|
||||
$tokens = $this->get_render_tokens();
|
||||
// Replace argument tokens in entity id.
|
||||
$entity_id = strtr($entity_id, $tokens);
|
||||
if (!empty($entity_type) && !empty($entity_id) && !empty($view_mode)) {
|
||||
$entity = entity_load_single($entity_type, $entity_id);
|
||||
if (!empty($this->options['bypass_access']) || entity_access('view', $entity_type, $entity)) {
|
||||
@@ -117,4 +120,31 @@ class entity_views_handler_area_entity extends views_handler_area {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the 'render' tokens to use for advanced rendering.
|
||||
*
|
||||
* This runs through all of the fields and arguments that
|
||||
* are available and gets their values. This will then be
|
||||
* used in one giant str_replace().
|
||||
*/
|
||||
function get_render_tokens() {
|
||||
$tokens = array();
|
||||
if (!empty($this->view->build_info['substitutions'])) {
|
||||
$tokens = $this->view->build_info['substitutions'];
|
||||
}
|
||||
$count = 0;
|
||||
foreach ($this->view->display_handler->get_handlers('argument') as $arg => $handler) {
|
||||
$token = '%' . ++$count;
|
||||
if (!isset($tokens[$token])) {
|
||||
$tokens[$token] = '';
|
||||
}
|
||||
// Use strip tags as there should never be HTML in the path.
|
||||
// However, we need to preserve special characters like " that
|
||||
// were removed by check_plain().
|
||||
$tokens['%' . $count] = $handler->argument;
|
||||
}
|
||||
|
||||
return $tokens;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user