Commits

Christoffer Niska committed 7b951f1

Added validation for node names on creation and made other minor improvements.

Comments (0)

Files changed (8)

 	'defaultLanguage'=>'en_us',
 	// the types of files that can uploaded as attachments
 	'allowedFileTypes'=>'jpg, gif, png',
+	// the maximum allowed filesize for attachments
+	'allowedFileSize'=>1024,
 	// the path to save the attachments
 	'attachmentPath'=>'/files/cms/attachments/',
 	// the template to use for node headings

components/Cms.php

 	 * @property string the allowed attachment files types.
 	 */
 	public $allowedFileTypes = 'jpg, gif, png';
+    /**
+     * @property integer the maximum allowed filesize for attachments.
+     */
+    public $allowedFileSize = 1024;
 	/**
 	 * @property string the path for saving attached files.
 	 */
 	 */
 	public function createNode($name)
 	{
+        // Validate the node name before creation.
+        if (preg_match('/^[\w\d\._-]+$/i', $name) === 0)
+            throw new CException(__CLASS__.': Failed to create node. Name "'.$name.'" is invalid.');
+
 		$node = new CmsNode();
 		$node->name = $name;
 		$node->save(false);
 /*
-	Cms database schematic.
+	Cms database schema.
 	Author Christoffer Niska <christoffer.niska@nordsoftware.com>
 	Copyright (c) 2011, Nord Software Ltd
  */
 
-CREATE TABLE IF NOT EXISTS `cms_attachment` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+CREATE TABLE IF NOT EXISTS `cms_node` (
+  `id` int(10) NOT NULL AUTO_INCREMENT,
   `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `contentId` int(10) unsigned NOT NULL,
-  `filename` varchar(255) NOT NULL,
-  `extension` varchar(50) NOT NULL,
-  `mimeType` varchar(255) NOT NULL,
-  `byteSize` int(10) unsigned NOT NULL,
+  `updated` timestamp NULL DEFAULT NULL,
+  `parentId` int(10) NOT NULL DEFAULT '0',
+  `name` varchar(255) NOT NULL,
+  `deleted` tinyint(4) NOT NULL DEFAULT '0',
   PRIMARY KEY (`id`),
-  KEY `contentId` (`contentId`)
+  KEY `name_deleted` (`name`,`deleted`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE IF NOT EXISTS `cms_content` (
   UNIQUE KEY `contentId_locale` (`nodeId`,`locale`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
-CREATE TABLE IF NOT EXISTS `cms_node` (
-  `id` int(10) NOT NULL AUTO_INCREMENT,
+CREATE TABLE IF NOT EXISTS `cms_attachment` (
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `updated` timestamp NULL DEFAULT NULL,
-  `parentId` int(10) NOT NULL DEFAULT '0',
-  `name` varchar(255) NOT NULL,
-  `deleted` tinyint(4) NOT NULL DEFAULT '0',
+  `contentId` int(10) unsigned NOT NULL,
+  `filename` varchar(255) NOT NULL,
+  `extension` varchar(50) NOT NULL,
+  `mimeType` varchar(255) NOT NULL,
+  `byteSize` int(10) unsigned NOT NULL,
   PRIMARY KEY (`id`),
-  KEY `name_deleted` (`name`,`deleted`)
+  KEY `contentId` (`contentId`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

models/CmsContent.php

 			array('nodeId', 'length', 'max'=>10),
 			array('locale', 'length', 'max'=>50),
 			array('heading, url, pageTitle, breadcrumb, metaTitle, metaDescription, metaKeywords', 'length', 'max'=>255),
-			array('attachment', 'file', 'types'=>Yii::app()->cms->allowedFileTypes, 'maxSize'=>1024, 'allowEmpty'=>true),
+            array('attachment', 'file', 'types'=>Yii::app()->cms->allowedFileTypes, 'maxSize'=>Yii::app()->cms->allowedFileSize, 'allowEmpty'=>true),
 			array('body, css', 'filter', 'filter'=>array($obj = new CHtmlPurifier(), 'purify')),
 			array('id, nodeId, locale, heading, url, pageTitle, breadcrumb, metaTitle, metaDescription, metaKeywords', 'safe', 'on'=>'search'),
 		);

models/CmsNode.php

 	protected $_patterns = array(
 		'file'=>'/{{file:([\d]+)}}/i',
 		'image'=>'/{{image:([\d]+)}}/i',
-		'link'=>'/{{([\w\d]+|https?:\/\/[\w\d_-]*(\.[\w\d_-]*)+.*)\|([\w\d\s-]+)}}/i',
+		'link'=>'/{{([\w\d\._-]+|https?:\/\/[\w\d_-]*(\.[\w\d_-]*)+.*)\|([\w\d\s-]+)}}/i',
 		'email'=>'/{{email:([\w\d!#$%&\'*+\\/=?^_`{|}~-]+(?:\.[\w\d!#$%&\'*+\\/=?^_`{|}~-]+)*@(?:[\w\d](?:[\w\d-]*[\w\d])?\.)+[\w\d](?:[\w\d-]*[\w\d])?)}}/i',
-		'node'=>'/{{node:([\w\d]+)}}/i',
+		'node'=>'/{{node:([\w\d\._-]+)}}/i',
 	);
 
 	/**

themes/bootstrap/views/cms/node/_form.php

 
 	<?php echo $form->textFieldRow($model,'['.$model->locale.']breadcrumb',array('class'=>'span8')) ?>
 
-	<?php echo $form->textFieldRow($model,'['.$model->locale.']breadcrumb',array('class'=>'span8')) ?>
-
     <?php echo $form->textFieldRow($model,'['.$model->locale.']metaTitle',array('class'=>'span8')) ?>
 
     <?php echo $form->textAreaRow($model,'['.$model->locale.']metaDescription',array('class'=>'span8','rows'=>3)) ?>

themes/bootstrap/views/cms/node/update.php

-<?php $this->breadcrumbs = CMap::mergeArray($model->getBreadcrumbs(true), array(Yii::t('CmsModule.core','Update'))) ?>
-<div class="node-update">
-
-	<h1><?php echo Yii::t('CmsModule.core','Update node') ?></h1>
-
-	<?php $form = $this->beginWidget('ext.bootstrap.widgets.BootActiveForm',array(
-		'id'=>'cmsUpdateNodeForm',
-		//'enableAjaxValidation'=>true,
-		'stacked'=>true,
-		'htmlOptions'=>array('enctype'=>'multipart/form-data'),
-	)) ?>
-
-		<fieldset class="form-node">
-
-			<?php echo $form->uneditableRow($model,'name',array('hint'=>Yii::t('CmsModule.core','Node name cannot be changed.'))) ?>
-
-			<?php echo $form->dropDownListRow($model,'parentId',$model->getParentOptionTree()) ?>
-
-		</fieldset>
-
-		<?php $tabs = array();
-		foreach ($translations as $locale => $content) {
-			$language = Yii::app()->cms->languages[$locale];
-			$tab = $this->renderPartial('_form',array(
-				'model'=>$content,
-				'form'=>$form,
-				'node'=>$model,
-				'language'=>$language,
-			), true);
-			$tabs[$language] = $tab;
-		} ?>
-
-		<?php $this->widget('ext.bootstrap.widgets.BootTabs',array(
-			'tabs'=>$tabs,
-		)); ?>
-
-		<div class="actions clearfix">
-			<div class="pull-left">
-				<?php echo CHtml::submitButton(Yii::t('CmsModule.core','Save'),array('class'=>'btn primary')) ?>
-			</div>
-			<div class="pull-right">
-				<?php echo CHtml::link(Yii::t('CmsModule.core','Delete'),array('delete','id'=>$model->id),array(
-					'class'=>'btn',
-					'confirm'=>Yii::t('CmsModule.core','Are you sure you want to delete this node?'),
-				)) ?>
-			</div>
-		</div>
-
-	<?php $this->endWidget() ?>
-
+<?php $this->breadcrumbs = CMap::mergeArray($model->getBreadcrumbs(true), array(Yii::t('CmsModule.core','Update'))) ?>
+
+<div class="node-update">
+
+    <h1><?php echo Yii::t('CmsModule.core','Update :name',array(':name'=>ucfirst($model->name))) ?></h1>
+
+	<?php $form = $this->beginWidget('ext.bootstrap.widgets.BootActiveForm',array(
+		'id'=>'cmsUpdateNodeForm',
+		//'enableAjaxValidation'=>true,
+		'stacked'=>true,
+		'htmlOptions'=>array('enctype'=>'multipart/form-data'),
+	)) ?>
+
+		<fieldset class="form-node">
+
+			<?php echo $form->uneditableRow($model,'name',array('hint'=>Yii::t('CmsModule.core','Node name cannot be changed.'))) ?>
+
+			<?php echo $form->dropDownListRow($model,'parentId',$model->getParentOptionTree()) ?>
+
+		</fieldset>
+
+		<?php $tabs = array();
+		foreach ($translations as $locale => $content) {
+			$language = Yii::app()->cms->languages[$locale];
+			$tab = $this->renderPartial('_form',array(
+				'model'=>$content,
+				'form'=>$form,
+				'node'=>$model,
+				'language'=>$language,
+			), true);
+			$tabs[$language] = $tab;
+		} ?>
+
+		<?php $this->widget('ext.bootstrap.widgets.BootTabs',array(
+			'tabs'=>$tabs,
+		)); ?>
+
+		<div class="actions clearfix">
+			<div class="pull-left">
+				<?php echo CHtml::submitButton(Yii::t('CmsModule.core','Save'),array('class'=>'btn primary')) ?>
+			</div>
+			<div class="pull-right">
+				<?php echo CHtml::link(Yii::t('CmsModule.core','Delete'),array('delete','id'=>$model->id),array(
+					'class'=>'btn',
+					'confirm'=>Yii::t('CmsModule.core','Are you sure you want to delete this node?'),
+				)) ?>
+			</div>
+		</div>
+
+	<?php $this->endWidget() ?>
+
 </div>

views/node/update.php

 
 <div class="node-update form">
 
-	<h1><?php echo Yii::t('CmsModule.core','Update node') ?></h1>
+	<h1><?php echo Yii::t('CmsModule.core','Update :name',array(':name'=>ucfirst($model->name))) ?></h1>
 
 	<?php $form=$this->beginWidget('CActiveForm', array(
 		'id'=>'cmsUpdateNodeForm',
-		//'enableAjaxValidation'=>true,
 		'htmlOptions'=>array('enctype'=>'multipart/form-data')
 	)); ?>