SW-19437 - Escape stream metadata and fix charts

jhit · Jul 31, 2017 · a1cc6ee · a1cc6ee
1 parent 9a116f2
commit a1cc6ee
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 9 deletions.
diff --git a/engine/Shopware/Models/CustomerStream/CustomerStreamRepository.php b/engine/Shopware/Models/CustomerStream/CustomerStreamRepository.php
@@ -239,8 +239,8 @@ public function fetchAmountPerStreamChart()
         $amount = $query->execute()->fetchAll(PDO::FETCH_KEY_PAIR);
 
         $default = ['unassigned' => 0];
-        foreach ($streams as $name) {
-            $default[$name] = 0;
+        foreach (array_keys($streams) as $id) {
+            $default['stream_' . $id] = 0;
         }
 
         $now = new DateTime();
@@ -255,7 +255,7 @@ public function fetchAmountPerStreamChart()
             $chart[$format] = array_merge(['yearMonth' => $format], $default);
 
             foreach ($streamAmount[$format] as $row) {
-                $stream = $streams[$row['stream']];
+                $stream = 'stream_' . $row['stream'];
                 $chart[$format][$stream] += (float) $row['invoice_amount_sum'];
             }
 

diff --git a/snippets/backend/customer/view/main.ini b/snippets/backend/customer/view/main.ini
@@ -150,6 +150,8 @@ stream_name = "Stream name"
 stream_refreshed = "Customers assigned to stream"
 stream_saved = "Stream saved"
 stream_view_title = "Customer Streams"
+stream_name_tags_stripped_notice = "Notice"
+stream_name_tags_stripped = "The entered value <b>"[0]"</b> contains HTML tags.<br>These tags have been <b>removed</b>, the new value is: <b>"[1]"</b>"
 street = "Street"
 sunday = "Sunday"
 switch_layout = "Switch layout"
@@ -326,6 +328,8 @@ stream_name = "Name"
 stream_refreshed = "Kunden wurden dem Stream zugewiesen"
 stream_saved = "Stream gespeichert"
 stream_view_title = "Customer Streams"
+stream_name_tags_stripped_notice = "Hinweis"
+stream_name_tags_stripped = "Der eingegebene Wert <b>"[0]"</b> enthält HTML-Tags.<br>Diese Tags wurden <b>entfernt</b>, der neue Wert lautet: <b>"[1]"</b>"
 street = "Straße"
 sunday = "Sonntag"
 switch_layout = "Ansicht wechseln"

diff --git a/themes/Backend/ExtJs/backend/customer/view/chart/amount_chart_factory.js b/themes/Backend/ExtJs/backend/customer/view/chart/amount_chart_factory.js
@@ -35,9 +35,9 @@ Ext.define('Shopware.apps.Customer.view.chart.AmountChartFactory', {
         var fields = [];
         var modelFields = [];
 
-        streamStore.each(function (item) {
-            fields.push({ name: item.get('name'), currency: true });
-            modelFields.push({ name: item.get('name'), type: 'float' });
+        streamStore.each(function (item, id) {
+            fields.push({ id: item.get('id'), name: item.get('name'), currency: true });
+            modelFields.push({ id: id, name: 'stream_' + item.get('id'), type: 'float' });
         });
 
         fields.push({ name: 'unassigned', title: '{s name="unassigned_stream"}{/s}', currency: true });
@@ -62,6 +62,7 @@ Ext.define('Shopware.apps.Customer.view.chart.AmountChartFactory', {
                         return fields;
                     }
                 });
+
                 callback(chart);
             }
         });

diff --git a/themes/Backend/ExtJs/backend/customer/view/chart/chart.js b/themes/Backend/ExtJs/backend/customer/view/chart/chart.js
@@ -120,7 +120,7 @@ Ext.define('Shopware.apps.Customer.view.chart.Chart', {
             if (item.hasOwnProperty('title')) {
                 series.push(me.createLineSeries(item.name, item.title, item.currency));
             } else {
-                series.push(me.createLineSeries(item.name, item.name, item.currency));
+                series.push(me.createLineSeries('stream_' + item.id, item.name, item.currency));
             }
         });
 

diff --git a/themes/Backend/ExtJs/backend/customer/view/customer_stream/detail.js b/themes/Backend/ExtJs/backend/customer/view/customer_stream/detail.js
@@ -48,11 +48,19 @@ Ext.define('Shopware.apps.Customer.view.customer_stream.Detail', {
                 fields: {
                     name: {
                         fieldLabel: '{s name="stream_name"}{/s}',
-                        allowBlank: false
+                        allowBlank: false,
+                        listeners: {
+                            scope: me,
+                            blur: me.onBlurStripTags
+                        }
                     },
                     description: {
                         xtype: 'textarea',
-                        fieldLabel: '{s name="stream_description"}{/s}'
+                        fieldLabel: '{s name="stream_description"}{/s}',
+                        listeners: {
+                            scope: me,
+                            blur: me.onBlurStripTags
+                        }
                     },
                     static: me.createStaticCheckbox,
                     freezeUp: me.createFreezeUp
@@ -117,6 +125,28 @@ Ext.define('Shopware.apps.Customer.view.customer_stream.Detail', {
         );
 
         return me.freezeUpContainer;
+    },
+
+    createWarningMessageBox: function(newValue, oldValue) {
+        Ext.MessageBox.alert('{s name="stream_name_tags_stripped_notice"}{/s}', Ext.String.format('{s name="stream_name_tags_stripped"}{/s}', Ext.util.Format.htmlEncode(oldValue), newValue));
+    },
+
+    onBlurStripTags: function(comp) {
+        var me = this,
+            val = comp.getValue(),
+            html;
+
+        html = Ext.util.Format.stripTags(val);
+        html = html.replace(/"/g, '');
+
+        if (html === val) {
+            return;
+        }
+
+        comp.setRawValue(html);
+        comp.setValue(html);
+
+        me.createWarningMessageBox(html, val);
     }
 });
 // {/block}