opdavies/drupalcampbristol
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update to Drupal 8.0.0-beta15. For more information, see: https://www.drupal.org/node/2563023

Browse source
This commit is contained in:
Pantheon Automation 2015-09-04 13:20:09 -07:00 committed by Greg Anderson
parent 2720a9ec4b
commit f3791f1da3
1898 changed files with 54300 additions and 11481 deletions
Download patch file Download diff file Expand all files Collapse all files

4
core/lib/Drupal/Core/StringTranslation/StringTranslationTrait.php
View file

@ -37,6 +37,10 @@ trait StringTranslationTrait {
* Translates a string to the current language or to a given language.
*
* See the t() documentation for details.
*
* Never call $this->t($user_text) where $user_text is text that a user
* entered; doing so can lead to cross-site scripting and other security
* problems.
*/
protected function t($string, array $args = array(), array $options = array()) {
return $this->getStringTranslation()->translate($string, $args, $options);

4
core/lib/Drupal/Core/StringTranslation/TranslationInterface.php
View file

@ -17,6 +17,10 @@ interface TranslationInterface {
/**
* Translates a string to the current language or to a given language.
*
* Never call translate($user_text) where $user_text is text that a user
* entered; doing so can lead to cross-site scripting and other security
* problems.
*
* @param string $string
* A string containing the English string to translate.
* @param array $args

10
core/lib/Drupal/Core/StringTranslation/TranslationManager.php
View file

@ -142,7 +142,15 @@ class TranslationManager implements TranslationInterface, TranslatorInterface {
public function translate($string, array $args = array(), array $options = array()) {
$string = $this->doTranslate($string, $options);
if (empty($args)) {
return SafeMarkup::set($string);
// We add the string to the safe list as opposed to making it an object
// implementing SafeStringInterface as we may need to call __toString()
// on the object before render time, at which point the string ceases to
// be safe, and working around this would require significant rework.
// Adding this string to the safe list is assumed to be safe because
// translate() should only be called with strings defined in code.
// @see \Drupal\Core\StringTranslation\TranslationInterface::translate()
SafeMarkup::setMultiple([$string => ['html' => TRUE]]);
return $string;
}
else {
return SafeMarkup::format($string, $args);

10
core/lib/Drupal/Core/StringTranslation/TranslationWrapper.php
View file

@ -118,4 +118,14 @@ class TranslationWrapper implements SafeStringInterface {
return array('string', 'arguments', 'options');
}
/**
* Returns a representation of the object for use in JSON serialization.
*
* @return string
* The safe string content.
*/
public function jsonSerialize() {
return $this->__toString();
}
}