diff options
| author | ArthurHoaro <arthur@hoa.ro> | 2016-08-02 12:54:55 +0200 |
|---|---|---|
| committer | ArthurHoaro <arthur@hoa.ro> | 2016-08-02 12:54:55 +0200 |
| commit | b9f8b83790a57b55f7d12471460537a268a24642 (patch) | |
| tree | 1e42039b149a92dd2fcfe7ffbca42d236246a60b | |
| parent | efc0c865ba914e75a6c3c9220450d13f752c7afa (diff) | |
| download | Shaarli-b9f8b83790a57b55f7d12471460537a268a24642.tar.gz Shaarli-b9f8b83790a57b55f7d12471460537a268a24642.tar.zst Shaarli-b9f8b83790a57b55f7d12471460537a268a24642.zip | |
Fix update method escapeUnescapedConfig
* Actually run it
* unit tests
Fixes #611
| -rw-r--r-- | application/Updater.php | 4 | ||||
| -rw-r--r-- | tests/Updater/UpdaterTest.php | 24 |
2 files changed, 26 insertions, 2 deletions
diff --git a/application/Updater.php b/application/Updater.php index fd45d17f..b6cbc56c 100644 --- a/application/Updater.php +++ b/application/Updater.php | |||
| @@ -198,11 +198,11 @@ class Updater | |||
| 198 | * Escape settings which have been manually escaped in every request in previous versions: | 198 | * Escape settings which have been manually escaped in every request in previous versions: |
| 199 | * - general.title | 199 | * - general.title |
| 200 | * - general.header_link | 200 | * - general.header_link |
| 201 | * - extras.redirector | 201 | * - redirector.url |
| 202 | * | 202 | * |
| 203 | * @return bool true if the update is successful, false otherwise. | 203 | * @return bool true if the update is successful, false otherwise. |
| 204 | */ | 204 | */ |
| 205 | public function escapeUnescapedConfig() | 205 | public function updateMethodEscapeUnescapedConfig() |
| 206 | { | 206 | { |
| 207 | try { | 207 | try { |
| 208 | $this->conf->set('general.title', escape($this->conf->get('general.title'))); | 208 | $this->conf->set('general.title', escape($this->conf->get('general.title'))); |
diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php index 6bdce08b..0d0ad922 100644 --- a/tests/Updater/UpdaterTest.php +++ b/tests/Updater/UpdaterTest.php | |||
| @@ -263,4 +263,28 @@ $GLOBALS[\'privateLinkByDefault\'] = true;'; | |||
| 263 | $expected = filemtime($this->conf->getConfigFileExt()); | 263 | $expected = filemtime($this->conf->getConfigFileExt()); |
| 264 | $this->assertEquals($expected, $filetime); | 264 | $this->assertEquals($expected, $filetime); |
| 265 | } | 265 | } |
| 266 | |||
| 267 | /** | ||
| 268 | * Test escapeUnescapedConfig with valid data. | ||
| 269 | */ | ||
| 270 | public function testEscapeConfig() | ||
| 271 | { | ||
| 272 | $sandbox = 'sandbox/config'; | ||
| 273 | copy(self::$configFile .'.json.php', $sandbox .'.json.php'); | ||
| 274 | $this->conf = new ConfigManager($sandbox); | ||
| 275 | $title = '<script>alert("title");</script>'; | ||
| 276 | $headerLink = '<script>alert("header_link");</script>'; | ||
| 277 | $redirectorUrl = '<script>alert("redirector");</script>'; | ||
| 278 | $this->conf->set('general.title', $title); | ||
| 279 | $this->conf->set('general.header_link', $headerLink); | ||
| 280 | $this->conf->set('redirector.url', $redirectorUrl); | ||
| 281 | $updater = new Updater(array(), array(), $this->conf, true); | ||
| 282 | $done = $updater->updateMethodEscapeUnescapedConfig(); | ||
| 283 | $this->assertTrue($done); | ||
| 284 | $this->conf->reload(); | ||
| 285 | $this->assertEquals(escape($title), $this->conf->get('general.title')); | ||
| 286 | $this->assertEquals(escape($headerLink), $this->conf->get('general.header_link')); | ||
| 287 | $this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url')); | ||
| 288 | unlink($sandbox .'.json.php'); | ||
| 289 | } | ||
| 266 | } | 290 | } |