diff options
author | ArthurHoaro <arthur@hoa.ro> | 2016-08-02 12:54:55 +0200 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2016-08-02 12:54:55 +0200 |
commit | b9f8b83790a57b55f7d12471460537a268a24642 (patch) | |
tree | 1e42039b149a92dd2fcfe7ffbca42d236246a60b | |
parent | efc0c865ba914e75a6c3c9220450d13f752c7afa (diff) | |
download | Shaarli-b9f8b83790a57b55f7d12471460537a268a24642.tar.gz Shaarli-b9f8b83790a57b55f7d12471460537a268a24642.tar.zst Shaarli-b9f8b83790a57b55f7d12471460537a268a24642.zip |
Fix update method escapeUnescapedConfig
* Actually run it
* unit tests
Fixes #611
-rw-r--r-- | application/Updater.php | 4 | ||||
-rw-r--r-- | tests/Updater/UpdaterTest.php | 24 |
2 files changed, 26 insertions, 2 deletions
diff --git a/application/Updater.php b/application/Updater.php index fd45d17f..b6cbc56c 100644 --- a/application/Updater.php +++ b/application/Updater.php | |||
@@ -198,11 +198,11 @@ class Updater | |||
198 | * Escape settings which have been manually escaped in every request in previous versions: | 198 | * Escape settings which have been manually escaped in every request in previous versions: |
199 | * - general.title | 199 | * - general.title |
200 | * - general.header_link | 200 | * - general.header_link |
201 | * - extras.redirector | 201 | * - redirector.url |
202 | * | 202 | * |
203 | * @return bool true if the update is successful, false otherwise. | 203 | * @return bool true if the update is successful, false otherwise. |
204 | */ | 204 | */ |
205 | public function escapeUnescapedConfig() | 205 | public function updateMethodEscapeUnescapedConfig() |
206 | { | 206 | { |
207 | try { | 207 | try { |
208 | $this->conf->set('general.title', escape($this->conf->get('general.title'))); | 208 | $this->conf->set('general.title', escape($this->conf->get('general.title'))); |
diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php index 6bdce08b..0d0ad922 100644 --- a/tests/Updater/UpdaterTest.php +++ b/tests/Updater/UpdaterTest.php | |||
@@ -263,4 +263,28 @@ $GLOBALS[\'privateLinkByDefault\'] = true;'; | |||
263 | $expected = filemtime($this->conf->getConfigFileExt()); | 263 | $expected = filemtime($this->conf->getConfigFileExt()); |
264 | $this->assertEquals($expected, $filetime); | 264 | $this->assertEquals($expected, $filetime); |
265 | } | 265 | } |
266 | |||
267 | /** | ||
268 | * Test escapeUnescapedConfig with valid data. | ||
269 | */ | ||
270 | public function testEscapeConfig() | ||
271 | { | ||
272 | $sandbox = 'sandbox/config'; | ||
273 | copy(self::$configFile .'.json.php', $sandbox .'.json.php'); | ||
274 | $this->conf = new ConfigManager($sandbox); | ||
275 | $title = '<script>alert("title");</script>'; | ||
276 | $headerLink = '<script>alert("header_link");</script>'; | ||
277 | $redirectorUrl = '<script>alert("redirector");</script>'; | ||
278 | $this->conf->set('general.title', $title); | ||
279 | $this->conf->set('general.header_link', $headerLink); | ||
280 | $this->conf->set('redirector.url', $redirectorUrl); | ||
281 | $updater = new Updater(array(), array(), $this->conf, true); | ||
282 | $done = $updater->updateMethodEscapeUnescapedConfig(); | ||
283 | $this->assertTrue($done); | ||
284 | $this->conf->reload(); | ||
285 | $this->assertEquals(escape($title), $this->conf->get('general.title')); | ||
286 | $this->assertEquals(escape($headerLink), $this->conf->get('general.header_link')); | ||
287 | $this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url')); | ||
288 | unlink($sandbox .'.json.php'); | ||
289 | } | ||
266 | } | 290 | } |