aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2016-08-02 12:54:55 +0200
committerArthurHoaro <arthur@hoa.ro>2016-08-02 12:54:55 +0200
commitb9f8b83790a57b55f7d12471460537a268a24642 (patch)
tree1e42039b149a92dd2fcfe7ffbca42d236246a60b
parentefc0c865ba914e75a6c3c9220450d13f752c7afa (diff)
downloadShaarli-b9f8b83790a57b55f7d12471460537a268a24642.tar.gz
Shaarli-b9f8b83790a57b55f7d12471460537a268a24642.tar.zst
Shaarli-b9f8b83790a57b55f7d12471460537a268a24642.zip
Fix update method escapeUnescapedConfig
* Actually run it * unit tests Fixes #611
-rw-r--r--application/Updater.php4
-rw-r--r--tests/Updater/UpdaterTest.php24
2 files changed, 26 insertions, 2 deletions
diff --git a/application/Updater.php b/application/Updater.php
index fd45d17f..b6cbc56c 100644
--- a/application/Updater.php
+++ b/application/Updater.php
@@ -198,11 +198,11 @@ class Updater
198 * Escape settings which have been manually escaped in every request in previous versions: 198 * Escape settings which have been manually escaped in every request in previous versions:
199 * - general.title 199 * - general.title
200 * - general.header_link 200 * - general.header_link
201 * - extras.redirector 201 * - redirector.url
202 * 202 *
203 * @return bool true if the update is successful, false otherwise. 203 * @return bool true if the update is successful, false otherwise.
204 */ 204 */
205 public function escapeUnescapedConfig() 205 public function updateMethodEscapeUnescapedConfig()
206 { 206 {
207 try { 207 try {
208 $this->conf->set('general.title', escape($this->conf->get('general.title'))); 208 $this->conf->set('general.title', escape($this->conf->get('general.title')));
diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php
index 6bdce08b..0d0ad922 100644
--- a/tests/Updater/UpdaterTest.php
+++ b/tests/Updater/UpdaterTest.php
@@ -263,4 +263,28 @@ $GLOBALS[\'privateLinkByDefault\'] = true;';
263 $expected = filemtime($this->conf->getConfigFileExt()); 263 $expected = filemtime($this->conf->getConfigFileExt());
264 $this->assertEquals($expected, $filetime); 264 $this->assertEquals($expected, $filetime);
265 } 265 }
266
267 /**
268 * Test escapeUnescapedConfig with valid data.
269 */
270 public function testEscapeConfig()
271 {
272 $sandbox = 'sandbox/config';
273 copy(self::$configFile .'.json.php', $sandbox .'.json.php');
274 $this->conf = new ConfigManager($sandbox);
275 $title = '<script>alert("title");</script>';
276 $headerLink = '<script>alert("header_link");</script>';
277 $redirectorUrl = '<script>alert("redirector");</script>';
278 $this->conf->set('general.title', $title);
279 $this->conf->set('general.header_link', $headerLink);
280 $this->conf->set('redirector.url', $redirectorUrl);
281 $updater = new Updater(array(), array(), $this->conf, true);
282 $done = $updater->updateMethodEscapeUnescapedConfig();
283 $this->assertTrue($done);
284 $this->conf->reload();
285 $this->assertEquals(escape($title), $this->conf->get('general.title'));
286 $this->assertEquals(escape($headerLink), $this->conf->get('general.header_link'));
287 $this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url'));
288 unlink($sandbox .'.json.php');
289 }
266} 290}