diff options
author | VirtualTam <virtualtam@flibidi.net> | 2016-08-02 19:46:47 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-02 19:46:47 +0200 |
commit | c7a42ab1d9b21bf53cd30bc57b57789716c8711b (patch) | |
tree | 5aa846257cdaa4254085f33b696051088b223fbb | |
parent | 58f0660f80b8f6fa29f7ffa99a33edc76d841850 (diff) | |
parent | b9f8b83790a57b55f7d12471460537a268a24642 (diff) | |
download | Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.tar.gz Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.tar.zst Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.zip |
Merge pull request #621 from ArthurHoaro/hotfix/update-escape-config
Fix update method escapeUnescapedConfig
-rw-r--r-- | application/Updater.php | 4 | ||||
-rw-r--r-- | tests/Updater/UpdaterTest.php | 24 |
2 files changed, 26 insertions, 2 deletions
diff --git a/application/Updater.php b/application/Updater.php index fd45d17f..b6cbc56c 100644 --- a/application/Updater.php +++ b/application/Updater.php | |||
@@ -198,11 +198,11 @@ class Updater | |||
198 | * Escape settings which have been manually escaped in every request in previous versions: | 198 | * Escape settings which have been manually escaped in every request in previous versions: |
199 | * - general.title | 199 | * - general.title |
200 | * - general.header_link | 200 | * - general.header_link |
201 | * - extras.redirector | 201 | * - redirector.url |
202 | * | 202 | * |
203 | * @return bool true if the update is successful, false otherwise. | 203 | * @return bool true if the update is successful, false otherwise. |
204 | */ | 204 | */ |
205 | public function escapeUnescapedConfig() | 205 | public function updateMethodEscapeUnescapedConfig() |
206 | { | 206 | { |
207 | try { | 207 | try { |
208 | $this->conf->set('general.title', escape($this->conf->get('general.title'))); | 208 | $this->conf->set('general.title', escape($this->conf->get('general.title'))); |
diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php index 6bdce08b..0d0ad922 100644 --- a/tests/Updater/UpdaterTest.php +++ b/tests/Updater/UpdaterTest.php | |||
@@ -263,4 +263,28 @@ $GLOBALS[\'privateLinkByDefault\'] = true;'; | |||
263 | $expected = filemtime($this->conf->getConfigFileExt()); | 263 | $expected = filemtime($this->conf->getConfigFileExt()); |
264 | $this->assertEquals($expected, $filetime); | 264 | $this->assertEquals($expected, $filetime); |
265 | } | 265 | } |
266 | |||
267 | /** | ||
268 | * Test escapeUnescapedConfig with valid data. | ||
269 | */ | ||
270 | public function testEscapeConfig() | ||
271 | { | ||
272 | $sandbox = 'sandbox/config'; | ||
273 | copy(self::$configFile .'.json.php', $sandbox .'.json.php'); | ||
274 | $this->conf = new ConfigManager($sandbox); | ||
275 | $title = '<script>alert("title");</script>'; | ||
276 | $headerLink = '<script>alert("header_link");</script>'; | ||
277 | $redirectorUrl = '<script>alert("redirector");</script>'; | ||
278 | $this->conf->set('general.title', $title); | ||
279 | $this->conf->set('general.header_link', $headerLink); | ||
280 | $this->conf->set('redirector.url', $redirectorUrl); | ||
281 | $updater = new Updater(array(), array(), $this->conf, true); | ||
282 | $done = $updater->updateMethodEscapeUnescapedConfig(); | ||
283 | $this->assertTrue($done); | ||
284 | $this->conf->reload(); | ||
285 | $this->assertEquals(escape($title), $this->conf->get('general.title')); | ||
286 | $this->assertEquals(escape($headerLink), $this->conf->get('general.header_link')); | ||
287 | $this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url')); | ||
288 | unlink($sandbox .'.json.php'); | ||
289 | } | ||
266 | } | 290 | } |