aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2016-08-02 19:46:47 +0200
committerGitHub <noreply@github.com>2016-08-02 19:46:47 +0200
commitc7a42ab1d9b21bf53cd30bc57b57789716c8711b (patch)
tree5aa846257cdaa4254085f33b696051088b223fbb
parent58f0660f80b8f6fa29f7ffa99a33edc76d841850 (diff)
parentb9f8b83790a57b55f7d12471460537a268a24642 (diff)
downloadShaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.tar.gz
Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.tar.zst
Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.zip
Merge pull request #621 from ArthurHoaro/hotfix/update-escape-config
Fix update method escapeUnescapedConfig
-rw-r--r--application/Updater.php4
-rw-r--r--tests/Updater/UpdaterTest.php24
2 files changed, 26 insertions, 2 deletions
diff --git a/application/Updater.php b/application/Updater.php
index fd45d17f..b6cbc56c 100644
--- a/application/Updater.php
+++ b/application/Updater.php
@@ -198,11 +198,11 @@ class Updater
198 * Escape settings which have been manually escaped in every request in previous versions: 198 * Escape settings which have been manually escaped in every request in previous versions:
199 * - general.title 199 * - general.title
200 * - general.header_link 200 * - general.header_link
201 * - extras.redirector 201 * - redirector.url
202 * 202 *
203 * @return bool true if the update is successful, false otherwise. 203 * @return bool true if the update is successful, false otherwise.
204 */ 204 */
205 public function escapeUnescapedConfig() 205 public function updateMethodEscapeUnescapedConfig()
206 { 206 {
207 try { 207 try {
208 $this->conf->set('general.title', escape($this->conf->get('general.title'))); 208 $this->conf->set('general.title', escape($this->conf->get('general.title')));
diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php
index 6bdce08b..0d0ad922 100644
--- a/tests/Updater/UpdaterTest.php
+++ b/tests/Updater/UpdaterTest.php
@@ -263,4 +263,28 @@ $GLOBALS[\'privateLinkByDefault\'] = true;';
263 $expected = filemtime($this->conf->getConfigFileExt()); 263 $expected = filemtime($this->conf->getConfigFileExt());
264 $this->assertEquals($expected, $filetime); 264 $this->assertEquals($expected, $filetime);
265 } 265 }
266
267 /**
268 * Test escapeUnescapedConfig with valid data.
269 */
270 public function testEscapeConfig()
271 {
272 $sandbox = 'sandbox/config';
273 copy(self::$configFile .'.json.php', $sandbox .'.json.php');
274 $this->conf = new ConfigManager($sandbox);
275 $title = '<script>alert("title");</script>';
276 $headerLink = '<script>alert("header_link");</script>';
277 $redirectorUrl = '<script>alert("redirector");</script>';
278 $this->conf->set('general.title', $title);
279 $this->conf->set('general.header_link', $headerLink);
280 $this->conf->set('redirector.url', $redirectorUrl);
281 $updater = new Updater(array(), array(), $this->conf, true);
282 $done = $updater->updateMethodEscapeUnescapedConfig();
283 $this->assertTrue($done);
284 $this->conf->reload();
285 $this->assertEquals(escape($title), $this->conf->get('general.title'));
286 $this->assertEquals(escape($headerLink), $this->conf->get('general.header_link'));
287 $this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url'));
288 unlink($sandbox .'.json.php');
289 }
266} 290}