Merge pull request #621 from ArthurHoaro/hotfix/update-escape-config

Fix update method escapeUnescapedConfig
author: VirtualTam <virtualtam@flibidi.net> 2016-08-02 19:46:47 +0200
committer: GitHub <noreply@github.com> 2016-08-02 19:46:47 +0200
commit: c7a42ab1d9b21bf53cd30bc57b57789716c8711b (patch)
tree: 5aa846257cdaa4254085f33b696051088b223fbb
parent: 58f0660f80b8f6fa29f7ffa99a33edc76d841850 (diff)
parent: b9f8b83790a57b55f7d12471460537a268a24642 (diff)
download: Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.tar.gz
Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.tar.zst
Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.zip
2 files changed, 26 insertions, 2 deletions
diff --git a/application/Updater.php b/application/Updater.php
index fd45d17f..b6cbc56c 100644
--- a/application/Updater.php
+++ b/application/Updater.php
@@ -198,11 +198,11 @@ class Updater
     * Escape settings which have been manually escaped in every request in previous versions:
     *   - general.title
     *   - general.header_link
-     *   - extras.redirector
+     *   - redirector.url
     *
     * @return bool true if the update is successful, false otherwise.
     */
-    public function escapeUnescapedConfig()
+    public function updateMethodEscapeUnescapedConfig()
    {
        try {
            $this->conf->set('general.title', escape($this->conf->get('general.title')));
diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php
index 6bdce08b..0d0ad922 100644
--- a/tests/Updater/UpdaterTest.php
+++ b/tests/Updater/UpdaterTest.php
@@ -263,4 +263,28 @@ $GLOBALS[\'privateLinkByDefault\'] = true;';
        $expected = filemtime($this->conf->getConfigFileExt());
        $this->assertEquals($expected, $filetime);
    }
+    /**
+     * Test escapeUnescapedConfig with valid data.
+     */
+    public function testEscapeConfig()
+    {
+        $sandbox = 'sandbox/config';
+        copy(self::$configFile .'.json.php', $sandbox .'.json.php');
+        $this->conf = new ConfigManager($sandbox);
+        $title = '<script>alert("title");</script>';
+        $headerLink = '<script>alert("header_link");</script>';
+        $redirectorUrl = '<script>alert("redirector");</script>';
+        $this->conf->set('general.title', $title);
+        $this->conf->set('general.header_link', $headerLink);
+        $this->conf->set('redirector.url', $redirectorUrl);
+        $updater = new Updater(array(), array(), $this->conf, true);
+        $done = $updater->updateMethodEscapeUnescapedConfig();
+        $this->assertTrue($done);
+        $this->conf->reload();
+        $this->assertEquals(escape($title), $this->conf->get('general.title'));
+        $this->assertEquals(escape($headerLink), $this->conf->get('general.header_link'));
+        $this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url'));
+        unlink($sandbox .'.json.php');
+    }
 }
author	VirtualTam <virtualtam@flibidi.net>	2016-08-02 19:46:47 +0200
committer	GitHub <noreply@github.com>	2016-08-02 19:46:47 +0200
commit	c7a42ab1d9b21bf53cd30bc57b57789716c8711b (patch)
tree	5aa846257cdaa4254085f33b696051088b223fbb
parent	58f0660f80b8f6fa29f7ffa99a33edc76d841850 (diff)
parent	b9f8b83790a57b55f7d12471460537a268a24642 (diff)
download	Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.tar.gz Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.tar.zst Shaarli-c7a42ab1d9b21bf53cd30bc57b57789716c8711b.zip

diff --git a/application/Updater.php b/application/Updater.php index fd45d17f..b6cbc56c 100644 --- a/application/Updater.php +++ b/application/Updater.php
@@ -198,11 +198,11 @@ class Updater
198	* Escape settings which have been manually escaped in every request in previous versions:	198	* Escape settings which have been manually escaped in every request in previous versions:
199	* - general.title	199	* - general.title
200	* - general.header_link	200	* - general.header_link
201	* - extras.redirector	201	* - redirector.url
202	*	202	*
203	* @return bool true if the update is successful, false otherwise.	203	* @return bool true if the update is successful, false otherwise.
204	*/	204	*/
205	public function escapeUnescapedConfig()	205	public function updateMethodEscapeUnescapedConfig()
206	{	206	{
207	try {	207	try {
208	$this->conf->set('general.title', escape($this->conf->get('general.title')));	208	$this->conf->set('general.title', escape($this->conf->get('general.title')));


diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php index 6bdce08b..0d0ad922 100644 --- a/tests/Updater/UpdaterTest.php +++ b/tests/Updater/UpdaterTest.php
@@ -263,4 +263,28 @@ $GLOBALS[\'privateLinkByDefault\'] = true;';
263	$expected = filemtime($this->conf->getConfigFileExt());	263	$expected = filemtime($this->conf->getConfigFileExt());
264	$this->assertEquals($expected, $filetime);	264	$this->assertEquals($expected, $filetime);
265	}	265	}
		266
		267	/**
		268	* Test escapeUnescapedConfig with valid data.
		269	*/
		270	public function testEscapeConfig()
		271	{
		272	$sandbox = 'sandbox/config';
		273	copy(self::$configFile .'.json.php', $sandbox .'.json.php');
		274	$this->conf = new ConfigManager($sandbox);
		275	$title = '<script>alert("title");</script>';
		276	$headerLink = '<script>alert("header_link");</script>';
		277	$redirectorUrl = '<script>alert("redirector");</script>';
		278	$this->conf->set('general.title', $title);
		279	$this->conf->set('general.header_link', $headerLink);
		280	$this->conf->set('redirector.url', $redirectorUrl);
		281	$updater = new Updater(array(), array(), $this->conf, true);
		282	$done = $updater->updateMethodEscapeUnescapedConfig();
		283	$this->assertTrue($done);
		284	$this->conf->reload();
		285	$this->assertEquals(escape($title), $this->conf->get('general.title'));
		286	$this->assertEquals(escape($headerLink), $this->conf->get('general.header_link'));
		287	$this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url'));
		288	unlink($sandbox .'.json.php');
		289	}
266	}	290	}