Knah-Tsaeb/MyShaarli
Knah-Tsaeb/MyShaarli
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix update method escapeUnescapedConfig

Browse source 
* Actually run it
  * unit tests

Fixes #611
This commit is contained in:
ArthurHoaro 2016-08-02 12:54:55 +02:00
parent efc0c865ba
commit b9f8b83790
2 changed files with 26 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
application/Updater.php
View file

@ -198,11 +198,11 @@ public function updateMethodConfigToJson()
* Escape settings which have been manually escaped in every request in previous versions: * Escape settings which have been manually escaped in every request in previous versions:
* - general.title * - general.title
* - general.header_link * - general.header_link
* - extras.redirector * - redirector.url
* *
* @return bool true if the update is successful, false otherwise. * @return bool true if the update is successful, false otherwise.
*/ */
public function escapeUnescapedConfig() public function updateMethodEscapeUnescapedConfig()
{ {
try { try {
$this->conf->set('general.title', escape($this->conf->get('general.title'))); $this->conf->set('general.title', escape($this->conf->get('general.title')));

24
tests/Updater/UpdaterTest.php
View file

@ -263,4 +263,28 @@ public function testConfigToJsonNothingToDo()
$expected = filemtime($this->conf->getConfigFileExt()); $expected = filemtime($this->conf->getConfigFileExt());
$this->assertEquals($expected, $filetime); $this->assertEquals($expected, $filetime);
} }
/**
* Test escapeUnescapedConfig with valid data.
*/
public function testEscapeConfig()
{
$sandbox = 'sandbox/config';
copy(self::$configFile .'.json.php', $sandbox .'.json.php');
$this->conf = new ConfigManager($sandbox);
$title = '<script>alert("title");</script>';
$headerLink = '<script>alert("header_link");</script>';
$redirectorUrl = '<script>alert("redirector");</script>';
$this->conf->set('general.title', $title);
$this->conf->set('general.header_link', $headerLink);
$this->conf->set('redirector.url', $redirectorUrl);
$updater = new Updater(array(), array(), $this->conf, true);
$done = $updater->updateMethodEscapeUnescapedConfig();
$this->assertTrue($done);
$this->conf->reload();
$this->assertEquals(escape($title), $this->conf->get('general.title'));
$this->assertEquals(escape($headerLink), $this->conf->get('general.header_link'));
$this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url'));
unlink($sandbox .'.json.php');
}
} }