Merge pull request #621 from ArthurHoaro/hotfix/update-escape-config
Fix update method escapeUnescapedConfig
This commit is contained in:
commit
c7a42ab1d9
2 changed files with 26 additions and 2 deletions
|
@ -198,11 +198,11 @@ class Updater
|
|||
* Escape settings which have been manually escaped in every request in previous versions:
|
||||
* - general.title
|
||||
* - general.header_link
|
||||
* - extras.redirector
|
||||
* - redirector.url
|
||||
*
|
||||
* @return bool true if the update is successful, false otherwise.
|
||||
*/
|
||||
public function escapeUnescapedConfig()
|
||||
public function updateMethodEscapeUnescapedConfig()
|
||||
{
|
||||
try {
|
||||
$this->conf->set('general.title', escape($this->conf->get('general.title')));
|
||||
|
|
|
@ -263,4 +263,28 @@ $GLOBALS[\'privateLinkByDefault\'] = true;';
|
|||
$expected = filemtime($this->conf->getConfigFileExt());
|
||||
$this->assertEquals($expected, $filetime);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test escapeUnescapedConfig with valid data.
|
||||
*/
|
||||
public function testEscapeConfig()
|
||||
{
|
||||
$sandbox = 'sandbox/config';
|
||||
copy(self::$configFile .'.json.php', $sandbox .'.json.php');
|
||||
$this->conf = new ConfigManager($sandbox);
|
||||
$title = '<script>alert("title");</script>';
|
||||
$headerLink = '<script>alert("header_link");</script>';
|
||||
$redirectorUrl = '<script>alert("redirector");</script>';
|
||||
$this->conf->set('general.title', $title);
|
||||
$this->conf->set('general.header_link', $headerLink);
|
||||
$this->conf->set('redirector.url', $redirectorUrl);
|
||||
$updater = new Updater(array(), array(), $this->conf, true);
|
||||
$done = $updater->updateMethodEscapeUnescapedConfig();
|
||||
$this->assertTrue($done);
|
||||
$this->conf->reload();
|
||||
$this->assertEquals(escape($title), $this->conf->get('general.title'));
|
||||
$this->assertEquals(escape($headerLink), $this->conf->get('general.header_link'));
|
||||
$this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url'));
|
||||
unlink($sandbox .'.json.php');
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue