Knah-Tsaeb
/
MyShaarli
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #621 from ArthurHoaro/hotfix/update-escape-config 

Fix update method escapeUnescapedConfig
This commit is contained in:
VirtualTam 2016-08-02 19:46:47 +02:00 committed by GitHub
parent 58f0660f80 b9f8b83790
commit c7a42ab1d9
2 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
application/Updater.php
View File

@ -198,11 +198,11 @@ class Updater
* Escape settings which have been manually escaped in every request in previous versions:
* - general.title
* - general.header_link
* - extras.redirector
* - redirector.url
*
* @return bool true if the update is successful, false otherwise.
*/
public function escapeUnescapedConfig()
public function updateMethodEscapeUnescapedConfig()
{
try {
$this->conf->set('general.title', escape($this->conf->get('general.title')));

24
tests/Updater/UpdaterTest.php
View File

@ -263,4 +263,28 @@ $GLOBALS[\'privateLinkByDefault\'] = true;';
$expected = filemtime($this->conf->getConfigFileExt());
$this->assertEquals($expected, $filetime);
}
/**
* Test escapeUnescapedConfig with valid data.
*/
public function testEscapeConfig()
{
$sandbox = 'sandbox/config';
copy(self::$configFile .'.json.php', $sandbox .'.json.php');
$this->conf = new ConfigManager($sandbox);
$title = '<script>alert("title");</script>';
$headerLink = '<script>alert("header_link");</script>';
$redirectorUrl = '<script>alert("redirector");</script>';
$this->conf->set('general.title', $title);
$this->conf->set('general.header_link', $headerLink);
$this->conf->set('redirector.url', $redirectorUrl);
$updater = new Updater(array(), array(), $this->conf, true);
$done = $updater->updateMethodEscapeUnescapedConfig();
$this->assertTrue($done);
$this->conf->reload();
$this->assertEquals(escape($title), $this->conf->get('general.title'));
$this->assertEquals(escape($headerLink), $this->conf->get('general.header_link'));
$this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url'));
unlink($sandbox .'.json.php');
}
}