Merge pull request #621 from ArthurHoaro/hotfix/update-escape-config

Fix update method escapeUnescapedConfig
This commit is contained in:
VirtualTam 2016-08-02 19:46:47 +02:00 committed by GitHub
commit c7a42ab1d9
2 changed files with 26 additions and 2 deletions

View file

@ -198,11 +198,11 @@ public function updateMethodConfigToJson()
* Escape settings which have been manually escaped in every request in previous versions: * Escape settings which have been manually escaped in every request in previous versions:
* - general.title * - general.title
* - general.header_link * - general.header_link
* - extras.redirector * - redirector.url
* *
* @return bool true if the update is successful, false otherwise. * @return bool true if the update is successful, false otherwise.
*/ */
public function escapeUnescapedConfig() public function updateMethodEscapeUnescapedConfig()
{ {
try { try {
$this->conf->set('general.title', escape($this->conf->get('general.title'))); $this->conf->set('general.title', escape($this->conf->get('general.title')));

View file

@ -263,4 +263,28 @@ public function testConfigToJsonNothingToDo()
$expected = filemtime($this->conf->getConfigFileExt()); $expected = filemtime($this->conf->getConfigFileExt());
$this->assertEquals($expected, $filetime); $this->assertEquals($expected, $filetime);
} }
/**
* Test escapeUnescapedConfig with valid data.
*/
public function testEscapeConfig()
{
$sandbox = 'sandbox/config';
copy(self::$configFile .'.json.php', $sandbox .'.json.php');
$this->conf = new ConfigManager($sandbox);
$title = '<script>alert("title");</script>';
$headerLink = '<script>alert("header_link");</script>';
$redirectorUrl = '<script>alert("redirector");</script>';
$this->conf->set('general.title', $title);
$this->conf->set('general.header_link', $headerLink);
$this->conf->set('redirector.url', $redirectorUrl);
$updater = new Updater(array(), array(), $this->conf, true);
$done = $updater->updateMethodEscapeUnescapedConfig();
$this->assertTrue($done);
$this->conf->reload();
$this->assertEquals(escape($title), $this->conf->get('general.title'));
$this->assertEquals(escape($headerLink), $this->conf->get('general.header_link'));
$this->assertEquals(escape($redirectorUrl), $this->conf->get('redirector.url'));
unlink($sandbox .'.json.php');
}
} }