Skip to content
Permalink
Browse files

URL encode image/script/css/video paths.

Properly urlencode urls used in HTML attributes. This solves issues with
invalid HTML being generated when paths contain special characters.

Fixes #3395
  • Loading branch information...
markstory committed Nov 26, 2012
1 parent b41705f commit 1f35d82c81d2fbd2db10b100c2bce16c0f997805
Showing with 19 additions and 1 deletion.
  1. +3 −0 lib/Cake/Test/Case/View/HelperTest.php
  2. +16 −1 lib/Cake/View/Helper.php
@@ -622,6 +622,9 @@ public function testAssetUrl() {
$result = $this->Helper->assetUrl('style', array('ext' => '.css'));
$this->assertEquals('style.css', $result);
$result = $this->Helper->assetUrl('dir/sub dir/my image', array('ext' => '.jpg'));
$this->assertEquals('dir/sub%20dir/my%20image.jpg', $result);
$result = $this->Helper->assetUrl('foo.jpg?one=two&three=four');
$this->assertEquals('foo.jpg?one=two&three=four', $result);
}
@@ -313,7 +313,7 @@ public function assetUrl($path, $options = array()) {
if (isset($plugin)) {
$path = Inflector::underscore($plugin) . '/' . $path;
}
$path = h($this->assetTimestamp($this->webroot($path)));
$path = $this->_encodeUrl($this->assetTimestamp($this->webroot($path)));
if (!empty($options['fullBase'])) {
$base = $this->url('/', true);
@@ -326,6 +326,21 @@ public function assetUrl($path, $options = array()) {
return $path;
}
/**
* Encodes a URL for use in HTML attributes.
*
* @param string $url The url to encode.
* @return string The url encoded for both URL & HTML contexts.
*/
protected function _encodeUrl($url) {
$path = parse_url($url, PHP_URL_PATH);
$encoded = implode('/', array_map(
'rawurlencode',
explode('/', $path)
));
return h(str_replace($path, $encoded, $url));
}
/**
* Adds a timestamp to a file based resource based on the value of `Asset.timestamp` in
* Configure. If Asset.timestamp is true and debug > 0, or Asset.timestamp == 'force'

0 comments on commit 1f35d82

Please sign in to comment.
You can’t perform that action at this time.