Permalink
Browse files

URL encode image/script/css/video paths.

Properly urlencode urls used in HTML attributes. This solves issues with
invalid HTML being generated when paths contain special characters.

Fixes #3395
  • Loading branch information...
1 parent b41705f commit 1f35d82c81d2fbd2db10b100c2bce16c0f997805 @markstory markstory committed Nov 26, 2012
Showing with 19 additions and 1 deletion.
  1. +3 −0 lib/Cake/Test/Case/View/HelperTest.php
  2. +16 −1 lib/Cake/View/Helper.php
@@ -622,6 +622,9 @@ public function testAssetUrl() {
$result = $this->Helper->assetUrl('style', array('ext' => '.css'));
$this->assertEquals('style.css', $result);
+ $result = $this->Helper->assetUrl('dir/sub dir/my image', array('ext' => '.jpg'));
+ $this->assertEquals('dir/sub%20dir/my%20image.jpg', $result);
+
$result = $this->Helper->assetUrl('foo.jpg?one=two&three=four');
$this->assertEquals('foo.jpg?one=two&three=four', $result);
}
View
@@ -313,7 +313,7 @@ public function assetUrl($path, $options = array()) {
if (isset($plugin)) {
$path = Inflector::underscore($plugin) . '/' . $path;
}
- $path = h($this->assetTimestamp($this->webroot($path)));
+ $path = $this->_encodeUrl($this->assetTimestamp($this->webroot($path)));
if (!empty($options['fullBase'])) {
$base = $this->url('/', true);
@@ -327,6 +327,21 @@ public function assetUrl($path, $options = array()) {
}
/**
+ * Encodes a URL for use in HTML attributes.
+ *
+ * @param string $url The url to encode.
+ * @return string The url encoded for both URL & HTML contexts.
+ */
+ protected function _encodeUrl($url) {
+ $path = parse_url($url, PHP_URL_PATH);
+ $encoded = implode('/', array_map(
+ 'rawurlencode',
+ explode('/', $path)
+ ));
+ return h(str_replace($path, $encoded, $url));
+ }
+
+/**
* Adds a timestamp to a file based resource based on the value of `Asset.timestamp` in
* Configure. If Asset.timestamp is true and debug > 0, or Asset.timestamp == 'force'
* a timestamp will be added.

0 comments on commit 1f35d82

Please sign in to comment.