Permalink
Browse files

Fix missing Html escaping on string urls for assets.

Add HTML escaping for asset paths provided as strings.
Split existing tests up.

Fixes #2766
  • Loading branch information...
markstory committed Apr 10, 2012
1 parent da9cbcf commit 67743c8079cf5698d06e8730807b6f431f16b3a3
@@ -355,6 +355,9 @@ public function testImageTag() {
$result = $this->Html->image('/test/view/1.gif');
$this->assertTags($result, array('img' => array('src' => '/test/view/1.gif', 'alt' => '')));
+ $result = $this->Html->image('test.gif?one=two&three=four');
+ $this->assertTags($result, array('img' => array('src' => 'img/test.gif?one=two&three=four', 'alt' => '')));
+
$result = $this->Html->image('test.gif', array('fullBase' => true));
$here = $this->Html->url('/', true);
$this->assertTags($result, array('img' => array('src' => $here . 'img/test.gif', 'alt' => '')));
@@ -515,6 +518,10 @@ public function testCssLink() {
$expected['link']['href'] = 'preg:/.*css\/screen\.css\?1234/';
$this->assertTags($result, $expected);
+ $result = $this->Html->css('screen.css?with=param&other=param');
+ $expected['link']['href'] = 'css/screen.css?with=param&other=param';
+ $this->assertTags($result, $expected);
+
$result = $this->Html->css('http://whatever.com/screen.css?1234');
$expected['link']['href'] = 'preg:/http:\/\/.*\/screen\.css\?1234/';
$this->assertTags($result, $expected);
@@ -787,6 +794,12 @@ public function testScript() {
);
$this->assertTags($result, $expected);
+ $result = $this->Html->script('test.json.js?foo=bar&other=test');
+ $expected = array(
+ 'script' => array('type' => 'text/javascript', 'src' => 'js/test.json.js?foo=bar&other=test')
+ );
+ $this->assertTags($result, $expected);
+
$result = $this->Html->script('foo');
$this->assertNull($result, 'Script returned upon duplicate inclusion %s');
@@ -625,6 +625,17 @@ public function testAssetUrl() {
$result = $this->Helper->assetUrl('style', array('ext' => '.css'));
$this->assertEqual('style.css', $result);
+ $result = $this->Helper->assetUrl('foo.jpg?one=two&three=four');
+ $this->assertEquals('foo.jpg?one=two&three=four', $result);
+ }
+
+/**
+ * Test assetUrl with plugins.
+ *
+ * @return void
+ */
+ public function testAssetUrlPlugin() {
+ $this->Helper->webroot = '';
CakePlugin::load('TestPlugin');
$result = $this->Helper->assetUrl('TestPlugin.style', array('ext' => '.css'));
@@ -634,13 +645,19 @@ public function testAssetUrl() {
$this->assertEqual('TestPlugin.style.css', $result);
CakePlugin::unload('TestPlugin');
+ }
+/**
+ * test assetUrl and Asset.timestamp = force
+ *
+ * @return void
+ */
+ public function testAssetUrlTimestampForce() {
+ $this->Helper->webroot = '';
Configure::write('Asset.timestamp', 'force');
$result = $this->Helper->assetUrl('cake.generic.css', array('pathPrefix' => CSS_URL));
$this->assertRegExp('/' . preg_quote(CSS_URL . 'cake.generic.css?', '/') . '[0-9]+/', $result);
-
- Configure::write('Asset.timestamp', $_timestamp);
}
/**
View
@@ -270,10 +270,10 @@ public function webroot($file) {
*
* @param string|array Path string or url array
* @param array $options Options array. Possible keys:
- * `fullBase` Return full url with domain name
- * `pathPrefix` Path prefix for relative urls
- * `ext` Asset extension to append
- * `plugin` False value will prevent parsing path as a plugin
+ * `fullBase` Return full url with domain name
+ * `pathPrefix` Path prefix for relative urls
+ * `ext` Asset extension to append
+ * `plugin` False value will prevent parsing path as a plugin
* @return string Generated url
*/
public function assetUrl($path, $options = array()) {
@@ -296,7 +296,7 @@ public function assetUrl($path, $options = array()) {
if (isset($plugin)) {
$path = Inflector::underscore($plugin) . '/' . $path;
}
- $path = $this->assetTimestamp($this->webroot($path));
+ $path = h($this->assetTimestamp($this->webroot($path)));
if (!empty($options['fullBase'])) {
$path = $this->url('/', true) . $path;

0 comments on commit 67743c8

Please sign in to comment.