Skip to content

Commit

Permalink
Merge pull request from GHSA-747v-52c4-8vj8
Browse files Browse the repository at this point in the history
# Conflicts:
#	core-bundle/src/String/SimpleTokenParser.php
#	core-bundle/tests/Contao/InputTest.php

Co-authored-by: Leo Feyer <1192057+leofeyer@users.noreply.github.com>
  • Loading branch information
ausi and leofeyer committed Apr 9, 2024
1 parent 3032baa commit 388859d
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 4 deletions.
5 changes: 4 additions & 1 deletion core-bundle/src/Resources/contao/library/Contao/Input.php
Original file line number Diff line number Diff line change
Expand Up @@ -964,7 +964,10 @@ public static function encodeInsertTags($varValue)
return $varValue;
}

return str_replace(array('{{', '}}'), array('&#123;&#123;', '&#125;&#125;'), (string) $varValue);
$varValue = str_replace(array('{{', '}}'), array('&#123;&#123;', '&#125;&#125;'), (string) $varValue);

// Encode single curly braces at the beginning and end of the string
return preg_replace(array('/^(\s*)\{|\{(\s*)$/', '/^(\s*)\}|\}(\s*)$/'), array('$1&#123;$2', '$1&#125;$2'), $varValue);
}

/**
Expand Down
3 changes: 2 additions & 1 deletion core-bundle/src/String/SimpleTokenParser.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@

namespace Contao\CoreBundle\String;

use Contao\Input;
use Contao\StringUtil;
use Psr\Log\LoggerAwareInterface;
use Psr\Log\LoggerAwareTrait;
Expand Down Expand Up @@ -128,7 +129,7 @@ function (array $matches) use ($data) {
return '##'.$matches[1].'##';
}

return $data[$matches[1]];
return Input::encodeInsertTags($data[$matches[1]]);
},
$subject
);
Expand Down
22 changes: 20 additions & 2 deletions core-bundle/tests/String/SimpleTokenParserTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -145,16 +145,34 @@ public function parseSimpleTokensProvider(): \Generator
'This is my ',
];

yield 'Test regular curly braces do not get encoded' => [
'##token##',
['token' => 'foo { bar } baz'],
'foo { bar } baz',
];

yield 'Test if-tags insertion not evaluated' => [
'##token##',
['token' => '{if token=="foo"}'],
'{if token=="foo"}',
'&#123;if token=="foo"&#125;',
];

yield 'Test insert tags insertion not possible' => [
'##token##',
['token' => '{{date}}'],
'&#123;&#123;date&#125;&#125;',
];

yield 'Test if-tags insertion not evaluated with multiple tokens' => [
'##token1####token2####token3##',
['token1' => '{', 'token2' => 'if', 'token3' => ' token=="foo"}'],
'{if token=="foo"}',
'&#123;if token=="foo"&#125;',
];

yield 'Test insert tags insertion not possible with multiple tokens' => [
'##token1####token2####token3##',
['token1' => '{', 'token2' => '{date}', 'token3' => '}'],
'&#123;&#123;date&#125;&#125;',
];

yield 'Test escaping works correctly' => [
Expand Down

0 comments on commit 388859d

Please sign in to comment.