Permalink
Browse files

FIX Escape the sitetree_link shortcode return value

  • Loading branch information...
1 parent 7ecf564 commit be25c302ac10dce2e0e512aea203894b2121c230 @simonwelsh simonwelsh committed May 10, 2013
Showing with 21 additions and 3 deletions.
  1. +4 −2 code/model/SiteTree.php
  2. +8 −0 tests/model/SiteTreeTest.php
  3. +9 −1 tests/model/SiteTreeTest.yml
View
@@ -400,11 +400,13 @@ static public function link_shortcode_handler($arguments, $content = null, $pars
) {
return; // There were no suitable matches at all.
}
+
+ $link = Convert::raw2att($page->Link());
if($content) {
- return sprintf('<a href="%s">%s</a>', $page->Link(), $parser->parse($content));
+ return sprintf('<a href="%s">%s</a>', $link, $parser->parse($content));
} else {
- return $page->Link();
+ return $link;
}
}
@@ -554,6 +554,7 @@ public function testAuthorIDAndPublisherIDFilledOutOnPublish() {
public function testLinkShortcodeHandler() {
$aboutPage = $this->objFromFixture('Page', 'about');
$errorPage = $this->objFromFixture('ErrorPage', '404');
+ $redirectPage = $this->objFromFixture('RedirectorPage', 'external');
$parser = new ShortcodeParser();
$parser->register('sitetree_link', array('SiteTree', 'link_shortcode_handler'));
@@ -580,6 +581,13 @@ public function testLinkShortcodeHandler() {
$this->assertEquals($aboutShortcodeExpected, $parser->parse($aboutShortcode), 'Test link to 404 page if no suitable matches.');
$this->assertEquals($aboutEnclosedExpected, $parser->parse($aboutEnclosed));
+
+ $redirectShortcode = sprintf('[sitetree_link,id=%d]', $redirectPage->ID);
+ $redirectEnclosed = sprintf('[sitetree_link,id=%d]Example Content[/sitetree_link]', $redirectPage->ID);
+ $redirectExpected = 'http://www.google.com?a&amp;b';
+
+ $this->assertEquals($redirectExpected, $parser->parse($redirectShortcode));
+ $this->assertEquals(sprintf('<a href="%s">Example Content</a>', $redirectExpected), $parser->parse($redirectEnclosed));
$this->assertEquals('', $parser->parse('[sitetree_link]'), 'Test that invalid ID attributes are not parsed.');
$this->assertEquals('', $parser->parse('[sitetree_link,id="text"]'));
@@ -79,4 +79,12 @@ SiteTreeTest_Conflicted:
ErrorPage:
404:
Title: Page not Found
- ErrorCode: 404
+ ErrorCode: 404
+
+RedirectorPage:
+ external:
+ Title: External
+ URLSegment: external
+ RedirectionType: External
+ ExternalURL: "http://www.google.com?a&b"
+

0 comments on commit be25c30

Please sign in to comment.