Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::pro…

…cess() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks'
  • Loading branch information...
commit 16c32359c62f5e078b0496b3a3454ed992494547 1 parent 6d6fdd2
@chillu chillu authored
Showing with 73 additions and 2 deletions.
  1. +3 −2 core/SSViewer.php
  2. +70 −0 tests/SSViewerTest.php
View
5 core/SSViewer.php
@@ -439,9 +439,10 @@ public function process($item, $cache = null) {
if($this->rewriteHashlinks && self::$options['rewriteHashlinks']) {
if(strpos($output, '<base') !== false) {
if(SSViewer::$options['rewriteHashlinks'] === 'php') {
- $thisURLRelativeToBase = "<?php echo \$_SERVER['REQUEST_URI']; ?>";
+ // Emulate Convert::raw2att() without adding this dependency
+ $thisURLRelativeToBase = "<?php echo str_replace(array('&','\"',\"'\",'<','>'), array('&amp;','&quot;','&#39;','&lt;','&gt;'), \$_SERVER['REQUEST_URI']); ?>";
} else {
- $thisURLRelativeToBase = Director::makeRelative(Director::absoluteURL($_SERVER['REQUEST_URI']));
+ $thisURLRelativeToBase = Convert::raw2att($_SERVER['REQUEST_URI']);
}
$output = preg_replace('/(<a[^>]+href *= *)"#/i', '\\1"' . $thisURLRelativeToBase . '#', $output);
}
View
70 tests/SSViewerTest.php
@@ -136,6 +136,76 @@ function testBaseTagGeneration() {
$negotiator->xhtml($response);
$this->assertRegExp('/<head><base href=".*" \/><\/head>/', $response->getBody());
}
+
+ function testRewriteHashlinks() {
+ $oldRewriteHashLinks = SSViewer::getOption('rewriteHashlinks');
+ SSViewer::setOption('rewriteHashlinks', true);
+
+ // Emulate SSViewer::process()
+ $base = Convert::raw2att($_SERVER['REQUEST_URI']);
+
+ $tmplFile = TEMP_FOLDER . '/SSViewerTest_testRewriteHashlinks_' . sha1(rand()) . '.ss';
+
+ // Note: SSViewer_FromString doesn't rewrite hash links.
+ file_put_contents($tmplFile, '<!DOCTYPE html>
+ <html>
+ <head><% base_tag %></head>
+ <body>
+ <a class="inline" href="#anchor">InlineLink</a>
+ $InsertedLink
+ <body>
+ </html>');
+ $tmpl = new SSViewer($tmplFile);
+ $obj = new ViewableData();
+ $obj->InsertedLink = '<a class="inserted" href="#anchor">InsertedLink</a>';
+ $result = $tmpl->process($obj);
+ $this->assertContains(
+ '<a class="inserted" href="' . $base . '#anchor">InsertedLink</a>',
+ $result
+ );
+ $this->assertContains(
+ '<a class="inline" href="' . $base . '#anchor">InlineLink</a>',
+ $result
+ );
+
+ unlink($tmplFile);
+
+ SSViewer::setOption('rewriteHashlinks', $oldRewriteHashLinks);
+ }
+
+ function testRewriteHashlinksInPhpMode() {
+ $oldRewriteHashLinks = SSViewer::getOption('rewriteHashlinks');
+ SSViewer::setOption('rewriteHashlinks', 'php');
+
+ $tmplFile = TEMP_FOLDER . '/SSViewerTest_testRewriteHashlinksInPhpMode_' . sha1(rand()) . '.ss';
+
+ // Note: SSViewer_FromString doesn't rewrite hash links.
+ file_put_contents($tmplFile, '<!DOCTYPE html>
+ <html>
+ <head><% base_tag %></head>
+ <body>
+ <a class="inline" href="#anchor">InlineLink</a>
+ $InsertedLink
+ <body>
+ </html>');
+ $tmpl = new SSViewer($tmplFile);
+ $obj = new ViewableData();
+ $obj->InsertedLink = '<a class="inserted" href="#anchor">InsertedLink</a>';
+ $result = $tmpl->process($obj);
+ $this->assertContains(
+ '<a class="inserted" href="<?php echo str_replace(',
+ $result
+ );
+ // TODO Fix inline links in PHP mode
+ // $this->assertContains(
+ // '<a class="inline" href="<?php echo str_replace(',
+ // $result
+ // );
+
+ unlink($tmplFile);
+
+ SSViewer::setOption('rewriteHashlinks', $oldRewriteHashLinks);
+ }
}
class SSViewerTest_ViewableData extends ViewableData implements TestOnly {
Please sign in to comment.
Something went wrong with that request. Please try again.