Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::pro…

…cess() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks'
  • Loading branch information...
commit 52a895fbb2b19d98adc106668a7e15956dffbd03 1 parent 5bc0d00
@chillu chillu authored
Showing with 74 additions and 4 deletions.
  1. +5 −4 core/SSViewer.php
  2. +69 −0 tests/SSViewerTest.php
View
9 core/SSViewer.php
@@ -366,13 +366,14 @@ public function process($item) {
// If we have our crazy base tag, then fix # links referencing the current page.
if(strpos($output, '<base') !== false) {
if(SSViewer::$options['rewriteHashlinks'] === 'php') {
- $thisURLRelativeToBase = "<?php echo \$_SERVER['REQUEST_URI']; ?>";
+ // Emulate Convert::raw2att() without adding this dependency
+ $thisURLRelativeToBase = "<?php echo str_replace(array('&','\"',\"'\",'<','>'), array('&amp;','&quot;','&#39;','&lt;','&gt;'), \$_SERVER['REQUEST_URI']); ?>";
} else {
- $thisURLRelativeToBase = Director::makeRelative(Director::absoluteURL($_SERVER['REQUEST_URI']));
+ $thisURLRelativeToBase = Convert::raw2att($_SERVER['REQUEST_URI']);
}
$output = preg_replace('/(<a[^>+]href *= *)"#/i', '\\1"' . $thisURLRelativeToBase . '#', $output);
- }
-
+ }
+
return $output;
}
View
69 tests/SSViewerTest.php
@@ -43,4 +43,73 @@ function testComments() {
$this->assertEquals("This is my templateThis is some contentThis is the final content", preg_replace("/\n?<!--.*-->\n?/U",'',$output));
}
+
+ function testRewriteHashlinks() {
+ $oldRewriteHashLinks = SSViewer::getOption('rewriteHashlinks');
+ SSViewer::setOption('rewriteHashlinks', true);
+
+ // Emulate SSViewer::process()
+ $base = Convert::raw2att($_SERVER['REQUEST_URI']);
+ $tmplFile = TEMP_FOLDER . '/SSViewerTest_testRewriteHashlinks_' . sha1(rand()) . '.ss';
+
+ // Note: SSViewer_FromString doesn't rewrite hash links.
+ file_put_contents($tmplFile, '<!DOCTYPE html>
+ <html>
+ <head><% base_tag %></head>
+ <body>
+ <a class="inline" href="#anchor">InlineLink</a>
+ $InsertedLink
+ <body>
+ </html>');
+ $tmpl = new SSViewer($tmplFile);
+ $obj = new ViewableData();
+ $obj->InsertedLink = '<a class="inserted" href="#anchor">InsertedLink</a>';
+ $result = $tmpl->process($obj);
+ $this->assertContains(
+ '<a class="inserted" href="' . $base . '#anchor">InsertedLink</a>',
+ $result
+ );
+ $this->assertContains(
+ '<a class="inline" href="' . $base . '#anchor">InlineLink</a>',
+ $result
+ );
+
+ unlink($tmplFile);
+
+ SSViewer::setOption('rewriteHashlinks', $oldRewriteHashLinks);
+ }
+
+ function testRewriteHashlinksInPhpMode() {
+ $oldRewriteHashLinks = SSViewer::getOption('rewriteHashlinks');
+ SSViewer::setOption('rewriteHashlinks', 'php');
+
+ $tmplFile = TEMP_FOLDER . '/SSViewerTest_testRewriteHashlinksInPhpMode_' . sha1(rand()) . '.ss';
+
+ // Note: SSViewer_FromString doesn't rewrite hash links.
+ file_put_contents($tmplFile, '<!DOCTYPE html>
+ <html>
+ <head><% base_tag %></head>
+ <body>
+ <a class="inline" href="#anchor">InlineLink</a>
+ $InsertedLink
+ <body>
+ </html>');
+ $tmpl = new SSViewer($tmplFile);
+ $obj = new ViewableData();
+ $obj->InsertedLink = '<a class="inserted" href="#anchor">InsertedLink</a>';
+ $result = $tmpl->process($obj);
+ $this->assertContains(
+ '<a class="inserted" href="<?php echo str_replace(',
+ $result
+ );
+ // TODO Fix inline links in PHP mode
+ // $this->assertContains(
+ // '<a class="inline" href="<?php echo str_replace(',
+ // $result
+ // );
+
+ unlink($tmplFile);
+
+ SSViewer::setOption('rewriteHashlinks', $oldRewriteHashLinks);
+ }
}
Please sign in to comment.
Something went wrong with that request. Please try again.