Skip to content
This repository
Browse code

MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att(…

…) to strip_tags() to make the resulting PHP more portable when mode is set to 'php'
  • Loading branch information...
commit 96bee47ab8446f51239776d72b2b10d7c676d1f5 1 parent 16c3235
Ingo Schommer authored October 18, 2011
7  core/SSViewer.php
@@ -439,10 +439,9 @@ public function process($item, $cache = null) {
439 439
 		if($this->rewriteHashlinks && self::$options['rewriteHashlinks']) {
440 440
 			if(strpos($output, '<base') !== false) {
441 441
 				if(SSViewer::$options['rewriteHashlinks'] === 'php') { 
442  
-					// Emulate Convert::raw2att() without adding this dependency
443  
-					$thisURLRelativeToBase = "<?php echo str_replace(array('&','\"',\"'\",'<','>'), array('&amp;','&quot;','&#39;','&lt;','&gt;'), \$_SERVER['REQUEST_URI']); ?>"; 
  442
+					$thisURLRelativeToBase = "<?php echo strip_tags(\$_SERVER['REQUEST_URI']); ?>"; 
444 443
 				} else { 
445  
-					$thisURLRelativeToBase = Convert::raw2att($_SERVER['REQUEST_URI']); 
  444
+					$thisURLRelativeToBase = strip_tags($_SERVER['REQUEST_URI']); 
446 445
 				}
447 446
 				$output = preg_replace('/(<a[^>]+href *= *)"#/i', '\\1"' . $thisURLRelativeToBase . '#', $output);
448 447
 			}
@@ -607,7 +606,7 @@ static function parseTemplateContent($content, $template="") {
607 606
 		$content = ereg_replace('<!-- +if_end +-->', '<? }  ?>', $content);
608 607
 			
609 608
 		// Fix link stuff
610  
-		$content = ereg_replace('href *= *"#', 'href="<?= SSViewer::$options[\'rewriteHashlinks\'] ? Convert::raw2att( $_SERVER[\'REQUEST_URI\'] ) : "" ?>#', $content);
  609
+		$content = ereg_replace('href *= *"#', 'href="<?= SSViewer::$options[\'rewriteHashlinks\'] ? strip_tags( $_SERVER[\'REQUEST_URI\'] ) : "" ?>#', $content);
611 610
 	
612 611
 		// Protect xml header
613 612
 		$content = ereg_replace('<\?xml([^>]+)\?' . '>', '<##xml\\1##>', $content);
2  tests/SSViewerTest.php
@@ -193,7 +193,7 @@ function testRewriteHashlinksInPhpMode() {
193 193
 		$obj->InsertedLink = '<a class="inserted" href="#anchor">InsertedLink</a>';
194 194
 		$result = $tmpl->process($obj);
195 195
 		$this->assertContains(
196  
-			'<a class="inserted" href="<?php echo str_replace(',
  196
+			'<a class="inserted" href="<?php echo strip_tags(',
197 197
 			$result
198 198
 		);
199 199
 		// TODO Fix inline links in PHP mode

0 notes on commit 96bee47

Please sign in to comment.
Something went wrong with that request. Please try again.