Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att(…

…) to strip_tags() to make the resulting PHP more portable when mode is set to 'php'
  • Loading branch information...
commit fbe8b7bec3f860643b006ec7f271f30d0bf2dd5b 1 parent 8113e9c
Ingo Schommer chillu authored
Showing with 4 additions and 5 deletions.
  1. +3 −4 core/SSViewer.php
  2. +1 −1  tests/SSViewerTest.php
7 core/SSViewer.php
View
@@ -375,10 +375,9 @@ public function process($item) {
// If we have our crazy base tag, then fix # links referencing the current page.
if(strpos($output, '<base') !== false) {
if(SSViewer::$options['rewriteHashlinks'] === 'php') {
- // Emulate Convert::raw2att() without adding this dependency
- $thisURLRelativeToBase = "<?php echo str_replace(array('&','\"',\"'\",'<','>'), array('&amp;','&quot;','&#39;','&lt;','&gt;'), \$_SERVER['REQUEST_URI']); ?>";
+ $thisURLRelativeToBase = "<?php echo strip_tags(\$_SERVER['REQUEST_URI']); ?>";
} else {
- $thisURLRelativeToBase = Convert::raw2att($_SERVER['REQUEST_URI']);
+ $thisURLRelativeToBase = strip_tags($_SERVER['REQUEST_URI']);
}
$output = preg_replace('/(<a[^>+]href *= *)"#/i', '\\1"' . $thisURLRelativeToBase . '#', $output);
}
@@ -526,7 +525,7 @@ static function parseTemplateContent($content, $template="") {
$content = ereg_replace('<!-- +if_end +-->', '<? } ?>', $content);
// Fix link stuff
- $content = ereg_replace('href *= *"#', 'href="<?= SSViewer::$options[\'rewriteHashlinks\']===\'php\' ? \'<\'.\'?php echo $_SERVER[\\\'REQUEST_URI\\\']; ?\'.\'>\' : (SSViewer::$options[\'rewriteHashlinks\'] ? Convert::raw2att($_SERVER[\'REQUEST_URI\']) : "" ) ?>#', $content);
+ $content = ereg_replace('href *= *"#', 'href="<?= SSViewer::$options[\'rewriteHashlinks\'] ? strip_tags( $_SERVER[\'REQUEST_URI\'] ) : "" ?>#', $content);
// Protect xml header
$content = ereg_replace('<\?xml([^>]+)\?' . '>', '<##xml\\1##>', $content);
2  tests/SSViewerTest.php
View
@@ -99,7 +99,7 @@ function testRewriteHashlinksInPhpMode() {
$obj->InsertedLink = '<a class="inserted" href="#anchor">InsertedLink</a>';
$result = $tmpl->process($obj);
$this->assertContains(
- '<a class="inserted" href="<?php echo str_replace(',
+ '<a class="inserted" href="<?php echo strip_tags(',
$result
);
// TODO Fix inline links in PHP mode
Please sign in to comment.
Something went wrong with that request. Please try again.