Changeset 1663

Timestamp:

03/02/10 13:50:21 (5 months ago)

Author:

martin

Message:

Made widgets use new purification validator; further escaping fixes, fixed tests

Location:

trunk

Files:

• plugins/ullCorePlugin/lib/form/widget/ullMetaWidgetString.class.php (modified) (2 diffs)
• plugins/ullCorePlugin/lib/form/widget/ullWidgetFormInput.php (modified) (1 diff)
• plugins/ullCorePlugin/lib/form/widget/ullWidgetTextarea.php (modified) (1 diff)
• plugins/ullFlowPlugin/data/fixtures/ullFlowFixtures.yml (modified) (2 diffs)
• plugins/ullWikiPlugin/lib/generator/columnConfigCollection/UllWikiColumnConfigCollection.class.php (modified) (1 diff)
• test/unit/ullFlowPlugin/ullFlowGeneratorTest.php (modified) (1 diff)
• test/unit/ullTableTool/ullMetaWidgetLinkTest.php (modified) (1 diff)
• test/unit/ullTableTool/ullMetaWidgetStringTest.php (modified) (1 diff)
• test/unit/ullTableTool/ullWidgetFloatWriteTest.php (modified) (2 diffs)
• test/unit/ullTableTool/ullWidgetTextareaTest.php (modified) (2 diffs)

trunk/plugins/ullCorePlugin/lib/form/widget/ullMetaWidgetString.class.php

@@ -10 +10 @@
   protected function configureReadMode()
   {
-     $this->addWidget(new ullWidget($this->columnConfig->getWidgetOptions(), $this->columnConfig->getWidgetAttributes()));
-     $this->addValidator(new sfValidatorPass());
+    $this->columnConfig->removeWidgetOption('disablePurification');
+    
+    $this->addWidget(new ullWidget($this->columnConfig->getWidgetOptions(), $this->columnConfig->getWidgetAttributes()));
+    $this->addValidator(new sfValidatorPass());
   }
   
@@ -21 +23 @@
     }
     
+    if ($this->columnConfig->getWidgetOption('disablePurification'))
+    {
+      $this->addValidator(new sfValidatorString($this->columnConfig->getValidatorOptions())); 
+    }
+    else
+    {
+      $this->addValidator(new ullValidatorPurifiedString($this->columnConfig->getValidatorOptions())); 
+    }
+    
+    $this->columnConfig->removeWidgetOption('disablePurification');
+    
     $this->addWidget(new sfWidgetFormInput($this->columnConfig->getWidgetOptions(), $this->columnConfig->getWidgetAttributes()));
-    $this->addValidator(new sfValidatorString($this->columnConfig->getValidatorOptions())); 
   }
-  
 }

trunk/plugins/ullCorePlugin/lib/form/widget/ullWidgetFormInput.php

@@ -12 +12 @@
   {
     $suffix = $this->getOption('suffix');
-    return parent::render($name, $value, $attributes, $errors) . ' ' . $suffix;
+
+    $result = parent::render($name, $value, $attributes, $errors);
+    return $result . (!empty($suffix) ? ' ' . $suffix : '');
   }
 }

trunk/plugins/ullCorePlugin/lib/form/widget/ullWidgetTextarea.php

@@ -13 +13 @@
     if ($value)
     {
-      $value = nl2br($value);
+      //escape the string (to prevent injection of js, etc.)
+      //and convert newlines to br tags
+      $value = nl2br(esc_entities($value));
     }
     else

trunk/plugins/ullFlowPlugin/data/fixtures/ullFlowFixtures.yml

@@ -161 +161 @@
     is_mandatory:   true
     is_subject:     true
+    options:        disablePurification=true
     namespace:      test
     
@@ -248 +249 @@
     is_mandatory:   true
     is_subject:     true
+    options:        disablePurification=true
     namespace:      test
     

trunk/plugins/ullWikiPlugin/lib/generator/columnConfigCollection/UllWikiColumnConfigCollection.class.php

@@ -34 +34 @@
     if ($this->isCreateOrEditAction())
     {
+      $this['subject']->setWidgetOption('disablePurification', true);
+      
       $this->disable(array('id', 'updator_user_id', 'updated_at'));
     }    

trunk/test/unit/ullFlowPlugin/ullFlowGeneratorTest.php

@@ -14 +14 @@
     $columnConfig->setMetaWidgetClassName('ullMetaWidgetString');
     $columnConfig->setIsInList(false);
+    $columnConfig->setWidgetOption('disablePurification', true);
     $this->columnsConfigMock['my_subject'] = $columnConfig;
     

trunk/test/unit/ullTableTool/ullMetaWidgetLinkTest.php

@@ -34 +34 @@
   $widget->addToFormAs('my_field');
   $t->isa_ok($form->getWidgetSchema()->offsetGet('my_field'), 'sfWidgetFormInput', 'returns the correct widget for write access');
-  $t->isa_ok($form->getValidatorSchema()->offsetGet('my_field'), 'sfValidatorString', 'returns the correct validator for write access');
+  $t->isa_ok($form->getValidatorSchema()->offsetGet('my_field'), 'ullValidatorPurifiedString', 'returns the correct validator for write access');
   

trunk/test/unit/ullTableTool/ullMetaWidgetStringTest.php

@@ -34 +34 @@
   $widget->addToFormAs('my_field');
   $t->isa_ok($form->getWidgetSchema()->offsetGet('my_field'), 'sfWidgetFormInput', 'returns the correct widget for write access');
-  $t->isa_ok($form->getValidatorSchema()->offsetGet('my_field'), 'sfValidatorString', 'returns the correct validator for write access');
+  $t->isa_ok($form->getValidatorSchema()->offsetGet('my_field'), 'ullValidatorPurifiedString', 'returns the correct validator for write access');
   

trunk/test/unit/ullTableTool/ullWidgetFloatWriteTest.php

@@ -10 +10 @@
 
 $t->diag('->render() with default culture');
-$reference = '<input type="text" name="foo" value="-423,342.64" id="foo" /> ';
+$reference = '<input type="text" name="foo" value="-423,342.64" id="foo" />';
 $t->is($w->render('foo', '-423342.64'), $reference, '->render() renders correctly.');
 
@@ -17 +17 @@
 
 $t->diag('->render() with \'de\' culture');
-$reference = '<input type="text" name="foo" value="-423.342,64" id="foo" /> ';
+$reference = '<input type="text" name="foo" value="-423.342,64" id="foo" />';
 $t->is($w->render('foo', '-423342.64'), $reference, '->render() renders correctly.');

trunk/test/unit/ullTableTool/ullWidgetTextareaTest.php

@@ -3 +3 @@
 require_once(dirname(__FILE__).'/../../bootstrap/unit.php');
 
-sfLoader::loadHelpers(array('Text', 'Tag'));
+sfLoader::loadHelpers(array('Text', 'Tag', 'Escaping'));
 
-$t = new lime_test(4, new lime_output_color(), $configuration);
+$t = new lime_test(5, new lime_output_color(), $configuration);
 
 $w = new ullWidgetTextarea();
@@ -15 +15 @@
   $t->is($w->render('foo', "vertebratehttp://www.foobar.com fish"),
         'vertebrate<a href="http://www.foobar.com">http://www.foobar.com</a> fish', '->render() renders the widget as HTML');
+  $t->is($w->render('foo', "<script>bad<"), "&lt;script&gt;bad&lt;", '->render() renders the widget as HTML');