tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-10-22 06:05:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch '3'

Browse Source
This commit is contained in:
Daniel Hensby 2017-06-28 14:35:21 +01:00
commit 9816efc97f
No known key found for this signature in database
GPG Key ID: E38EC566FE29EB66
3 changed files with 33 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
code/Model/RedirectorPage.php
View File

@ -138,12 +138,23 @@ class RedirectorPage extends Page
{ {
parent::onBeforeWrite(); parent::onBeforeWrite();
// Prefix the URL with "http://" if no prefix is found if ($this->ExternalURL && substr($this->ExternalURL, 0, 2) !== '//') {
if ($this->ExternalURL $urlParts = parse_url($this->ExternalURL);
&& !parse_url($this->ExternalURL, PHP_URL_SCHEME) if ($urlParts) {
&& !preg_match('#^//#', $this->ExternalURL) if (empty($urlParts['scheme'])) {
) { // no scheme, assume http
$this->ExternalURL = 'http://' . $this->ExternalURL; $this->ExternalURL = 'http://' . $this->ExternalURL;
} elseif (!in_array($urlParts['scheme'], array(
'http',
'https',
))) {
// we only allow http(s) urls
$this->ExternalURL = '';
}
} else {
// malformed URL to reject
$this->ExternalURL = '';
}
} }
} }

6
code/Model/SiteTree.php
View File

@ -777,7 +777,9 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
/** @var SiteTree $child */ /** @var SiteTree $child */
$sort = 0; $sort = 0;
foreach ($children as $child) { foreach ($children as $child) {
$childClone = $child->duplicateWithChildren(); $childClone = method_exists($child, 'duplicateWithChildren')
? $child->duplicateWithChildren()
: $child->duplicate();
$childClone->ParentID = $clone->ID; $childClone->ParentID = $clone->ID;
//retain sort order by manually setting sort values //retain sort order by manually setting sort values
$childClone->Sort = ++$sort; $childClone->Sort = ++$sort;
@ -1812,7 +1814,7 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
'New {pagetype}', 'New {pagetype}',
array('pagetype' => $this->i18n_singular_name()) array('pagetype' => $this->i18n_singular_name())
))); )));
$helpText = (self::config()->nested_urls && $this->Children()->count()) $helpText = (self::config()->nested_urls && $this->numChildren())
? $this->fieldLabel('LinkChangeNote') ? $this->fieldLabel('LinkChangeNote')
: ''; : '';
if (!Config::inst()->get('SilverStripe\\View\\Parsers\\URLSegmentFilter', 'default_allow_multibyte')) { if (!Config::inst()->get('SilverStripe\\View\\Parsers\\URLSegmentFilter', 'default_allow_multibyte')) {

13
tests/model/RedirectorPageTest.php
View File

@ -53,7 +53,7 @@ class RedirectorPageTest extends FunctionalTest
$this->assertContains('message-setupWithoutRedirect', $content); $this->assertContains('message-setupWithoutRedirect', $content);
/* Transitive redirectors are those that point to another redirector page. They should send people to the URLSegment /* Transitive redirectors are those that point to another redirector page. They should send people to the URLSegment
* of the destination page - the middle-stop, so to speak. That should redirect to the final destination */ * of the destination page - the middle-stop, so to speak. That should redirect to the final destination */
$page = $this->objFromFixture(RedirectorPage::class, 'transitive'); $page = $this->objFromFixture(RedirectorPage::class, 'transitive');
$this->assertEquals('/good-internal/', $page->Link()); $this->assertEquals('/good-internal/', $page->Link());
@ -99,4 +99,15 @@ class RedirectorPageTest extends FunctionalTest
RedirectorPageController::remove_extension('RedirectorPageTest_RedirectExtension'); RedirectorPageController::remove_extension('RedirectorPageTest_RedirectExtension');
} }
public function testNoJSLinksAllowed()
{
$page = new RedirectorPage();
$js = 'javascript:alert("hello world")';
$page->ExternalURL = $js;
$this->assertEquals($js, $page->ExternalURL);
$page->write();
$this->assertEmpty($page->ExternalURL);
}
} }