FIX Escape the sitetree_link shortcode return value

This commit is contained in:
Simon Welsh 2013-05-10 14:05:06 +12:00
parent 7ecf56490a
commit be25c302ac
3 changed files with 21 additions and 3 deletions

View File

@ -401,10 +401,12 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
return; // There were no suitable matches at all. return; // There were no suitable matches at all.
} }
$link = Convert::raw2att($page->Link());
if($content) { if($content) {
return sprintf('<a href="%s">%s</a>', $page->Link(), $parser->parse($content)); return sprintf('<a href="%s">%s</a>', $link, $parser->parse($content));
} else { } else {
return $page->Link(); return $link;
} }
} }

View File

@ -554,6 +554,7 @@ class SiteTreeTest extends SapphireTest {
public function testLinkShortcodeHandler() { public function testLinkShortcodeHandler() {
$aboutPage = $this->objFromFixture('Page', 'about'); $aboutPage = $this->objFromFixture('Page', 'about');
$errorPage = $this->objFromFixture('ErrorPage', '404'); $errorPage = $this->objFromFixture('ErrorPage', '404');
$redirectPage = $this->objFromFixture('RedirectorPage', 'external');
$parser = new ShortcodeParser(); $parser = new ShortcodeParser();
$parser->register('sitetree_link', array('SiteTree', 'link_shortcode_handler')); $parser->register('sitetree_link', array('SiteTree', 'link_shortcode_handler'));
@ -581,6 +582,13 @@ class SiteTreeTest extends SapphireTest {
$this->assertEquals($aboutShortcodeExpected, $parser->parse($aboutShortcode), 'Test link to 404 page if no suitable matches.'); $this->assertEquals($aboutShortcodeExpected, $parser->parse($aboutShortcode), 'Test link to 404 page if no suitable matches.');
$this->assertEquals($aboutEnclosedExpected, $parser->parse($aboutEnclosed)); $this->assertEquals($aboutEnclosedExpected, $parser->parse($aboutEnclosed));
$redirectShortcode = sprintf('[sitetree_link,id=%d]', $redirectPage->ID);
$redirectEnclosed = sprintf('[sitetree_link,id=%d]Example Content[/sitetree_link]', $redirectPage->ID);
$redirectExpected = 'http://www.google.com?a&amp;b';
$this->assertEquals($redirectExpected, $parser->parse($redirectShortcode));
$this->assertEquals(sprintf('<a href="%s">Example Content</a>', $redirectExpected), $parser->parse($redirectEnclosed));
$this->assertEquals('', $parser->parse('[sitetree_link]'), 'Test that invalid ID attributes are not parsed.'); $this->assertEquals('', $parser->parse('[sitetree_link]'), 'Test that invalid ID attributes are not parsed.');
$this->assertEquals('', $parser->parse('[sitetree_link,id="text"]')); $this->assertEquals('', $parser->parse('[sitetree_link,id="text"]'));
$this->assertEquals('', $parser->parse('[sitetree_link]Example Content[/sitetree_link]')); $this->assertEquals('', $parser->parse('[sitetree_link]Example Content[/sitetree_link]'));

View File

@ -80,3 +80,11 @@ ErrorPage:
404: 404:
Title: Page not Found Title: Page not Found
ErrorCode: 404 ErrorCode: 404
RedirectorPage:
external:
Title: External
URLSegment: external
RedirectionType: External
ExternalURL: "http://www.google.com?a&b"