mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-26 09:20:28 +02:00
Code Issues Releases Wiki Activity

#4572: e_form: No htmlspecialchars() on "other" attributes

Browse Source 
Fixes: #4572

Discussion:
https://github.com/e107inc/e107/pull/4554#issuecomment-926113601
This commit is contained in:
Nick Liu
2021-09-23 16:12:52 -05:00
parent 171cac87b1
commit 45bce2a7aa
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
e107_handlers/form_handler.php
View File

@@ -3907,7 +3907,10 @@ var_dump($select_options);*/
// //
foreach ($options as $option => $optval) foreach ($options as $option => $optval)
{ {
$optval = htmlspecialchars(trim((string) $optval), ENT_COMPAT | ENT_HTML401, 'UTF-8', false); if ($option !== 'other')
{
$optval = htmlspecialchars(trim((string) $optval), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
switch ($option) switch ($option)
{ {

18
e107_tests/tests/unit/e_formTest.php
View File

@@ -867,6 +867,22 @@ class e_formTest extends \Codeception\Test\Unit
$this->assertSame($expected, $actual); $this->assertSame($expected, $actual);
} }
/**
* @link https://github.com/e107inc/e107/issues/4572
*/
public function testGet_attributesOther()
{
$options = array(
'size' => '300px',
'other' => 'v-bind:class="{ active: isActive }"',
);
$actual = $this->_frm->get_attributes($options);
$expected = ' size=\'300px\' v-bind:class="{ active: isActive }"';
$this->assertSame($expected, $actual);
}
/* /*
public function test_format_id() public function test_format_id()
{ {
@@ -879,7 +895,7 @@ class e_formTest extends \Codeception\Test\Unit
$expected = 'something-hello-there-and-test'; $expected = 'something-hello-there-and-test';
$result = $this->_frm->name2id($text); $result = $this->_frm->name2id($text);
$this->assertEquals($expected, $result); $this->assertEquals($expected, $result);
} }
/* /*