mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-07 15:16:30 +02:00
Code Issues Releases Wiki Activity

Issue #4058 Pre/Code tag TinyMce line-break issue and tests.

Browse Source
This commit is contained in:
Cameron
2020-04-29 12:46:33 -07:00
parent dbc6acb8cf
commit c7fe56f525
2 changed files with 55 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
e107_handlers/e_parse_class.php
View File

@@ -5376,6 +5376,7 @@ return;
$html = str_replace(' ', '__E_PARSER_CLEAN_HTML_NON_BREAKING_SPACE__', $html); // prevent replacement of   with spaces. $html = str_replace(' ', '__E_PARSER_CLEAN_HTML_NON_BREAKING_SPACE__', $html); // prevent replacement of   with spaces.
// Workaround for https://bugs.php.net/bug.php?id=76285 // Workaround for https://bugs.php.net/bug.php?id=76285
// Part 1 of 2 // Part 1 of 2
$html = str_replace("\r", "", $html); // clean out windows line-breaks.
$html = str_replace("\n", "__E_PARSER_CLEAN_HTML_LINE_BREAK__", $html); $html = str_replace("\n", "__E_PARSER_CLEAN_HTML_LINE_BREAK__", $html);
$html = str_replace("{", "__E_PARSER_CLEAN_HTML_CURLY_OPEN__", $html); $html = str_replace("{", "__E_PARSER_CLEAN_HTML_CURLY_OPEN__", $html);
$html = str_replace("}", "__E_PARSER_CLEAN_HTML_CURLY_CLOSED__", $html); $html = str_replace("}", "__E_PARSER_CLEAN_HTML_CURLY_CLOSED__", $html);
@@ -5527,14 +5528,13 @@ return;
{ {
$value = preg_replace('/^<pre[^>]*>/', '', $value); $value = preg_replace('/^<pre[^>]*>/', '', $value);
$value = str_replace("</pre>", "", $value); $value = str_replace("</pre>", "", $value);
$value = str_replace('<br></br>', PHP_EOL, $value); $value = str_replace('<br></br>', "__E_PARSER_CLEAN_HTML_LINE_BREAK__", $value);
} }
elseif($node->nodeName === 'code') elseif($node->nodeName === 'code')
{ {
$value = preg_replace('/^<code[^>]*>/', '', $value); $value = preg_replace('/^<code[^>]*>/', '', $value);
$value = str_replace("</code>", "", $value); $value = str_replace("</code>", "", $value);
$value = str_replace("<br></br>", PHP_EOL, $value); $value = str_replace("<br></br>", "__E_PARSER_CLEAN_HTML_LINE_BREAK__", $value);
} }
$value = str_replace('__E_PARSER_CLEAN_HTML_CURLY_OPEN__', '{{{', $value); // temporarily change {e_XXX} to {{{e_XXX}}} $value = str_replace('__E_PARSER_CLEAN_HTML_CURLY_OPEN__', '{{{', $value); // temporarily change {e_XXX} to {{{e_XXX}}}

58
e107_tests/tests/unit/e_parseTest.php
View File

@@ -64,6 +64,20 @@ TMP;
$expected = "<div class='bbcode-center' style='text-align:center'><img src='".e_HTTP."e107_images/generic/blank_avatar.jpg' width='' alt='Blank Avatar' title='Blank Avatar' class='img-rounded rounded bbcode bbcode-img' /></div>"; $expected = "<div class='bbcode-center' style='text-align:center'><img src='".e_HTTP."e107_images/generic/blank_avatar.jpg' width='' alt='Blank Avatar' title='Blank Avatar' class='img-rounded rounded bbcode bbcode-img' /></div>";
$this->assertEquals($expected, $actual, "BBcode parsing failed on [img]"); $this->assertEquals($expected, $actual, "BBcode parsing failed on [img]");
/*
$src = "[html]
<pre>&#036;sql = e107::getDb();
&#036;sql-&gt;select(&#039;tablename&#039;, &#039;field1, field2&#039;, &#039;field_id = 1&#039;);
while(&#036;row = &#036;sql-&gt;fetch())
&#123;
echo &#036;row[&#039;field1&#039;];
&#125;</pre>
[/html]";
$actual = $this->tp->toHTML($src,true);
$expected = '';
$this->assertEquals($expected, $actual, "BBcode parsing failed on <pre>");*/
} }
@@ -366,7 +380,11 @@ TMP;
'input' => "[html]<code>function sc_my_shortcode(){\nreturn \"Something\";}</code>[/html]", 'input' => "[html]<code>function sc_my_shortcode(){\nreturn \"Something\";}</code>[/html]",
'expected' => "[html]<code>function sc_my_shortcode()&#123;\nreturn &quot;Something&quot;;&#125;</code>[/html]" 'expected' => "[html]<code>function sc_my_shortcode()&#123;\nreturn &quot;Something&quot;;&#125;</code>[/html]"
), ),
27 => array(
'input' =>"[html]<pre class=\"whatever\">require_once(\"class2.php\");\nrequire_once(HEADERF);\necho \"test\";&lt;br&gt;\nrequire_once(FOOTERF);</pre>",
'expected' =>"[html]<pre class=&quot;whatever&quot;>require_once(&quot;class2.php&quot;);\nrequire_once(HEADERF);\necho &quot;test&quot;;&lt;br&gt;\nrequire_once(FOOTERF);</pre>",
),
); );
@@ -1030,16 +1048,44 @@ TMP;
public function testCleanHtml() public function testCleanHtml()
{ {
$tests = array( $tests = array(
0 => array('html' => "<svg/onload=prompt(1)//", 'expected' => '&lt;svg/onload=prompt(1)//'), 0 => array(
'html' => "<svg/onload=prompt(1)//",
'expected' => '&lt;svg/onload=prompt(1)//'
),
// 1 => array('html' => '<script>alert(123)</script>', 'expected'=>''), // 1 => array('html' => '<script>alert(123)</script>', 'expected'=>''),
// 2 => array('html' => '"><script>alert(123)</script>', 'expected'=>'"&gt;'), // 2 => array('html' => '"><script>alert(123)</script>', 'expected'=>'"&gt;'),
3 => array('html' => '< 200', 'expected'=>'&lt; 200'), 3 => array(
4 => array('html' => "<code>function sc_my_shortcode(){\nreturn \"Something\";}</code>", 'expected' => "<code>function sc_my_shortcode()&#123;\nreturn \"Something\";&#125;</code>"), 'html' => '< 200',
5 => array('html' => "<pre class=\"prettyprint linenums\">function sc_my_shortcode(){\nreturn \"Something\";}</pre>", 'expected' => "<pre class=\"prettyprint linenums\">function sc_my_shortcode()&#123;\nreturn \"Something\";&#125;</pre>"), 'expected'=>'&lt; 200'
6 => array('html' => '<img src="{e_BASE}image.jpg" alt="">', 'expected'=>'<img src="{e_BASE}image.jpg" alt="">'), ),
4 => array(
'html' => "<code>function sc_my_shortcode(){\nreturn \"Something\";}</code>",
'expected' => "<code>function sc_my_shortcode()&#123;\nreturn \"Something\";&#125;</code>"
),
5 => array(
'html' => "<pre class=\"prettyprint linenums\">function sc_my_shortcode(){\nreturn \"Something\";}</pre>",
'expected' => "<pre class=\"prettyprint linenums\">function sc_my_shortcode()&#123;\nreturn \"Something\";&#125;</pre>"
),
6 => array(
'html' => '<img src="{e_BASE}image.jpg" alt="">',
'expected' =>'<img src="{e_BASE}image.jpg" alt="">'
),
7 => array( // with <br> inside <pre> ie. TinyMce
'html' => '<pre class="whatever">require_once("class2.php");<br>require_once(HEADERF);<br>echo "test";&lt;br&gt;<br>require_once(FOOTERF);</pre>',
'expected' => "<pre class=\"whatever\">require_once(\"class2.php\");\nrequire_once(HEADERF);\necho \"test\";&lt;br&gt;\nrequire_once(FOOTERF);</pre>"
),
8 => array( // with \n
'html' => "<pre class=\"whatever\">require_once(\"class2.php\");\nrequire_once(HEADERF);\necho \"test\";&lt;br&gt;\nrequire_once(FOOTERF);</pre>",
'expected' => "<pre class=\"whatever\">require_once(\"class2.php\");\nrequire_once(HEADERF);\necho \"test\";&lt;br&gt;\nrequire_once(FOOTERF);</pre>"
),
9 => array( // with \r\n (windows) line-breaks.
'html' => "<pre class=\"whatever\">require_once(\"class2.php\");\r\nrequire_once(HEADERF);\r\necho \"test\";&lt;br&gt;\r\nrequire_once(FOOTERF);</pre>",
'expected' => "<pre class=\"whatever\">require_once(\"class2.php\");\nrequire_once(HEADERF);\necho \"test\";&lt;br&gt;\nrequire_once(FOOTERF);</pre>"
),
); );
foreach($tests as $var) foreach($tests as $var)
{ {
$result = $this->tp->cleanHtml($var['html']); $result = $this->tp->cleanHtml($var['html']);