mirror of
https://github.com/phpbb/phpbb.git
synced 2025-05-05 07:07:51 +02:00
[ticket/10620] Removed extraneous quotes from attribute values
PHPBB3-10620
This commit is contained in:
JoshyPHP
parent
129b3375ae
commit
4f1b25706f
@ -250,13 +250,13 @@ function generate_quote(text, attributes)
|
||||
if ('author' in attributes)
|
||||
{
|
||||
// Add the author as the BBCode's default attribute
|
||||
quote += '=' + enquote(attributes.author);
|
||||
quote += '=' + format_attribute_value(attributes.author);
|
||||
delete attributes.author;
|
||||
}
|
||||
for (var name in attributes)
|
||||
{
|
||||
var value = attributes[name];
|
||||
quote += ' ' + name + '=' + enquote(String(value));
|
||||
quote += ' ' + name + '=' + format_attribute_value(String(value));
|
||||
}
|
||||
quote += ']' + text + '[/quote]';
|
||||
|
||||
@ -264,16 +264,22 @@ function generate_quote(text, attributes)
|
||||
}
|
||||
|
||||
/**
|
||||
* Return given string between quotes
|
||||
* Format given string to be used as an attribute value
|
||||
*
|
||||
* Will use either single- or double- quotes depending on whichever requires less escaping.
|
||||
* Will return the string as-is if it can be used in a BBCode without quotes. Otherwise,
|
||||
* it will use either single- or double- quotes depending on whichever requires less escaping.
|
||||
* Quotes and backslashes are escaped with backslashes where necessary
|
||||
*
|
||||
* @param {!string} str Original string
|
||||
* @return {!string} Escaped string within quotes
|
||||
* @return {!string} Same string if possible, escaped string within quotes otherwise
|
||||
*/
|
||||
function enquote(str)
|
||||
function format_attribute_value(str)
|
||||
{
|
||||
if (!/[ "'\\\]]/.test(str))
|
||||
{
|
||||
// Return as-is if it contains none of: space, ' " \ or ]
|
||||
return str;
|
||||
}
|
||||
var singleQuoted = "'" + str.replace(/[\\']/g, '\\$&') + "'",
|
||||
doubleQuoted = '"' + str.replace(/[\\"]/g, '\\$&') + '"';
|
||||
|
||||
|
||||
@ -35,16 +35,22 @@ class utils implements \phpbb\textformatter\utils_interface
|
||||
}
|
||||
|
||||
/**
|
||||
* Return given string between quotes
|
||||
* Format given string to be used as an attribute value
|
||||
*
|
||||
* Will use either single- or double- quotes depending on whichever requires less escaping.
|
||||
* Will return the string as-is if it can be used in a BBCode without quotes. Otherwise,
|
||||
* it will use either single- or double- quotes depending on whichever requires less escaping.
|
||||
* Quotes and backslashes are escaped with backslashes where necessary
|
||||
*
|
||||
* @param string $str Original string
|
||||
* @return string Escaped string within quotes
|
||||
* @return string Same string if possible, escaped string within quotes otherwise
|
||||
*/
|
||||
protected function enquote($str)
|
||||
protected function format_attribute_value($str)
|
||||
{
|
||||
if (!preg_match('/[ "\'\\\\\\]]/', $str))
|
||||
{
|
||||
// Return as-is if it contains none of: space, ' " \ or ]
|
||||
return $str;
|
||||
}
|
||||
$singleQuoted = "'" . addcslashes($str, "\\'") . "'";
|
||||
$doubleQuoted = '"' . addcslashes($str, '\\"') . '"';
|
||||
|
||||
@ -61,13 +67,13 @@ class utils implements \phpbb\textformatter\utils_interface
|
||||
if (isset($attributes['author']))
|
||||
{
|
||||
// Add the author as the BBCode's default attribute
|
||||
$quote .= '=' . $this->enquote($attributes['author']);
|
||||
$quote .= '=' . $this->format_attribute_value($attributes['author']);
|
||||
unset($attributes['author']);
|
||||
}
|
||||
ksort($attributes);
|
||||
foreach ($attributes as $name => $value)
|
||||
{
|
||||
$quote .= ' ' . $name . '=' . $this->enquote($value);
|
||||
$quote .= ' ' . $name . '=' . $this->format_attribute_value($value);
|
||||
}
|
||||
$quote .= ']';
|
||||
$newline = (strlen($quote . $text . '[/quote]') > 80 || strpos($text, "\n") !== false) ? "\n" : '';
|
||||
|
||||
@ -75,7 +75,7 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case
|
||||
public function test_quote()
|
||||
{
|
||||
$text = 'Test post </textarea>"\' &&amp;';
|
||||
$expected = '([quote="admin"[^]]*\\]' . preg_quote($text) . '\\[/quote\\])';
|
||||
$expected = '([quote=admin[^]]*\\]' . preg_quote($text) . '\\[/quote\\])';
|
||||
|
||||
$this->login();
|
||||
$topic = $this->create_topic(2, 'Test Topic 1', 'Test topic');
|
||||
@ -110,7 +110,7 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case
|
||||
$this->set_quote_depth($quote_depth);
|
||||
$crawler = self::request('GET', $quote_url);
|
||||
$this->assertRegexp(
|
||||
'(\\[quote="admin"[^]]*\\]' . preg_quote($expected_text) . '\\[/quote\\])',
|
||||
'(\\[quote=admin[^]]*\\]' . preg_quote($expected_text) . '\\[/quote\\])',
|
||||
$crawler->filter('textarea#message')->text()
|
||||
);
|
||||
}
|
||||
|
||||
@ -75,7 +75,7 @@ class phpbb_functional_private_messages_test extends phpbb_functional_test_case
|
||||
$topic = $this->create_topic(2, 'Test Topic 1', 'Test topic');
|
||||
$post = $this->create_post(2, $topic['topic_id'], 'Re: Test Topic 1', $text);
|
||||
|
||||
$expected = '(\\[quote="admin" post_id="' . $post['post_id'] . '" time="\\d+" user_id="2"\\]' . $text . '\\[/quote\\])';
|
||||
$expected = '(\\[quote=admin post_id=' . $post['post_id'] . ' time=\\d+ user_id=2\\]' . $text . '\\[/quote\\])';
|
||||
|
||||
$crawler = self::request('GET', 'ucp.php?i=pm&mode=compose&action=quotepost&p=' . $post['post_id'] . '&sid=' . $this->sid);
|
||||
|
||||
@ -85,7 +85,7 @@ class phpbb_functional_private_messages_test extends phpbb_functional_test_case
|
||||
public function test_quote_pm()
|
||||
{
|
||||
$text = 'This is a test private message sent by the testing framework.';
|
||||
$expected = '(\\[quote="admin" time="\\d+" user_id="2"\\]' . $text . '\\[/quote\\])';
|
||||
$expected = '(\\[quote=admin time=\\d+ user_id=2\\]' . $text . '\\[/quote\\])';
|
||||
|
||||
$this->login();
|
||||
$message_id = $this->create_private_message('Test', $text, array(2));
|
||||
@ -98,7 +98,7 @@ class phpbb_functional_private_messages_test extends phpbb_functional_test_case
|
||||
public function test_quote_forward()
|
||||
{
|
||||
$text = 'This is a test private message sent by the testing framework.';
|
||||
$expected = "[quote=\"admin\"]\n" . $text . "\n[/quote]";
|
||||
$expected = '[quote=admin]' . $text . '[/quote]';
|
||||
|
||||
$this->login();
|
||||
$message_id = $this->create_private_message('Test', $text, array(2));
|
||||
|
||||
@ -218,7 +218,7 @@ class phpbb_textformatter_s9e_default_formatting_test extends phpbb_test_case
|
||||
'<blockquote><div><cite><a href="http://example.org" class="postlink">http://example.org</a> wrote:</cite>...</div></blockquote>'
|
||||
),
|
||||
array(
|
||||
'[quote="http://example.org"]...[/quote]',
|
||||
'[quote=http://example.org]...[/quote]',
|
||||
'<blockquote><div><cite><a href="http://example.org" class="postlink">http://example.org</a> wrote:</cite>...</div></blockquote>'
|
||||
),
|
||||
array(
|
||||
@ -226,7 +226,7 @@ class phpbb_textformatter_s9e_default_formatting_test extends phpbb_test_case
|
||||
"<blockquote class=\"uncited\"><div>\nThis is a long quote that is definitely going to exceed 80 characters\n</div></blockquote>\n\nFollowed by a reply"
|
||||
),
|
||||
array(
|
||||
'[quote="Username" post_id="123"]...[/quote]',
|
||||
'[quote=Username post_id=123]...[/quote]',
|
||||
'<blockquote><div><cite>Username wrote: <a href="phpBB/viewtopic.php?p=123#p123" data-post-id="123" onclick="if(document.getElementById(hash.substr(1)))href=hash">↑</a></cite>...</div></blockquote>'
|
||||
),
|
||||
array(
|
||||
@ -235,16 +235,16 @@ class phpbb_textformatter_s9e_default_formatting_test extends phpbb_test_case
|
||||
'<blockquote><div><cite>Username wrote:</cite>...</div></blockquote>'
|
||||
),
|
||||
array(
|
||||
'[quote="Username" time="58705871"]...[/quote]',
|
||||
'[quote=Username time=58705871]...[/quote]',
|
||||
'<blockquote><div><cite>1971-11-11 11:11:11 Username wrote:</cite>...</div></blockquote>'
|
||||
),
|
||||
array(
|
||||
'[quote="Username" user_id="123"]...[/quote]',
|
||||
'[quote=Username user_id=123]...[/quote]',
|
||||
'<blockquote><div><cite><a href="phpBB/memberlist.php?mode=viewprofile&u=123">Username</a> wrote:</cite>...</div></blockquote>'
|
||||
),
|
||||
array(
|
||||
// Users are not allowed to submit their own URL for the profile
|
||||
'[quote="Username" profile_url="http://fake.example.org"]...[/quote]',
|
||||
'[quote=Username profile_url=http://fake.example.org]...[/quote]',
|
||||
'<blockquote><div><cite>Username wrote:</cite>...</div></blockquote>'
|
||||
),
|
||||
);
|
||||
|
||||
@ -98,11 +98,15 @@ class phpbb_textformatter_s9e_utils_test extends phpbb_test_case
|
||||
array('foo')
|
||||
),
|
||||
array(
|
||||
'[quote="foo"]..[/quote] [quote="bar"]..[/quote]',
|
||||
'[quote=foo]..[/quote] [quote]..[/quote]',
|
||||
array('foo')
|
||||
),
|
||||
array(
|
||||
'[quote=foo]..[/quote] [quote=bar]..[/quote]',
|
||||
array('foo', 'bar')
|
||||
),
|
||||
array(
|
||||
'[quote="foo"].[quote="baz"]..[/quote].[/quote] [quote="bar"]..[/quote]',
|
||||
'[quote=foo].[quote=baz]..[/quote].[/quote] [quote=bar]..[/quote]',
|
||||
array('foo', 'bar')
|
||||
),
|
||||
);
|
||||
@ -169,7 +173,7 @@ class phpbb_textformatter_s9e_utils_test extends phpbb_test_case
|
||||
'post_id' => 123,
|
||||
'url' => 'http://example.org'
|
||||
),
|
||||
'[quote="user" post_id="123" url="http://example.org"]...[/quote]',
|
||||
'[quote=user post_id=123 url=http://example.org]...[/quote]',
|
||||
),
|
||||
array(
|
||||
'This is a long quote that is definitely going to exceed 80 characters',
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user