mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 16:32:18 +02:00
Code Issues Projects Releases Wiki Activity

MDL-52136 mod_forum: Correctly quote get_string vars in mustache

Browse Source
This commit is contained in:
Andrew Nicols 2016-01-12 20:08:13 +08:00
parent 0b4bff8ca9
commit ca0227dd18
8 changed files with 96 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
mod/forum/classes/output/forum_post.php
View File

@ -134,9 +134,65 @@ class forum_post implements \renderable {
* Export this data so it can be used as the context for a mustache template.
*
* @param \mod_forum_renderer $renderer The render to be used for formatting the message and attachments
* @param bool $plaintext Whethe the target is a plaintext target
* @return stdClass Data ready for use in a mustache template
*/
public function export_for_template(\mod_forum_renderer $renderer) {
public function export_for_template(\mod_forum_renderer $renderer, $plaintext = false) {
if ($plaintext) {
return $this->export_for_template_text($renderer);
} else {
return $this->export_for_template_html($renderer);
}
}
/**
* Export this data so it can be used as the context for a mustache template.
*
* @param \mod_forum_renderer $renderer The render to be used for formatting the message and attachments
* @return stdClass Data ready for use in a mustache template
*/
protected function export_for_template_text(\mod_forum_renderer $renderer) {
return array(
'id' => html_entity_decode($this->post->id),
'coursename' => html_entity_decode($this->get_coursename()),
'courselink' => html_entity_decode($this->get_courselink()),
'forumname' => html_entity_decode($this->get_forumname()),
'showdiscussionname' => html_entity_decode($this->get_showdiscussionname()),
'discussionname' => html_entity_decode($this->get_discussionname()),
'subject' => html_entity_decode($this->get_subject()),
'authorfullname' => html_entity_decode($this->get_author_fullname()),
'postdate' => html_entity_decode($this->get_postdate()),
// Format some components according to the renderer.
'message' => html_entity_decode($renderer->format_message_text($this->cm, $this->post)),
'attachments' => html_entity_decode($renderer->format_message_attachments($this->cm, $this->post)),
'canreply' => $this->canreply,
'permalink' => $this->get_permalink(),
'firstpost' => $this->get_is_firstpost(),
'replylink' => $this->get_replylink(),
'unsubscribediscussionlink' => $this->get_unsubscribediscussionlink(),
'unsubscribeforumlink' => $this->get_unsubscribeforumlink(),
'parentpostlink' => $this->get_parentpostlink(),
'forumindexlink' => $this->get_forumindexlink(),
'forumviewlink' => $this->get_forumviewlink(),
'discussionlink' => $this->get_discussionlink(),
'authorlink' => $this->get_authorlink(),
'authorpicture' => $this->get_author_picture(),
'grouppicture' => $this->get_group_picture(),
);
}
/**
* Export this data so it can be used as the context for a mustache template.
*
* @param \mod_forum_renderer $renderer The render to be used for formatting the message and attachments
* @return stdClass Data ready for use in a mustache template
*/
protected function export_for_template_html(\mod_forum_renderer $renderer) {
return array(
'id' => $this->post->id,
'coursename' => $this->get_coursename(),

2
mod/forum/renderer.php
View File

@ -191,7 +191,7 @@ class mod_forum_renderer extends plugin_renderer_base {
* @return string
*/
public function render_forum_post_email(\mod_forum\output\forum_post_email $post) {
$data = $post->export_for_template($this);
$data = $post->export_for_template($this, $this->target === RENDERER_TARGET_TEXTEMAIL);
return $this->render_from_template('mod_forum/' . $this->forum_post_template(), $data);
}

5
mod/forum/templates/forum_post_email_htmlemail_body.mustache
View File

@ -87,7 +87,10 @@
{{{ subject }}}
</div>
<div class="author">
{{# str }} bynameondate, forum, { "name": "<a target='_blank' href='{{{ authorlink }}}'>{{ authorfullname }}</a>", "date": "{{ postdate }}" } {{/ str }}
{{# str }} bynameondate, forum, {
"name": {{# quote }}<a target='_blank' href='{{{ authorlink }}}'>{{ authorfullname }}</a>{{/ quote }},
"date": {{# quote }}{{ postdate }}{{/ quote }}
} {{/ str }}
</div>
</td>
</tr>

10
mod/forum/templates/forum_post_email_textemail.mustache
View File

@ -45,14 +45,20 @@
{{{ coursename }}} -> {{# str }} forums, forum {{/ str }} -> {{{ forumname }}}{{# showdiscussionname }} -> {{{ discussionname }}} {{/ showdiscussionname }}
{{ permalink }}
{{{ subject }}}
{{# str }} bynameondate, forum, { "name": "{{{ authorfullname }}}", "date": "{{ postdate }}" } {{/ str }}
{{# str }} bynameondate, forum, {
"name": {{# quote }}{{{ authorfullname }}}{{/ quote }},
"date": {{# quote}}{{ postdate }}{{/ quote }}
} {{/ str }}
---------------------------------------------------------------------
{{{ message }}}
{{{ attachments }}}
---------------------------------------------------------------------
{{# canreply }}
{{# str }} postmailinfolink, forum, { "coursename": "{{{ coursename }}}", "replylink": "{{ replylink }}" } {{/ str }}
{{# str }} postmailinfolink, forum, {
"coursename": {{# quote }}{{{ coursename }}}{{/ quote }},
"replylink": {{# quote }}{{ replylink }}{{/ quote }}
} {{/ str }}
{{/ canreply }}
{{# unsubscribeforumlink }}
{{# str }} unsubscribelink, forum, {{{ unsubscribeforumlink }}} {{/ str }}

6
mod/forum/templates/forum_post_emaildigestbasic_htmlemail.mustache
View File

@ -44,7 +44,7 @@
<div>
<a target="_blank" href="{{{ permalink }}}">{{{ subject }}}</a>
{{# str }} bynameondate, forum, {
"name": "<a target=\"_blank\" href=\"{{{ authorlink }}}\">{{ authorfullname }}</a>",
"date": "{{ postdate }}"
} {{/ str }}
"name": {{# quote }}<a target=\"_blank\" href=\"{{{ authorlink }}}\">{{ authorfullname }}</a>{{/ quote }},
"date": {{# quote }}{{ postdate }}{{/ quote }}
} {{/ str }}
</div>

5
mod/forum/templates/forum_post_emaildigestbasic_textemail.mustache
View File

@ -33,5 +33,8 @@
}}
{{ discussionlink }}
{{{ subject }}} {{# str }} bynameondate, forum, { "name": "{{{ authorfullname }}}", "date": "{{ postdate }}" } {{/ str }}
{{{ subject }}} {{# str }} bynameondate, forum, {
"name": {{# quote }}{{{ authorfullname }}}{{/ quote }},
"date": {{# quote }}{{ postdate }}{{/ quote }}
} {{/ str }}
---------------------------------------------------------------------

5
mod/forum/templates/forum_post_emaildigestfull_textemail.mustache
View File

@ -38,7 +38,10 @@
{{ discussionlink }}
{{{ subject }}} ({{{ permalink }}})
{{# str }} bynameondate, forum, { "name": "{{{ authorfullname }}}", "date": "{{ postdate }}" } {{/ str }}
{{# str }} bynameondate, forum, {
"name": {{# quote }}{{{ authorfullname }}}{{/ quote }},
"date": {{# quote }}{{ postdate }}{{/ quote }}
} {{/ str }}
---------------------------------------------------------------------
{{{ message }}}

32
mod/forum/tests/mail_test.php
View File

@ -879,10 +879,8 @@ class mod_forum_mail_testcase extends advanced_testcase {
// Single and double quotes everywhere.
$newcase = $base;
$newcase['user']['lastname'] = 'Moodle\'';
// $newcase['user']['lastname'] = 'Moodle\'"'; // TODO: This breaks badly. See MDL-52136.
$newcase['course']['shortname'] = '101\'';
// $newcase['course']['shortname'] = '101\'"'; // TODO: This breaks badly. See MDL-52136.
$newcase['user']['lastname'] = 'Moodle\'"';
$newcase['course']['shortname'] = '101\'"';
$newcase['forums'][0]['name'] = 'Moodle Forum\'"';
$newcase['forums'][0]['forumposts'][0]['name'] = 'Hello Moodle\'"';
$newcase['forums'][0]['forumposts'][0]['message'] = 'Welcome to Moodle\'"';
@ -901,8 +899,8 @@ class mod_forum_mail_testcase extends advanced_testcase {
$newcase['forums'][0]['forumposts'][0]['name'] = 'Hello Moodle>';
$newcase['forums'][0]['forumposts'][0]['message'] = 'Welcome to Moodle>';
$newcase['expectations'][0]['contents'] = array(
'Attachment example.txt:', '~{\$a', '~&amp;gt;', 'Love Moodle>', '101&gt;', 'Moodle Forum&gt;',
'Hello Moodle&gt;', 'Welcome to Moodle>');
'Attachment example.txt:', '~{\$a', '~&amp;gt;', 'Love Moodle>', '101>', 'Moodle Forum>',
'Hello Moodle>', 'Welcome to Moodle>');
$textcases['Text mail with gt and lt everywhere'] = array('data' => $newcase);
// Ampersands everywhere. This case is completely borked because format_string()
@ -914,8 +912,8 @@ class mod_forum_mail_testcase extends advanced_testcase {
$newcase['forums'][0]['forumposts'][0]['name'] = 'Hello Moodle&';
$newcase['forums'][0]['forumposts'][0]['message'] = 'Welcome to Moodle&';
$newcase['expectations'][0]['contents'] = array(
'Attachment example.txt:', '~{\$a', '~&amp;amp;', 'Love Moodle&', '101&amp;', 'Moodle Forum&amp;',
'Hello Moodle&amp;', 'Welcome to Moodle&');
'Attachment example.txt:', '~{\$a', '~&amp;amp;', 'Love Moodle&', '101&', 'Moodle Forum&',
'Hello Moodle&', 'Welcome to Moodle&');
$textcases['Text mail with ampersands everywhere'] = array('data' => $newcase);
// Now the html cases.
@ -927,25 +925,23 @@ class mod_forum_mail_testcase extends advanced_testcase {
$htmlbase['expectations'][0]['contents'] = array(
'~{\$a',
'~&(amp|lt|gt|quot|\#039);(?!course)',
'<div class=3D"attachments">( *\n *)?<a href',
'<div class=3D"subject">\n.*Hello Moodle', '>Moodle Forum', '>Welcome.*Moodle', '>Love Moodle', '>1\d1');
'<div class="attachments">( *\n *)?<a href',
'<div class="subject">\n.*Hello Moodle', '>Moodle Forum', '>Welcome.*Moodle', '>Love Moodle', '>1\d1');
$htmlcases['HTML mail without ampersands, quotes or lt/gt'] = array('data' => $htmlbase);
// Single and double quotes, lt and gt, ampersands everywhere.
$newcase = $htmlbase;
$newcase['user']['lastname'] = 'Moodle\'>&';
// $newcase['user']['lastname'] = 'Moodle\'">&'; // TODO: This breaks badly. See MDL-52136.
$newcase['course']['shortname'] = '101\'>&';
// $newcase['course']['shortname'] = '101\'">&'; // TODO: This breaks badly. See MDL-52136.
$newcase['user']['lastname'] = 'Moodle\'">&';
$newcase['course']['shortname'] = '101\'">&';
$newcase['forums'][0]['name'] = 'Moodle Forum\'">&';
$newcase['forums'][0]['forumposts'][0]['name'] = 'Hello Moodle\'">&';
$newcase['forums'][0]['forumposts'][0]['message'] = 'Welcome to Moodle\'">&';
$newcase['expectations'][0]['contents'] = array(
'~{\$a',
'~&amp;(amp|lt|gt|quot|\#039);',
'<div class=3D"attachments">( *\n *)?<a href',
'<div class=3D"subject">\n.*Hello Moodle\'"&gt;&amp;', '>Moodle Forum\'"&gt;&amp;',
'>Welcome.*Moodle\'"&gt;&amp;', '>Love Moodle&\#039;&gt;&amp;', '>1\d1\'&gt;&amp');
'<div class="attachments">( *\n *)?<a href',
'<div class="subject">\n.*Hello Moodle\'"&gt;&amp;', '>Moodle Forum\'"&gt;&amp;',
'>Welcome.*Moodle\'"&gt;&amp;', '>Love Moodle&\#039;&quot;&gt;&amp;', '>101\'"&gt;&amp');
$htmlcases['HTML mail with quotes, gt, lt and ampersand everywhere'] = array('data' => $newcase);
return $textcases + $htmlcases;
@ -1062,6 +1058,7 @@ class mod_forum_mail_testcase extends advanced_testcase {
// If we have found the expectation and have contents to match, let's do it.
if (isset($foundexpectation) and isset($foundexpectation['contents'])) {
$mail->body = quoted_printable_decode($mail->body);
if (!is_array($foundexpectation['contents'])) { // Accept both string and array.
$foundexpectation['contents'] = array($foundexpectation['contents']);
}
@ -1069,6 +1066,7 @@ class mod_forum_mail_testcase extends advanced_testcase {
if (strpos($content, '~') !== 0) {
$this->assertRegexp('#' . $content . '#m', $mail->body);
} else {
preg_match('#' . substr($content, 1) . '#m', $mail->body, $matches);
$this->assertNotRegexp('#' . substr($content, 1) . '#m', $mail->body);
}
}