diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-29 11:31:00 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-29 11:31:00 -0700 |
| commit | 1d633457c4482ab96bf936e9951ded2d5ebc8c74 (patch) | |
| tree | c07b01cd21c327a98a851f45a00b4c4014470a94 | |
| parent | 020281d932c566476222e6c825ada3affff239a6 (diff) | |
Have url::site() and other methods return a SafeString, just as t() and t2().
Benefits:
- url::site() is often used in views and we can ensure in the url class that returned strings are indeed safe for use in HTML. Makes the list of vars of unknown safety status shorter.
- url::site() is often used as message parameter to t() and t2(). The parameter would be HTML-escaped if it wasn't marked as safe HTML already. Makes the usage simpler / shorter.
| -rw-r--r-- | modules/gallery/helpers/MY_url.php | 24 | ||||
| -rw-r--r-- | modules/gallery/tests/Xss_Security_Test.php | 24 |
2 files changed, 43 insertions, 5 deletions
diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php index c4967c52..b4b7f352 100644 --- a/modules/gallery/helpers/MY_url.php +++ b/modules/gallery/helpers/MY_url.php @@ -30,7 +30,8 @@ class url extends url_Core { if ($parts[0] == "albums" || $parts[0] == "photos") { $uri = model_cache::get("item", $parts[1])->relative_path(); } - return parent::site($uri . $query, $protocol); + $url = parent::site($uri . $query, $protocol); + return SafeString::of($url)->mark_html_safe(); } static function parse_url() { @@ -99,4 +100,25 @@ class url extends url_Core { static function abs_current($qs=false) { return self::abs_site(url::current($qs)); } + + public static function base($index=false, $protocol=false) { + $url = parent::base($index, $protocol); + return SafeString::of($url)->mark_html_safe(); + } + + public static function current($qs=false) { + $url = parent::current($qs); + return SafeString::of($url)->mark_html_safe(); + } + + public static function file($file, $index=false) { + $url = parent::file($file, $index); + return SafeString::of($url)->mark_html_safe(); + } + + public static function merge(array $arguments) { + $url = parent::merge($arguments); + return SafeString::of($url)->mark_html_safe(); + } + } diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 1d52237c..e0e5bb86 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -126,7 +126,23 @@ class Xss_Security_Test extends Unit_Test_Case { $token_number++; $token = $tokens[$token_number]; } - } + } else if ($token[1] == "url") { + // url methods return a SafeString + if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("site", "current", "base", "file", "abs_site", "abs_current", + "abs_file", "merge")) && + self::_token_matches("(", $tokens, $token_number + 3)) { + $frame->is_safestring(true); + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("::$method("); + + $token_number += 3; + $token = $tokens[$token_number]; + } + } } else if ($frame && $token[0] == T_OBJECT_OPERATOR) { $frame->expr_append($token[1]); @@ -155,8 +171,9 @@ class Xss_Security_Test extends Unit_Test_Case { } } - // Generate the report. /* + * Generate the report + * * States for uses of < ? = X ? >: * JS_XSS: * In <script> block @@ -166,7 +183,7 @@ class Xss_Security_Test extends Unit_Test_Case { * X can be anything without a call to ->for_html() or ->purified_html() * CLEAN: * Outside <script> block: - * X = t() or t2() + * X = is SafeString (t(), t2(), url::site()) * X = * and for_html() or purified_html() is called * Inside <script> block: * X = * with ->for_js() or json_encode(...) @@ -192,7 +209,6 @@ class Xss_Security_Test extends Unit_Test_Case { } } fclose($fd); - exit; // Compare with the expected report from our golden file. $canonical = MODPATH . "gallery/tests/xss_data.txt"; |