diff options
Diffstat (limited to 'modules/gallery')
| -rw-r--r-- | modules/gallery/helpers/MY_url.php | 24 | ||||
| -rw-r--r-- | modules/gallery/tests/Xss_Security_Test.php | 24 |
2 files changed, 43 insertions, 5 deletions
diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php index c4967c52..b4b7f352 100644 --- a/modules/gallery/helpers/MY_url.php +++ b/modules/gallery/helpers/MY_url.php @@ -30,7 +30,8 @@ class url extends url_Core { if ($parts[0] == "albums" || $parts[0] == "photos") { $uri = model_cache::get("item", $parts[1])->relative_path(); } - return parent::site($uri . $query, $protocol); + $url = parent::site($uri . $query, $protocol); + return SafeString::of($url)->mark_html_safe(); } static function parse_url() { @@ -99,4 +100,25 @@ class url extends url_Core { static function abs_current($qs=false) { return self::abs_site(url::current($qs)); } + + public static function base($index=false, $protocol=false) { + $url = parent::base($index, $protocol); + return SafeString::of($url)->mark_html_safe(); + } + + public static function current($qs=false) { + $url = parent::current($qs); + return SafeString::of($url)->mark_html_safe(); + } + + public static function file($file, $index=false) { + $url = parent::file($file, $index); + return SafeString::of($url)->mark_html_safe(); + } + + public static function merge(array $arguments) { + $url = parent::merge($arguments); + return SafeString::of($url)->mark_html_safe(); + } + } diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 1d52237c..e0e5bb86 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -126,7 +126,23 @@ class Xss_Security_Test extends Unit_Test_Case { $token_number++; $token = $tokens[$token_number]; } - } + } else if ($token[1] == "url") { + // url methods return a SafeString + if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("site", "current", "base", "file", "abs_site", "abs_current", + "abs_file", "merge")) && + self::_token_matches("(", $tokens, $token_number + 3)) { + $frame->is_safestring(true); + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("::$method("); + + $token_number += 3; + $token = $tokens[$token_number]; + } + } } else if ($frame && $token[0] == T_OBJECT_OPERATOR) { $frame->expr_append($token[1]); @@ -155,8 +171,9 @@ class Xss_Security_Test extends Unit_Test_Case { } } - // Generate the report. /* + * Generate the report + * * States for uses of < ? = X ? >: * JS_XSS: * In <script> block @@ -166,7 +183,7 @@ class Xss_Security_Test extends Unit_Test_Case { * X can be anything without a call to ->for_html() or ->purified_html() * CLEAN: * Outside <script> block: - * X = t() or t2() + * X = is SafeString (t(), t2(), url::site()) * X = * and for_html() or purified_html() is called * Inside <script> block: * X = * with ->for_js() or json_encode(...) @@ -192,7 +209,6 @@ class Xss_Security_Test extends Unit_Test_Case { } } fclose($fd); - exit; // Compare with the expected report from our golden file. $canonical = MODPATH . "gallery/tests/xss_data.txt"; |