mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-05-11 04:52:14 +09:00
Allow true/false/yes/no values for autoescape
템플릿의 <config autoescape="on" /> 문법이 on, off만 지원하기 때문에 흔히 사용하는 true, false, yes, no, Y, N 등의 불리언 값을 입력하면 안전하지 않은 off로 인식하게 됨. 이 경우에도 적절히 처리하도록 변경.
This commit is contained in:
Kijin Sung
parent
a398c7548d
commit
2a026a6c86
2 changed files with 23 additions and 22 deletions
|
|
@ -263,7 +263,7 @@ class TemplateHandler
|
||||||
$this->config = new stdClass();
|
$this->config = new stdClass();
|
||||||
|
|
||||||
// detect existence of autoescape config
|
// detect existence of autoescape config
|
||||||
$this->config->autoescape = (strpos($buff, ' autoescape="') === FALSE) ? NULL : 'off';
|
$this->config->autoescape = (strpos($buff, ' autoescape="') === false) ? null : false;
|
||||||
|
|
||||||
// replace comments
|
// replace comments
|
||||||
$buff = preg_replace('@<!--//.*?-->@s', '', $buff);
|
$buff = preg_replace('@<!--//.*?-->@s', '', $buff);
|
||||||
|
|
@ -970,7 +970,8 @@ class TemplateHandler
|
||||||
{
|
{
|
||||||
foreach($config_matches as $config_match)
|
foreach($config_matches as $config_match)
|
||||||
{
|
{
|
||||||
$result .= "\$this->config->{$config_match[1]} = '" . trim(strtolower($config_match[2])) . "';";
|
$config_value = toBool(trim(strtolower($config_match[2]))) ? 'true' : 'false';
|
||||||
|
$result .= "\$this->config->{$config_match[1]} = $config_value;";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return "<?php {$result} ?>";
|
return "<?php {$result} ?>";
|
||||||
|
|
@ -1042,7 +1043,7 @@ class TemplateHandler
|
||||||
return "(preg_match('/^\\$(?:user_)?lang->[a-zA-Z0-9\_]+$/', {$str}) ? ({$str}) : htmlspecialchars({$str}, ENT_QUOTES, 'UTF-8', false))";
|
return "(preg_match('/^\\$(?:user_)?lang->[a-zA-Z0-9\_]+$/', {$str}) ? ({$str}) : htmlspecialchars({$str}, ENT_QUOTES, 'UTF-8', false))";
|
||||||
case 'auto':
|
case 'auto':
|
||||||
default:
|
default:
|
||||||
return "(\$this->config->autoescape === 'on' ? htmlspecialchars({$str}, ENT_QUOTES, 'UTF-8', false) : ({$str}))";
|
return "(\$this->config->autoescape ? htmlspecialchars({$str}, ENT_QUOTES, 'UTF-8', false) : ({$str}))";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -328,43 +328,43 @@ class TemplateHandlerTest extends \Codeception\TestCase\Test
|
||||||
// Rhymix autoescape
|
// Rhymix autoescape
|
||||||
array(
|
array(
|
||||||
'<config autoescape="on" />{$foo}',
|
'<config autoescape="on" />{$foo}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo)) ?>'
|
PHP_EOL . '$this->config->autoescape = true;' . "\n" . 'echo ($this->config->autoescape ? htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo)) ?>'
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="off" />{$foo}',
|
'<config autoescape="off" />{$foo}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo)) ?>'
|
PHP_EOL . '$this->config->autoescape = false;' . "\n" . 'echo ($this->config->autoescape ? htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo)) ?>'
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="on" />{$foo|auto}',
|
'<config autoescape="yes" />{$foo|auto}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo)) ?>'
|
PHP_EOL . '$this->config->autoescape = true;' . "\n" . 'echo ($this->config->autoescape ? htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo)) ?>'
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="off" />{$foo|auto}',
|
'<config autoescape="no" />{$foo->$bar|auto}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo)) ?>'
|
PHP_EOL . '$this->config->autoescape = false;' . "\n" . 'echo ($this->config->autoescape ? htmlspecialchars($__Context->foo->{$__Context->bar}, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo->{$__Context->bar})) ?>'
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="on" />{$foo|autoescape}',
|
'<config autoescape="true" />{$foo|autoescape}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) ?>'
|
PHP_EOL . '$this->config->autoescape = true;' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) ?>'
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="off" />{$foo|autoescape}',
|
'<config autoescape="false" />{$foo|autoescape}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) ?>'
|
PHP_EOL . '$this->config->autoescape = false;' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) ?>'
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="on" />{$foo|escape}',
|
'<config autoescape="1" />{$foo|escape}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', true) ?>'
|
PHP_EOL . '$this->config->autoescape = true;' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', true) ?>'
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="off" />{$foo|escape}',
|
'<config autoescape="0" />{$foo|escape}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', true) ?>'
|
PHP_EOL . '$this->config->autoescape = false;' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', true) ?>'
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="on" />{$foo|noescape}',
|
'<config autoescape="Y" />{$foo|noescape}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo $__Context->foo ?>'
|
PHP_EOL . '$this->config->autoescape = true;' . "\n" . 'echo $__Context->foo ?>'
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="off" />{$foo|noescape}',
|
'<config autoescape="N" />{$foo|noescape}',
|
||||||
PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo $__Context->foo ?>'
|
PHP_EOL . '$this->config->autoescape = false;' . "\n" . 'echo $__Context->foo ?>'
|
||||||
),
|
),
|
||||||
// Rhymix filters
|
// Rhymix filters
|
||||||
array(
|
array(
|
||||||
|
|
@ -449,7 +449,7 @@ class TemplateHandlerTest extends \Codeception\TestCase\Test
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'<config autoescape="on" /><p>{$foo|link:$url}</p>',
|
'<config autoescape="on" /><p>{$foo|link:$url}</p>',
|
||||||
PHP_EOL . '$this->config->autoescape = \'on\'; ?><p><?php echo \'<a href="\' . ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->url, ENT_QUOTES, \'UTF-8\', false) : ($__Context->url)) . \'">\' . ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo)) . \'</a>\' ?></p>'
|
PHP_EOL . '$this->config->autoescape = true; ?><p><?php echo \'<a href="\' . ($this->config->autoescape ? htmlspecialchars($__Context->url, ENT_QUOTES, \'UTF-8\', false) : ($__Context->url)) . \'">\' . ($this->config->autoescape ? htmlspecialchars($__Context->foo, ENT_QUOTES, \'UTF-8\', false) : ($__Context->foo)) . \'</a>\' ?></p>'
|
||||||
),
|
),
|
||||||
// Rhymix filters (reject malformed filters)
|
// Rhymix filters (reject malformed filters)
|
||||||
array(
|
array(
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue