diff options
| -rw-r--r-- | phpBB/phpbb/textformatter/data_access.php | 50 | ||||
| -rw-r--r-- | phpBB/phpbb/textformatter/s9e/factory.php | 3 | ||||
| -rw-r--r-- | tests/functional/acp_bbcodes_test.php | 46 | ||||
| -rw-r--r-- | tests/functional/acp_smilies_test.php | 43 |
4 files changed, 127 insertions, 15 deletions
diff --git a/phpBB/phpbb/textformatter/data_access.php b/phpBB/phpbb/textformatter/data_access.php index 2103bf8e60..0d37e62c87 100644 --- a/phpBB/phpbb/textformatter/data_access.php +++ b/phpBB/phpbb/textformatter/data_access.php @@ -81,11 +81,8 @@ class data_access public function get_bbcodes() { $sql = 'SELECT bbcode_match, bbcode_tpl FROM ' . $this->bbcodes_table; - $result = $this->db->sql_query($sql); - $rows = $this->db->sql_fetchrowset($result); - $this->db->sql_freeresult($result); - return $rows; + return $this->fetch_decoded_rowset($sql, ['bbcode_match']); } /** @@ -101,11 +98,8 @@ class data_access $sql = 'SELECT code, emotion, smiley_url, smiley_width, smiley_height FROM ' . $this->smilies_table . ' ORDER BY display_on_posting DESC'; - $result = $this->db->sql_query($sql); - $rows = $this->db->sql_fetchrowset($result); - $this->db->sql_freeresult($result); - return $rows; + return $this->fetch_decoded_rowset($sql, ['code', 'emotion', 'smiley_url']); } /** @@ -116,11 +110,8 @@ class data_access protected function get_styles() { $sql = 'SELECT style_id, style_path, style_parent_id, bbcode_bitfield FROM ' . $this->styles_table; - $result = $this->db->sql_query($sql); - $rows = $this->db->sql_fetchrowset($result); - $this->db->sql_freeresult($result); - return $rows; + return $this->fetch_decoded_rowset($sql); } /** @@ -219,10 +210,43 @@ class data_access public function get_censored_words() { $sql = 'SELECT word, replacement FROM ' . $this->words_table; + + return $this->fetch_decoded_rowset($sql, ['word', 'replacement']); + } + + /** + * Decode HTML special chars in given rowset + * + * @param array $rows Original rowset + * @param array $columns List of columns to decode + * @return array Decoded rowset + */ + protected function decode_rowset(array $rows, array $columns) + { + foreach ($rows as &$row) + { + foreach ($columns as $column) + { + $row[$column] = htmlspecialchars_decode($row[$column]); + } + } + + return $rows; + } + + /** + * Fetch all rows for given query and decode plain text columns + * + * @param string $sql SELECT query + * @param array $columns List of columns to decode + * @return array + */ + protected function fetch_decoded_rowset($sql, array $columns = []) + { $result = $this->db->sql_query($sql); $rows = $this->db->sql_fetchrowset($result); $this->db->sql_freeresult($result); - return $rows; + return $this->decode_rowset($rows, $columns); } } diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index 55149b8e63..5cbf2712f7 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -333,8 +333,7 @@ class factory implements \phpbb\textformatter\cache_interface $configurator->plugins->load('Censor', array('tagName' => 'censor:tag')); foreach ($censor as $row) { - // NOTE: words are stored as HTML, we need to decode them to plain text - $configurator->Censor->add(htmlspecialchars_decode($row['word']), htmlspecialchars_decode($row['replacement'])); + $configurator->Censor->add($row['word'], $row['replacement']); } } diff --git a/tests/functional/acp_bbcodes_test.php b/tests/functional/acp_bbcodes_test.php new file mode 100644 index 0000000000..58681dfa07 --- /dev/null +++ b/tests/functional/acp_bbcodes_test.php @@ -0,0 +1,46 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +/** + * @group functional + */ +class phpbb_functional_acp_bbcodes_test extends phpbb_functional_test_case +{ + public function test_htmlspecialchars() + { + $this->login(); + $this->admin_login(); + + // Create the BBCode + $crawler = self::request('GET', 'adm/index.php?i=acp_bbcodes&sid=' . $this->sid . '&mode=bbcodes&action=add'); + $form = $crawler->selectButton('Submit')->form(array( + 'bbcode_match' => '[mod="{TEXT1}"]{TEXT2}[/mod]', + 'bbcode_tpl' => '<div>{TEXT1}</div><div>{TEXT2}</div>' + )); + self::submit($form); + + // Test it in the "new topic" preview + $crawler = self::request('GET', 'posting.php?mode=post&f=2&sid=' . $this->sid); + $form = $crawler->selectButton('Preview')->form(array( + 'subject' => 'subject', + 'message' => '[mod=a]b[/mod][mod="c"]d[/mod]' + )); + $crawler = self::submit($form); + + $html = $crawler->filter('#preview')->html(); + $this->assertContains('<div>a</div>', $html); + $this->assertContains('<div>b</div>', $html); + $this->assertContains('<div>c</div>', $html); + $this->assertContains('<div>d</div>', $html); + } +} diff --git a/tests/functional/acp_smilies_test.php b/tests/functional/acp_smilies_test.php new file mode 100644 index 0000000000..ebe8717fa7 --- /dev/null +++ b/tests/functional/acp_smilies_test.php @@ -0,0 +1,43 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +/** + * @group functional + */ +class phpbb_functional_acp_smilies_test extends phpbb_functional_test_case +{ + public function test_htmlspecialchars() + { + $this->login(); + $this->admin_login(); + + // Create the BBCode + $crawler = self::request('GET', 'adm/index.php?i=acp_icons&sid=' . $this->sid . '&mode=smilies&action=edit&id=1'); + $form = $crawler->selectButton('Submit')->form(array( + 'code[icon_e_biggrin.gif]' => '>:D', + 'emotion[icon_e_biggrin.gif]' => '>:D' + )); + self::submit($form); + + // Test it in the "new topic" preview + $crawler = self::request('GET', 'posting.php?mode=post&f=2&sid=' . $this->sid); + $form = $crawler->selectButton('Preview')->form(array( + 'subject' => 'subject', + 'message' => '>:D' + )); + $crawler = self::submit($form); + + $html = $crawler->filter('#preview')->html(); + $this->assertRegexp('(<img [^>]+ alt=">:D" title=">:D"[^>]*>)', $html); + } +} |