AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed improper Markdown escaping for some tooltips

Browse Source
This commit is contained in:
Frederic Guillot
2016-04-29 18:43:57 -04:00
parent a34f83fb30
commit 9fa8f63d25
11 changed files with 30 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -22,6 +22,7 @@ Improvements:
Bug fixes: Bug fixes:
* Fixed improper Markdown escaping for some tooltips
* Closing all tasks by column, also update closed tasks * Closing all tasks by column, also update closed tasks
* Fixed wrong task link generation within Markdown text * Fixed wrong task link generation within Markdown text
* Fixed wrong URL on comment toggle link for sorting * Fixed wrong URL on comment toggle link for sorting

12
app/Helper/TextHelper.php
View File

@@ -38,6 +38,18 @@ class TextHelper extends Base
return $parser->text($text); return $parser->text($text);
} }
/**
* Escape Markdown text that need to be stored in HTML attribute
*
* @access public
* @param string $text
* @return mixed
*/
public function markdownAttribute($text)
{
return htmlentities($this->markdown($text), ENT_QUOTES, 'UTF-8');
}
/** /**
* Format a file size * Format a file size
* *

2
app/Template/app/projects.php
View File

@@ -31,7 +31,7 @@
<?= $this->url->link($this->text->e($project['name']), 'board', 'show', array('project_id' => $project['id'])) ?> <?= $this->url->link($this->text->e($project['name']), 'board', 'show', array('project_id' => $project['id'])) ?>
<?php if (! empty($project['description'])): ?> <?php if (! empty($project['description'])): ?>
<span class="tooltip" title='<?= $this->text->e($this->text->markdown($project['description'])) ?>'> <span class="tooltip" title="<?= $this->text->markdownAttribute($project['description']) ?>">
<i class="fa fa-info-circle"></i> <i class="fa fa-info-circle"></i>
</span> </span>
<?php endif ?> <?php endif ?>

2
app/Template/board/table_column.php
View File

@@ -47,7 +47,7 @@
</span> </span>
<?php if (! $not_editable && ! empty($column['description'])): ?> <?php if (! $not_editable && ! empty($column['description'])): ?>
<span class="tooltip pull-right" title='<?= $this->text->e($this->text->markdown($column['description'])) ?>'> <span class="tooltip pull-right" title="<?= $this->text->markdownAttribute($column['description']) ?>">
&nbsp;<i class="fa fa-info-circle"></i> &nbsp;<i class="fa fa-info-circle"></i>
</span> </span>
<?php endif ?> <?php endif ?>

4
app/Template/board/task_footer.php
View File

@@ -11,7 +11,7 @@
array('task_id' => $task['id'], 'project_id' => $task['project_id']), array('task_id' => $task['id'], 'project_id' => $task['project_id']),
false, false,
'popover' . (! empty($task['category_description']) ? ' tooltip' : ''), 'popover' . (! empty($task['category_description']) ? ' tooltip' : ''),
! empty($task['category_description']) ? $this->text->markdown($task['category_description']) : t('Change category') ! empty($task['category_description']) ? $this->text->markdownAttribute($task['category_description']) : t('Change category')
) ?> ) ?>
<?php endif ?> <?php endif ?>
</span> </span>
@@ -76,7 +76,7 @@
<i class="fa fa-flag flag-milestone"></i> <i class="fa fa-flag flag-milestone"></i>
</span> </span>
<?php endif ?> <?php endif ?>
<?= $this->hook->render('template:board:task:icons', array('task' => $task)) ?> <?= $this->hook->render('template:board:task:icons', array('task' => $task)) ?>
<?= $this->task->formatPriority($project, $task) ?> <?= $this->task->formatPriority($project, $task) ?>

2
app/Template/column/index.php
View File

@@ -28,7 +28,7 @@
<i class="fa fa-arrows-alt draggable-row-handle" title="<?= t('Change column position') ?>"></i> <i class="fa fa-arrows-alt draggable-row-handle" title="<?= t('Change column position') ?>"></i>
<?= $this->text->e($column['title']) ?> <?= $this->text->e($column['title']) ?>
<?php if (! empty($column['description'])): ?> <?php if (! empty($column['description'])): ?>
<span class="tooltip" title='<?= $this->text->e($this->text->markdown($column['description'])) ?>'> <span class="tooltip" title="<?= $this->text->markdownAttribute($column['description']) ?>">
<i class="fa fa-info-circle"></i> <i class="fa fa-info-circle"></i>
</span> </span>
<?php endif ?> <?php endif ?>

2
app/Template/header.php
View File

@@ -8,7 +8,7 @@
<?= $this->text->e($title) ?> <?= $this->text->e($title) ?>
</span> </span>
<?php if (! empty($description)): ?> <?php if (! empty($description)): ?>
<span class="tooltip" title='<?= $this->text->e($this->text->markdown($description)) ?>'> <span class="tooltip" title="<?= $this->text->markdownAttribute($description) ?>">
<i class="fa fa-info-circle"></i> <i class="fa fa-info-circle"></i>
</span> </span>
<?php endif ?> <?php endif ?>

2
app/Template/project/index.php
View File

@@ -49,7 +49,7 @@
<?php endif ?> <?php endif ?>
<?php if (! empty($project['description'])): ?> <?php if (! empty($project['description'])): ?>
<span class="tooltip" title='<?= $this->text->e($this->text->markdown($project['description'])) ?>'> <span class="tooltip" title="<?= $this->text->markdownAttribute($project['description']) ?>">
<i class="fa fa-info-circle"></i> <i class="fa fa-info-circle"></i>
</span> </span>
<?php endif ?> <?php endif ?>

2
app/Template/project/show.php
View File

@@ -63,7 +63,7 @@
<td> <td>
<?= $this->text->e($column['title']) ?> <?= $this->text->e($column['title']) ?>
<?php if (! empty($column['description'])): ?> <?php if (! empty($column['description'])): ?>
<span class="tooltip" title='<?= $this->text->e($this->text->markdown($column['description'])) ?>'> <span class="tooltip" title="<?= $this->text->markdownAttribute($column['description']) ?>">
<i class="fa fa-info-circle"></i> <i class="fa fa-info-circle"></i>
</span> </span>
<?php endif ?> <?php endif ?>

2
app/Template/swimlane/table.php
View File

@@ -45,7 +45,7 @@
<?= $this->text->e($swimlane['name']) ?> <?= $this->text->e($swimlane['name']) ?>
<?php if (! empty($swimlane['description'])): ?> <?php if (! empty($swimlane['description'])): ?>
<span class="tooltip" title='<?= $this->text->e($this->text->markdown($swimlane['description'])) ?>'> <span class="tooltip" title="<?= $this->text->markdownAttribute($swimlane['description']) ?>">
<i class="fa fa-info-circle"></i> <i class="fa fa-info-circle"></i>
</span> </span>
<?php endif ?> <?php endif ?>

8
tests/units/Helper/TextHelperTest.php
View File

@@ -51,6 +51,14 @@ class TextHelperTest extends Base
$this->assertEquals('<p>Text @admin @notfound</p>', $h->markdown('Text @admin @notfound', true)); $this->assertEquals('<p>Text @admin @notfound</p>', $h->markdown('Text @admin @notfound', true));
} }
public function testMarkdownAttribute()
{
$helper = new TextHelper($this->container);
$this->assertEquals('&lt;p&gt;&Ccedil;a marche&lt;/p&gt;', $helper->markdownAttribute('Ça marche'));
$this->assertEquals('&lt;p&gt;Test with &amp;quot;double quotes&amp;quot;&lt;/p&gt;', $helper->markdownAttribute('Test with "double quotes"'));
$this->assertEquals('&lt;p&gt;Test with &#039;single quotes&#039;&lt;/p&gt;', $helper->markdownAttribute("Test with 'single quotes'"));
}
public function testFormatBytes() public function testFormatBytes()
{ {
$h = new TextHelper($this->container); $h = new TextHelper($this->container);