AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add helper method to use implode() with HTML escaping

Browse Source
This commit is contained in:
Frederic Guillot
2017-02-23 18:51:11 -05:00
parent 73b2f51fe5
commit dd579937e3
4 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -38,6 +38,7 @@ Bug fixes:
* Upload files button stay disabled when there are other submit buttons on the same page * Upload files button stay disabled when there are other submit buttons on the same page
* Hiding subtasks from hidden tasks in dashboard * Hiding subtasks from hidden tasks in dashboard
* Avoid potential XSS in project overview when listing users (was avoided by default CSP rules)
Version 1.0.39 (Feb 12, 2017) Version 1.0.39 (Feb 12, 2017)
----------------------------- -----------------------------

13
app/Helper/TextHelper.php
View File

@@ -24,6 +24,19 @@ class TextHelper extends Base
return htmlspecialchars($value, ENT_QUOTES, 'UTF-8', false); return htmlspecialchars($value, ENT_QUOTES, 'UTF-8', false);
} }
/**
* Join with HTML escaping
*
* @param $glue
* @param array $list
* @return string
*/
public function implode($glue, array $list)
{
array_walk($list, function (&$value) { $value = htmlspecialchars($value, ENT_QUOTES, 'UTF-8', false); });
return implode($glue, $list);
}
/** /**
* Markdown transformation * Markdown transformation
* *

4
app/Template/project_overview/information.php
View File

@@ -13,8 +13,8 @@
<?php foreach ($roles as $role => $role_name): ?> <?php foreach ($roles as $role => $role_name): ?>
<?php if (isset($users[$role])): ?> <?php if (isset($users[$role])): ?>
<li> <li>
<?= $role_name ?>: <?= $this->text->e($role_name) ?>:
<strong><?= implode(', ', $users[$role]) ?></strong> <strong><?= $this->text->implode(', ', $users[$role]) ?></strong>
</li> </li>
<?php endif ?> <?php endif ?>
<?php endforeach ?> <?php endforeach ?>

7
tests/units/Helper/TextHelperTest.php
View File

@@ -9,6 +9,13 @@ use Kanboard\Model\UserModel;
class TextHelperTest extends Base class TextHelperTest extends Base
{ {
public function testImplode()
{
$textHelper = new TextHelper($this->container);
$html = '&lt;img src=x onerror=alert(0)&gt;';
$this->assertEquals($html, $textHelper->implode(', ', array('<img src=x onerror=alert(0)>')));
}
public function testMarkdownTaskLink() public function testMarkdownTaskLink()
{ {
$textHelper = new TextHelper($this->container); $textHelper = new TextHelper($this->container);