Added a new method to WebGUI::HTML called makeParameter safe. It will
encode commas and single quotes to make the output safe to embed inside of a macro. Added tests to verify that it works correctly. Updated the c_companyName macro to use makeParameterSafe. Added tests to verify that the changed macro works okay. Updated the c_companyName documentation. Added a blurb to the gotchas file to cover the change to the macro.
This commit is contained in:
Colin Kuskie
parent
52a3023b09
commit
76585a1daa
7 changed files with 63 additions and 10 deletions
|
|
@ -66,6 +66,7 @@
|
|||
- fix: multiple matrix sharing features
|
||||
- fix: Fixed a bug with processing macros in rich media ads. (perlDreamer Consulting, LLC)
|
||||
- fix: WebGUI Auth create account can now be properly overriden
|
||||
- fix: Home macro fails when company name has comma (perlDreamer Consulting, LLC)
|
||||
- fix: WSClient pagination variables. (DonorWare and perlDreamer Consulting, LLC)
|
||||
|
||||
7.3.8
|
||||
|
|
|
|||
|
|
@ -15,6 +15,9 @@ save you many hours of grief.
|
|||
Documentation on their use is in the online help and you can also
|
||||
look at the default template for an example use.
|
||||
|
||||
* The c_companyName macro now uses HTML encodings for comma and
|
||||
single quote to make it safe to embed inside other macros.
|
||||
|
||||
7.3.8
|
||||
--------------------------------------------------------------------
|
||||
* For those who upgraded to 7.3.7, any EventsCalendars (with their
|
||||
|
|
|
|||
|
|
@ -342,6 +342,25 @@ sub makeAbsolute {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 makeParameterSafe ( text )
|
||||
|
||||
Encodes text to make it safe to embed in a macro by HTML encoding commas and quotes.
|
||||
|
||||
=head3 html
|
||||
|
||||
A reference to the text to be encoded.
|
||||
|
||||
=cut
|
||||
|
||||
sub makeParameterSafe {
|
||||
my $text = shift;
|
||||
${ $text } =~ s/,/,/g;
|
||||
${ $text } =~ s/'/"/g;
|
||||
return;
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 processReplacements ( session, content )
|
||||
|
||||
Processes text using the WebGUI replacements system.
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ package WebGUI::Macro::c_companyName;
|
|||
#-------------------------------------------------------------------
|
||||
|
||||
use strict;
|
||||
use WebGUI::HTML;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
|
|
@ -29,7 +30,9 @@ returns the companyName from the session object.
|
|||
#-------------------------------------------------------------------
|
||||
sub process {
|
||||
my $session = shift;
|
||||
return $session->setting->get("companyName");
|
||||
my $companyName = $session->setting->get("companyName");
|
||||
WebGUI::HTML::makeParameterSafe(\$companyName);
|
||||
return $companyName;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -15,11 +15,12 @@ our $I18N = {
|
|||
'company name body' => {
|
||||
message => q|
|
||||
<p><b>^c;</b><br />
|
||||
The name of your company specified in the settings by your Administrator.
|
||||
</p>
|
||||
<p>This Macro may be nested inside other Macros if the text does not contain commas or quotes.</p>
|
||||
The name of your company, specified in the settings by your Administrator.</p>
|
||||
|
||||
<p>Any commas or quotes in the company name will be translated into HTML encodings so
|
||||
that you can always embed this macro inside of other macros.</p>
|
||||
|,
|
||||
lastUpdated => 1168558579,
|
||||
lastUpdated => 1171408777,
|
||||
},
|
||||
};
|
||||
|
||||
|
|
|
|||
20
t/HTML.t
20
t/HTML.t
|
|
@ -83,7 +83,20 @@ my @filterSets = (
|
|||
},
|
||||
);
|
||||
|
||||
my $numTests = scalar @filterSets;
|
||||
my @macroParamSets = (
|
||||
{
|
||||
inputText => q|,|,
|
||||
output => q|,|,
|
||||
comment => 'single comma',
|
||||
},
|
||||
{
|
||||
inputText => q|'|,
|
||||
output => q|"|,
|
||||
comment => 'single quote',
|
||||
},
|
||||
);
|
||||
|
||||
my $numTests = scalar @filterSets + scalar @macroParamSets;
|
||||
|
||||
plan tests => $numTests;
|
||||
|
||||
|
|
@ -91,3 +104,8 @@ foreach my $testSet (@filterSets) {
|
|||
my $output = WebGUI::HTML::filter($testSet->{inputText}, $testSet->{type});
|
||||
is($output, $testSet->{output}, $testSet->{comment});
|
||||
}
|
||||
|
||||
foreach my $testSet (@macroParamSets) {
|
||||
WebGUI::HTML::makeParameterSafe(\$testSet->{inputText});
|
||||
is($testSet->{inputText}, $testSet->{output}, $testSet->{comment});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,20 +20,28 @@ use Test::More; # increment this value for each test you create
|
|||
|
||||
my $session = WebGUI::Test->session;
|
||||
|
||||
my $numTests = 1+1;
|
||||
my $numTests = 2+1;
|
||||
|
||||
plan tests => $numTests;
|
||||
|
||||
my $macro = 'WebGUI::Macro::c_companyName';
|
||||
my $loaded = use_ok($macro);
|
||||
|
||||
my $originalCompanyName = $session->setting->get('companyName');
|
||||
|
||||
SKIP: {
|
||||
|
||||
skip "Unable to load $macro", $numTests-1 unless $loaded;
|
||||
|
||||
my ($value) = $session->dbSlave->quickArray(
|
||||
"select value from settings where name='companyName'");
|
||||
my $output = WebGUI::Macro::c_companyName::process($session);
|
||||
is($output, $value, sprintf "Testing companyName");
|
||||
is($output, $originalCompanyName, "Testing companyName");
|
||||
|
||||
$session->setting->set('companyName', q|Gooey's Consulting, LLC|);
|
||||
$output = WebGUI::Macro::c_companyName::process($session);
|
||||
is($output, q|Gooey"s Consulting, LLC|, "Testing companyName with embedded quote and comma");
|
||||
|
||||
}
|
||||
|
||||
END {
|
||||
$session->setting->set('companyName', $originalCompanyName);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue