From 76585a1daa25c6ca90e53f48429aee2f776b2e04 Mon Sep 17 00:00:00 2001 From: Colin Kuskie Date: Tue, 13 Feb 2007 23:42:53 +0000 Subject: [PATCH] Added a new method to WebGUI::HTML called makeParameter safe. It will encode commas and single quotes to make the output safe to embed inside of a macro. Added tests to verify that it works correctly. Updated the c_companyName macro to use makeParameterSafe. Added tests to verify that the changed macro works okay. Updated the c_companyName documentation. Added a blurb to the gotchas file to cover the change to the macro. --- docs/changelog/7.x.x.txt | 1 + docs/gotcha.txt | 3 +++ lib/WebGUI/HTML.pm | 19 ++++++++++++++++++ lib/WebGUI/Macro/c_companyName.pm | 5 ++++- .../i18n/English/Macro_c_companyName.pm | 9 +++++---- t/HTML.t | 20 ++++++++++++++++++- t/Macro/c_companyName.t | 16 +++++++++++---- 7 files changed, 63 insertions(+), 10 deletions(-) diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index 15aad6b50..09a0c35c6 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -66,6 +66,7 @@ - fix: multiple matrix sharing features - fix: Fixed a bug with processing macros in rich media ads. (perlDreamer Consulting, LLC) - fix: WebGUI Auth create account can now be properly overriden + - fix: Home macro fails when company name has comma (perlDreamer Consulting, LLC) - fix: WSClient pagination variables. (DonorWare and perlDreamer Consulting, LLC) 7.3.8 diff --git a/docs/gotcha.txt b/docs/gotcha.txt index a8b28b73f..30cd94971 100644 --- a/docs/gotcha.txt +++ b/docs/gotcha.txt @@ -15,6 +15,9 @@ save you many hours of grief. Documentation on their use is in the online help and you can also look at the default template for an example use. + * The c_companyName macro now uses HTML encodings for comma and + single quote to make it safe to embed inside other macros. + 7.3.8 -------------------------------------------------------------------- * For those who upgraded to 7.3.7, any EventsCalendars (with their diff --git a/lib/WebGUI/HTML.pm b/lib/WebGUI/HTML.pm index 1edfc87f3..aa81bcb6d 100644 --- a/lib/WebGUI/HTML.pm +++ b/lib/WebGUI/HTML.pm @@ -342,6 +342,25 @@ sub makeAbsolute { #------------------------------------------------------------------- +=head2 makeParameterSafe ( text ) + +Encodes text to make it safe to embed in a macro by HTML encoding commas and quotes. + +=head3 html + +A reference to the text to be encoded. + +=cut + +sub makeParameterSafe { + my $text = shift; + ${ $text } =~ s/,/,/g; + ${ $text } =~ s/'/"/g; + return; +} + +#------------------------------------------------------------------- + =head2 processReplacements ( session, content ) Processes text using the WebGUI replacements system. diff --git a/lib/WebGUI/Macro/c_companyName.pm b/lib/WebGUI/Macro/c_companyName.pm index c4342222d..3df136e17 100644 --- a/lib/WebGUI/Macro/c_companyName.pm +++ b/lib/WebGUI/Macro/c_companyName.pm @@ -11,6 +11,7 @@ package WebGUI::Macro::c_companyName; #------------------------------------------------------------------- use strict; +use WebGUI::HTML; =head1 NAME @@ -29,7 +30,9 @@ returns the companyName from the session object. #------------------------------------------------------------------- sub process { my $session = shift; - return $session->setting->get("companyName"); + my $companyName = $session->setting->get("companyName"); + WebGUI::HTML::makeParameterSafe(\$companyName); + return $companyName; } 1; diff --git a/lib/WebGUI/i18n/English/Macro_c_companyName.pm b/lib/WebGUI/i18n/English/Macro_c_companyName.pm index 48c21aaaf..6a7dc9835 100644 --- a/lib/WebGUI/i18n/English/Macro_c_companyName.pm +++ b/lib/WebGUI/i18n/English/Macro_c_companyName.pm @@ -15,11 +15,12 @@ our $I18N = { 'company name body' => { message => q|

^c;
-The name of your company specified in the settings by your Administrator. -

-

This Macro may be nested inside other Macros if the text does not contain commas or quotes.

+The name of your company, specified in the settings by your Administrator.

+ +

Any commas or quotes in the company name will be translated into HTML encodings so +that you can always embed this macro inside of other macros.

|, - lastUpdated => 1168558579, + lastUpdated => 1171408777, }, }; diff --git a/t/HTML.t b/t/HTML.t index 0379a8b42..87a896da9 100644 --- a/t/HTML.t +++ b/t/HTML.t @@ -83,7 +83,20 @@ my @filterSets = ( }, ); -my $numTests = scalar @filterSets; +my @macroParamSets = ( + { + inputText => q|,|, + output => q|,|, + comment => 'single comma', + }, + { + inputText => q|'|, + output => q|"|, + comment => 'single quote', + }, +); + +my $numTests = scalar @filterSets + scalar @macroParamSets; plan tests => $numTests; @@ -91,3 +104,8 @@ foreach my $testSet (@filterSets) { my $output = WebGUI::HTML::filter($testSet->{inputText}, $testSet->{type}); is($output, $testSet->{output}, $testSet->{comment}); } + +foreach my $testSet (@macroParamSets) { + WebGUI::HTML::makeParameterSafe(\$testSet->{inputText}); + is($testSet->{inputText}, $testSet->{output}, $testSet->{comment}); +} diff --git a/t/Macro/c_companyName.t b/t/Macro/c_companyName.t index a53be31d0..84b48d2d4 100644 --- a/t/Macro/c_companyName.t +++ b/t/Macro/c_companyName.t @@ -20,20 +20,28 @@ use Test::More; # increment this value for each test you create my $session = WebGUI::Test->session; -my $numTests = 1+1; +my $numTests = 2+1; plan tests => $numTests; my $macro = 'WebGUI::Macro::c_companyName'; my $loaded = use_ok($macro); +my $originalCompanyName = $session->setting->get('companyName'); + SKIP: { skip "Unable to load $macro", $numTests-1 unless $loaded; -my ($value) = $session->dbSlave->quickArray( - "select value from settings where name='companyName'"); my $output = WebGUI::Macro::c_companyName::process($session); -is($output, $value, sprintf "Testing companyName"); +is($output, $originalCompanyName, "Testing companyName"); + +$session->setting->set('companyName', q|Gooey's Consulting, LLC|); +$output = WebGUI::Macro::c_companyName::process($session); +is($output, q|Gooey"s Consulting, LLC|, "Testing companyName with embedded quote and comma"); } + +END { + $session->setting->set('companyName', $originalCompanyName); +}