Added a new method to WebGUI::HTML called makeParameter safe. It will

encode commas and single quotes to make the output safe to embed inside of a macro. Added tests to verify that it works correctly. Updated the c_companyName macro to use makeParameterSafe. Added tests to verify that the changed macro works okay. Updated the c_companyName documentation. Added a blurb to the gotchas file to cover the change to the macro.
2007-02-13 23:42:53 +00:00 · 2007-02-13 23:42:53 +00:00 · 76585a1daa
commit 76585a1daa
parent 52a3023b09
7 changed files with 63 additions and 10 deletions
--- a/lib/WebGUI/HTML.pm
+++ b/lib/WebGUI/HTML.pm
@ -342,6 +342,25 @@ sub makeAbsolute {

 #-------------------------------------------------------------------

+=head2 makeParameterSafe ( text )
+
+Encodes text to make it safe to embed in a macro by HTML encoding commas and quotes.
+
+=head3 html
+
+A reference to the text to be encoded.
+
+=cut
+
+sub makeParameterSafe {
+	my $text = shift;
+	${ $text } =~ s/,/&#44;/g;
+	${ $text } =~ s/'/&quot;/g;
+	return;
+}
+
+#-------------------------------------------------------------------
+
 =head2 processReplacements ( session, content )

 Processes text using the WebGUI replacements system.
--- a/lib/WebGUI/Macro/c_companyName.pm
+++ b/lib/WebGUI/Macro/c_companyName.pm
@ -11,6 +11,7 @@ package WebGUI::Macro::c_companyName;
 #-------------------------------------------------------------------

 use strict;
+use WebGUI::HTML;

 =head1 NAME

@ -29,7 +30,9 @@ returns the companyName from the session object.
 #-------------------------------------------------------------------
 sub process {
 	my $session = shift;
-        return $session->setting->get("companyName");
+	my $companyName = $session->setting->get("companyName");
+	WebGUI::HTML::makeParameterSafe(\$companyName);
+        return $companyName;
 }

 1;
--- a/lib/WebGUI/i18n/English/Macro_c_companyName.pm
+++ b/lib/WebGUI/i18n/English/Macro_c_companyName.pm
@ -15,11 +15,12 @@ our $I18N = {
 	'company name body' => {
 		message => q|
 <p><b>&#94;c;</b><br />
-The name of your company specified in the settings by your Administrator.
-</p>
-<p>This Macro may be nested inside other Macros if the text does not contain commas or quotes.</p>
+The name of your company, specified in the settings by your Administrator.</p>
+
+<p>Any commas or quotes in the company name will be translated into HTML encodings so
+that you can always embed this macro inside of other macros.</p>
 |,
-		lastUpdated => 1168558579,
+		lastUpdated => 1171408777,
 	},
 };