fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMC-602

Browse Source
This commit is contained in:
Julio Cesar Laura Avendaño
2019-05-24 11:02:24 -04:00
parent ffee1de408
commit 32ab82a19b
2 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
gulliver/system/class.g.php
View File

@@ -1762,7 +1762,7 @@ class G
} }
//Non-quoted //Non-quoted
if (($match[1][$r][0] == '#') && (isset($result[$match[2][$r][0]]))) { if (($match[1][$r][0] == '#') && (isset($result[$match[2][$r][0]]))) {
$text = ($applyHtmlEntities && !stringIsValidHtml($result[$match[2][$r][0]])) ? $text = ($applyHtmlEntities && !stringIsValidHtml($result[$match[2][$r][0]]) && $match[2][$r][0] !== '__ABE__') ?
htmlentities(G::unhtmlentities($result[$match[2][$r][0]]), ENT_COMPAT, 'UTF-8') : htmlentities(G::unhtmlentities($result[$match[2][$r][0]]), ENT_COMPAT, 'UTF-8') :
$result[$match[2][$r][0]]; $result[$match[2][$r][0]];
// Replenish the tag <br /> because is valid // Replenish the tag <br /> because is valid
@@ -1772,7 +1772,7 @@ class G
} }
//Non-quoted = //Non-quoted =
if (($match[1][$r][0] == '=') && (isset($result[$match[2][$r][0]]))) { if (($match[1][$r][0] == '=') && (isset($result[$match[2][$r][0]]))) {
$text = ($applyHtmlEntities && !stringIsValidHtml($result[$match[2][$r][0]])) ? $text = ($applyHtmlEntities && !stringIsValidHtml($result[$match[2][$r][0]]) && $match[2][$r][0] !== '__ABE__') ?
htmlentities(G::unhtmlentities($result[$match[2][$r][0]]), ENT_COMPAT, 'UTF-8') : htmlentities(G::unhtmlentities($result[$match[2][$r][0]]), ENT_COMPAT, 'UTF-8') :
$result[$match[2][$r][0]]; $result[$match[2][$r][0]];
// Replenish the tag <br /> because is valid // Replenish the tag <br /> because is valid
@@ -1820,7 +1820,6 @@ class G
$nrt = array("\n", "\r", "\t"); $nrt = array("\n", "\r", "\t");
$nrthtml = array("(n /)", "(r /)", "(t /)"); $nrthtml = array("(n /)", "(r /)", "(t /)");
$content = G::unhtmlentities($content);
$strContentAux = str_replace($nrt, $nrthtml, $content); $strContentAux = str_replace($nrt, $nrthtml, $content);
$occurrences = preg_match_all('/\@(?:([\>])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*(?:[\\\\][\w\W])?)*)\))((?:\s*\[[\'"]?\w+[\'"]?\])+)?/', $occurrences = preg_match_all('/\@(?:([\>])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*(?:[\\\\][\w\W])?)*)\))((?:\s*\[[\'"]?\w+[\'"]?\])+)?/',

30
tests/unit/gulliver/system/ReplaceDataFieldTest.php
View File

@@ -7,6 +7,7 @@ class ReplaceDataFieldTest extends TestCase
/** /**
* This checks that strings with HTML reserved characters are replaced with entities * This checks that strings with HTML reserved characters are replaced with entities
* @test * @test
* @covers G::replaceDataField
*/ */
public function it_should_replace_entities() public function it_should_replace_entities()
{ {
@@ -90,6 +91,7 @@ class ReplaceDataFieldTest extends TestCase
/** /**
* This checks that strings with HTML reserved characters are NOT replaced with entities * This checks that strings with HTML reserved characters are NOT replaced with entities
* @test * @test
* @covers G::replaceDataField
*/ */
public function it_should_no_replace_entities() public function it_should_no_replace_entities()
{ {
@@ -175,6 +177,7 @@ class ReplaceDataFieldTest extends TestCase
* PS team sometimes build a HTML string to insert in templates (output documents or emails), Ex.- A table to list * PS team sometimes build a HTML string to insert in templates (output documents or emails), Ex.- A table to list
* users or results from a query * users or results from a query
* @test * @test
* @covers G::replaceDataField
*/ */
public function it_should_no_replace_entities_if_exists_valid_html() public function it_should_no_replace_entities_if_exists_valid_html()
{ {
@@ -221,6 +224,7 @@ class ReplaceDataFieldTest extends TestCase
/** /**
* This checks that strings with tag <br /> should not be replaced, because is a valid tag * This checks that strings with tag <br /> should not be replaced, because is a valid tag
* @test * @test
* @covers G::replaceDataField
*/ */
public function it_should_no_replace_tag_br() public function it_should_no_replace_tag_br()
{ {
@@ -241,7 +245,7 @@ test
test"); test");
$valuesToReplace = []; $valuesToReplace = [];
$dbEngine = 'mysql'; // This only affects the way to escape the variables with "@@" prefix $dbEngine = 'mysql'; // This only affects the way to escape the variables with "@@" prefix
$applyEntities = true; // Is true because the string will b used in a output document or a email template $applyEntities = true; // Is true because the string will be used in a output document or a email template
// Replace variables in the string // Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithTagBr, $valuesToReplace, $dbEngine, $applyEntities); $stringToCheck = G::replaceDataField($stringWithTagBr, $valuesToReplace, $dbEngine, $applyEntities);
@@ -249,4 +253,28 @@ test");
// Assertions // Assertions
$this->assertRegExp("/<br \/>/", $stringToCheck); $this->assertRegExp("/<br \/>/", $stringToCheck);
} }
/**
* Check that the value for the System variable "__ABE__" should not be replaced never
* @test
* @covers G::replaceDataField
*/
public function it_should_no_replace_entities_for_var_abe()
{
// Initializing variables to use
$string = "bla @#__ABE__ bla @#anotherVar bla";
$valuesToReplace = [// Add a value for reserved system variable "__ABE__" used in Actions By Email feature
'__ABE__' => 'Java < PHP', // The value for System variable "__ABE__" shouldn't be changed never
'anotherVar' => '.NET < Java' // The value for another variables should be validated/replaced normally
];
$dbEngine = 'mysql'; // This only affects the way to escape the variables with "@@" prefix
$applyEntities = true; // Is true because the string will be used in a output document or a email template
// Replace variables in the string
$stringToCheck = G::replaceDataField($string, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp("/Java < PHP/", $stringToCheck);
$this->assertRegExp("/.NET &lt; Java/", $stringToCheck);
}
} }