[Pkg-owncloud-commits] [php-sabredav] 11/34: Principal could break html output for non-href principals.
David Prévot
taffit at moszumanska.debian.org
Wed May 27 13:57:08 UTC 2015
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to tag 3.0.0-beta1
in repository php-sabredav.
commit 14ec4dd9edf22d95ae18269198184e2b9c48b317
Author: Evert Pot <me at evertpot.com>
Date: Wed May 20 14:28:16 2015 +0300
Principal could break html output for non-href principals.
---
lib/DAVACL/Xml/Property/Principal.php | 31 ++++++++++++++++
tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php | 45 +++++++++++++++++++++++
2 files changed, 76 insertions(+)
diff --git a/lib/DAVACL/Xml/Property/Principal.php b/lib/DAVACL/Xml/Property/Principal.php
index 2a5f5cf..0ff131e 100644
--- a/lib/DAVACL/Xml/Property/Principal.php
+++ b/lib/DAVACL/Xml/Property/Principal.php
@@ -3,6 +3,7 @@
namespace Sabre\DAVACL\Xml\Property;
use Sabre\DAV;
+use Sabre\DAV\Browser\HtmlOutputHelper;
use Sabre\DAV\Exception\BadRequest;
use Sabre\Xml\Reader;
use Sabre\Xml\Writer;
@@ -123,6 +124,36 @@ class Principal extends DAV\Xml\Property\Href {
}
/**
+ * Generate html representation for this value.
+ *
+ * The html output is 100% trusted, and no effort is being made to sanitize
+ * it. It's up to the implementor to sanitize user provided values.
+ *
+ * The output must be in UTF-8.
+ *
+ * The baseUri parameter is a url to the root of the application, and can
+ * be used to construct local links.
+ *
+ * @param HtmlOutputHelper $html
+ * @return string
+ */
+ function toHtml(HtmlOutputHelper $html) {
+
+ switch ($this->type) {
+
+ case self::UNAUTHENTICATED :
+ return '<em>unauthenticated</em>';
+ case self::AUTHENTICATED :
+ return '<em>authenticated</em>';
+ case self::HREF :
+ return parent::toHtml($html);
+ case self::ALL :
+ return '<em>all</em>';
+ }
+
+ }
+
+ /**
* The deserialize method is called during xml parsing.
*
* This method is called staticly, this is because in theory this method
diff --git a/tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php b/tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php
index 189d7f4..d201499 100644
--- a/tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php
+++ b/tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php
@@ -3,6 +3,7 @@
namespace Sabre\DAVACL\Xml\Property;
use Sabre\DAV;
+use Sabre\DAV\Browser\HtmlOutputHelper;
use Sabre\HTTP;
use Sabre\Xml\Reader;
@@ -143,4 +144,48 @@ class PrincipalTest extends \PHPUnit_Framework_TestCase {
}
+ /**
+ * @depends testSimple
+ * @dataProvider htmlProvider
+ */
+ function testToHtml($principal, $output) {
+
+ $html = $principal->toHtml(new HtmlOutputHelper('/',[]));
+
+ $this->assertXmlStringEqualsXmlString(
+ $output,
+ $html
+ );
+
+ }
+
+ /**
+ * Provides data for the html tests
+ *
+ * @return array
+ */
+ function htmlProvider() {
+
+ return [
+ [
+ new Principal(Principal::UNAUTHENTICATED),
+ '<em>unauthenticated</em>',
+ ],
+ [
+ new Principal(Principal::AUTHENTICATED),
+ '<em>authenticated</em>',
+ ],
+ [
+ new Principal(Principal::ALL),
+ '<em>all</em>',
+ ],
+ [
+ new Principal(Principal::HREF, 'principals/admin'),
+ '<a href="/principals/admin/">/principals/admin/</a>',
+ ],
+
+ ];
+
+ }
+
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/php-sabredav.git
More information about the Pkg-owncloud-commits
mailing list