[Pkg-owncloud-commits] [php-sabredav] 11/34: Principal could break html output for non-href principals.

David Prévot taffit at moszumanska.debian.org
Wed May 27 13:57:08 UTC 2015


This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to tag 3.0.0-beta1
in repository php-sabredav.

commit 14ec4dd9edf22d95ae18269198184e2b9c48b317
Author: Evert Pot <me at evertpot.com>
Date:   Wed May 20 14:28:16 2015 +0300

    Principal could break html output for non-href principals.
---
 lib/DAVACL/Xml/Property/Principal.php             | 31 ++++++++++++++++
 tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php | 45 +++++++++++++++++++++++
 2 files changed, 76 insertions(+)

diff --git a/lib/DAVACL/Xml/Property/Principal.php b/lib/DAVACL/Xml/Property/Principal.php
index 2a5f5cf..0ff131e 100644
--- a/lib/DAVACL/Xml/Property/Principal.php
+++ b/lib/DAVACL/Xml/Property/Principal.php
@@ -3,6 +3,7 @@
 namespace Sabre\DAVACL\Xml\Property;
 
 use Sabre\DAV;
+use Sabre\DAV\Browser\HtmlOutputHelper;
 use Sabre\DAV\Exception\BadRequest;
 use Sabre\Xml\Reader;
 use Sabre\Xml\Writer;
@@ -123,6 +124,36 @@ class Principal extends DAV\Xml\Property\Href {
     }
 
     /**
+     * Generate html representation for this value.
+     *
+     * The html output is 100% trusted, and no effort is being made to sanitize
+     * it. It's up to the implementor to sanitize user provided values.
+     *
+     * The output must be in UTF-8.
+     *
+     * The baseUri parameter is a url to the root of the application, and can
+     * be used to construct local links.
+     *
+     * @param HtmlOutputHelper $html
+     * @return string
+     */
+    function toHtml(HtmlOutputHelper $html) {
+
+        switch ($this->type) {
+
+            case self::UNAUTHENTICATED :
+                return '<em>unauthenticated</em>';
+            case self::AUTHENTICATED :
+                return '<em>authenticated</em>';
+            case self::HREF :
+                return parent::toHtml($html);
+            case self::ALL :
+                return '<em>all</em>';
+        }
+
+    }
+
+    /**
      * The deserialize method is called during xml parsing.
      *
      * This method is called staticly, this is because in theory this method
diff --git a/tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php b/tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php
index 189d7f4..d201499 100644
--- a/tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php
+++ b/tests/Sabre/DAVACL/Xml/Property/PrincipalTest.php
@@ -3,6 +3,7 @@
 namespace Sabre\DAVACL\Xml\Property;
 
 use Sabre\DAV;
+use Sabre\DAV\Browser\HtmlOutputHelper;
 use Sabre\HTTP;
 use Sabre\Xml\Reader;
 
@@ -143,4 +144,48 @@ class PrincipalTest extends \PHPUnit_Framework_TestCase {
 
     }
 
+    /**
+     * @depends testSimple
+     * @dataProvider htmlProvider
+     */
+    function testToHtml($principal, $output) {
+
+        $html = $principal->toHtml(new HtmlOutputHelper('/',[]));
+
+        $this->assertXmlStringEqualsXmlString(
+            $output,
+            $html
+        );
+
+    }
+
+    /**
+     * Provides data for the html tests
+     *
+     * @return array
+     */
+    function htmlProvider() {
+
+        return [
+            [
+                new Principal(Principal::UNAUTHENTICATED),
+                '<em>unauthenticated</em>',
+            ],
+            [
+                new Principal(Principal::AUTHENTICATED),
+                '<em>authenticated</em>',
+            ],
+            [
+                new Principal(Principal::ALL),
+                '<em>all</em>',
+            ],
+            [
+                new Principal(Principal::HREF, 'principals/admin'),
+                '<a href="/principals/admin/">/principals/admin/</a>',
+            ],
+
+        ];
+
+    }
+
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/php-sabredav.git



More information about the Pkg-owncloud-commits mailing list