Halaman utama Jelajahi Bantuan
Masuk
boarspring
/
repo_zf1
cermin dari https://github.com/bluescreen/zf1-php7.2.git
2
0
Fork 1
Berkas Masalah 0 Wiki
Jelajahi Sumber

ZF-2606
values are run through htmlspecialchars() in __set()
also fixed some problem with setting namespaced attributes

git-svn-id: http://framework.zend.com/svn/framework/standard/trunk@18567 44c647ce-9c0f-0410-b52a-842ac1e357ba

sgehrig 16 tahun lalu
induk
19b020a21d
melakukan
30280e8a93
2 mengubah file dengan 86 tambahan dan 3 penghapusan
Unified View Tampilkan Statistik Diff
  1. 6 3
      library/Zend/Feed/Element.php
  2. 80 0
      tests/Zend/Feed/ElementTest.php

+ 6 - 3
library/Zend/Feed/Element.php
Tampilan Berkas 

@@ -204,10 +204,12 @@ class Zend_Feed_Element implements ArrayAccess
 
         if (!$nodes) {
 
         if (!$nodes) {
 
             if (strpos($var, ':') !== false) {
 
             if (strpos($var, ':') !== false) {
 
                 list($ns, $elt) = explode(':', $var, 2);
 
                 list($ns, $elt) = explode(':', $var, 2);
 
-                $node = $this->_element->ownerDocument->createElementNS(Zend_Feed::lookupNamespace($ns), $var, $val);
 
+                $node = $this->_element->ownerDocument->createElementNS(Zend_Feed::lookupNamespace($ns),
 
+                    $var, htmlspecialchars($val, ENT_NOQUOTES, 'UTF-8'));
 
                 $this->_element->appendChild($node);
 
                 $this->_element->appendChild($node);
 
             } else {
 
             } else {
 
-                $node = $this->_element->ownerDocument->createElement($var, $val);
 
+                $node = $this->_element->ownerDocument->createElement($var,
 
+                    htmlspecialchars($val, ENT_NOQUOTES, 'UTF-8'));
 
                 $this->_element->appendChild($node);
 
                 $this->_element->appendChild($node);
 
             }
 
             }
 
         } elseif (count($nodes) > 1) {
 
         } elseif (count($nodes) > 1) {
 
@@ -382,7 +384,8 @@ class Zend_Feed_Element implements ArrayAccess
 
 
 
         if (strpos($offset, ':') !== false) {
 
         if (strpos($offset, ':') !== false) {
 
             list($ns, $attr) = explode(':', $offset, 2);
 
             list($ns, $attr) = explode(':', $offset, 2);
 
-            return $this->_element->setAttributeNS(Zend_Feed::lookupNamespace($ns), $attr, $value);
 
+            // DOMElement::setAttributeNS() requires $qualifiedName to have a prefix
 
+            return $this->_element->setAttributeNS(Zend_Feed::lookupNamespace($ns), $offset, $value);
 
         } else {
 
         } else {
 
             return $this->_element->setAttribute($offset, $value);
 
             return $this->_element->setAttribute($offset, $value);
 
         }
 
         }

+ 80 - 0
tests/Zend/Feed/ElementTest.php
Tampilan Berkas 

@@ -87,4 +87,84 @@ class Zend_Feed_ElementTest extends PHPUnit_Framework_TestCase
 
         $this->assertFalse(is_string($entry->summary), '__get access should not return a string');
 
         $this->assertFalse(is_string($entry->summary), '__get access should not return a string');
 
     }
 
     }
 
 
 
+    public function testSetNamespacedAttributes()
 
+    {
 
+        $value = 'value';
 
+
 
+        $e = new Zend_Feed_Entry_Atom();
 
+        $e->test['attr']            = $value;
 
+        $e->test['namespace1:attr'] = $value;
 
+        $e->test['namespace2:attr'] = $value;
 
+
 
+        $this->assertEquals($value, $e->test['attr']);
 
+        $this->assertEquals($value, $e->test['namespace1:attr']);
 
+        $this->assertEquals($value, $e->test['namespace2:attr']);
 
+    }
 
+
 
+    public function testUnsetNamespacedAttributes()
 
+    {
 
+        $value = 'value';
 
+
 
+        $e = new Zend_Feed_Entry_Atom();
 
+        $e->test['attr']            = $value;
 
+        $e->test['namespace1:attr'] = $value;
 
+        $e->test['namespace2:attr'] = $value;
 
+
 
+        $this->assertEquals($value, $e->test['attr']);
 
+        $this->assertEquals($value, $e->test['namespace1:attr']);
 
+        $this->assertEquals($value, $e->test['namespace2:attr']);
 
+
 
+        unset($e->test['attr']);
 
+        unset($e->test['namespace1:attr']);
 
+        unset($e->test['namespace2:attr']);
 
+
 
+        $this->assertEquals('', $e->test['attr']);
 
+        $this->assertEquals('', $e->test['namespace1:attr']);
 
+        $this->assertEquals('', $e->test['namespace1:attr']);
 
+    }
 
+
 
+    /**
 
+     * @group ZF-2606
 
+     */
 
+    public function testValuesWithXmlSpecialChars()
 
+    {
 
+        $testAmp = '&';
 
+        $testLt  = '<';
 
+        $testGt  = '>';
 
+
 
+        $e = new Zend_Feed_Entry_Atom();
 
+        $e->testAmp           = $testAmp;
 
+        $e->{'namespace1:lt'} = $testLt;
 
+        $e->{'namespace1:gt'} = $testGt;
 
+
 
+        $this->assertEquals($testAmp, $e->testAmp());
 
+        $this->assertEquals($testLt, $e->{'namespace1:lt'}());
 
+        $this->assertEquals($testGt, $e->{'namespace1:gt'}());
 
+    }
 
+
 
+    /**
 
+     * @group ZF-2606
 
+     */
 
+    public function testAttributesWithXmlSpecialChars()
 
+    {
 
+        $testAmp   = '&';
 
+        $testLt    = '<';
 
+        $testGt    = '>';
 
+        $testQuot  = '"';
 
+        $testSquot = "'";
 
+
 
+        $e = new Zend_Feed_Entry_Atom();
 
+        $e->test['amp']              = $testAmp;
 
+        $e->test['namespace1:lt']    = $testLt;
 
+        $e->test['namespace1:gt']    = $testGt;
 
+        $e->test['namespace1:quot']  = $testQuot;
 
+        $e->test['namespace1:squot'] = $testSquot;
 
+
 
+        $this->assertEquals($testAmp, $e->test['amp']);
 
+        $this->assertEquals($testLt, $e->test['namespace1:lt']);
 
+        $this->assertEquals($testGt, $e->test['namespace1:gt']);
 
+        $this->assertEquals($testQuot, $e->test['namespace1:quot']);
 
+        $this->assertEquals($testSquot, $e->test['namespace1:squot']);
 
+    }
 
+
 
 }
 
 }