opensourcemirror
/
dokuwiki
mirror of https://github.com/splitbrain/dokuwiki.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fix slash regression in toolbar signature #3045

This commit is contained in:
Phy 2020-04-13 22:43:02 -04:00
parent bcd45606b7
commit 462a3baef9
No known key found for this signature in database
GPG Key ID: D475AA55A8144239
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
_test/tests/inc/toolbar.test.php Normal file
View File

@ -0,0 +1,20 @@
<?php
class toolbar_test extends DokuWikiTest {
function test_encode_toolbar_signature() {
global $conf, $INFO, $INPUT;
$conf['signature'] = '" --- \\\\n //[[@MAIL@|@NAME@]] (@USER@) @DATE@//"';
$_SERVER['REMOTE_USER'] = 'john';
$INFO['userinfo']['name'] = '/*!]]>*/</script><script>alert("\123\")</script>';
$INFO['userinfo']['mail'] = 'example@example.org';
$date = str_replace('/', '\/', dformat());
$expected = '"\" --- \\\n \/\/[[example@example.org|\/*!]]>*\/<\/script><script>'.
'alert(\"\\\\123\\\\\\")<\/script>]] (john) '.$date.'\/\/\""';
$this->assertEquals($expected, toolbar_signature());
}
}

2
inc/toolbar.php
View File

@ -270,7 +270,7 @@ function toolbar_signature(){
$sig = str_replace('@NAME@',$INFO['userinfo']['name'],$sig);
$sig = str_replace('@MAIL@',$INFO['userinfo']['mail'],$sig);
$sig = str_replace('@DATE@',dformat(),$sig);
$sig = str_replace('\\\\n','\\n',addslashes($sig));
$sig = str_replace('\\\\n','\\n',$sig);
return json_encode($sig);
}