[MediaWiki-commits] [Gerrit] Avoid 'Potentially unsafe "href" attribute value' exceptions... - change (oojs/ui)

jenkins-bot (Code Review) Wed, 03 Jun 2015 13:24:43 -0700

jenkins-bot has submitted this change and it was merged.

Change subject: Avoid 'Potentially unsafe "href" attribute value' exceptions 
for more URLs
......................................................................



Avoid 'Potentially unsafe "href" attribute value' exceptions for more URLs

Follow-up to 9ff89da79131e17b04827aac878645fa3bbad3e2. That change
accidentally disallowed 'null' scheme, which is generated for some
relative links. This broke the PHP demo.

Change-Id: I931255032724539a624b9dbf3b7e67b972808c13
---
M php/Tag.php
M tests/phpunit/TagTest.php
2 files changed, 15 insertions(+), 4 deletions(-)

Approvals:
  Alex Monk: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/php/Tag.php b/php/Tag.php
index 4ec88cc..3d3ad6f 100644
--- a/php/Tag.php
+++ b/php/Tag.php
@@ -310,7 +310,7 @@
                                        // @codingStandardsIgnoreStart
                                        $scheme = @parse_url( $value, 
PHP_URL_SCHEME );
                                        // @codingStandardsIgnoreEnd
-                                       if ( !$scheme && substr( $value, 0, 1 ) 
=== '/' ) {
+                                       if ( $scheme === null || ( !$scheme && 
substr( $value, 0, 1 ) === '/' ) ) {
                                                $scheme = '(relative)';
                                        }
                                }
diff --git a/tests/phpunit/TagTest.php b/tests/phpunit/TagTest.php
index 5301cde..d4e9cbd 100644
--- a/tests/phpunit/TagTest.php
+++ b/tests/phpunit/TagTest.php
@@ -101,9 +101,8 @@
                        'Exception'
                );
                $tests[] = array(
-                       id( new Tag( 'a' ) )->setAttributes( array( 'href' => 
'vague' ) ),
-                       '',
-                       'Exception'
+                       id( new Tag( 'a' ) )->setAttributes( array( 'href' => 
'relative.html' ) ),
+                       "<a href='relative.html'></a>"
                );
                $tests[] = array(
                        id( new Tag( 'a' ) )->setAttributes( array( 'href' => 
'http://example.com/' ) ),
@@ -118,6 +117,18 @@
                        "<a href='/'></a>"
                );
                $tests[] = array(
+                       id( new Tag( 'a' ) )->setAttributes( array( 'href' => 
'..' ) ),
+                       "<a href='..'></a>"
+               );
+               $tests[] = array(
+                       id( new Tag( 'a' ) )->setAttributes( array( 'href' => 
'?foo=bar' ) ),
+                       "<a href='?foo=bar'></a>"
+               );
+               $tests[] = array(
+                       id( new Tag( 'a' ) )->setAttributes( array( 'href' => 
'#top' ) ),
+                       "<a href='#top'></a>"
+               );
+               $tests[] = array(
                        id( new Tag( 'a' ) )->setAttributes( array( 'href' => 
'/relative' ) ),
                        "<a href='/relative'></a>"
                );

-- 
To view, visit https://gerrit.wikimedia.org/r/215713
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I931255032724539a624b9dbf3b7e67b972808c13
Gerrit-PatchSet: 2
Gerrit-Project: oojs/ui
Gerrit-Branch: master
Gerrit-Owner: Bartosz Dziewoński <matma....@gmail.com>
Gerrit-Reviewer: Alex Monk <kren...@gmail.com>
Gerrit-Reviewer: Jforrester <jforres...@wikimedia.org>
Gerrit-Reviewer: Trevor Parscal <tpars...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Avoid 'Potentially unsafe "href" attribute value' exceptions... - change (oojs/ui)

Reply via email to