Author: Kris.Wallsmith
Date: 2010-02-08 16:07:33 +0100 (Mon, 08 Feb 2010)
New Revision: 27738
Modified:
branches/1.3/lib/widget/sfWidgetFormSelectCheckbox.class.php
branches/1.3/lib/widget/sfWidgetFormSelectRadio.class.php
branches/1.3/test/unit/widget/sfWidgetFormSelectCheckboxTest.php
branches/1.3/test/unit/widget/sfWidgetFormSelectRadioTest.php
branches/1.4/lib/widget/sfWidgetFormSelectCheckbox.class.php
branches/1.4/lib/widget/sfWidgetFormSelectRadio.class.php
branches/1.4/test/unit/widget/sfWidgetFormSelectCheckboxTest.php
branches/1.4/test/unit/widget/sfWidgetFormSelectRadioTest.php
Log:
[1.3, 1.4] fixed XSS hole in select checkbox and radio widgets (closes #8176)
Modified: branches/1.3/lib/widget/sfWidgetFormSelectCheckbox.class.php
===================================================================
--- branches/1.3/lib/widget/sfWidgetFormSelectCheckbox.class.php
2010-02-08 15:07:08 UTC (rev 27737)
+++ branches/1.3/lib/widget/sfWidgetFormSelectCheckbox.class.php
2010-02-08 15:07:33 UTC (rev 27738)
@@ -106,7 +106,7 @@
$inputs[$id] = array(
'input' => $this->renderTag('input', array_merge($baseAttributes,
$attributes)),
- 'label' => $this->renderContentTag('label', $option, array('for' =>
$id)),
+ 'label' => $this->renderContentTag('label', self::escapeOnce($option),
array('for' => $id)),
);
}
Modified: branches/1.3/lib/widget/sfWidgetFormSelectRadio.class.php
===================================================================
--- branches/1.3/lib/widget/sfWidgetFormSelectRadio.class.php 2010-02-08
15:07:08 UTC (rev 27737)
+++ branches/1.3/lib/widget/sfWidgetFormSelectRadio.class.php 2010-02-08
15:07:33 UTC (rev 27738)
@@ -101,7 +101,7 @@
$inputs[$id] = array(
'input' => $this->renderTag('input', array_merge($baseAttributes,
$attributes)),
- 'label' => $this->renderContentTag('label', $option, array('for' =>
$id)),
+ 'label' => $this->renderContentTag('label', self::escapeOnce($option),
array('for' => $id)),
);
}
Modified: branches/1.3/test/unit/widget/sfWidgetFormSelectCheckboxTest.php
===================================================================
--- branches/1.3/test/unit/widget/sfWidgetFormSelectCheckboxTest.php
2010-02-08 15:07:08 UTC (rev 27737)
+++ branches/1.3/test/unit/widget/sfWidgetFormSelectCheckboxTest.php
2010-02-08 15:07:33 UTC (rev 27738)
@@ -20,7 +20,7 @@
}
}
-$t = new lime_test(12);
+$t = new lime_test(13);
$dom = new DomDocument('1.0', 'utf-8');
$dom->validateOnParse = true;
@@ -113,6 +113,12 @@
'</ul>';
$t->is($w->render('foo'), $output, '->render() translates the options');
+// choices are escaped
+$t->diag('choices are escaped');
+
+$w = new sfWidgetFormSelectCheckbox(array('choices' => array('<b>Hello
world</b>')));
+$t->is($w->render('foo'), '<ul class="checkbox_list"><li><input name="foo[]"
type="checkbox" value="0" id="foo_0" /> <label for="foo_0"><b>Hello
world</b></label></li></ul>', '->render() escapes the choices');
+
// __clone()
$t->diag('__clone()');
$w = new sfWidgetFormSelectCheckbox(array('choices' => new
sfCallable(array($w, 'foo'))));
Modified: branches/1.3/test/unit/widget/sfWidgetFormSelectRadioTest.php
===================================================================
--- branches/1.3/test/unit/widget/sfWidgetFormSelectRadioTest.php
2010-02-08 15:07:08 UTC (rev 27737)
+++ branches/1.3/test/unit/widget/sfWidgetFormSelectRadioTest.php
2010-02-08 15:07:33 UTC (rev 27738)
@@ -20,7 +20,7 @@
}
}
-$t = new lime_test(11);
+$t = new lime_test(12);
$dom = new DomDocument('1.0', 'utf-8');
$dom->validateOnParse = true;
@@ -106,6 +106,12 @@
'</ul>';
$t->is($w->render('foo'), $output, '->render() translates the options');
+// choices as escaped
+$t->diag('choices are escaped');
+
+$w = new sfWidgetFormSelectRadio(array('choices' => array('<b>Hello
world</b>')));
+$t->is($w->render('foo'), '<ul class="radio_list"><li><input name="foo"
type="radio" value="0" id="foo_0" /> <label for="foo_0"><b>Hello
world</b></label></li></ul>', '->render() escapes the choices');
+
// __clone()
$t->diag('__clone()');
$w = new sfWidgetFormSelectRadio(array('choices' => new sfCallable(array($w,
'foo'))));
Modified: branches/1.4/lib/widget/sfWidgetFormSelectCheckbox.class.php
===================================================================
--- branches/1.4/lib/widget/sfWidgetFormSelectCheckbox.class.php
2010-02-08 15:07:08 UTC (rev 27737)
+++ branches/1.4/lib/widget/sfWidgetFormSelectCheckbox.class.php
2010-02-08 15:07:33 UTC (rev 27738)
@@ -107,7 +107,7 @@
$inputs[$id] = array(
'input' => $this->renderTag('input', array_merge($baseAttributes,
$attributes)),
- 'label' => $this->renderContentTag('label', $option, array('for' =>
$id)),
+ 'label' => $this->renderContentTag('label', self::escapeOnce($option),
array('for' => $id)),
);
}
Modified: branches/1.4/lib/widget/sfWidgetFormSelectRadio.class.php
===================================================================
--- branches/1.4/lib/widget/sfWidgetFormSelectRadio.class.php 2010-02-08
15:07:08 UTC (rev 27737)
+++ branches/1.4/lib/widget/sfWidgetFormSelectRadio.class.php 2010-02-08
15:07:33 UTC (rev 27738)
@@ -102,7 +102,7 @@
$inputs[$id] = array(
'input' => $this->renderTag('input', array_merge($baseAttributes,
$attributes)),
- 'label' => $this->renderContentTag('label', $option, array('for' =>
$id)),
+ 'label' => $this->renderContentTag('label', self::escapeOnce($option),
array('for' => $id)),
);
}
Modified: branches/1.4/test/unit/widget/sfWidgetFormSelectCheckboxTest.php
===================================================================
--- branches/1.4/test/unit/widget/sfWidgetFormSelectCheckboxTest.php
2010-02-08 15:07:08 UTC (rev 27737)
+++ branches/1.4/test/unit/widget/sfWidgetFormSelectCheckboxTest.php
2010-02-08 15:07:33 UTC (rev 27738)
@@ -20,7 +20,7 @@
}
}
-$t = new lime_test(12);
+$t = new lime_test(13);
$dom = new DomDocument('1.0', 'utf-8');
$dom->validateOnParse = true;
@@ -113,6 +113,12 @@
'</ul>';
$t->is($w->render('foo'), $output, '->render() translates the options');
+// choices are escaped
+$t->diag('choices are escaped');
+
+$w = new sfWidgetFormSelectCheckbox(array('choices' => array('<b>Hello
world</b>')));
+$t->is($w->render('foo'), '<ul class="checkbox_list"><li><input name="foo[]"
type="checkbox" value="0" id="foo_0" /> <label for="foo_0"><b>Hello
world</b></label></li></ul>', '->render() escapes the choices');
+
// __clone()
$t->diag('__clone()');
$w = new sfWidgetFormSelectCheckbox(array('choices' => new
sfCallable(array($w, 'foo'))));
Modified: branches/1.4/test/unit/widget/sfWidgetFormSelectRadioTest.php
===================================================================
--- branches/1.4/test/unit/widget/sfWidgetFormSelectRadioTest.php
2010-02-08 15:07:08 UTC (rev 27737)
+++ branches/1.4/test/unit/widget/sfWidgetFormSelectRadioTest.php
2010-02-08 15:07:33 UTC (rev 27738)
@@ -20,7 +20,7 @@
}
}
-$t = new lime_test(11);
+$t = new lime_test(12);
$dom = new DomDocument('1.0', 'utf-8');
$dom->validateOnParse = true;
@@ -106,6 +106,12 @@
'</ul>';
$t->is($w->render('foo'), $output, '->render() translates the options');
+// choices as escaped
+$t->diag('choices are escaped');
+
+$w = new sfWidgetFormSelectRadio(array('choices' => array('<b>Hello
world</b>')));
+$t->is($w->render('foo'), '<ul class="radio_list"><li><input name="foo"
type="radio" value="0" id="foo_0" /> <label for="foo_0"><b>Hello
world</b></label></li></ul>', '->render() escapes the choices');
+
// __clone()
$t->diag('__clone()');
$w = new sfWidgetFormSelectRadio(array('choices' => new sfCallable(array($w,
'foo'))));
--
You received this message because you are subscribed to the Google Groups
"symfony SVN" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/symfony-svn?hl=en.
