Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #788114 by quicksketch, David_Rothstein, sun, Wim Leers: Unprivileged users should only get one text format by default.

8.0.x
webchick 2013-03-04 22:45:18 -05:00
parent 4d18e2965b
commit b9a4e9b7ab
11 changed files with 83 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/modules/block/lib/Drupal/block/Tests/BlockTest.php
View File

@ -35,6 +35,12 @@ class BlockTest extends WebTestBase {
// Use the test page as the front page.
config('system.site')->set('page.front', 'test-page')->save();
// Create Filtered HTML text format.
$filtered_html_format = entity_create('filter_format', array(
'format' => 'filtered_html',
'name' => 'Filtered HTML',
));
$filtered_html_format->save();
// Create Full HTML text format.
$full_html_format = entity_create('filter_format', array(
'format' => 'full_html',
@ -47,6 +53,7 @@ class BlockTest extends WebTestBase {
// text format.
$this->adminUser = $this->drupalCreateUser(array(
'administer blocks',
filter_permission_name($filtered_html_format),
filter_permission_name($full_html_format),
'access administration pages',
));

12
core/modules/ckeditor/lib/Drupal/ckeditor/Tests/CKEditorLoadingTest.php
View File

@ -46,6 +46,16 @@ class CKEditorLoadingTest extends WebTestBase {
));
$editor->save();
// Create a second format without an associated editor so a drop down select
// list is created when selecting formats.
$full_html_format = entity_create('filter_format', array(
'format' => 'full_html',
'name' => 'Full HTML',
'weight' => 1,
'filters' => array(),
));
$full_html_format->save();
// Create node type.
$this->drupalCreateContentType(array(
'type' => 'article',
@ -56,7 +66,7 @@ class CKEditorLoadingTest extends WebTestBase {
// - "untrusted": plain_text
// - "normal": plain_text, filtered_html
$this->untrusted_user = $this->drupalCreateUser(array('create article content', 'edit any article content'));
$this->normal_user = $this->drupalCreateUser(array('create article content', 'edit any article content', 'use text format filtered_html'));
$this->normal_user = $this->drupalCreateUser(array('create article content', 'edit any article content', 'use text format filtered_html', 'use text format full_html'));
}
/**

1
core/modules/comment/lib/Drupal/comment/Tests/CommentPreviewTest.php
View File

@ -48,7 +48,6 @@ class CommentPreviewTest extends CommentTestBase {
config('user.settings')->set('signatures', 1)->save();
$test_signature = $this->randomName();
$edit['signature[value]'] = '<a href="http://example.com/">' . $test_signature. '</a>';
$edit['signature[format]'] = 'filtered_html';
$image = current($this->drupalGetTestFiles('image'));
$edit['files[user_picture_und_0]'] = drupal_realpath($image->uri);
$this->drupalPost('user/' . $this->web_user->uid . '/edit', $edit, t('Save'));

7
core/modules/editor/lib/Drupal/editor/Tests/EditorLoadingTest.php
View File

@ -83,14 +83,11 @@ class EditorLoadingTest extends WebTestBase {
$this->assertFalse($editor_settings_present, 'No Text Editor module settings.');
$this->assertFalse($editor_js_present, 'No Text Editor JavaScript.');
$this->assertTrue(count($body) === 1, 'A body field exists.');
$this->assertTrue(count($format_selector) === 1, 'A single text format selector exists on the page.');
$specific_format_selector = $this->xpath('//select[contains(@class, "filter-list") and not(contains(@class, "editor")) and not(@data-editor-for="edit-body-und-0-value")]');
$this->assertTrue(count($specific_format_selector) === 1, 'A single text format selector exists on the page and does not have the "editor" class nor a "data-editor-for" attribute.');
$this->assertTrue(count($format_selector) === 0, 'No text format selector exists on the page because the user only has access to a single format.');
$this->drupalLogout($this->normal_user);
// The normal user:
// - has access to 3 text formats;
// - has access to 2 text formats (and the fallback format);
// - does have access to the full_html text format, so: Unicorn text editor.
$this->drupalLogin($this->privileged_user);
$this->drupalGet('node/add/article');

1
core/modules/filter/config/filter.settings.yml
View File

@ -1 +1,2 @@
fallback_format: plain_text
always_show_fallback_choice: false

7
core/modules/filter/filter.admin.inc
View File

@ -39,7 +39,12 @@ function filter_admin_overview($form) {
$form['formats'][$id]['#is_fallback'] = ($id == $fallback_format);
if ($form['formats'][$id]['#is_fallback']) {
$form['formats'][$id]['name'] = array('#markup' => drupal_placeholder($format->name));
$roles_markup = drupal_placeholder(t('All roles may use this format'));
if (config('filter.settings')->get('always_show_fallback_choice')) {
$roles_markup = drupal_placeholder(t('All roles may use this format'));
}
else {
$roles_markup = drupal_placeholder(t('This format is shown when no other formats are available'));
}
}
else {
$form['formats'][$id]['name'] = array('#markup' => check_plain($format->name));

26
core/modules/filter/filter.module
View File

@ -868,7 +868,6 @@ function filter_process_format($element) {
$element['value'] += element_info($element['#base_type']);
// Turn original element into a text format wrapper.
$path = drupal_get_path('module', 'filter');
$element['#attached']['library'][] = array('filter', 'drupal.filter');
// Setup child container for the text format widget.
@ -877,14 +876,30 @@ function filter_process_format($element) {
'#attributes' => array('class' => array('filter-wrapper')),
);
// Get a list of formats that the current user has access to.
$formats = filter_formats($user);
// Use the default format for this user if none was selected.
if (!isset($element['#format'])) {
$element['#format'] = filter_default_format($user);
}
// If multiple text formats are available, remove the fallback. The
// "always_show_fallback_choice" is a hidden variable that has no UI. It
// defaults to false.
if (!config('filter.settings')->get('always_show_fallback_choice')) {
$fallback_format = filter_fallback_format();
if ($element['#format'] !== $fallback_format && count($formats) > 1) {
unset($formats[$fallback_format]);
}
}
// Prepare text format guidelines.
$element['format']['guidelines'] = array(
'#type' => 'container',
'#attributes' => array('class' => array('filter-guidelines')),
'#weight' => 20,
);
// Get a list of formats that the current user has access to.
$formats = filter_formats($user);
foreach ($formats as $format) {
$options[$format->format] = $format->name;
$element['format']['guidelines'][$format->format] = array(
@ -893,11 +908,6 @@ function filter_process_format($element) {
);
}
// Use the default format for this user if none was selected.
if (!isset($element['#format'])) {
$element['#format'] = filter_default_format($user);
}
$element['format']['format'] = array(
'#type' => 'select',
'#title' => t('Text format'),

8
core/modules/filter/lib/Drupal/filter/Tests/FilterAdminTest.php
View File

@ -236,11 +236,19 @@ class FilterAdminTest extends WebTestBase {
$this->assertRaw($body . $extra_text, 'Filter removed invalid tag.');
// Use plain text and see if it escapes all tags, whether allowed or not.
// In order to test plain text, we have to enable the hidden variable for
// "show_fallback_format", which displays plain text in the format list.
config('filter.settings')
->set('always_show_fallback_choice', TRUE)
->save();
$edit = array();
$edit["body[$langcode][0][format]"] = $plain;
$this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
$this->drupalGet('node/' . $node->nid);
$this->assertText(check_plain($text), 'The "Plain text" text format escapes all HTML tags.');
config('filter.settings')
->set('always_show_fallback_choice', FALSE)
->save();
// Switch user.
$this->drupalLogout();

26
core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php
View File

@ -41,6 +41,13 @@ class FilterFormatAccessTest extends WebTestBase {
*/
protected $allowed_format;
/**
* An object representing a secondary allowed text format.
*
* @var object
*/
protected $second_allowed_format;
/**
* An object representing a disallowed text format.
*
@ -69,10 +76,11 @@ class FilterFormatAccessTest extends WebTestBase {
'edit any page content',
));
// Create two text formats.
// Create three text formats. Two text formats are created for all users so
// that the drop-down list appears for all tests.
$this->drupalLogin($this->filter_admin_user);
$formats = array();
for ($i = 0; $i < 2; $i++) {
for ($i = 0; $i < 3; $i++) {
$edit = array(
'format' => drupal_strtolower($this->randomName()),
'name' => $this->randomName(),
@ -81,22 +89,24 @@ class FilterFormatAccessTest extends WebTestBase {
$this->resetFilterCaches();
$formats[] = filter_format_load($edit['format']);
}
list($this->allowed_format, $this->disallowed_format) = $formats;
list($this->allowed_format, $this->second_allowed_format, $this->disallowed_format) = $formats;
$this->drupalLogout();
// Create a regular user with access to one of the formats.
// Create a regular user with access to two of the formats.
$this->web_user = $this->drupalCreateUser(array(
'create page content',
'edit any page content',
filter_permission_name($this->allowed_format),
filter_permission_name($this->second_allowed_format),
));
// Create an administrative user who has access to use both formats.
// Create an administrative user who has access to use all three formats.
$this->admin_user = $this->drupalCreateUser(array(
'administer filters',
'create page content',
'edit any page content',
filter_permission_name($this->allowed_format),
filter_permission_name($this->second_allowed_format),
filter_permission_name($this->disallowed_format),
));
}
@ -105,8 +115,8 @@ class FilterFormatAccessTest extends WebTestBase {
* Tests the Filter format access permissions functionality.
*/
function testFormatPermissions() {
// Make sure that a regular user only has access to the text format they
// were granted access to, as well to the fallback format.
// Make sure that a regular user only has access to the text formats for
// which they were granted access.
$this->assertTrue(filter_access($this->allowed_format, $this->web_user), 'A regular user has access to a text format they were granted access to.');
$this->assertFalse(filter_access($this->disallowed_format, $this->web_user), 'A regular user does not have access to a text format they were not granted access to.');
$this->assertTrue(filter_access(filter_format_load(filter_fallback_format()), $this->web_user), 'A regular user has access to the fallback format.');
@ -137,7 +147,7 @@ class FilterFormatAccessTest extends WebTestBase {
}
$this->assertTrue(isset($options[$this->allowed_format->format]), 'The allowed text format appears as an option when adding a new node.');
$this->assertFalse(isset($options[$this->disallowed_format->format]), 'The disallowed text format does not appear as an option when adding a new node.');
$this->assertTrue(isset($options[filter_fallback_format()]), 'The fallback format appears as an option when adding a new node.');
$this->assertFalse(isset($options[filter_fallback_format()]), 'The fallback format does not appear as an option when adding a new node.');
// Check regular user access to the filter tips pages.
$this->drupalGet('filter/tips/' . $this->allowed_format->format);

2
core/modules/search/lib/Drupal/search/Tests/SearchCommentCountToggleTest.php
View File

@ -59,8 +59,6 @@ class SearchCommentCountToggleTest extends SearchTestBase {
$edit_comment = array();
$edit_comment['subject'] = $this->randomName();
$edit_comment['comment_body[' . LANGUAGE_NOT_SPECIFIED . '][0][value]'] = $this->randomName();
$filtered_html_format_id = 'filtered_html';
$edit_comment['comment_body[' . LANGUAGE_NOT_SPECIFIED . '][0][format]'] = $filtered_html_format_id;
// Post comment to the test node with comment
$this->drupalPost('comment/reply/' . $this->searchable_nodes['1 comment']->nid, $edit_comment, t('Save'));

18
core/modules/user/lib/Drupal/user/Tests/UserSignatureTest.php
View File

@ -39,11 +39,19 @@ class UserSignatureTest extends WebTestBase {
$this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page'));
// Prefetch and create text formats.
$this->plain_text_format = filter_format_load('plain_text');
$this->filtered_html_format = entity_create('filter_format', array(
'format' => 'filtered_html',
'format' => 'filtered_html_format',
'name' => 'Filtered HTML',
'weight' => -1,
'filters' => array(
'filter_html' => array(
'module' => 'filter',
'status' => '1',
'settings' => array(
'allowed_html' => '<a> <em> <strong>',
),
),
),
));
$this->filtered_html_format->save();
@ -85,13 +93,11 @@ class UserSignatureTest extends WebTestBase {
$signature_text = "<h1>" . $this->randomName() . "</h1>";
$edit = array(
'signature[value]' => $signature_text,
'signature[format]' => $this->plain_text_format->format,
);
$this->drupalPost('user/' . $this->web_user->uid . '/edit', $edit, t('Save'));
// Verify that values were stored.
$this->assertFieldByName('signature[value]', $edit['signature[value]'], 'Submitted signature text found.');
$this->assertFieldByName('signature[format]', $edit['signature[format]'], 'Submitted signature format found.');
// Create a comment.
$langcode = LANGUAGE_NOT_SPECIFIED;
@ -115,6 +121,6 @@ class UserSignatureTest extends WebTestBase {
// Assert that the signature did not make it through unfiltered.
$this->drupalGet('node/' . $node->nid);
$this->assertNoRaw($signature_text, 'Unfiltered signature text not found.');
$this->assertRaw(check_markup($signature_text, $this->plain_text_format->format), 'Filtered signature text found.');
$this->assertRaw(check_markup($signature_text, $this->filtered_html_format->format), 'Filtered signature text found.');
}
}