From b9a4e9b7abd4e69cb735294d42a97b0fe7910e0c Mon Sep 17 00:00:00 2001 From: webchick Date: Mon, 4 Mar 2013 22:45:18 -0500 Subject: [PATCH] Issue #788114 by quicksketch, David_Rothstein, sun, Wim Leers: Unprivileged users should only get one text format by default. --- .../lib/Drupal/block/Tests/BlockTest.php | 7 +++++ .../ckeditor/Tests/CKEditorLoadingTest.php | 12 ++++++++- .../comment/Tests/CommentPreviewTest.php | 1 - .../Drupal/editor/Tests/EditorLoadingTest.php | 7 ++--- .../modules/filter/config/filter.settings.yml | 1 + core/modules/filter/filter.admin.inc | 7 ++++- core/modules/filter/filter.module | 26 +++++++++++++------ .../Drupal/filter/Tests/FilterAdminTest.php | 8 ++++++ .../filter/Tests/FilterFormatAccessTest.php | 26 +++++++++++++------ .../Tests/SearchCommentCountToggleTest.php | 2 -- .../Drupal/user/Tests/UserSignatureTest.php | 18 ++++++++----- 11 files changed, 83 insertions(+), 32 deletions(-) diff --git a/core/modules/block/lib/Drupal/block/Tests/BlockTest.php b/core/modules/block/lib/Drupal/block/Tests/BlockTest.php index 60be7788999..e9c5f18d2fa 100644 --- a/core/modules/block/lib/Drupal/block/Tests/BlockTest.php +++ b/core/modules/block/lib/Drupal/block/Tests/BlockTest.php @@ -35,6 +35,12 @@ class BlockTest extends WebTestBase { // Use the test page as the front page. config('system.site')->set('page.front', 'test-page')->save(); + // Create Filtered HTML text format. + $filtered_html_format = entity_create('filter_format', array( + 'format' => 'filtered_html', + 'name' => 'Filtered HTML', + )); + $filtered_html_format->save(); // Create Full HTML text format. $full_html_format = entity_create('filter_format', array( 'format' => 'full_html', @@ -47,6 +53,7 @@ class BlockTest extends WebTestBase { // text format. $this->adminUser = $this->drupalCreateUser(array( 'administer blocks', + filter_permission_name($filtered_html_format), filter_permission_name($full_html_format), 'access administration pages', )); diff --git a/core/modules/ckeditor/lib/Drupal/ckeditor/Tests/CKEditorLoadingTest.php b/core/modules/ckeditor/lib/Drupal/ckeditor/Tests/CKEditorLoadingTest.php index 308906aec62..63a816fdc58 100644 --- a/core/modules/ckeditor/lib/Drupal/ckeditor/Tests/CKEditorLoadingTest.php +++ b/core/modules/ckeditor/lib/Drupal/ckeditor/Tests/CKEditorLoadingTest.php @@ -46,6 +46,16 @@ class CKEditorLoadingTest extends WebTestBase { )); $editor->save(); + // Create a second format without an associated editor so a drop down select + // list is created when selecting formats. + $full_html_format = entity_create('filter_format', array( + 'format' => 'full_html', + 'name' => 'Full HTML', + 'weight' => 1, + 'filters' => array(), + )); + $full_html_format->save(); + // Create node type. $this->drupalCreateContentType(array( 'type' => 'article', @@ -56,7 +66,7 @@ class CKEditorLoadingTest extends WebTestBase { // - "untrusted": plain_text // - "normal": plain_text, filtered_html $this->untrusted_user = $this->drupalCreateUser(array('create article content', 'edit any article content')); - $this->normal_user = $this->drupalCreateUser(array('create article content', 'edit any article content', 'use text format filtered_html')); + $this->normal_user = $this->drupalCreateUser(array('create article content', 'edit any article content', 'use text format filtered_html', 'use text format full_html')); } /** diff --git a/core/modules/comment/lib/Drupal/comment/Tests/CommentPreviewTest.php b/core/modules/comment/lib/Drupal/comment/Tests/CommentPreviewTest.php index faf6aced380..f898ab250e7 100644 --- a/core/modules/comment/lib/Drupal/comment/Tests/CommentPreviewTest.php +++ b/core/modules/comment/lib/Drupal/comment/Tests/CommentPreviewTest.php @@ -48,7 +48,6 @@ class CommentPreviewTest extends CommentTestBase { config('user.settings')->set('signatures', 1)->save(); $test_signature = $this->randomName(); $edit['signature[value]'] = '' . $test_signature. ''; - $edit['signature[format]'] = 'filtered_html'; $image = current($this->drupalGetTestFiles('image')); $edit['files[user_picture_und_0]'] = drupal_realpath($image->uri); $this->drupalPost('user/' . $this->web_user->uid . '/edit', $edit, t('Save')); diff --git a/core/modules/editor/lib/Drupal/editor/Tests/EditorLoadingTest.php b/core/modules/editor/lib/Drupal/editor/Tests/EditorLoadingTest.php index 755c2c01a7c..d1fe41ee371 100644 --- a/core/modules/editor/lib/Drupal/editor/Tests/EditorLoadingTest.php +++ b/core/modules/editor/lib/Drupal/editor/Tests/EditorLoadingTest.php @@ -83,14 +83,11 @@ class EditorLoadingTest extends WebTestBase { $this->assertFalse($editor_settings_present, 'No Text Editor module settings.'); $this->assertFalse($editor_js_present, 'No Text Editor JavaScript.'); $this->assertTrue(count($body) === 1, 'A body field exists.'); - $this->assertTrue(count($format_selector) === 1, 'A single text format selector exists on the page.'); - $specific_format_selector = $this->xpath('//select[contains(@class, "filter-list") and not(contains(@class, "editor")) and not(@data-editor-for="edit-body-und-0-value")]'); - $this->assertTrue(count($specific_format_selector) === 1, 'A single text format selector exists on the page and does not have the "editor" class nor a "data-editor-for" attribute.'); - + $this->assertTrue(count($format_selector) === 0, 'No text format selector exists on the page because the user only has access to a single format.'); $this->drupalLogout($this->normal_user); // The normal user: - // - has access to 3 text formats; + // - has access to 2 text formats (and the fallback format); // - does have access to the full_html text format, so: Unicorn text editor. $this->drupalLogin($this->privileged_user); $this->drupalGet('node/add/article'); diff --git a/core/modules/filter/config/filter.settings.yml b/core/modules/filter/config/filter.settings.yml index 59c9eef603a..c038c87896d 100644 --- a/core/modules/filter/config/filter.settings.yml +++ b/core/modules/filter/config/filter.settings.yml @@ -1 +1,2 @@ fallback_format: plain_text +always_show_fallback_choice: false diff --git a/core/modules/filter/filter.admin.inc b/core/modules/filter/filter.admin.inc index 3c391caac35..806c1d78170 100644 --- a/core/modules/filter/filter.admin.inc +++ b/core/modules/filter/filter.admin.inc @@ -39,7 +39,12 @@ function filter_admin_overview($form) { $form['formats'][$id]['#is_fallback'] = ($id == $fallback_format); if ($form['formats'][$id]['#is_fallback']) { $form['formats'][$id]['name'] = array('#markup' => drupal_placeholder($format->name)); - $roles_markup = drupal_placeholder(t('All roles may use this format')); + if (config('filter.settings')->get('always_show_fallback_choice')) { + $roles_markup = drupal_placeholder(t('All roles may use this format')); + } + else { + $roles_markup = drupal_placeholder(t('This format is shown when no other formats are available')); + } } else { $form['formats'][$id]['name'] = array('#markup' => check_plain($format->name)); diff --git a/core/modules/filter/filter.module b/core/modules/filter/filter.module index 8ee18717680..b827b4fcb14 100644 --- a/core/modules/filter/filter.module +++ b/core/modules/filter/filter.module @@ -868,7 +868,6 @@ function filter_process_format($element) { $element['value'] += element_info($element['#base_type']); // Turn original element into a text format wrapper. - $path = drupal_get_path('module', 'filter'); $element['#attached']['library'][] = array('filter', 'drupal.filter'); // Setup child container for the text format widget. @@ -877,14 +876,30 @@ function filter_process_format($element) { '#attributes' => array('class' => array('filter-wrapper')), ); + // Get a list of formats that the current user has access to. + $formats = filter_formats($user); + + // Use the default format for this user if none was selected. + if (!isset($element['#format'])) { + $element['#format'] = filter_default_format($user); + } + + // If multiple text formats are available, remove the fallback. The + // "always_show_fallback_choice" is a hidden variable that has no UI. It + // defaults to false. + if (!config('filter.settings')->get('always_show_fallback_choice')) { + $fallback_format = filter_fallback_format(); + if ($element['#format'] !== $fallback_format && count($formats) > 1) { + unset($formats[$fallback_format]); + } + } + // Prepare text format guidelines. $element['format']['guidelines'] = array( '#type' => 'container', '#attributes' => array('class' => array('filter-guidelines')), '#weight' => 20, ); - // Get a list of formats that the current user has access to. - $formats = filter_formats($user); foreach ($formats as $format) { $options[$format->format] = $format->name; $element['format']['guidelines'][$format->format] = array( @@ -893,11 +908,6 @@ function filter_process_format($element) { ); } - // Use the default format for this user if none was selected. - if (!isset($element['#format'])) { - $element['#format'] = filter_default_format($user); - } - $element['format']['format'] = array( '#type' => 'select', '#title' => t('Text format'), diff --git a/core/modules/filter/lib/Drupal/filter/Tests/FilterAdminTest.php b/core/modules/filter/lib/Drupal/filter/Tests/FilterAdminTest.php index ca59560bac2..dfad1111abb 100644 --- a/core/modules/filter/lib/Drupal/filter/Tests/FilterAdminTest.php +++ b/core/modules/filter/lib/Drupal/filter/Tests/FilterAdminTest.php @@ -236,11 +236,19 @@ class FilterAdminTest extends WebTestBase { $this->assertRaw($body . $extra_text, 'Filter removed invalid tag.'); // Use plain text and see if it escapes all tags, whether allowed or not. + // In order to test plain text, we have to enable the hidden variable for + // "show_fallback_format", which displays plain text in the format list. + config('filter.settings') + ->set('always_show_fallback_choice', TRUE) + ->save(); $edit = array(); $edit["body[$langcode][0][format]"] = $plain; $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save')); $this->drupalGet('node/' . $node->nid); $this->assertText(check_plain($text), 'The "Plain text" text format escapes all HTML tags.'); + config('filter.settings') + ->set('always_show_fallback_choice', FALSE) + ->save(); // Switch user. $this->drupalLogout(); diff --git a/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php b/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php index 48faf24bc82..969fac0c05c 100644 --- a/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php +++ b/core/modules/filter/lib/Drupal/filter/Tests/FilterFormatAccessTest.php @@ -41,6 +41,13 @@ class FilterFormatAccessTest extends WebTestBase { */ protected $allowed_format; + /** + * An object representing a secondary allowed text format. + * + * @var object + */ + protected $second_allowed_format; + /** * An object representing a disallowed text format. * @@ -69,10 +76,11 @@ class FilterFormatAccessTest extends WebTestBase { 'edit any page content', )); - // Create two text formats. + // Create three text formats. Two text formats are created for all users so + // that the drop-down list appears for all tests. $this->drupalLogin($this->filter_admin_user); $formats = array(); - for ($i = 0; $i < 2; $i++) { + for ($i = 0; $i < 3; $i++) { $edit = array( 'format' => drupal_strtolower($this->randomName()), 'name' => $this->randomName(), @@ -81,22 +89,24 @@ class FilterFormatAccessTest extends WebTestBase { $this->resetFilterCaches(); $formats[] = filter_format_load($edit['format']); } - list($this->allowed_format, $this->disallowed_format) = $formats; + list($this->allowed_format, $this->second_allowed_format, $this->disallowed_format) = $formats; $this->drupalLogout(); - // Create a regular user with access to one of the formats. + // Create a regular user with access to two of the formats. $this->web_user = $this->drupalCreateUser(array( 'create page content', 'edit any page content', filter_permission_name($this->allowed_format), + filter_permission_name($this->second_allowed_format), )); - // Create an administrative user who has access to use both formats. + // Create an administrative user who has access to use all three formats. $this->admin_user = $this->drupalCreateUser(array( 'administer filters', 'create page content', 'edit any page content', filter_permission_name($this->allowed_format), + filter_permission_name($this->second_allowed_format), filter_permission_name($this->disallowed_format), )); } @@ -105,8 +115,8 @@ class FilterFormatAccessTest extends WebTestBase { * Tests the Filter format access permissions functionality. */ function testFormatPermissions() { - // Make sure that a regular user only has access to the text format they - // were granted access to, as well to the fallback format. + // Make sure that a regular user only has access to the text formats for + // which they were granted access. $this->assertTrue(filter_access($this->allowed_format, $this->web_user), 'A regular user has access to a text format they were granted access to.'); $this->assertFalse(filter_access($this->disallowed_format, $this->web_user), 'A regular user does not have access to a text format they were not granted access to.'); $this->assertTrue(filter_access(filter_format_load(filter_fallback_format()), $this->web_user), 'A regular user has access to the fallback format.'); @@ -137,7 +147,7 @@ class FilterFormatAccessTest extends WebTestBase { } $this->assertTrue(isset($options[$this->allowed_format->format]), 'The allowed text format appears as an option when adding a new node.'); $this->assertFalse(isset($options[$this->disallowed_format->format]), 'The disallowed text format does not appear as an option when adding a new node.'); - $this->assertTrue(isset($options[filter_fallback_format()]), 'The fallback format appears as an option when adding a new node.'); + $this->assertFalse(isset($options[filter_fallback_format()]), 'The fallback format does not appear as an option when adding a new node.'); // Check regular user access to the filter tips pages. $this->drupalGet('filter/tips/' . $this->allowed_format->format); diff --git a/core/modules/search/lib/Drupal/search/Tests/SearchCommentCountToggleTest.php b/core/modules/search/lib/Drupal/search/Tests/SearchCommentCountToggleTest.php index 338174d9031..4c94490b92f 100644 --- a/core/modules/search/lib/Drupal/search/Tests/SearchCommentCountToggleTest.php +++ b/core/modules/search/lib/Drupal/search/Tests/SearchCommentCountToggleTest.php @@ -59,8 +59,6 @@ class SearchCommentCountToggleTest extends SearchTestBase { $edit_comment = array(); $edit_comment['subject'] = $this->randomName(); $edit_comment['comment_body[' . LANGUAGE_NOT_SPECIFIED . '][0][value]'] = $this->randomName(); - $filtered_html_format_id = 'filtered_html'; - $edit_comment['comment_body[' . LANGUAGE_NOT_SPECIFIED . '][0][format]'] = $filtered_html_format_id; // Post comment to the test node with comment $this->drupalPost('comment/reply/' . $this->searchable_nodes['1 comment']->nid, $edit_comment, t('Save')); diff --git a/core/modules/user/lib/Drupal/user/Tests/UserSignatureTest.php b/core/modules/user/lib/Drupal/user/Tests/UserSignatureTest.php index 31f01b95a5a..ab4c7063cb4 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserSignatureTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserSignatureTest.php @@ -39,11 +39,19 @@ class UserSignatureTest extends WebTestBase { $this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page')); // Prefetch and create text formats. - $this->plain_text_format = filter_format_load('plain_text'); - $this->filtered_html_format = entity_create('filter_format', array( - 'format' => 'filtered_html', + 'format' => 'filtered_html_format', 'name' => 'Filtered HTML', + 'weight' => -1, + 'filters' => array( + 'filter_html' => array( + 'module' => 'filter', + 'status' => '1', + 'settings' => array( + 'allowed_html' => ' ', + ), + ), + ), )); $this->filtered_html_format->save(); @@ -85,13 +93,11 @@ class UserSignatureTest extends WebTestBase { $signature_text = "

" . $this->randomName() . "

"; $edit = array( 'signature[value]' => $signature_text, - 'signature[format]' => $this->plain_text_format->format, ); $this->drupalPost('user/' . $this->web_user->uid . '/edit', $edit, t('Save')); // Verify that values were stored. $this->assertFieldByName('signature[value]', $edit['signature[value]'], 'Submitted signature text found.'); - $this->assertFieldByName('signature[format]', $edit['signature[format]'], 'Submitted signature format found.'); // Create a comment. $langcode = LANGUAGE_NOT_SPECIFIED; @@ -115,6 +121,6 @@ class UserSignatureTest extends WebTestBase { // Assert that the signature did not make it through unfiltered. $this->drupalGet('node/' . $node->nid); $this->assertNoRaw($signature_text, 'Unfiltered signature text not found.'); - $this->assertRaw(check_markup($signature_text, $this->plain_text_format->format), 'Filtered signature text found.'); + $this->assertRaw(check_markup($signature_text, $this->filtered_html_format->format), 'Filtered signature text found.'); } }