Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #354812 by catch, mfer: filter_xss_bad_protocol is called hundreds of times on some pages.

merge-requests/26/head
Dries Buytaert 2009-01-31 19:07:45 +00:00
parent 610bc6f7ed
commit f12b1b637f
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/common.inc
View File

@ -1836,7 +1836,7 @@ function l($text, $path, array $options = array()) {
$options['attributes']['title'] = strip_tags($options['attributes']['title']); $options['attributes']['title'] = strip_tags($options['attributes']['title']);
} }
return '<a href="' . check_url(url($path, $options)) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>'; return '<a href="' . url($path, $options) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>';
} }
/** /**

25
modules/simpletest/tests/common.test
View File

@ -1,6 +1,31 @@
<?php <?php
// $Id$ // $Id$
/**
* Tests for the l() function.
*/
class CommonLUnitTest extends DrupalWebTestCase {
function getInfo() {
return array(
'name' => t('Tests for the l() function'),
'description' => t('Confirm that url() works correctly with various input.'),
'group' => t('System'),
);
}
/**
* Confirm that invalid text given as $path is filtered.
*/
function testLXSS() {
$text = $this->randomName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$link = l($text, $path);
$sanitized_path = check_url(url($path));
$this->assertTrue(strpos($link, $sanitized_path) != FALSE, t('XSS attack @path was filtered', array('@path' => $path)));
}
}
class CommonSizeTestCase extends DrupalWebTestCase { class CommonSizeTestCase extends DrupalWebTestCase {
protected $exact_test_cases; protected $exact_test_cases;
protected $rounded_test_cases; protected $rounded_test_cases;