summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2016-04-29 18:43:57 -0400
committerFrederic Guillot <fred@kanboard.net>2016-04-29 18:43:57 -0400
commit9fa8f63d25a1bd1b2ce17c5dc610680aefa290fe (patch)
tree7348ec8646c4f08ad4515aa15e2cdd689b005f10
parenta34f83fb3044b51a8cb519a97ad27853ef4a068a (diff)
Fixed improper Markdown escaping for some tooltips
-rw-r--r--ChangeLog1
-rw-r--r--app/Helper/TextHelper.php12
-rw-r--r--app/Template/app/projects.php2
-rw-r--r--app/Template/board/table_column.php2
-rw-r--r--app/Template/board/task_footer.php4
-rw-r--r--app/Template/column/index.php2
-rw-r--r--app/Template/header.php2
-rw-r--r--app/Template/project/index.php2
-rw-r--r--app/Template/project/show.php2
-rw-r--r--app/Template/swimlane/table.php2
-rw-r--r--tests/units/Helper/TextHelperTest.php8
11 files changed, 30 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index 3246ec98..d109c198 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,7 @@ Improvements:
Bug fixes:
+* Fixed improper Markdown escaping for some tooltips
* Closing all tasks by column, also update closed tasks
* Fixed wrong task link generation within Markdown text
* Fixed wrong URL on comment toggle link for sorting
diff --git a/app/Helper/TextHelper.php b/app/Helper/TextHelper.php
index 97b12c49..654eb171 100644
--- a/app/Helper/TextHelper.php
+++ b/app/Helper/TextHelper.php
@@ -39,6 +39,18 @@ class TextHelper extends Base
}
/**
+ * Escape Markdown text that need to be stored in HTML attribute
+ *
+ * @access public
+ * @param string $text
+ * @return mixed
+ */
+ public function markdownAttribute($text)
+ {
+ return htmlentities($this->markdown($text), ENT_QUOTES, 'UTF-8');
+ }
+
+ /**
* Format a file size
*
* @param integer $size Size in bytes
diff --git a/app/Template/app/projects.php b/app/Template/app/projects.php
index 4ab8b106..733a108d 100644
--- a/app/Template/app/projects.php
+++ b/app/Template/app/projects.php
@@ -31,7 +31,7 @@
<?= $this->url->link($this->text->e($project['name']), 'board', 'show', array('project_id' => $project['id'])) ?>
<?php if (! empty($project['description'])): ?>
- <span class="tooltip" title='<?= $this->text->e($this->text->markdown($project['description'])) ?>'>
+ <span class="tooltip" title="<?= $this->text->markdownAttribute($project['description']) ?>">
<i class="fa fa-info-circle"></i>
</span>
<?php endif ?>
diff --git a/app/Template/board/table_column.php b/app/Template/board/table_column.php
index 48538c88..24abdf99 100644
--- a/app/Template/board/table_column.php
+++ b/app/Template/board/table_column.php
@@ -47,7 +47,7 @@
</span>
<?php if (! $not_editable && ! empty($column['description'])): ?>
- <span class="tooltip pull-right" title='<?= $this->text->e($this->text->markdown($column['description'])) ?>'>
+ <span class="tooltip pull-right" title="<?= $this->text->markdownAttribute($column['description']) ?>">
&nbsp;<i class="fa fa-info-circle"></i>
</span>
<?php endif ?>
diff --git a/app/Template/board/task_footer.php b/app/Template/board/task_footer.php
index a9d381a3..dd154140 100644
--- a/app/Template/board/task_footer.php
+++ b/app/Template/board/task_footer.php
@@ -11,7 +11,7 @@
array('task_id' => $task['id'], 'project_id' => $task['project_id']),
false,
'popover' . (! empty($task['category_description']) ? ' tooltip' : ''),
- ! empty($task['category_description']) ? $this->text->markdown($task['category_description']) : t('Change category')
+ ! empty($task['category_description']) ? $this->text->markdownAttribute($task['category_description']) : t('Change category')
) ?>
<?php endif ?>
</span>
@@ -76,7 +76,7 @@
<i class="fa fa-flag flag-milestone"></i>
</span>
<?php endif ?>
-
+
<?= $this->hook->render('template:board:task:icons', array('task' => $task)) ?>
<?= $this->task->formatPriority($project, $task) ?>
diff --git a/app/Template/column/index.php b/app/Template/column/index.php
index eef176f3..6bc67c5a 100644
--- a/app/Template/column/index.php
+++ b/app/Template/column/index.php
@@ -28,7 +28,7 @@
<i class="fa fa-arrows-alt draggable-row-handle" title="<?= t('Change column position') ?>"></i>
<?= $this->text->e($column['title']) ?>
<?php if (! empty($column['description'])): ?>
- <span class="tooltip" title='<?= $this->text->e($this->text->markdown($column['description'])) ?>'>
+ <span class="tooltip" title="<?= $this->text->markdownAttribute($column['description']) ?>">
<i class="fa fa-info-circle"></i>
</span>
<?php endif ?>
diff --git a/app/Template/header.php b/app/Template/header.php
index a8fd47f2..3885e671 100644
--- a/app/Template/header.php
+++ b/app/Template/header.php
@@ -8,7 +8,7 @@
<?= $this->text->e($title) ?>
</span>
<?php if (! empty($description)): ?>
- <span class="tooltip" title='<?= $this->text->e($this->text->markdown($description)) ?>'>
+ <span class="tooltip" title="<?= $this->text->markdownAttribute($description) ?>">
<i class="fa fa-info-circle"></i>
</span>
<?php endif ?>
diff --git a/app/Template/project/index.php b/app/Template/project/index.php
index 10d4aaa2..0194672a 100644
--- a/app/Template/project/index.php
+++ b/app/Template/project/index.php
@@ -49,7 +49,7 @@
<?php endif ?>
<?php if (! empty($project['description'])): ?>
- <span class="tooltip" title='<?= $this->text->e($this->text->markdown($project['description'])) ?>'>
+ <span class="tooltip" title="<?= $this->text->markdownAttribute($project['description']) ?>">
<i class="fa fa-info-circle"></i>
</span>
<?php endif ?>
diff --git a/app/Template/project/show.php b/app/Template/project/show.php
index 42eeec4d..4aba4919 100644
--- a/app/Template/project/show.php
+++ b/app/Template/project/show.php
@@ -63,7 +63,7 @@
<td>
<?= $this->text->e($column['title']) ?>
<?php if (! empty($column['description'])): ?>
- <span class="tooltip" title='<?= $this->text->e($this->text->markdown($column['description'])) ?>'>
+ <span class="tooltip" title="<?= $this->text->markdownAttribute($column['description']) ?>">
<i class="fa fa-info-circle"></i>
</span>
<?php endif ?>
diff --git a/app/Template/swimlane/table.php b/app/Template/swimlane/table.php
index 17be6924..ec3cb621 100644
--- a/app/Template/swimlane/table.php
+++ b/app/Template/swimlane/table.php
@@ -45,7 +45,7 @@
<?= $this->text->e($swimlane['name']) ?>
<?php if (! empty($swimlane['description'])): ?>
- <span class="tooltip" title='<?= $this->text->e($this->text->markdown($swimlane['description'])) ?>'>
+ <span class="tooltip" title="<?= $this->text->markdownAttribute($swimlane['description']) ?>">
<i class="fa fa-info-circle"></i>
</span>
<?php endif ?>
diff --git a/tests/units/Helper/TextHelperTest.php b/tests/units/Helper/TextHelperTest.php
index c6b55d0e..2787abf2 100644
--- a/tests/units/Helper/TextHelperTest.php
+++ b/tests/units/Helper/TextHelperTest.php
@@ -51,6 +51,14 @@ class TextHelperTest extends Base
$this->assertEquals('<p>Text @admin @notfound</p>', $h->markdown('Text @admin @notfound', true));
}
+ public function testMarkdownAttribute()
+ {
+ $helper = new TextHelper($this->container);
+ $this->assertEquals('&lt;p&gt;&Ccedil;a marche&lt;/p&gt;', $helper->markdownAttribute('Ça marche'));
+ $this->assertEquals('&lt;p&gt;Test with &amp;quot;double quotes&amp;quot;&lt;/p&gt;', $helper->markdownAttribute('Test with "double quotes"'));
+ $this->assertEquals('&lt;p&gt;Test with &#039;single quotes&#039;&lt;/p&gt;', $helper->markdownAttribute("Test with 'single quotes'"));
+ }
+
public function testFormatBytes()
{
$h = new TextHelper($this->container);