diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | app/Helper/TextHelper.php | 12 | ||||
-rw-r--r-- | app/Template/app/projects.php | 2 | ||||
-rw-r--r-- | app/Template/board/table_column.php | 2 | ||||
-rw-r--r-- | app/Template/board/task_footer.php | 4 | ||||
-rw-r--r-- | app/Template/column/index.php | 2 | ||||
-rw-r--r-- | app/Template/header.php | 2 | ||||
-rw-r--r-- | app/Template/project/index.php | 2 | ||||
-rw-r--r-- | app/Template/project/show.php | 2 | ||||
-rw-r--r-- | app/Template/swimlane/table.php | 2 | ||||
-rw-r--r-- | tests/units/Helper/TextHelperTest.php | 8 |
11 files changed, 30 insertions, 9 deletions
@@ -22,6 +22,7 @@ Improvements: Bug fixes: +* Fixed improper Markdown escaping for some tooltips * Closing all tasks by column, also update closed tasks * Fixed wrong task link generation within Markdown text * Fixed wrong URL on comment toggle link for sorting diff --git a/app/Helper/TextHelper.php b/app/Helper/TextHelper.php index 97b12c49..654eb171 100644 --- a/app/Helper/TextHelper.php +++ b/app/Helper/TextHelper.php @@ -39,6 +39,18 @@ class TextHelper extends Base } /** + * Escape Markdown text that need to be stored in HTML attribute + * + * @access public + * @param string $text + * @return mixed + */ + public function markdownAttribute($text) + { + return htmlentities($this->markdown($text), ENT_QUOTES, 'UTF-8'); + } + + /** * Format a file size * * @param integer $size Size in bytes diff --git a/app/Template/app/projects.php b/app/Template/app/projects.php index 4ab8b106..733a108d 100644 --- a/app/Template/app/projects.php +++ b/app/Template/app/projects.php @@ -31,7 +31,7 @@ <?= $this->url->link($this->text->e($project['name']), 'board', 'show', array('project_id' => $project['id'])) ?> <?php if (! empty($project['description'])): ?> - <span class="tooltip" title='<?= $this->text->e($this->text->markdown($project['description'])) ?>'> + <span class="tooltip" title="<?= $this->text->markdownAttribute($project['description']) ?>"> <i class="fa fa-info-circle"></i> </span> <?php endif ?> diff --git a/app/Template/board/table_column.php b/app/Template/board/table_column.php index 48538c88..24abdf99 100644 --- a/app/Template/board/table_column.php +++ b/app/Template/board/table_column.php @@ -47,7 +47,7 @@ </span> <?php if (! $not_editable && ! empty($column['description'])): ?> - <span class="tooltip pull-right" title='<?= $this->text->e($this->text->markdown($column['description'])) ?>'> + <span class="tooltip pull-right" title="<?= $this->text->markdownAttribute($column['description']) ?>"> <i class="fa fa-info-circle"></i> </span> <?php endif ?> diff --git a/app/Template/board/task_footer.php b/app/Template/board/task_footer.php index a9d381a3..dd154140 100644 --- a/app/Template/board/task_footer.php +++ b/app/Template/board/task_footer.php @@ -11,7 +11,7 @@ array('task_id' => $task['id'], 'project_id' => $task['project_id']), false, 'popover' . (! empty($task['category_description']) ? ' tooltip' : ''), - ! empty($task['category_description']) ? $this->text->markdown($task['category_description']) : t('Change category') + ! empty($task['category_description']) ? $this->text->markdownAttribute($task['category_description']) : t('Change category') ) ?> <?php endif ?> </span> @@ -76,7 +76,7 @@ <i class="fa fa-flag flag-milestone"></i> </span> <?php endif ?> - + <?= $this->hook->render('template:board:task:icons', array('task' => $task)) ?> <?= $this->task->formatPriority($project, $task) ?> diff --git a/app/Template/column/index.php b/app/Template/column/index.php index eef176f3..6bc67c5a 100644 --- a/app/Template/column/index.php +++ b/app/Template/column/index.php @@ -28,7 +28,7 @@ <i class="fa fa-arrows-alt draggable-row-handle" title="<?= t('Change column position') ?>"></i> <?= $this->text->e($column['title']) ?> <?php if (! empty($column['description'])): ?> - <span class="tooltip" title='<?= $this->text->e($this->text->markdown($column['description'])) ?>'> + <span class="tooltip" title="<?= $this->text->markdownAttribute($column['description']) ?>"> <i class="fa fa-info-circle"></i> </span> <?php endif ?> diff --git a/app/Template/header.php b/app/Template/header.php index a8fd47f2..3885e671 100644 --- a/app/Template/header.php +++ b/app/Template/header.php @@ -8,7 +8,7 @@ <?= $this->text->e($title) ?> </span> <?php if (! empty($description)): ?> - <span class="tooltip" title='<?= $this->text->e($this->text->markdown($description)) ?>'> + <span class="tooltip" title="<?= $this->text->markdownAttribute($description) ?>"> <i class="fa fa-info-circle"></i> </span> <?php endif ?> diff --git a/app/Template/project/index.php b/app/Template/project/index.php index 10d4aaa2..0194672a 100644 --- a/app/Template/project/index.php +++ b/app/Template/project/index.php @@ -49,7 +49,7 @@ <?php endif ?> <?php if (! empty($project['description'])): ?> - <span class="tooltip" title='<?= $this->text->e($this->text->markdown($project['description'])) ?>'> + <span class="tooltip" title="<?= $this->text->markdownAttribute($project['description']) ?>"> <i class="fa fa-info-circle"></i> </span> <?php endif ?> diff --git a/app/Template/project/show.php b/app/Template/project/show.php index 42eeec4d..4aba4919 100644 --- a/app/Template/project/show.php +++ b/app/Template/project/show.php @@ -63,7 +63,7 @@ <td> <?= $this->text->e($column['title']) ?> <?php if (! empty($column['description'])): ?> - <span class="tooltip" title='<?= $this->text->e($this->text->markdown($column['description'])) ?>'> + <span class="tooltip" title="<?= $this->text->markdownAttribute($column['description']) ?>"> <i class="fa fa-info-circle"></i> </span> <?php endif ?> diff --git a/app/Template/swimlane/table.php b/app/Template/swimlane/table.php index 17be6924..ec3cb621 100644 --- a/app/Template/swimlane/table.php +++ b/app/Template/swimlane/table.php @@ -45,7 +45,7 @@ <?= $this->text->e($swimlane['name']) ?> <?php if (! empty($swimlane['description'])): ?> - <span class="tooltip" title='<?= $this->text->e($this->text->markdown($swimlane['description'])) ?>'> + <span class="tooltip" title="<?= $this->text->markdownAttribute($swimlane['description']) ?>"> <i class="fa fa-info-circle"></i> </span> <?php endif ?> diff --git a/tests/units/Helper/TextHelperTest.php b/tests/units/Helper/TextHelperTest.php index c6b55d0e..2787abf2 100644 --- a/tests/units/Helper/TextHelperTest.php +++ b/tests/units/Helper/TextHelperTest.php @@ -51,6 +51,14 @@ class TextHelperTest extends Base $this->assertEquals('<p>Text @admin @notfound</p>', $h->markdown('Text @admin @notfound', true)); } + public function testMarkdownAttribute() + { + $helper = new TextHelper($this->container); + $this->assertEquals('<p>Ça marche</p>', $helper->markdownAttribute('Ça marche')); + $this->assertEquals('<p>Test with &quot;double quotes&quot;</p>', $helper->markdownAttribute('Test with "double quotes"')); + $this->assertEquals('<p>Test with 'single quotes'</p>', $helper->markdownAttribute("Test with 'single quotes'")); + } + public function testFormatBytes() { $h = new TextHelper($this->container); |