Fixes #4 - html encode injected properties and enable test

author Coleman Watts <coleman@civicrm.org>

Sat, 2 Nov 2019 00:57:27 +0000 (20:57 -0400)

committer CiviCRM <info@civicrm.org>

Wed, 16 Sep 2020 02:13:19 +0000 (19:13 -0700)
author Coleman Watts <coleman@civicrm.org>
Sat, 2 Nov 2019 00:57:27 +0000 (20:57 -0400)
committer CiviCRM <info@civicrm.org>
Wed, 16 Sep 2020 02:13:19 +0000 (19:13 -0700)
diff --git a/ext/afform/core/afform.php b/ext/afform/core/afform.php

index a54dd7fa7f2eabe8052d54b0f31671f8f909762c..7e00dedab56b491b0384e9ec3eb24a4850786123 100644 (file)
--- a/ext/afform/core/afform.php
+++ b/ext/afform/core/afform.php
@@ -329,7 +329,7 @@ function afform_civicrm_alterAngular($angular) {
              continue;
            }
            foreach ($field as &$prop) {
-            $prop = json_encode($prop, JSON_UNESCAPED_SLASHES);
+            $prop = htmlspecialchars(CRM_Utils_JS::encode($prop));
            }
            if ($existingFieldDefn) {
              $field = array_merge($field, CRM_Utils_JS::getRawProps($existingFieldDefn));
diff --git a/ext/afform/core/tests/phpunit/Civi/Afform/FilterTest.php b/ext/afform/core/tests/phpunit/Civi/Afform/FilterTest.php

index ec441c2909eb96f2a5105dce56b04b5025ba4027..8f94f03442a59a4bfe9447844208f17537463f62 100644 (file)
--- a/ext/afform/core/tests/phpunit/Civi/Afform/FilterTest.php
+++ b/ext/afform/core/tests/phpunit/Civi/Afform/FilterTest.php
@@ -44,16 +44,17 @@ class FilterTest extends \PHPUnit\Framework\TestCase implements HeadlessInterfac
      $this->assertEquals('First Name', $myField['defn']['title']);
    }
  
-  //public function testDefnOverrideTitle() {
-  //  $inputHtml = sprintf(self::PERSON_TPL,
-  //    '<div af-fieldset="person"><af-field name="first_name" defn="{title: \'Given name\'}" /></div>');
-  //  $filteredHtml = _afform_html_filter('~afform/MyForm.html', $inputHtml);
-  //  $converter = new \CRM_Afform_ArrayHtml(TRUE);
-  //  $parsed = $converter->convertHtmlToArray($filteredHtml);
-  //
-  //  $myField = $parsed[0]['#children'][1]['#children'][0];
-  //  $this->assertEquals('af-field', $myField['#tag']);
-  //  $this->assertEquals('Given name', $myField['defn']['title']);
-  //}
+  public function testDefnOverrideTitle() {
+    $inputHtml = sprintf(self::PERSON_TPL,
+      '<div af-fieldset="person"><af-field name="first_name" defn="{title: \'Given name\'}" /></div>');
+    $filteredHtml = _afform_html_filter('~afform/MyForm.html', $inputHtml);
+    $converter = new \CRM_Afform_ArrayHtml(TRUE);
+    $parsed = $converter->convertHtmlToArray($filteredHtml);
+
+    $myField = $parsed[0]['#children'][1]['#children'][0];
+    $this->assertEquals('af-field', $myField['#tag']);
+    $this->assertEquals('Given name', $myField['defn']['title']);
+    $this->assertEquals('Text', $myField['defn']['input_type']);
+  }
  
  }
author	Coleman Watts <coleman@civicrm.org>
	Sat, 2 Nov 2019 00:57:27 +0000 (20:57 -0400)
committer	CiviCRM <info@civicrm.org>
	Wed, 16 Sep 2020 02:13:19 +0000 (19:13 -0700)
ext/afform/core/afform.php		patch \| blob \| blame \| history
ext/afform/core/tests/phpunit/Civi/Afform/FilterTest.php		patch \| blob \| blame \| history