Skip to content
Extraits de code Groupes Projets
Valider 2ca818f3 rédigé par robocoder's avatar robocoder
Parcourir les fichiers

refs #2185 - sanitizeInputValue() returned '' if input wasn't valid UTF-8 

git-svn-id: http://dev.piwik.org/svn/trunk@4092 59fd770c-687e-43c8-a1e3-f5a4ff64c105
parent 3042d92e
Aucune branche associée trouvée
Aucune étiquette associée trouvée
Aucune requête de fusion associée trouvée
Masquer les modifications d'espaces
En ligne Côte à côte
core/Common.php
+ 14
2
Voir le fichier @ 2ca818f3
...@@ -590,8 +590,21 @@ class Piwik_Common ...@@ -590,8 +590,21 @@ class Piwik_Common
static public function sanitizeInputValue($value) static public function sanitizeInputValue($value)
{ {
// $_GET and $_REQUEST already urldecode()'d // $_GET and $_REQUEST already urldecode()'d
// filter
$value = str_replace(array("\n","\r","\0"), "", $value); $value = str_replace(array("\n","\r","\0"), "", $value);
return htmlspecialchars( $value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8' );
// escape
$tmp = htmlspecialchars( $value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8' );
// htmlspecialchars is destructive if input is not UTF-8
if($value != '' && $tmp == '' && function_exists('iconv'))
{
// convert and escape
$value = @iconv('ISO-8859-1', 'UTF-8', $value);
$tmp = htmlspecialchars( $value, self::HTML_ENCODING_QUOTE_STYLE, 'ISO-8859-1' );
}
return $tmp;
} }
/** /**
...@@ -662,7 +675,6 @@ class Piwik_Common ...@@ -662,7 +675,6 @@ class Piwik_Common
// Normal case, there is a value available in REQUEST for the requested varName // Normal case, there is a value available in REQUEST for the requested varName
$value = self::sanitizeInputValues( $requestArrayToUse[$varName] ); $value = self::sanitizeInputValues( $requestArrayToUse[$varName] );
if( !is_null($varType)) if( !is_null($varType))
{ {
$ok = false; $ok = false;
......
tests/core/Tracker/Action.test.php
+ 11
4
Voir le fichier @ 2ca818f3
...@@ -287,7 +287,7 @@ class Test_Piwik_TrackerAction extends Test_Database ...@@ -287,7 +287,7 @@ class Test_Piwik_TrackerAction extends Test_Database
'url' => 'http://example.org/category/1/0/t/test', 'url' => 'http://example.org/category/1/0/t/test',
'type' => Piwik_Tracker_Action::TYPE_ACTION_URL), 'type' => Piwik_Tracker_Action::TYPE_ACTION_URL),
), ),
// testing: action name ("Test …") - expect decpdomg of some html entities // testing: action name ("Test …") - expect decoding of some html entities
array( array(
'request' => array( 'url' => 'http://example.org/ACTION/URL', 'request' => array( 'url' => 'http://example.org/ACTION/URL',
'action_name' => "Test …"), 'action_name' => "Test …"),
...@@ -303,7 +303,7 @@ class Test_Piwik_TrackerAction extends Test_Database ...@@ -303,7 +303,7 @@ class Test_Piwik_TrackerAction extends Test_Database
'url' => 'http://example.org/ACTION/URL', 'url' => 'http://example.org/ACTION/URL',
'type' => Piwik_Tracker_Action::TYPE_ACTION_URL), 'type' => Piwik_Tracker_Action::TYPE_ACTION_URL),
), ),
// testing: action name ("Tést") // testing: action name ("Tést") - handle wide character
array( array(
'request' => array( 'url' => 'http://example.org/ACTION/URL', 'request' => array( 'url' => 'http://example.org/ACTION/URL',
'action_name' => "Tést"), 'action_name' => "Tést"),
...@@ -311,7 +311,7 @@ class Test_Piwik_TrackerAction extends Test_Database ...@@ -311,7 +311,7 @@ class Test_Piwik_TrackerAction extends Test_Database
'url' => 'http://example.org/ACTION/URL', 'url' => 'http://example.org/ACTION/URL',
'type' => Piwik_Tracker_Action::TYPE_ACTION_URL), 'type' => Piwik_Tracker_Action::TYPE_ACTION_URL),
), ),
// testing: action name ("Tést") // testing: action name ("Tést") - handle UTF-8 byte sequence
array( array(
'request' => array( 'url' => 'http://example.org/ACTION/URL', 'request' => array( 'url' => 'http://example.org/ACTION/URL',
'action_name' => "T\xc3\xa9st"), 'action_name' => "T\xc3\xa9st"),
...@@ -319,7 +319,14 @@ class Test_Piwik_TrackerAction extends Test_Database ...@@ -319,7 +319,14 @@ class Test_Piwik_TrackerAction extends Test_Database
'url' => 'http://example.org/ACTION/URL', 'url' => 'http://example.org/ACTION/URL',
'type' => Piwik_Tracker_Action::TYPE_ACTION_URL), 'type' => Piwik_Tracker_Action::TYPE_ACTION_URL),
), ),
); // testing: action name ("Tést") - handle invalid UTF-8 (e.g., ISO-8859-1)
array(
'request' => array( 'url' => 'http://example.org/ACTION/URL',
'action_name' => "T\xe9st"),
'expected' => array( 'name' => 'Tést',
'url' => 'http://example.org/ACTION/URL',
'type' => Piwik_Tracker_Action::TYPE_ACTION_URL),
), );
foreach($tests as $test) { foreach($tests as $test) {
$request = $test['request']; $request = $test['request'];
$expected = $test['expected']; $expected = $test['expected'];
......
0% ou .
You are about to add 0 people to the discussion. Proceed with caution.
Terminez d'abord l'édition de ce message.
Veuillez vous inscrire ou vous pour commenter