opdavies/drupalcampbristol
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update to Drupal 8.0.0-beta15. For more information, see: https://www.drupal.org/node/2563023

Browse source
This commit is contained in:
Pantheon Automation 2015-09-04 13:20:09 -07:00 committed by Greg Anderson
parent 2720a9ec4b
commit f3791f1da3
1898 changed files with 54300 additions and 11481 deletions
Download patch file Download diff file Expand all files Collapse all files

20
core/modules/dblog/src/Controller/DbLogController.php
View file

@ -8,9 +8,7 @@
namespace Drupal\dblog\Controller;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Database\Connection;
use Drupal\Core\Datetime\DateFormatter;
@ -184,14 +182,16 @@ class DbLogController extends ControllerBase {
foreach ($result as $dblog) {
$message = $this->formatMessage($dblog);
if ($message && isset($dblog->wid)) {
// Truncate link_text to 56 chars of message.
// @todo Reevaluate the SafeMarkup::set() in
// https://www.drupal.org/node/2399261.
$log_text = SafeMarkup::set(Unicode::truncate(Xss::filter($message, array()), 56, TRUE, TRUE));
$title = Unicode::truncate(Html::decodeEntities(strip_tags($message)), 256, TRUE, TRUE);
$log_text = Unicode::truncate($title, 56, TRUE, TRUE);
// The link generator will escape any unsafe HTML entities in the final
// text.
$message = $this->l($log_text, new Url('dblog.event', array('event_id' => $dblog->wid), array(
'attributes' => array(
// Provide a title for the link for useful hover hints.
'title' => Unicode::truncate(strip_tags($message), 256, TRUE, TRUE),
// Provide a title for the link for useful hover hints. The
// Attribute object will escape any unsafe HTML entities in the
// final text.
'title' => $title,
),
)));
}
@ -207,7 +207,7 @@ class DbLogController extends ControllerBase {
$this->dateFormatter->format($dblog->timestamp, 'short'),
$message,
array('data' => $username),
SafeMarkup::xssFilter($dblog->link),
array('data' => array('#markup' => $dblog->link)),
),
// Attributes for table row.
'class' => array(Html::getClass('dblog-' . $dblog->type), $classes[$dblog->severity]),
@ -281,7 +281,7 @@ class DbLogController extends ControllerBase {
),
array(
array('data' => $this->t('Hostname'), 'header' => TRUE),
SafeMarkup::checkPlain($dblog->hostname),
$dblog->hostname,
),
array(
array('data' => $this->t('Operations'), 'header' => TRUE),

27
core/modules/dblog/src/Tests/DbLogTest.php
View file

@ -7,8 +7,8 @@
namespace Drupal\dblog\Tests;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Logger\RfcLogLevel;
use Drupal\Core\Url;
use Drupal\dblog\Controller\DbLogController;
@ -339,10 +339,10 @@ class DbLogTest extends WebTestBase {
$this->assertLogMessage(t('Session closed for %name.', array('%name' => $name)), 'DBLog event was recorded: [logout user]');
// Delete user.
$message = t('Deleted user: %name %email.', array('%name' => $name, '%email' => '<' . $user->getEmail() . '>'));
$message_text = Unicode::truncate(Xss::filter($message, array()), 56, TRUE, TRUE);
$message_text = Unicode::truncate(Html::decodeEntities(strip_tags($message)), 56, TRUE, TRUE);
// Verify that the full message displays on the details page.
$link = FALSE;
if ($links = $this->xpath('//a[text()="' . html_entity_decode($message_text) . '"]')) {
if ($links = $this->xpath('//a[text()="' . $message_text . '"]')) {
// Found link with the message text.
$links = array_shift($links);
foreach ($links->attributes() as $attr => $value) {
@ -695,11 +695,8 @@ class DbLogTest extends WebTestBase {
* The message to pass to simpletest.
*/
protected function assertLogMessage($log_message, $message) {
$message_text = Unicode::truncate(Xss::filter($log_message, array()), 56, TRUE, TRUE);
// After \Drupal\Component\Utility\Xss::filter(), HTML entities should be
// converted to their character equivalents because assertLink() uses this
// string in xpath() to query the Document Object Model (DOM).
$this->assertLink(html_entity_decode($message_text), 0, $message);
$message_text = Unicode::truncate(Html::decodeEntities(strip_tags($log_message)), 56, TRUE, TRUE);
$this->assertLink($message_text, 0, $message);
}
/**
@ -730,4 +727,18 @@ class DbLogTest extends WebTestBase {
$this->drupalGet('admin/reports/dblog/event/' . $wid);
$this->assertText('Dblog test log message');
}
/**
* Make sure HTML tags are filtered out in the log overview links.
*/
public function testOverviewLinks() {
$this->drupalLogin($this->adminUser);
$this->generateLogEntries(1, ['message' => "&lt;script&gt;alert('foo');&lt;/script&gt;<strong>Lorem</strong> ipsum dolor sit amet, consectetur adipiscing & elit."]);
$this->drupalGet('admin/reports/dblog');
$this->assertResponse(200);
// Make sure HTML tags are filtered out.
$this->assertRaw('title="alert(&#039;foo&#039;);Lorem ipsum dolor sit amet, consectetur adipiscing &amp; elit. Entry #0">&lt;script&gt;alert(&#039;foo&#039;);&lt;/script&gt;Lorem ipsum dolor sit…</a>');
$this->assertNoRaw("<script>alert('foo');</script>");
}
}

3
core/modules/dblog/src/Tests/Migrate/d6/MigrateDblogConfigsTest.php
View file

@ -13,7 +13,7 @@ use Drupal\migrate_drupal\Tests\d6\MigrateDrupal6TestBase;
/**
* Upgrade variables to dblog.settings.yml.
*
* @group dblog
* @group migrate_drupal_6
*/
class MigrateDblogConfigsTest extends MigrateDrupal6TestBase {
@ -31,7 +31,6 @@ class MigrateDblogConfigsTest extends MigrateDrupal6TestBase {
*/
protected function setUp() {
parent::setUp();
$this->loadDumps(['Variable.php']);
$this->executeMigration('d6_dblog_settings');
}

1
core/modules/dblog/src/Tests/Migrate/d7/MigrateDblogConfigsTest.php
View file

@ -29,7 +29,6 @@ class MigrateDblogConfigsTest extends MigrateDrupal7TestBase {
protected function setUp() {
parent::setUp();
$this->installConfig(static::$modules);
$this->loadDumps(['Variable.php']);
$this->executeMigration('d7_dblog_settings');
}

18
core/modules/dblog/src/Tests/Views/ViewsIntegrationTest.php
View file

@ -13,14 +13,14 @@ use Drupal\Core\Logger\RfcLogLevel;
use Drupal\Core\Url;
use Drupal\views\Views;
use Drupal\views\Tests\ViewTestData;
use Drupal\views\Tests\ViewUnitTestBase;
use Drupal\views\Tests\ViewKernelTestBase;
/**
* Tests the views integration of dblog module.
*
* @group dblog
*/
class ViewsIntegrationTest extends ViewUnitTestBase {
class ViewsIntegrationTest extends ViewKernelTestBase {
/**
* Views used by this test.
@ -73,11 +73,12 @@ class ViewsIntegrationTest extends ViewUnitTestBase {
$entries[] = array(
'message' => '@token1 !token2',
// Setup a link with a tag which is filtered by
// \Drupal\Component\Utility\Xss::filterAdmin().
// \Drupal\Component\Utility\Xss::filterAdmin() in order to make sure
// that strings which are not marked as safe get filtered.
'variables' => array(
'@token1' => $this->randomMachineName(),
'!token2' => $this->randomMachineName(),
'link' => \Drupal::l(SafeMarkup::set('<object>Link</object>'), new Url('<front>')),
'link' => '<a href="' . \Drupal::url('<front>') . '"><object>Link</object></a>',
),
);
$logger_factory = $this->container->get('logger.factory');
@ -95,7 +96,14 @@ class ViewsIntegrationTest extends ViewUnitTestBase {
foreach ($entries as $index => $entry) {
$this->assertEqual($view->style_plugin->getField($index, 'message'), SafeMarkup::format($entry['message'], $entry['variables']));
$this->assertEqual($view->style_plugin->getField($index, 'link'), Xss::filterAdmin($entry['variables']['link']));
$link_field = $view->style_plugin->getField($index, 'link');
// The 3rd entry contains some unsafe markup that needs to get filtered.
if ($index == 2) {
// Make sure that unsafe link differs from the rendered link, so we know
// that some filtering actually happened.
$this->assertNotEqual($link_field, $entry['variables']['link']);
}
$this->assertEqual($link_field, Xss::filterAdmin($entry['variables']['link']));
}
// Disable replacing variables and check that the tokens aren't replaced.