Update to Drupal 8.0.0-beta15. For more information, see: https://www.drupal.org/node/2563023
This commit is contained in:
Pantheon Automation
Greg Anderson
parent
2720a9ec4b
commit
f3791f1da3
1898 changed files with 54300 additions and 11481 deletions
|
|
@ -48,7 +48,7 @@ class EditorController extends ControllerBase {
|
|||
// Direct text editing is only supported for single-valued fields.
|
||||
$field = $entity->getTranslation($langcode)->$field_name;
|
||||
$editable_text = check_markup($field->value, $field->format, $langcode, array(FilterInterface::TYPE_TRANSFORM_REVERSIBLE, FilterInterface::TYPE_TRANSFORM_IRREVERSIBLE));
|
||||
$response->addCommand(new GetUntransformedTextCommand((string) $editable_text));
|
||||
$response->addCommand(new GetUntransformedTextCommand($editable_text));
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ namespace Drupal\editor\EditorXssFilter;
|
|||
|
||||
use Drupal\Component\Utility\Html;
|
||||
use Drupal\Component\Utility\Xss;
|
||||
use Drupal\Component\Utility\SafeMarkup;
|
||||
use Drupal\filter\FilterFormatInterface;
|
||||
use Drupal\editor\EditorXssFilterInterface;
|
||||
|
||||
|
|
@ -114,7 +113,7 @@ class Standard extends Xss implements EditorXssFilterInterface {
|
|||
// value. There is no need to explicitly decode $node->value, since the
|
||||
// DOMAttr::value getter returns the decoded value.
|
||||
$value = Xss::filterAdmin($node->value);
|
||||
$node->value = SafeMarkup::checkPlain($value);
|
||||
$node->value = Html::escape($value);
|
||||
}
|
||||
$html = Html::serialize($dom);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,10 @@
|
|||
|
||||
namespace Drupal\editor\Tests;
|
||||
|
||||
use Drupal\Component\Utility\Unicode;
|
||||
use Drupal\filter\Entity\FilterFormat;
|
||||
use Drupal\node\Entity\Node;
|
||||
use Drupal\node\Entity\NodeType;
|
||||
use Drupal\simpletest\WebTestBase;
|
||||
|
||||
/**
|
||||
|
|
@ -96,24 +100,88 @@ class EditorAdminTest extends WebTestBase {
|
|||
* Tests adding a text editor to a new text format.
|
||||
*/
|
||||
public function testAddEditorToNewFormat() {
|
||||
$this->addEditorToNewFormat('monocerus', 'Monocerus');
|
||||
$this->verifyUnicornEditorConfiguration('monocerus');
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests format disabling.
|
||||
*/
|
||||
public function testDisableFormatWithEditor() {
|
||||
$formats = ['monocerus' => 'Monocerus', 'tattoo' => 'Tattoo'];
|
||||
|
||||
// Install the node module.
|
||||
$this->container->get('module_installer')->install(['node']);
|
||||
$this->resetAll();
|
||||
// Create a new node type and attach the 'body' field to it.
|
||||
$node_type = NodeType::create(['type' => Unicode::strtolower($this->randomMachineName())]);
|
||||
$node_type->save();
|
||||
node_add_body_field($node_type, $this->randomString());
|
||||
|
||||
$permissions = ['administer filters', "edit any {$node_type->id()} content"];
|
||||
foreach ($formats as $format => $name) {
|
||||
// Create a format and add an editor to this format.
|
||||
$this->addEditorToNewFormat($format, $name);
|
||||
// Add permission for this format.
|
||||
$permissions[] = "use text format $format";
|
||||
}
|
||||
|
||||
// Create a node having the body format value 'moncerus'.
|
||||
$node = Node::create([
|
||||
'type' => $node_type->id(),
|
||||
'title' => $this->randomString(),
|
||||
]);
|
||||
$node->body->value = $this->randomString(100);
|
||||
$node->body->format = 'monocerus';
|
||||
$node->save();
|
||||
|
||||
// Login as an user able to use both formats and edit nodes of created type.
|
||||
$account = $this->drupalCreateUser($permissions);
|
||||
$this->drupalLogin($account);
|
||||
|
||||
// The node edit page header.
|
||||
$text = t('<em>Edit @type</em> @title', array('@type' => $node_type->label(), '@title' => $node->label()));
|
||||
|
||||
// Go to node edit form.
|
||||
$this->drupalGet('node/' . $node->id() . '/edit');
|
||||
$this->assertRaw($text);
|
||||
|
||||
// Disable the format assigned to the 'body' field of the node.
|
||||
FilterFormat::load('monocerus')->disable()->save();
|
||||
|
||||
// Edit again the node.
|
||||
$this->drupalGet('node/' . $node->id() . '/edit');
|
||||
$this->assertRaw($text);
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds an editor to a new format using the UI.
|
||||
*
|
||||
* @param string $format_id
|
||||
* The format id.
|
||||
* @param string $format_name
|
||||
* The format name.
|
||||
*/
|
||||
protected function addEditorToNewFormat($format_id, $format_name) {
|
||||
$this->enableUnicornEditor();
|
||||
$this->drupalLogin($this->adminUser);
|
||||
$this->drupalGet('admin/config/content/formats/add');
|
||||
// Configure the text format name.
|
||||
$edit = array(
|
||||
'name' => 'Monocerus',
|
||||
'format' => 'monocerus',
|
||||
'name' => $format_name,
|
||||
'format' => $format_id,
|
||||
);
|
||||
$edit += $this->selectUnicornEditor();
|
||||
$this->drupalPostForm(NULL, $edit, t('Save configuration'));
|
||||
$this->verifyUnicornEditorConfiguration($edit['format']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Enables the unicorn editor.
|
||||
*/
|
||||
protected function enableUnicornEditor() {
|
||||
\Drupal::service('module_installer')->install(array('editor_test'));
|
||||
if (!$this->container->get('module_handler')->moduleExists('editor_test')) {
|
||||
$this->container->get('module_installer')->install(array('editor_test'));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ namespace Drupal\editor\Tests;
|
|||
|
||||
use Drupal\Component\Serialization\Json;
|
||||
use Drupal\simpletest\WebTestBase;
|
||||
use Drupal\Component\Utility\SafeMarkup;
|
||||
|
||||
/**
|
||||
* Tests XSS protection for content creators when using text editors.
|
||||
|
|
@ -96,7 +95,7 @@ class EditorSecurityTest extends WebTestBase {
|
|||
'filter_html' => array(
|
||||
'status' => 1,
|
||||
'settings' => array(
|
||||
'allowed_html' => '<h4> <h5> <h6> <p> <br> <strong> <a>',
|
||||
'allowed_html' => '<h2> <h3> <h4> <h5> <h6> <p> <br> <strong> <a>',
|
||||
)
|
||||
),
|
||||
),
|
||||
|
|
@ -111,7 +110,7 @@ class EditorSecurityTest extends WebTestBase {
|
|||
'filter_html' => array(
|
||||
'status' => 1,
|
||||
'settings' => array(
|
||||
'allowed_html' => '<h4> <h5> <h6> <p> <br> <strong> <a>',
|
||||
'allowed_html' => '<h2> <h3> <h4> <h5> <h6> <p> <br> <strong> <a>',
|
||||
)
|
||||
),
|
||||
),
|
||||
|
|
@ -131,7 +130,7 @@ class EditorSecurityTest extends WebTestBase {
|
|||
'filter_html' => array(
|
||||
'status' => 1,
|
||||
'settings' => array(
|
||||
'allowed_html' => '<h4> <h5> <h6> <p> <br> <strong> <a> <embed>',
|
||||
'allowed_html' => '<h2> <h3> <h4> <h5> <h6> <p> <br> <strong> <a> <embed>',
|
||||
)
|
||||
),
|
||||
),
|
||||
|
|
@ -388,7 +387,6 @@ class EditorSecurityTest extends WebTestBase {
|
|||
// Log in as the privileged user, and for every sample, do the following:
|
||||
// - switch to every other text format/editor
|
||||
// - assert the XSS-filtered values that we get from the server
|
||||
$value_original_attribute = SafeMarkup::checkPlain(self::$sampleContent);
|
||||
$this->drupalLogin($this->privilegedUser);
|
||||
foreach ($expected as $case) {
|
||||
$this->drupalGet('node/' . $case['node_id'] . '/edit');
|
||||
|
|
|
|||
|
|
@ -176,7 +176,6 @@ class QuickEditIntegrationTest extends QuickEditTestBase {
|
|||
'access' => TRUE,
|
||||
'label' => 'Long text field',
|
||||
'editor' => 'editor',
|
||||
'aria' => 'Entity entity_test 1, field Long text field',
|
||||
'custom' => array(
|
||||
'format' => 'full_html',
|
||||
'formatHasTransformations' => FALSE,
|
||||
|
|
|
|||
Reference in a new issue