Passed
Push — master ( 07fb16...819842 )
by Robbie
04:02 queued 10s
created
tests/IFramePageTest.php 1 patch
Indentation   +129 added lines, -129 removed lines patch added patch discarded remove patch
@@ -10,133 +10,133 @@
 block discarded – undo
10 10
 
11 11
 class IFramePageTest extends SapphireTest
12 12
 {
13
-    protected $usesDatabase = true;
14
-
15
-    public function testGetClass()
16
-    {
17
-        $iframe = new IFramePage();
18
-        $iframe->AutoHeight = 1;
19
-        $iframe->getClass();
20
-
21
-        $this->assertContains('iframepage-height-auto', $iframe->getClass());
22
-
23
-        $iframe->AutoHeight = 0;
24
-        $iframe->getClass();
25
-
26
-        $this->assertNotContains('iframepage-height-auto', $iframe->getClass());
27
-    }
28
-
29
-    public function testGetStyle()
30
-    {
31
-        $iframe = new IFramePage();
32
-
33
-        $iframe->FixedHeight = 0;
34
-        $iframe->getStyle();
35
-        $this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
36
-
37
-        $iframe->FixedHeight = 100;
38
-        $iframe->getStyle();
39
-        $this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
40
-
41
-        $iframe->AutoWidth = 1;
42
-        $iframe->FixedWidth = '200';
43
-        $this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
44
-
45
-        $iframe->AutoWidth = 0;
46
-        $iframe->FixedWidth = '200';
47
-        $this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
48
-    }
49
-
50
-    public function testAllowedUrls()
51
-    {
52
-        $iframe = new IFramePage();
53
-
54
-        $tests = array(
55
-            'allowed' => array(
56
-                'http://anything',
57
-                'https://anything',
58
-                'page',
59
-                'sub-page/link',
60
-                'page/link',
61
-                'page.html',
62
-                'page.htm',
63
-                'page.phpissoawesomewhywouldiuseanythingelse',
64
-                '//url.com/page',
65
-                '/root/page/link',
66
-                'http://intranet:8888',
67
-                'http://javascript:8080',
68
-                'http://username:password@hostname/path?arg=value#anchor'
69
-            ),
70
-            'banned' => array(
71
-                'javascript:alert',
72
-                'tel:0210001234',
73
-                'ftp://url',
74
-                'ssh://1.2.3.4',
75
-                'ssh://url.com/page'
76
-            )
77
-        );
78
-
79
-        foreach ($tests['allowed'] as $url) {
80
-            $iframe->IFrameURL = $url;
81
-            $iframe->write();
82
-            $this->assertContains($iframe->IFrameURL, $url);
83
-        }
84
-
85
-        foreach ($tests['banned'] as $url) {
86
-            $iframe->IFrameURL = $url;
87
-            $this->setExpectedException(ValidationException::class);
88
-            $iframe->write();
89
-        }
90
-    }
91
-
92
-    public function testForceProtocol()
93
-    {
94
-        $origServer = $_SERVER;
95
-
96
-        $page = new IFramePage();
97
-        $page->URLSegment = 'iframe';
98
-        $page->IFrameURL = 'http://target.com';
99
-
100
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
101
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
102
-        $page->ForceProtocol = '';
103
-        $controller = new IFramePageController($page);
104
-        $controller->doInit();
105
-        $response = $controller->getResponse();
106
-        $this->assertNull($response->getHeader('Location'));
107
-
108
-        Config::modify()->set(Director::class, 'alternate_protocol', 'https');
109
-        Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
110
-        $page->ForceProtocol = '';
111
-        $controller = new IFramePageController($page);
112
-        $controller->doInit();
113
-        $response = $controller->getResponse();
114
-        $this->assertNull($response->getHeader('Location'));
115
-
116
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
117
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
118
-        $page->ForceProtocol = 'http://';
119
-        $controller = new IFramePageController($page);
120
-        $controller->doInit();
121
-        $response = $controller->getResponse();
122
-        $this->assertNull($response->getHeader('Location'));
123
-
124
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
125
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
126
-        $page->ForceProtocol = 'https://';
127
-        $controller = new IFramePageController($page);
128
-        $controller->doInit();
129
-        $response = $controller->getResponse();
130
-        $this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
131
-
132
-        Config::modify()->set(Director::class, 'alternate_protocol', 'https');
133
-        Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
134
-        $page->ForceProtocol = 'http://';
135
-        $controller = new IFramePageController($page);
136
-        $controller->doInit();
137
-        $response = $controller->getResponse();
138
-        $this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
139
-
140
-        $_SERVER = $origServer;
141
-    }
13
+	protected $usesDatabase = true;
14
+
15
+	public function testGetClass()
16
+	{
17
+		$iframe = new IFramePage();
18
+		$iframe->AutoHeight = 1;
19
+		$iframe->getClass();
20
+
21
+		$this->assertContains('iframepage-height-auto', $iframe->getClass());
22
+
23
+		$iframe->AutoHeight = 0;
24
+		$iframe->getClass();
25
+
26
+		$this->assertNotContains('iframepage-height-auto', $iframe->getClass());
27
+	}
28
+
29
+	public function testGetStyle()
30
+	{
31
+		$iframe = new IFramePage();
32
+
33
+		$iframe->FixedHeight = 0;
34
+		$iframe->getStyle();
35
+		$this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
36
+
37
+		$iframe->FixedHeight = 100;
38
+		$iframe->getStyle();
39
+		$this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
40
+
41
+		$iframe->AutoWidth = 1;
42
+		$iframe->FixedWidth = '200';
43
+		$this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
44
+
45
+		$iframe->AutoWidth = 0;
46
+		$iframe->FixedWidth = '200';
47
+		$this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
48
+	}
49
+
50
+	public function testAllowedUrls()
51
+	{
52
+		$iframe = new IFramePage();
53
+
54
+		$tests = array(
55
+			'allowed' => array(
56
+				'http://anything',
57
+				'https://anything',
58
+				'page',
59
+				'sub-page/link',
60
+				'page/link',
61
+				'page.html',
62
+				'page.htm',
63
+				'page.phpissoawesomewhywouldiuseanythingelse',
64
+				'//url.com/page',
65
+				'/root/page/link',
66
+				'http://intranet:8888',
67
+				'http://javascript:8080',
68
+				'http://username:password@hostname/path?arg=value#anchor'
69
+			),
70
+			'banned' => array(
71
+				'javascript:alert',
72
+				'tel:0210001234',
73
+				'ftp://url',
74
+				'ssh://1.2.3.4',
75
+				'ssh://url.com/page'
76
+			)
77
+		);
78
+
79
+		foreach ($tests['allowed'] as $url) {
80
+			$iframe->IFrameURL = $url;
81
+			$iframe->write();
82
+			$this->assertContains($iframe->IFrameURL, $url);
83
+		}
84
+
85
+		foreach ($tests['banned'] as $url) {
86
+			$iframe->IFrameURL = $url;
87
+			$this->setExpectedException(ValidationException::class);
88
+			$iframe->write();
89
+		}
90
+	}
91
+
92
+	public function testForceProtocol()
93
+	{
94
+		$origServer = $_SERVER;
95
+
96
+		$page = new IFramePage();
97
+		$page->URLSegment = 'iframe';
98
+		$page->IFrameURL = 'http://target.com';
99
+
100
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
101
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
102
+		$page->ForceProtocol = '';
103
+		$controller = new IFramePageController($page);
104
+		$controller->doInit();
105
+		$response = $controller->getResponse();
106
+		$this->assertNull($response->getHeader('Location'));
107
+
108
+		Config::modify()->set(Director::class, 'alternate_protocol', 'https');
109
+		Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
110
+		$page->ForceProtocol = '';
111
+		$controller = new IFramePageController($page);
112
+		$controller->doInit();
113
+		$response = $controller->getResponse();
114
+		$this->assertNull($response->getHeader('Location'));
115
+
116
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
117
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
118
+		$page->ForceProtocol = 'http://';
119
+		$controller = new IFramePageController($page);
120
+		$controller->doInit();
121
+		$response = $controller->getResponse();
122
+		$this->assertNull($response->getHeader('Location'));
123
+
124
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
125
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
126
+		$page->ForceProtocol = 'https://';
127
+		$controller = new IFramePageController($page);
128
+		$controller->doInit();
129
+		$response = $controller->getResponse();
130
+		$this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
131
+
132
+		Config::modify()->set(Director::class, 'alternate_protocol', 'https');
133
+		Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
134
+		$page->ForceProtocol = 'http://';
135
+		$controller = new IFramePageController($page);
136
+		$controller->doInit();
137
+		$response = $controller->getResponse();
138
+		$this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
139
+
140
+		$_SERVER = $origServer;
141
+	}
142 142
 }
Please login to merge, or discard this patch.
src/IFramePageController.php 1 patch
Indentation   +17 added lines, -17 removed lines patch added patch discarded remove patch
@@ -8,22 +8,22 @@
 block discarded – undo
8 8
 
9 9
 class IFramePageController extends PageController
10 10
 {
11
-    protected function init()
12
-    {
13
-        parent::init();
14
-        $currentProtocol = Director::protocol();
15
-        $desiredProtocol = $this->ForceProtocol;
16
-        if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
17
-            $enforcedLocation = preg_replace(
18
-                "#^${currentProtocol}#",
19
-                $desiredProtocol,
20
-                $this->AbsoluteLink()
21
-            );
22
-            return $this->redirect($enforcedLocation);
23
-        }
11
+	protected function init()
12
+	{
13
+		parent::init();
14
+		$currentProtocol = Director::protocol();
15
+		$desiredProtocol = $this->ForceProtocol;
16
+		if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
17
+			$enforcedLocation = preg_replace(
18
+				"#^${currentProtocol}#",
19
+				$desiredProtocol,
20
+				$this->AbsoluteLink()
21
+			);
22
+			return $this->redirect($enforcedLocation);
23
+		}
24 24
 
25
-        if ($this->IFrameURL) {
26
-            Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
27
-        }
28
-    }
25
+		if ($this->IFrameURL) {
26
+			Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
27
+		}
28
+	}
29 29
 }
Please login to merge, or discard this patch.
src/IFramePage.php 2 patches
Indentation   +131 added lines, -131 removed lines patch added patch discarded remove patch
@@ -18,135 +18,135 @@
 block discarded – undo
18 18
 
19 19
 class IFramePage extends Page
20 20
 {
21
-    private static $db = array(
22
-        'IFrameURL' => 'Text',
23
-        'IFrameTitle' => 'Varchar',
24
-        'AutoHeight' => 'Boolean(1)',
25
-        'AutoWidth' => 'Boolean(1)',
26
-        'FixedHeight' => 'Int(500)',
27
-        'FixedWidth' => 'Int(0)',
28
-        'AlternateContent' => 'HTMLText',
29
-        'BottomContent' => 'HTMLText',
30
-        'ForceProtocol' => 'Varchar',
31
-    );
32
-
33
-    private static $defaults = array(
34
-        'AutoHeight' => '1',
35
-        'AutoWidth' => '1',
36
-        'FixedHeight' => '500',
37
-        'FixedWidth' => '0'
38
-    );
39
-
40
-    private static $table_name = 'IFramePage';
41
-
42
-    private static $description = 'Embeds an iframe into the body of the page.';
43
-
44
-    private static $singular_name = 'IFrame Page';
45
-
46
-    public function getCMSFields()
47
-    {
48
-        $fields = parent::getCMSFields();
49
-
50
-        $fields->removeFieldFromTab('Root.Main', 'Content');
51
-        $fields->addFieldsToTab('Root.Main', [
52
-            $url = TextField::create('IFrameURL', 'Iframe URL'),
53
-            TextField::create('IFrameTitle', 'Description of contents (title)')
54
-                ->setDescription(_t(__CLASS__ . '.TITLE_DESCRIPTION', 'Used by screen readers')),
55
-        ]);
56
-        $url->setRightTitle(
57
-            DBField::create_field(
58
-                'HTMLText',
59
-                'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
60
-            )
61
-        );
62
-        $fields->addFieldToTab(
63
-            'Root.Main',
64
-            DropdownField::create('ForceProtocol', 'Force protocol?')
65
-                ->setSource(array('http://' => 'http://', 'https://' => 'https://'))
66
-                ->setEmptyString('')
67
-                ->setDescription(
68
-                    'Avoids mixed content warnings when iframe content is just available under a specific protocol'
69
-                ),
70
-            'Metadata'
71
-        );
72
-        $fields->addFieldsToTab('Root.Main', [
73
-            CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
74
-            CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
75
-            NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
76
-            NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
77
-            HtmlEditorField::create('Content', 'Content (appears above iframe)'),
78
-            HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
79
-            HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
80
-        ]);
81
-
82
-        // Move the Metadata field to last position, but make a check for it's
83
-        // existence first.
84
-        //
85
-        // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
86
-        $mainTab = $fields->findOrMakeTab('Root.Main');
87
-        $mainTabFields = $mainTab->FieldList();
88
-        $metaDataField = $mainTabFields->fieldByName('Metadata');
89
-        if ($metaDataField) {
90
-            $mainTabFields->removeByName('Metadata');
91
-            $mainTabFields->push($metaDataField);
92
-        }
93
-        return $fields;
94
-    }
95
-
96
-    /**
97
-     * Compute class from the size parameters.
98
-     */
99
-    public function getClass()
100
-    {
101
-        $class = '';
102
-        if ($this->AutoHeight) {
103
-            $class .= 'iframepage-height-auto';
104
-        }
105
-
106
-        return $class;
107
-    }
108
-
109
-    /**
110
-     * Compute style from the size parameters.
111
-     */
112
-    public function getStyle()
113
-    {
114
-        $style = '';
115
-
116
-        // Always add fixed height as a fallback if autosetting or JS fails.
117
-        $height = $this->FixedHeight;
118
-        if (!$height) {
119
-            $height = 800;
120
-        }
121
-        $style .= "height: {$height}px; ";
122
-
123
-        if ($this->AutoWidth) {
124
-            $style .= "width: 100%; ";
125
-        } elseif ($this->FixedWidth) {
126
-            $style .= "width: {$this->FixedWidth}px; ";
127
-        }
128
-
129
-        return $style;
130
-    }
131
-
132
-    /**
133
-     * Ensure that the IFrameURL is a valid url and prevents XSS
134
-     *
135
-     * @throws ValidationException
136
-     * @return ValidationResult
137
-     */
138
-    public function validate()
139
-    {
140
-        $result = parent::validate();
141
-
142
-        //whitelist allowed URL schemes
143
-        $allowed_schemes = array('http', 'https');
144
-        if ($matches = parse_url($this->IFrameURL)) {
145
-            if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
146
-                $result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
147
-            }
148
-        }
149
-
150
-        return $result;
151
-    }
21
+	private static $db = array(
22
+		'IFrameURL' => 'Text',
23
+		'IFrameTitle' => 'Varchar',
24
+		'AutoHeight' => 'Boolean(1)',
25
+		'AutoWidth' => 'Boolean(1)',
26
+		'FixedHeight' => 'Int(500)',
27
+		'FixedWidth' => 'Int(0)',
28
+		'AlternateContent' => 'HTMLText',
29
+		'BottomContent' => 'HTMLText',
30
+		'ForceProtocol' => 'Varchar',
31
+	);
32
+
33
+	private static $defaults = array(
34
+		'AutoHeight' => '1',
35
+		'AutoWidth' => '1',
36
+		'FixedHeight' => '500',
37
+		'FixedWidth' => '0'
38
+	);
39
+
40
+	private static $table_name = 'IFramePage';
41
+
42
+	private static $description = 'Embeds an iframe into the body of the page.';
43
+
44
+	private static $singular_name = 'IFrame Page';
45
+
46
+	public function getCMSFields()
47
+	{
48
+		$fields = parent::getCMSFields();
49
+
50
+		$fields->removeFieldFromTab('Root.Main', 'Content');
51
+		$fields->addFieldsToTab('Root.Main', [
52
+			$url = TextField::create('IFrameURL', 'Iframe URL'),
53
+			TextField::create('IFrameTitle', 'Description of contents (title)')
54
+				->setDescription(_t(__CLASS__ . '.TITLE_DESCRIPTION', 'Used by screen readers')),
55
+		]);
56
+		$url->setRightTitle(
57
+			DBField::create_field(
58
+				'HTMLText',
59
+				'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
60
+			)
61
+		);
62
+		$fields->addFieldToTab(
63
+			'Root.Main',
64
+			DropdownField::create('ForceProtocol', 'Force protocol?')
65
+				->setSource(array('http://' => 'http://', 'https://' => 'https://'))
66
+				->setEmptyString('')
67
+				->setDescription(
68
+					'Avoids mixed content warnings when iframe content is just available under a specific protocol'
69
+				),
70
+			'Metadata'
71
+		);
72
+		$fields->addFieldsToTab('Root.Main', [
73
+			CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
74
+			CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
75
+			NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
76
+			NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
77
+			HtmlEditorField::create('Content', 'Content (appears above iframe)'),
78
+			HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
79
+			HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
80
+		]);
81
+
82
+		// Move the Metadata field to last position, but make a check for it's
83
+		// existence first.
84
+		//
85
+		// See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
86
+		$mainTab = $fields->findOrMakeTab('Root.Main');
87
+		$mainTabFields = $mainTab->FieldList();
88
+		$metaDataField = $mainTabFields->fieldByName('Metadata');
89
+		if ($metaDataField) {
90
+			$mainTabFields->removeByName('Metadata');
91
+			$mainTabFields->push($metaDataField);
92
+		}
93
+		return $fields;
94
+	}
95
+
96
+	/**
97
+	 * Compute class from the size parameters.
98
+	 */
99
+	public function getClass()
100
+	{
101
+		$class = '';
102
+		if ($this->AutoHeight) {
103
+			$class .= 'iframepage-height-auto';
104
+		}
105
+
106
+		return $class;
107
+	}
108
+
109
+	/**
110
+	 * Compute style from the size parameters.
111
+	 */
112
+	public function getStyle()
113
+	{
114
+		$style = '';
115
+
116
+		// Always add fixed height as a fallback if autosetting or JS fails.
117
+		$height = $this->FixedHeight;
118
+		if (!$height) {
119
+			$height = 800;
120
+		}
121
+		$style .= "height: {$height}px; ";
122
+
123
+		if ($this->AutoWidth) {
124
+			$style .= "width: 100%; ";
125
+		} elseif ($this->FixedWidth) {
126
+			$style .= "width: {$this->FixedWidth}px; ";
127
+		}
128
+
129
+		return $style;
130
+	}
131
+
132
+	/**
133
+	 * Ensure that the IFrameURL is a valid url and prevents XSS
134
+	 *
135
+	 * @throws ValidationException
136
+	 * @return ValidationResult
137
+	 */
138
+	public function validate()
139
+	{
140
+		$result = parent::validate();
141
+
142
+		//whitelist allowed URL schemes
143
+		$allowed_schemes = array('http', 'https');
144
+		if ($matches = parse_url($this->IFrameURL)) {
145
+			if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
146
+				$result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
147
+			}
148
+		}
149
+
150
+		return $result;
151
+	}
152 152
 }
Please login to merge, or discard this patch.
Spacing   +2 added lines, -2 removed lines patch added patch discarded remove patch
@@ -51,7 +51,7 @@  discard block
 block discarded – undo
51 51
         $fields->addFieldsToTab('Root.Main', [
52 52
             $url = TextField::create('IFrameURL', 'Iframe URL'),
53 53
             TextField::create('IFrameTitle', 'Description of contents (title)')
54
-                ->setDescription(_t(__CLASS__ . '.TITLE_DESCRIPTION', 'Used by screen readers')),
54
+                ->setDescription(_t(__CLASS__.'.TITLE_DESCRIPTION', 'Used by screen readers')),
55 55
         ]);
56 56
         $url->setRightTitle(
57 57
             DBField::create_field(
@@ -143,7 +143,7 @@  discard block
 block discarded – undo
143 143
         $allowed_schemes = array('http', 'https');
144 144
         if ($matches = parse_url($this->IFrameURL)) {
145 145
             if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
146
-                $result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
146
+                $result->addError(_t(__CLASS__.'.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
147 147
             }
148 148
         }
149 149
 
Please login to merge, or discard this patch.