silverstripe / silverstripe-iframe

tests/IFramePageTest.php

Indentation +129 added lines, -129 removed lines

@@ -10,133 +10,133 @@
 
 class IFramePageTest extends SapphireTest
 {
-    protected $usesDatabase = true;
-
-    public function testGetClass()
-    {
-        $iframe = new IFramePage();
-        $iframe->AutoHeight = 1;
-        $iframe->getClass();
-
-        $this->assertContains('iframepage-height-auto', $iframe->getClass());
-
-        $iframe->AutoHeight = 0;
-        $iframe->getClass();
-
-        $this->assertNotContains('iframepage-height-auto', $iframe->getClass());
-    }
-
-    public function testGetStyle()
-    {
-        $iframe = new IFramePage();
-
-        $iframe->FixedHeight = 0;
-        $iframe->getStyle();
-        $this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
-
-        $iframe->FixedHeight = 100;
-        $iframe->getStyle();
-        $this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
-
-        $iframe->AutoWidth = 1;
-        $iframe->FixedWidth = '200';
-        $this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
-
-        $iframe->AutoWidth = 0;
-        $iframe->FixedWidth = '200';
-        $this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
-    }
-
-    public function testAllowedUrls()
-    {
-        $iframe = new IFramePage();
-
-        $tests = array(
-            'allowed' => array(
-                'http://anything',
-                'https://anything',
-                'page',
-                'sub-page/link',
-                'page/link',
-                'page.html',
-                'page.htm',
-                'page.phpissoawesomewhywouldiuseanythingelse',
-                '//url.com/page',
-                '/root/page/link',
-                'http://intranet:8888',
-                'http://javascript:8080',
-                'http://username:password@hostname/path?arg=value#anchor'
-            ),
-            'banned' => array(
-                'javascript:alert',
-                'tel:0210001234',
-                'ftp://url',
-                'ssh://1.2.3.4',
-                'ssh://url.com/page'
-            )
-        );
-
-        foreach ($tests['allowed'] as $url) {
-            $iframe->IFrameURL = $url;
-            $iframe->write();
-            $this->assertContains($iframe->IFrameURL, $url);
-        }
-
-        foreach ($tests['banned'] as $url) {
-            $iframe->IFrameURL = $url;
-            $this->setExpectedException(ValidationException::class);
-            $iframe->write();
-        }
-    }
-
-    public function testForceProtocol()
-    {
-        $origServer = $_SERVER;
-
-        $page = new IFramePage();
-        $page->URLSegment = 'iframe';
-        $page->IFrameURL = 'http://target.com';
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
-        $page->ForceProtocol = '';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertNull($response->getHeader('Location'));
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'https');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
-        $page->ForceProtocol = '';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertNull($response->getHeader('Location'));
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
-        $page->ForceProtocol = 'http://';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertNull($response->getHeader('Location'));
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
-        $page->ForceProtocol = 'https://';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'https');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
-        $page->ForceProtocol = 'http://';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
-
-        $_SERVER = $origServer;
-    }
+	protected $usesDatabase = true;
+
+	public function testGetClass()
+	{
+		$iframe = new IFramePage();
+		$iframe->AutoHeight = 1;
+		$iframe->getClass();
+
+		$this->assertContains('iframepage-height-auto', $iframe->getClass());
+
+		$iframe->AutoHeight = 0;
+		$iframe->getClass();
+
+		$this->assertNotContains('iframepage-height-auto', $iframe->getClass());
+	}
+
+	public function testGetStyle()
+	{
+		$iframe = new IFramePage();
+
+		$iframe->FixedHeight = 0;
+		$iframe->getStyle();
+		$this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
+
+		$iframe->FixedHeight = 100;
+		$iframe->getStyle();
+		$this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
+
+		$iframe->AutoWidth = 1;
+		$iframe->FixedWidth = '200';
+		$this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
+
+		$iframe->AutoWidth = 0;
+		$iframe->FixedWidth = '200';
+		$this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
+	}
+
+	public function testAllowedUrls()
+	{
+		$iframe = new IFramePage();
+
+		$tests = array(
+			'allowed' => array(
+				'http://anything',
+				'https://anything',
+				'page',
+				'sub-page/link',
+				'page/link',
+				'page.html',
+				'page.htm',
+				'page.phpissoawesomewhywouldiuseanythingelse',
+				'//url.com/page',
+				'/root/page/link',
+				'http://intranet:8888',
+				'http://javascript:8080',
+				'http://username:password@hostname/path?arg=value#anchor'
+			),
+			'banned' => array(
+				'javascript:alert',
+				'tel:0210001234',
+				'ftp://url',
+				'ssh://1.2.3.4',
+				'ssh://url.com/page'
+			)
+		);
+
+		foreach ($tests['allowed'] as $url) {
+			$iframe->IFrameURL = $url;
+			$iframe->write();
+			$this->assertContains($iframe->IFrameURL, $url);
+		}
+
+		foreach ($tests['banned'] as $url) {
+			$iframe->IFrameURL = $url;
+			$this->setExpectedException(ValidationException::class);
+			$iframe->write();
+		}
+	}
+
+	public function testForceProtocol()
+	{
+		$origServer = $_SERVER;
+
+		$page = new IFramePage();
+		$page->URLSegment = 'iframe';
+		$page->IFrameURL = 'http://target.com';
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
+		$page->ForceProtocol = '';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertNull($response->getHeader('Location'));
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'https');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
+		$page->ForceProtocol = '';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertNull($response->getHeader('Location'));
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
+		$page->ForceProtocol = 'http://';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertNull($response->getHeader('Location'));
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
+		$page->ForceProtocol = 'https://';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'https');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
+		$page->ForceProtocol = 'http://';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
+
+		$_SERVER = $origServer;
+	}
 }

src/IFramePageController.php

Indentation +17 added lines, -17 removed lines

@@ -8,22 +8,22 @@
 
 class IFramePageController extends ContentController
 {
-    protected function init()
-    {
-        parent::init();
-        $currentProtocol = Director::protocol();
-        $desiredProtocol = $this->ForceProtocol;
-        if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
-            $enforcedLocation = preg_replace(
-                "#^${currentProtocol}#",
-                $desiredProtocol,
-                $this->AbsoluteLink()
-            );
-            return $this->redirect($enforcedLocation);
-        }
+	protected function init()
+	{
+		parent::init();
+		$currentProtocol = Director::protocol();
+		$desiredProtocol = $this->ForceProtocol;
+		if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
+			$enforcedLocation = preg_replace(
+				"#^${currentProtocol}#",
+				$desiredProtocol,
+				$this->AbsoluteLink()
+			);
+			return $this->redirect($enforcedLocation);
+		}
 
-        if ($this->IFrameURL) {
-            Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
-        }
-    }
+		if ($this->IFrameURL) {
+			Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
+		}
+	}
 }

src/IFramePage.php

Indentation +121 added lines, -121 removed lines

@@ -15,125 +15,125 @@
 
 class IFramePage extends Page
 {
-    private static $db = array(
-        'IFrameURL' => 'Text',
-        'AutoHeight' => 'Boolean(1)',
-        'AutoWidth' => 'Boolean(1)',
-        'FixedHeight' => 'Int(500)',
-        'FixedWidth' => 'Int(0)',
-        'AlternateContent' => 'HTMLText',
-        'BottomContent' => 'HTMLText',
-        'ForceProtocol' => 'Varchar',
-    );
-
-    private static $defaults = array(
-        'AutoHeight' => '1',
-        'AutoWidth' => '1',
-        'FixedHeight' => '500',
-        'FixedWidth' => '0'
-    );
-
-    private static $description = 'Embeds an iframe into the body of the page.';
-
-    private static $singular_name = 'IFrame Page';
-
-    public function getCMSFields()
-    {
-        $fields = parent::getCMSFields();
-
-        $fields->removeFieldFromTab('Root.Main', 'Content');
-        $fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'));
-        $url->setRightTitle(
-            'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
-        );
-        $fields->addFieldToTab(
-            'Root.Main',
-            DropdownField::create('ForceProtocol', 'Force protocol?')
-                ->setSource(array('http://' => 'http://', 'https://' => 'https://'))
-                ->setEmptyString('')
-                ->setDescription(
-                    'Avoids mixed content warnings when iframe content is just available under a specific protocol'
-                ),
-            'Metadata'
-        );
-        $fields->addFieldsToTab('Root.Main', [
-            CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
-            CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
-            NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
-            NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
-            HtmlEditorField::create('Content', 'Content (appears above iframe)'),
-            HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
-            HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
-        ]);
-
-        // Move the Metadata field to last position, but make a check for it's
-        // existence first.
-        //
-        // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
-        $mainTab = $fields->findOrMakeTab('Root.Main');
-        $mainTabFields = $mainTab->FieldList();
-        $metaDataField = $mainTabFields->fieldByName('Metadata');
-        if ($metaDataField) {
-            $mainTabFields->removeByName('Metadata');
-            $mainTabFields->push($metaDataField);
-        }
-        return $fields;
-    }
-
-    /**
-     * Compute class from the size parameters.
-     */
-    public function getClass()
-    {
-        $class = '';
-        if ($this->AutoHeight) {
-            $class .= 'iframepage-height-auto';
-        }
-
-        return $class;
-    }
-
-    /**
-     * Compute style from the size parameters.
-     */
-    public function getStyle()
-    {
-        $style = '';
-
-        // Always add fixed height as a fallback if autosetting or JS fails.
-        $height = $this->FixedHeight;
-        if (!$height) {
-            $height = 800;
-        }
-        $style .= "height: {$height}px; ";
-
-        if ($this->AutoWidth) {
-            $style .= "width: 100%; ";
-        } elseif ($this->FixedWidth) {
-            $style .= "width: {$this->FixedWidth}px; ";
-        }
-
-        return $style;
-    }
-
-    /**
-     * Ensure that the IFrameURL is a valid url and prevents XSS
-     *
-     * @throws ValidationException
-     * @return ValidationResult
-     */
-    public function validate()
-    {
-        $result = parent::validate();
-
-        //whitelist allowed URL schemes
-        $allowed_schemes = array('http', 'https');
-        if ($matches = parse_url($this->IFrameURL)) {
-            if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
-                $result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
-            }
-        }
-
-        return $result;
-    }
+	private static $db = array(
+		'IFrameURL' => 'Text',
+		'AutoHeight' => 'Boolean(1)',
+		'AutoWidth' => 'Boolean(1)',
+		'FixedHeight' => 'Int(500)',
+		'FixedWidth' => 'Int(0)',
+		'AlternateContent' => 'HTMLText',
+		'BottomContent' => 'HTMLText',
+		'ForceProtocol' => 'Varchar',
+	);
+
+	private static $defaults = array(
+		'AutoHeight' => '1',
+		'AutoWidth' => '1',
+		'FixedHeight' => '500',
+		'FixedWidth' => '0'
+	);
+
+	private static $description = 'Embeds an iframe into the body of the page.';
+
+	private static $singular_name = 'IFrame Page';
+
+	public function getCMSFields()
+	{
+		$fields = parent::getCMSFields();
+
+		$fields->removeFieldFromTab('Root.Main', 'Content');
+		$fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'));
+		$url->setRightTitle(
+			'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
+		);
+		$fields->addFieldToTab(
+			'Root.Main',
+			DropdownField::create('ForceProtocol', 'Force protocol?')
+				->setSource(array('http://' => 'http://', 'https://' => 'https://'))
+				->setEmptyString('')
+				->setDescription(
+					'Avoids mixed content warnings when iframe content is just available under a specific protocol'
+				),
+			'Metadata'
+		);
+		$fields->addFieldsToTab('Root.Main', [
+			CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
+			CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
+			NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
+			NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
+			HtmlEditorField::create('Content', 'Content (appears above iframe)'),
+			HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
+			HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
+		]);
+
+		// Move the Metadata field to last position, but make a check for it's
+		// existence first.
+		//
+		// See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
+		$mainTab = $fields->findOrMakeTab('Root.Main');
+		$mainTabFields = $mainTab->FieldList();
+		$metaDataField = $mainTabFields->fieldByName('Metadata');
+		if ($metaDataField) {
+			$mainTabFields->removeByName('Metadata');
+			$mainTabFields->push($metaDataField);
+		}
+		return $fields;
+	}
+
+	/**
+	 * Compute class from the size parameters.
+	 */
+	public function getClass()
+	{
+		$class = '';
+		if ($this->AutoHeight) {
+			$class .= 'iframepage-height-auto';
+		}
+
+		return $class;
+	}
+
+	/**
+	 * Compute style from the size parameters.
+	 */
+	public function getStyle()
+	{
+		$style = '';
+
+		// Always add fixed height as a fallback if autosetting or JS fails.
+		$height = $this->FixedHeight;
+		if (!$height) {
+			$height = 800;
+		}
+		$style .= "height: {$height}px; ";
+
+		if ($this->AutoWidth) {
+			$style .= "width: 100%; ";
+		} elseif ($this->FixedWidth) {
+			$style .= "width: {$this->FixedWidth}px; ";
+		}
+
+		return $style;
+	}
+
+	/**
+	 * Ensure that the IFrameURL is a valid url and prevents XSS
+	 *
+	 * @throws ValidationException
+	 * @return ValidationResult
+	 */
+	public function validate()
+	{
+		$result = parent::validate();
+
+		//whitelist allowed URL schemes
+		$allowed_schemes = array('http', 'https');
+		if ($matches = parse_url($this->IFrameURL)) {
+			if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
+				$result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
+			}
+		}
+
+		return $result;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -130,7 +130,7 @@
         $allowed_schemes = array('http', 'https');
         if ($matches = parse_url($this->IFrameURL)) {
             if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
-                $result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
+                $result->addError(_t(__CLASS__.'.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
             }
         }