silverstripe / silverstripe-iframe

code/IFramePage.php

Indentation +117 added lines, -117 removed lines

@@ -6,126 +6,126 @@
 
 class IFramePage extends Page
 {
-    public static $db = array(
-        'IFrameURL' => 'Text',
-        'AutoHeight' => 'Boolean(1)',
-        'AutoWidth' => 'Boolean(1)',
-        'FixedHeight' => 'Int(500)',
-        'FixedWidth' => 'Int(0)',
-        'AlternateContent' => 'HTMLText',
-        'BottomContent' => 'HTMLText',
-        'ForceProtocol' => 'Varchar',
-    );
-
-    public static $defaults = array(
-        'AutoHeight' => '1',
-        'AutoWidth' => '1',
-        'FixedHeight' => '500',
-        'FixedWidth' => '0'
-    );
-
-    public static $description = 'Embeds an iframe into the body of the page.';
+	public static $db = array(
+		'IFrameURL' => 'Text',
+		'AutoHeight' => 'Boolean(1)',
+		'AutoWidth' => 'Boolean(1)',
+		'FixedHeight' => 'Int(500)',
+		'FixedWidth' => 'Int(0)',
+		'AlternateContent' => 'HTMLText',
+		'BottomContent' => 'HTMLText',
+		'ForceProtocol' => 'Varchar',
+	);
+
+	public static $defaults = array(
+		'AutoHeight' => '1',
+		'AutoWidth' => '1',
+		'FixedHeight' => '500',
+		'FixedWidth' => '0'
+	);
+
+	public static $description = 'Embeds an iframe into the body of the page.';
     
-    public function getCMSFields()
-    {
-        $fields = parent::getCMSFields();
-
-        $fields->removeFieldFromTab('Root.Main', 'Content');
-        $fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'), 'Metadata');
-        $url->setRightTitle('Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).');
-        $fields->addFieldToTab(
-            'Root.Main',
-            DropdownField::create('ForceProtocol', 'Force protocol?')
-                ->setSource(array('http://' => 'http://', 'https://' => 'https://'))
-                ->setEmptyString('')
-                ->setDescription('Avoids mixed content warnings when iframe content is just available under a specific protocol'),
-            'Metadata'
-        );
-        $fields->addFieldToTab('Root.Main', new CheckboxField('AutoHeight', 'Auto height (only works with same domain URLs)'), 'Metadata');
-        $fields->addFieldToTab('Root.Main', new CheckboxField('AutoWidth', 'Auto width (100% of the available space)'), 'Metadata');
-        $fields->addFieldToTab('Root.Main', new NumericField('FixedHeight', 'Fixed height (in pixels)'), 'Metadata');
-        $fields->addFieldToTab('Root.Main', new NumericField('FixedWidth', 'Fixed width (in pixels)'), 'Metadata');
-        $fields->addFieldToTab('Root.Main', new HtmlEditorField('Content', 'Content (appears above iframe)'), 'Metadata');
-        $fields->addFieldToTab('Root.Main', new HtmlEditorField('BottomContent', 'Content (appears below iframe)'), 'Metadata');
-        $fields->addFieldToTab('Root.Main', new HtmlEditorField('AlternateContent', 'Alternate Content (appears when user has iframes disabled)'), 'Metadata');
-
-        return $fields;
-    }
-
-    /**
-     * Compute class from the size parameters.
-     */
-    public function getClass()
-    {
-        $class = '';
-        if ($this->AutoHeight) {
-            $class .= 'iframepage-height-auto';
-        }
-
-        return $class;
-    }
-
-    /**
-     * Compute style from the size parameters.
-     */
-    public function getStyle()
-    {
-        $style = '';
-
-        // Always add fixed height as a fallback if autosetting or JS fails.
-        $height = $this->FixedHeight;
-        if (!$height) {
-            $height = 800;
-        }
-        $style .= "height: {$height}px; ";
-
-        if ($this->AutoWidth) {
-            $style .= "width: 100%; ";
-        } elseif ($this->FixedWidth) {
-            $style .= "width: {$this->FixedWidth}px; ";
-        }
-
-        return $style;
-    }
-
-    /**
-     * Ensure that the IFrameURL is a valid url and prevents XSS
-     * 
-     * @throws ValidationException
-     * @return ValidationResult
-     */
-    public function validate()
-    {
-        $result = parent::validate();
-
-        //whitelist allowed URL schemes
-        $allowed_schemes = array('http', 'https');
-        if ($matches = parse_url($this->IFrameURL)) {
-            if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
-                $result->error(_t('IFramePage.VALIDATION.BANNEDURLSCHEME', "This URL scheme is not allowed."));
-            }
-        }
-
-        return $result;
-    }
+	public function getCMSFields()
+	{
+		$fields = parent::getCMSFields();
+
+		$fields->removeFieldFromTab('Root.Main', 'Content');
+		$fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'), 'Metadata');
+		$url->setRightTitle('Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).');
+		$fields->addFieldToTab(
+			'Root.Main',
+			DropdownField::create('ForceProtocol', 'Force protocol?')
+				->setSource(array('http://' => 'http://', 'https://' => 'https://'))
+				->setEmptyString('')
+				->setDescription('Avoids mixed content warnings when iframe content is just available under a specific protocol'),
+			'Metadata'
+		);
+		$fields->addFieldToTab('Root.Main', new CheckboxField('AutoHeight', 'Auto height (only works with same domain URLs)'), 'Metadata');
+		$fields->addFieldToTab('Root.Main', new CheckboxField('AutoWidth', 'Auto width (100% of the available space)'), 'Metadata');
+		$fields->addFieldToTab('Root.Main', new NumericField('FixedHeight', 'Fixed height (in pixels)'), 'Metadata');
+		$fields->addFieldToTab('Root.Main', new NumericField('FixedWidth', 'Fixed width (in pixels)'), 'Metadata');
+		$fields->addFieldToTab('Root.Main', new HtmlEditorField('Content', 'Content (appears above iframe)'), 'Metadata');
+		$fields->addFieldToTab('Root.Main', new HtmlEditorField('BottomContent', 'Content (appears below iframe)'), 'Metadata');
+		$fields->addFieldToTab('Root.Main', new HtmlEditorField('AlternateContent', 'Alternate Content (appears when user has iframes disabled)'), 'Metadata');
+
+		return $fields;
+	}
+
+	/**
+	 * Compute class from the size parameters.
+	 */
+	public function getClass()
+	{
+		$class = '';
+		if ($this->AutoHeight) {
+			$class .= 'iframepage-height-auto';
+		}
+
+		return $class;
+	}
+
+	/**
+	 * Compute style from the size parameters.
+	 */
+	public function getStyle()
+	{
+		$style = '';
+
+		// Always add fixed height as a fallback if autosetting or JS fails.
+		$height = $this->FixedHeight;
+		if (!$height) {
+			$height = 800;
+		}
+		$style .= "height: {$height}px; ";
+
+		if ($this->AutoWidth) {
+			$style .= "width: 100%; ";
+		} elseif ($this->FixedWidth) {
+			$style .= "width: {$this->FixedWidth}px; ";
+		}
+
+		return $style;
+	}
+
+	/**
+	 * Ensure that the IFrameURL is a valid url and prevents XSS
+	 * 
+	 * @throws ValidationException
+	 * @return ValidationResult
+	 */
+	public function validate()
+	{
+		$result = parent::validate();
+
+		//whitelist allowed URL schemes
+		$allowed_schemes = array('http', 'https');
+		if ($matches = parse_url($this->IFrameURL)) {
+			if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
+				$result->error(_t('IFramePage.VALIDATION.BANNEDURLSCHEME', "This URL scheme is not allowed."));
+			}
+		}
+
+		return $result;
+	}
 }
 
 class IFramePage_Controller extends Page_Controller
 {
-    public function init()
-    {
-        parent::init();
-
-        if ($this->ForceProtocol) {
-            if ($this->ForceProtocol == 'http://' && Director::protocol() != 'http://') {
-                return $this->redirect(preg_replace('#https://#', 'http://', $this->AbsoluteLink()));
-            } elseif ($this->ForceProtocol == 'https://' && Director::protocol() != 'https://') {
-                return $this->redirect(preg_replace('#http://#', 'https://', $this->AbsoluteLink()));
-            }
-        }
-
-        if ($this->IFrameURL) {
-            Requirements::javascript('iframe/javascript/iframe_page.js');
-        }
-    }
+	public function init()
+	{
+		parent::init();
+
+		if ($this->ForceProtocol) {
+			if ($this->ForceProtocol == 'http://' && Director::protocol() != 'http://') {
+				return $this->redirect(preg_replace('#https://#', 'http://', $this->AbsoluteLink()));
+			} elseif ($this->ForceProtocol == 'https://' && Director::protocol() != 'https://') {
+				return $this->redirect(preg_replace('#http://#', 'https://', $this->AbsoluteLink()));
+			}
+		}
+
+		if ($this->IFrameURL) {
+			Requirements::javascript('iframe/javascript/iframe_page.js');
+		}
+	}
 }

tests/IFramePageTest.php

Indentation +134 added lines, -134 removed lines

@@ -2,138 +2,138 @@
 
 class IFramePageTest extends SapphireTest
 {
-    public function setUp()
-    {
-        parent::setUp();
-        Config::nest();
-    }
-
-    public function tearDown()
-    {
-        Config::unnest();
-        parent::tearDown();
-    }
-
-    public function testGetClass()
-    {
-        $iframe = new IFramePage();
-        $iframe->AutoHeight = 1;
-        $iframe->getClass();
-
-        $this->assertContains('iframepage-height-auto', $iframe->getClass());
-
-        $iframe->AutoHeight = 0;
-        $iframe->getClass();
-
-        $this->assertNotContains('iframepage-height-auto', $iframe->getClass());
-    }
-
-    public function testGetStyle()
-    {
-        $iframe = new IFramePage();
-
-        $iframe->FixedHeight = 0;
-        $iframe->getStyle();
-        $this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
-
-        $iframe->FixedHeight = 100;
-        $iframe->getStyle();
-        $this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
-
-        $iframe->AutoWidth = 1;
-        $iframe->FixedWidth = '200';
-        $this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
-
-        $iframe->AutoWidth = 0;
-        $iframe->FixedWidth = '200';
-        $this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
-    }
-
-    public function testAllowedUrls()
-    {
-        $iframe = new IFramePage();
-
-        $tests = array(
-            'allowed' => array(
-                'http://anything',
-                'https://anything',
-                'page',
-                'sub-page/link',
-                'page/link',
-                'page.html',
-                'page.htm',
-                'page.phpissoawesomewhywouldiuseanythingelse',
-                '//url.com/page',
-                '/root/page/link',
-                'http://intranet:8888',
-                'http://javascript:8080',
-                'http://username:password@hostname/path?arg=value#anchor'
-            ),
-            'banned' => array(
-                'javascript:alert',
-                'tel:0210001234',
-                'ftp://url',
-                'ssh://1.2.3.4',
-                'ssh://url.com/page'
-            )
-        );
-
-        foreach ($tests['allowed'] as $url) {
-            $iframe->IFrameURL = $url;
-            $iframe->write();
-            $this->assertContains($iframe->IFrameURL, $url);
-        }
-
-        foreach ($tests['banned'] as $url) {
-            $iframe->IFrameURL = $url;
-            $this->setExpectedException('ValidationException');
-            $iframe->write();
-        }
-    }
-
-    public function testForceProtocol()
-    {
-        $origServer = $_SERVER;
-
-        $page = new IFramePage();
-        $page->URLSegment = 'iframe';
-        $page->IFrameURL = 'http://target.com';
-
-        Config::inst()->update('Director', 'alternate_protocol', 'http');
-        Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
-        $page->ForceProtocol = '';
-        $controller = new IFramePage_Controller($page);
-        $response = $controller->init();
-        $this->assertNull($response);
-
-        Config::inst()->update('Director', 'alternate_protocol', 'https');
-        Config::inst()->update('Director', 'alternate_base_url', 'https://host.com');
-        $page->ForceProtocol = '';
-        $controller = new IFramePage_Controller($page);
-        $response = $controller->init();
-        $this->assertNull($response);
-
-        Config::inst()->update('Director', 'alternate_protocol', 'http');
-        Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
-        $page->ForceProtocol = 'http://';
-        $controller = new IFramePage_Controller($page);
-        $response = $controller->init();
-        $this->assertNull($response);
-
-        Config::inst()->update('Director', 'alternate_protocol', 'http');
-        Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
-        $page->ForceProtocol = 'https://';
-        $controller = new IFramePage_Controller($page);
-        $response = $controller->init();
-        $this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
-
-        Config::inst()->update('Director', 'alternate_protocol', 'https');
-        Config::inst()->update('Director', 'alternate_base_url', 'https://host.com');
-        $page->ForceProtocol = 'http://';
-        $controller = new IFramePage_Controller($page);
-        $response = $controller->init();
-        $this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
-
-        $_SERVER = $origServer;
-    }
+	public function setUp()
+	{
+		parent::setUp();
+		Config::nest();
+	}
+
+	public function tearDown()
+	{
+		Config::unnest();
+		parent::tearDown();
+	}
+
+	public function testGetClass()
+	{
+		$iframe = new IFramePage();
+		$iframe->AutoHeight = 1;
+		$iframe->getClass();
+
+		$this->assertContains('iframepage-height-auto', $iframe->getClass());
+
+		$iframe->AutoHeight = 0;
+		$iframe->getClass();
+
+		$this->assertNotContains('iframepage-height-auto', $iframe->getClass());
+	}
+
+	public function testGetStyle()
+	{
+		$iframe = new IFramePage();
+
+		$iframe->FixedHeight = 0;
+		$iframe->getStyle();
+		$this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
+
+		$iframe->FixedHeight = 100;
+		$iframe->getStyle();
+		$this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
+
+		$iframe->AutoWidth = 1;
+		$iframe->FixedWidth = '200';
+		$this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
+
+		$iframe->AutoWidth = 0;
+		$iframe->FixedWidth = '200';
+		$this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
+	}
+
+	public function testAllowedUrls()
+	{
+		$iframe = new IFramePage();
+
+		$tests = array(
+			'allowed' => array(
+				'http://anything',
+				'https://anything',
+				'page',
+				'sub-page/link',
+				'page/link',
+				'page.html',
+				'page.htm',
+				'page.phpissoawesomewhywouldiuseanythingelse',
+				'//url.com/page',
+				'/root/page/link',
+				'http://intranet:8888',
+				'http://javascript:8080',
+				'http://username:password@hostname/path?arg=value#anchor'
+			),
+			'banned' => array(
+				'javascript:alert',
+				'tel:0210001234',
+				'ftp://url',
+				'ssh://1.2.3.4',
+				'ssh://url.com/page'
+			)
+		);
+
+		foreach ($tests['allowed'] as $url) {
+			$iframe->IFrameURL = $url;
+			$iframe->write();
+			$this->assertContains($iframe->IFrameURL, $url);
+		}
+
+		foreach ($tests['banned'] as $url) {
+			$iframe->IFrameURL = $url;
+			$this->setExpectedException('ValidationException');
+			$iframe->write();
+		}
+	}
+
+	public function testForceProtocol()
+	{
+		$origServer = $_SERVER;
+
+		$page = new IFramePage();
+		$page->URLSegment = 'iframe';
+		$page->IFrameURL = 'http://target.com';
+
+		Config::inst()->update('Director', 'alternate_protocol', 'http');
+		Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
+		$page->ForceProtocol = '';
+		$controller = new IFramePage_Controller($page);
+		$response = $controller->init();
+		$this->assertNull($response);
+
+		Config::inst()->update('Director', 'alternate_protocol', 'https');
+		Config::inst()->update('Director', 'alternate_base_url', 'https://host.com');
+		$page->ForceProtocol = '';
+		$controller = new IFramePage_Controller($page);
+		$response = $controller->init();
+		$this->assertNull($response);
+
+		Config::inst()->update('Director', 'alternate_protocol', 'http');
+		Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
+		$page->ForceProtocol = 'http://';
+		$controller = new IFramePage_Controller($page);
+		$response = $controller->init();
+		$this->assertNull($response);
+
+		Config::inst()->update('Director', 'alternate_protocol', 'http');
+		Config::inst()->update('Director', 'alternate_base_url', 'http://host.com');
+		$page->ForceProtocol = 'https://';
+		$controller = new IFramePage_Controller($page);
+		$response = $controller->init();
+		$this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
+
+		Config::inst()->update('Director', 'alternate_protocol', 'https');
+		Config::inst()->update('Director', 'alternate_base_url', 'https://host.com');
+		$page->ForceProtocol = 'http://';
+		$controller = new IFramePage_Controller($page);
+		$response = $controller->init();
+		$this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
+
+		$_SERVER = $origServer;
+	}
 }