Inspection of "Merge pull request #28 from creative-commoners/pul..." - silverstripe/silverstripe-iframe - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( df6bd2...c3da4e )

by Robbie

created 2017-11-22 21:59 UTC

Status

Indentation +129 added lines, -129 removed lines patch added patch discarded remove patch

@@ -10,133 +10,133 @@
 block discarded – undo
 
 class IFramePageTest extends SapphireTest
 {
-    protected $usesDatabase = true;
-
-    public function testGetClass()
-    {
-        $iframe = new IFramePage();
-        $iframe->AutoHeight = 1;
-        $iframe->getClass();
-
-        $this->assertContains('iframepage-height-auto', $iframe->getClass());
-
-        $iframe->AutoHeight = 0;
-        $iframe->getClass();
-
-        $this->assertNotContains('iframepage-height-auto', $iframe->getClass());
-    }
-
-    public function testGetStyle()
-    {
-        $iframe = new IFramePage();
-
-        $iframe->FixedHeight = 0;
-        $iframe->getStyle();
-        $this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
-
-        $iframe->FixedHeight = 100;
-        $iframe->getStyle();
-        $this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
-
-        $iframe->AutoWidth = 1;
-        $iframe->FixedWidth = '200';
-        $this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
-
-        $iframe->AutoWidth = 0;
-        $iframe->FixedWidth = '200';
-        $this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
-    }
-
-    public function testAllowedUrls()
-    {
-        $iframe = new IFramePage();
-
-        $tests = array(
-            'allowed' => array(
-                'http://anything',
-                'https://anything',
-                'page',
-                'sub-page/link',
-                'page/link',
-                'page.html',
-                'page.htm',
-                'page.phpissoawesomewhywouldiuseanythingelse',
-                '//url.com/page',
-                '/root/page/link',
-                'http://intranet:8888',
-                'http://javascript:8080',
-                'http://username:password@hostname/path?arg=value#anchor'
-            ),
-            'banned' => array(
-                'javascript:alert',
-                'tel:0210001234',
-                'ftp://url',
-                'ssh://1.2.3.4',
-                'ssh://url.com/page'
-            )
-        );
-
-        foreach ($tests['allowed'] as $url) {
-            $iframe->IFrameURL = $url;
-            $iframe->write();
-            $this->assertContains($iframe->IFrameURL, $url);
-        }
-
-        foreach ($tests['banned'] as $url) {
-            $iframe->IFrameURL = $url;
-            $this->setExpectedException(ValidationException::class);
-            $iframe->write();
-        }
-    }
-
-    public function testForceProtocol()
-    {
-        $origServer = $_SERVER;
-
-        $page = new IFramePage();
-        $page->URLSegment = 'iframe';
-        $page->IFrameURL = 'http://target.com';
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
-        $page->ForceProtocol = '';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertNull($response->getHeader('Location'));
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'https');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
-        $page->ForceProtocol = '';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertNull($response->getHeader('Location'));
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
-        $page->ForceProtocol = 'http://';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertNull($response->getHeader('Location'));
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
-        $page->ForceProtocol = 'https://';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
-
-        Config::modify()->set(Director::class, 'alternate_protocol', 'https');
-        Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
-        $page->ForceProtocol = 'http://';
-        $controller = new IFramePageController($page);
-        $controller->doInit();
-        $response = $controller->getResponse();
-        $this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
-
-        $_SERVER = $origServer;
-    }
+	protected $usesDatabase = true;
+
+	public function testGetClass()
+	{
+		$iframe = new IFramePage();
+		$iframe->AutoHeight = 1;
+		$iframe->getClass();
+
+		$this->assertContains('iframepage-height-auto', $iframe->getClass());
+
+		$iframe->AutoHeight = 0;
+		$iframe->getClass();
+
+		$this->assertNotContains('iframepage-height-auto', $iframe->getClass());
+	}
+
+	public function testGetStyle()
+	{
+		$iframe = new IFramePage();
+
+		$iframe->FixedHeight = 0;
+		$iframe->getStyle();
+		$this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
+
+		$iframe->FixedHeight = 100;
+		$iframe->getStyle();
+		$this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
+
+		$iframe->AutoWidth = 1;
+		$iframe->FixedWidth = '200';
+		$this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
+
+		$iframe->AutoWidth = 0;
+		$iframe->FixedWidth = '200';
+		$this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
+	}
+
+	public function testAllowedUrls()
+	{
+		$iframe = new IFramePage();
+
+		$tests = array(
+			'allowed' => array(
+				'http://anything',
+				'https://anything',
+				'page',
+				'sub-page/link',
+				'page/link',
+				'page.html',
+				'page.htm',
+				'page.phpissoawesomewhywouldiuseanythingelse',
+				'//url.com/page',
+				'/root/page/link',
+				'http://intranet:8888',
+				'http://javascript:8080',
+				'http://username:password@hostname/path?arg=value#anchor'
+			),
+			'banned' => array(
+				'javascript:alert',
+				'tel:0210001234',
+				'ftp://url',
+				'ssh://1.2.3.4',
+				'ssh://url.com/page'
+			)
+		);
+
+		foreach ($tests['allowed'] as $url) {
+			$iframe->IFrameURL = $url;
+			$iframe->write();
+			$this->assertContains($iframe->IFrameURL, $url);
+		}
+
+		foreach ($tests['banned'] as $url) {
+			$iframe->IFrameURL = $url;
+			$this->setExpectedException(ValidationException::class);
+			$iframe->write();
+		}
+	}
+
+	public function testForceProtocol()
+	{
+		$origServer = $_SERVER;
+
+		$page = new IFramePage();
+		$page->URLSegment = 'iframe';
+		$page->IFrameURL = 'http://target.com';
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
+		$page->ForceProtocol = '';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertNull($response->getHeader('Location'));
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'https');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
+		$page->ForceProtocol = '';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertNull($response->getHeader('Location'));
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
+		$page->ForceProtocol = 'http://';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertNull($response->getHeader('Location'));
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
+		$page->ForceProtocol = 'https://';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
+
+		Config::modify()->set(Director::class, 'alternate_protocol', 'https');
+		Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
+		$page->ForceProtocol = 'http://';
+		$controller = new IFramePageController($page);
+		$controller->doInit();
+		$response = $controller->getResponse();
+		$this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
+
+		$_SERVER = $origServer;
+	}
 }

Please login to merge, or discard this patch.

code/IFramePage.php 1 patch

Indentation +119 added lines, -119 removed lines patch added patch discarded remove patch

@@ -15,123 +15,123 @@
 block discarded – undo
 
 class IFramePage extends Page
 {
-    private static $db = array(
-        'IFrameURL' => 'Text',
-        'AutoHeight' => 'Boolean(1)',
-        'AutoWidth' => 'Boolean(1)',
-        'FixedHeight' => 'Int(500)',
-        'FixedWidth' => 'Int(0)',
-        'AlternateContent' => 'HTMLText',
-        'BottomContent' => 'HTMLText',
-        'ForceProtocol' => 'Varchar',
-    );
-
-    private static $defaults = array(
-        'AutoHeight' => '1',
-        'AutoWidth' => '1',
-        'FixedHeight' => '500',
-        'FixedWidth' => '0'
-    );
-
-    private static $description = 'Embeds an iframe into the body of the page.';
-
-    public function getCMSFields()
-    {
-        $fields = parent::getCMSFields();
-
-        $fields->removeFieldFromTab('Root.Main', 'Content');
-        $fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'));
-        $url->setRightTitle(
-            'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
-        );
-        $fields->addFieldToTab(
-            'Root.Main',
-            DropdownField::create('ForceProtocol', 'Force protocol?')
-                ->setSource(array('http://' => 'http://', 'https://' => 'https://'))
-                ->setEmptyString('')
-                ->setDescription(
-                    'Avoids mixed content warnings when iframe content is just available under a specific protocol'
-                ),
-            'Metadata'
-        );
-        $fields->addFieldsToTab('Root.Main', [
-            CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
-            CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
-            NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
-            NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
-            HtmlEditorField::create('Content', 'Content (appears above iframe)'),
-            HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
-            HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
-        ]);
-
-        // Move the Metadata field to last position, but make a check for it's
-        // existence first.
-        //
-        // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
-        $mainTab = $fields->findOrMakeTab('Root.Main');
-        $mainTabFields = $mainTab->FieldList();
-        $metaDataField = $mainTabFields->fieldByName('Metadata');
-        if ($metaDataField) {
-            $mainTabFields->removeByName('Metadata');
-            $mainTabFields->push($metaDataField);
-        }
-        return $fields;
-    }
-
-    /**
-     * Compute class from the size parameters.
-     */
-    public function getClass()
-    {
-        $class = '';
-        if ($this->AutoHeight) {
-            $class .= 'iframepage-height-auto';
-        }
-
-        return $class;
-    }
-
-    /**
-     * Compute style from the size parameters.
-     */
-    public function getStyle()
-    {
-        $style = '';
-
-        // Always add fixed height as a fallback if autosetting or JS fails.
-        $height = $this->FixedHeight;
-        if (!$height) {
-            $height = 800;
-        }
-        $style .= "height: {$height}px; ";
-
-        if ($this->AutoWidth) {
-            $style .= "width: 100%; ";
-        } elseif ($this->FixedWidth) {
-            $style .= "width: {$this->FixedWidth}px; ";
-        }
-
-        return $style;
-    }
-
-    /**
-     * Ensure that the IFrameURL is a valid url and prevents XSS
-     *
-     * @throws ValidationException
-     * @return ValidationResult
-     */
-    public function validate()
-    {
-        $result = parent::validate();
-
-        //whitelist allowed URL schemes
-        $allowed_schemes = array('http', 'https');
-        if ($matches = parse_url($this->IFrameURL)) {
-            if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
-                $result->addError(_t('IFramePage.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
-            }
-        }
-
-        return $result;
-    }
+	private static $db = array(
+		'IFrameURL' => 'Text',
+		'AutoHeight' => 'Boolean(1)',
+		'AutoWidth' => 'Boolean(1)',
+		'FixedHeight' => 'Int(500)',
+		'FixedWidth' => 'Int(0)',
+		'AlternateContent' => 'HTMLText',
+		'BottomContent' => 'HTMLText',
+		'ForceProtocol' => 'Varchar',
+	);
+
+	private static $defaults = array(
+		'AutoHeight' => '1',
+		'AutoWidth' => '1',
+		'FixedHeight' => '500',
+		'FixedWidth' => '0'
+	);
+
+	private static $description = 'Embeds an iframe into the body of the page.';
+
+	public function getCMSFields()
+	{
+		$fields = parent::getCMSFields();
+
+		$fields->removeFieldFromTab('Root.Main', 'Content');
+		$fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'));
+		$url->setRightTitle(
+			'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
+		);
+		$fields->addFieldToTab(
+			'Root.Main',
+			DropdownField::create('ForceProtocol', 'Force protocol?')
+				->setSource(array('http://' => 'http://', 'https://' => 'https://'))
+				->setEmptyString('')
+				->setDescription(
+					'Avoids mixed content warnings when iframe content is just available under a specific protocol'
+				),
+			'Metadata'
+		);
+		$fields->addFieldsToTab('Root.Main', [
+			CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
+			CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
+			NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
+			NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
+			HtmlEditorField::create('Content', 'Content (appears above iframe)'),
+			HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
+			HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
+		]);
+
+		// Move the Metadata field to last position, but make a check for it's
+		// existence first.
+		//
+		// See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
+		$mainTab = $fields->findOrMakeTab('Root.Main');
+		$mainTabFields = $mainTab->FieldList();
+		$metaDataField = $mainTabFields->fieldByName('Metadata');
+		if ($metaDataField) {
+			$mainTabFields->removeByName('Metadata');
+			$mainTabFields->push($metaDataField);
+		}
+		return $fields;
+	}
+
+	/**
+	 * Compute class from the size parameters.
+	 */
+	public function getClass()
+	{
+		$class = '';
+		if ($this->AutoHeight) {
+			$class .= 'iframepage-height-auto';
+		}
+
+		return $class;
+	}
+
+	/**
+	 * Compute style from the size parameters.
+	 */
+	public function getStyle()
+	{
+		$style = '';
+
+		// Always add fixed height as a fallback if autosetting or JS fails.
+		$height = $this->FixedHeight;
+		if (!$height) {
+			$height = 800;
+		}
+		$style .= "height: {$height}px; ";
+
+		if ($this->AutoWidth) {
+			$style .= "width: 100%; ";
+		} elseif ($this->FixedWidth) {
+			$style .= "width: {$this->FixedWidth}px; ";
+		}
+
+		return $style;
+	}
+
+	/**
+	 * Ensure that the IFrameURL is a valid url and prevents XSS
+	 *
+	 * @throws ValidationException
+	 * @return ValidationResult
+	 */
+	public function validate()
+	{
+		$result = parent::validate();
+
+		//whitelist allowed URL schemes
+		$allowed_schemes = array('http', 'https');
+		if ($matches = parse_url($this->IFrameURL)) {
+			if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
+				$result->addError(_t('IFramePage.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
+			}
+		}
+
+		return $result;
+	}
 }

Please login to merge, or discard this patch.

code/IFramePageController.php 1 patch

Indentation +17 added lines, -17 removed lines patch added patch discarded remove patch

@@ -8,22 +8,22 @@
 block discarded – undo
 
 class IFramePageController extends ContentController
 {
-    protected function init()
-    {
-        parent::init();
-        $currentProtocol = Director::protocol();
-        $desiredProtocol = $this->ForceProtocol;
-        if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
-            $enforcedLocation = preg_replace(
-                "#^${currentProtocol}#",
-                $desiredProtocol,
-                $this->AbsoluteLink()
-            );
-            return $this->redirect($enforcedLocation);
-        }
+	protected function init()
+	{
+		parent::init();
+		$currentProtocol = Director::protocol();
+		$desiredProtocol = $this->ForceProtocol;
+		if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
+			$enforcedLocation = preg_replace(
+				"#^${currentProtocol}#",
+				$desiredProtocol,
+				$this->AbsoluteLink()
+			);
+			return $this->redirect($enforcedLocation);
+		}
 
-        if ($this->IFrameURL) {
-            Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
-        }
-    }
+		if ($this->IFrameURL) {
+			Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
+		}
+	}
 }

Please login to merge, or discard this patch.

		@@ -10,133 +10,133 @@
		block discarded – undo
10	10
11	11	class IFramePageTest extends SapphireTest
12	12	{
13		- protected $usesDatabase = true;
14		-
15		- public function testGetClass()
16		- {
17		- $iframe = new IFramePage();
18		- $iframe->AutoHeight = 1;
19		- $iframe->getClass();
20		-
21		- $this->assertContains('iframepage-height-auto', $iframe->getClass());
22		-
23		- $iframe->AutoHeight = 0;
24		- $iframe->getClass();
25		-
26		- $this->assertNotContains('iframepage-height-auto', $iframe->getClass());
27		- }
28		-
29		- public function testGetStyle()
30		- {
31		- $iframe = new IFramePage();
32		-
33		- $iframe->FixedHeight = 0;
34		- $iframe->getStyle();
35		- $this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
36		-
37		- $iframe->FixedHeight = 100;
38		- $iframe->getStyle();
39		- $this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
40		-
41		- $iframe->AutoWidth = 1;
42		- $iframe->FixedWidth = '200';
43		- $this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
44		-
45		- $iframe->AutoWidth = 0;
46		- $iframe->FixedWidth = '200';
47		- $this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
48		- }
49		-
50		- public function testAllowedUrls()
51		- {
52		- $iframe = new IFramePage();
53		-
54		- $tests = array(
55		- 'allowed' => array(
56		- 'http://anything',
57		- 'https://anything',
58		- 'page',
59		- 'sub-page/link',
60		- 'page/link',
61		- 'page.html',
62		- 'page.htm',
63		- 'page.phpissoawesomewhywouldiuseanythingelse',
64		- '//url.com/page',
65		- '/root/page/link',
66		- 'http://intranet:8888',
67		- 'http://javascript:8080',
68		- 'http://username:password@hostname/path?arg=value#anchor'
69		- ),
70		- 'banned' => array(
71		- 'javascript:alert',
72		- 'tel:0210001234',
73		- 'ftp://url',
74		- 'ssh://1.2.3.4',
75		- 'ssh://url.com/page'
76		- )
77		- );
78		-
79		- foreach ($tests['allowed'] as $url) {
80		- $iframe->IFrameURL = $url;
81		- $iframe->write();
82		- $this->assertContains($iframe->IFrameURL, $url);
83		- }
84		-
85		- foreach ($tests['banned'] as $url) {
86		- $iframe->IFrameURL = $url;
87		- $this->setExpectedException(ValidationException::class);
88		- $iframe->write();
89		- }
90		- }
91		-
92		- public function testForceProtocol()
93		- {
94		- $origServer = $_SERVER;
95		-
96		- $page = new IFramePage();
97		- $page->URLSegment = 'iframe';
98		- $page->IFrameURL = 'http://target.com';
99		-
100		- Config::modify()->set(Director::class, 'alternate_protocol', 'http');
101		- Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
102		- $page->ForceProtocol = '';
103		- $controller = new IFramePageController($page);
104		- $controller->doInit();
105		- $response = $controller->getResponse();
106		- $this->assertNull($response->getHeader('Location'));
107		-
108		- Config::modify()->set(Director::class, 'alternate_protocol', 'https');
109		- Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
110		- $page->ForceProtocol = '';
111		- $controller = new IFramePageController($page);
112		- $controller->doInit();
113		- $response = $controller->getResponse();
114		- $this->assertNull($response->getHeader('Location'));
115		-
116		- Config::modify()->set(Director::class, 'alternate_protocol', 'http');
117		- Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
118		- $page->ForceProtocol = 'http://';
119		- $controller = new IFramePageController($page);
120		- $controller->doInit();
121		- $response = $controller->getResponse();
122		- $this->assertNull($response->getHeader('Location'));
123		-
124		- Config::modify()->set(Director::class, 'alternate_protocol', 'http');
125		- Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
126		- $page->ForceProtocol = 'https://';
127		- $controller = new IFramePageController($page);
128		- $controller->doInit();
129		- $response = $controller->getResponse();
130		- $this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
131		-
132		- Config::modify()->set(Director::class, 'alternate_protocol', 'https');
133		- Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
134		- $page->ForceProtocol = 'http://';
135		- $controller = new IFramePageController($page);
136		- $controller->doInit();
137		- $response = $controller->getResponse();
138		- $this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
139		-
140		- $_SERVER = $origServer;
141		- }
	13	+ protected $usesDatabase = true;
	14	+
	15	+ public function testGetClass()
	16	+ {
	17	+ $iframe = new IFramePage();
	18	+ $iframe->AutoHeight = 1;
	19	+ $iframe->getClass();
	20	+
	21	+ $this->assertContains('iframepage-height-auto', $iframe->getClass());
	22	+
	23	+ $iframe->AutoHeight = 0;
	24	+ $iframe->getClass();
	25	+
	26	+ $this->assertNotContains('iframepage-height-auto', $iframe->getClass());
	27	+ }
	28	+
	29	+ public function testGetStyle()
	30	+ {
	31	+ $iframe = new IFramePage();
	32	+
	33	+ $iframe->FixedHeight = 0;
	34	+ $iframe->getStyle();
	35	+ $this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
	36	+
	37	+ $iframe->FixedHeight = 100;
	38	+ $iframe->getStyle();
	39	+ $this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
	40	+
	41	+ $iframe->AutoWidth = 1;
	42	+ $iframe->FixedWidth = '200';
	43	+ $this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
	44	+
	45	+ $iframe->AutoWidth = 0;
	46	+ $iframe->FixedWidth = '200';
	47	+ $this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
	48	+ }
	49	+
	50	+ public function testAllowedUrls()
	51	+ {
	52	+ $iframe = new IFramePage();
	53	+
	54	+ $tests = array(
	55	+ 'allowed' => array(
	56	+ 'http://anything',
	57	+ 'https://anything',
	58	+ 'page',
	59	+ 'sub-page/link',
	60	+ 'page/link',
	61	+ 'page.html',
	62	+ 'page.htm',
	63	+ 'page.phpissoawesomewhywouldiuseanythingelse',
	64	+ '//url.com/page',
	65	+ '/root/page/link',
	66	+ 'http://intranet:8888',
	67	+ 'http://javascript:8080',
	68	+ 'http://username:password@hostname/path?arg=value#anchor'
	69	+ ),
	70	+ 'banned' => array(
	71	+ 'javascript:alert',
	72	+ 'tel:0210001234',
	73	+ 'ftp://url',
	74	+ 'ssh://1.2.3.4',
	75	+ 'ssh://url.com/page'
	76	+ )
	77	+ );
	78	+
	79	+ foreach ($tests['allowed'] as $url) {
	80	+ $iframe->IFrameURL = $url;
	81	+ $iframe->write();
	82	+ $this->assertContains($iframe->IFrameURL, $url);
	83	+ }
	84	+
	85	+ foreach ($tests['banned'] as $url) {
	86	+ $iframe->IFrameURL = $url;
	87	+ $this->setExpectedException(ValidationException::class);
	88	+ $iframe->write();
	89	+ }
	90	+ }
	91	+
	92	+ public function testForceProtocol()
	93	+ {
	94	+ $origServer = $_SERVER;
	95	+
	96	+ $page = new IFramePage();
	97	+ $page->URLSegment = 'iframe';
	98	+ $page->IFrameURL = 'http://target.com';
	99	+
	100	+ Config::modify()->set(Director::class, 'alternate_protocol', 'http');
	101	+ Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
	102	+ $page->ForceProtocol = '';
	103	+ $controller = new IFramePageController($page);
	104	+ $controller->doInit();
	105	+ $response = $controller->getResponse();
	106	+ $this->assertNull($response->getHeader('Location'));
	107	+
	108	+ Config::modify()->set(Director::class, 'alternate_protocol', 'https');
	109	+ Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
	110	+ $page->ForceProtocol = '';
	111	+ $controller = new IFramePageController($page);
	112	+ $controller->doInit();
	113	+ $response = $controller->getResponse();
	114	+ $this->assertNull($response->getHeader('Location'));
	115	+
	116	+ Config::modify()->set(Director::class, 'alternate_protocol', 'http');
	117	+ Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
	118	+ $page->ForceProtocol = 'http://';
	119	+ $controller = new IFramePageController($page);
	120	+ $controller->doInit();
	121	+ $response = $controller->getResponse();
	122	+ $this->assertNull($response->getHeader('Location'));
	123	+
	124	+ Config::modify()->set(Director::class, 'alternate_protocol', 'http');
	125	+ Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
	126	+ $page->ForceProtocol = 'https://';
	127	+ $controller = new IFramePageController($page);
	128	+ $controller->doInit();
	129	+ $response = $controller->getResponse();
	130	+ $this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
	131	+
	132	+ Config::modify()->set(Director::class, 'alternate_protocol', 'https');
	133	+ Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
	134	+ $page->ForceProtocol = 'http://';
	135	+ $controller = new IFramePageController($page);
	136	+ $controller->doInit();
	137	+ $response = $controller->getResponse();
	138	+ $this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
	139	+
	140	+ $_SERVER = $origServer;
	141	+ }
142	142	}

		@@ -15,123 +15,123 @@
		block discarded – undo
15	15
16	16	class IFramePage extends Page
17	17	{
18		- private static $db = array(
19		- 'IFrameURL' => 'Text',
20		- 'AutoHeight' => 'Boolean(1)',
21		- 'AutoWidth' => 'Boolean(1)',
22		- 'FixedHeight' => 'Int(500)',
23		- 'FixedWidth' => 'Int(0)',
24		- 'AlternateContent' => 'HTMLText',
25		- 'BottomContent' => 'HTMLText',
26		- 'ForceProtocol' => 'Varchar',
27		- );
28		-
29		- private static $defaults = array(
30		- 'AutoHeight' => '1',
31		- 'AutoWidth' => '1',
32		- 'FixedHeight' => '500',
33		- 'FixedWidth' => '0'
34		- );
35		-
36		- private static $description = 'Embeds an iframe into the body of the page.';
37		-
38		- public function getCMSFields()
39		- {
40		- $fields = parent::getCMSFields();
41		-
42		- $fields->removeFieldFromTab('Root.Main', 'Content');
43		- $fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'));
44		- $url->setRightTitle(
45		- 'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
46		- );
47		- $fields->addFieldToTab(
48		- 'Root.Main',
49		- DropdownField::create('ForceProtocol', 'Force protocol?')
50		- ->setSource(array('http://' => 'http://', 'https://' => 'https://'))
51		- ->setEmptyString('')
52		- ->setDescription(
53		- 'Avoids mixed content warnings when iframe content is just available under a specific protocol'
54		- ),
55		- 'Metadata'
56		- );
57		- $fields->addFieldsToTab('Root.Main', [
58		- CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
59		- CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
60		- NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
61		- NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
62		- HtmlEditorField::create('Content', 'Content (appears above iframe)'),
63		- HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
64		- HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
65		- ]);
66		-
67		- // Move the Metadata field to last position, but make a check for it's
68		- // existence first.
69		- //
70		- // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
71		- $mainTab = $fields->findOrMakeTab('Root.Main');
72		- $mainTabFields = $mainTab->FieldList();
73		- $metaDataField = $mainTabFields->fieldByName('Metadata');
74		- if ($metaDataField) {
75		- $mainTabFields->removeByName('Metadata');
76		- $mainTabFields->push($metaDataField);
77		- }
78		- return $fields;
79		- }
80		-
81		- /**
82		- * Compute class from the size parameters.
83		- */
84		- public function getClass()
85		- {
86		- $class = '';
87		- if ($this->AutoHeight) {
88		- $class .= 'iframepage-height-auto';
89		- }
90		-
91		- return $class;
92		- }
93		-
94		- /**
95		- * Compute style from the size parameters.
96		- */
97		- public function getStyle()
98		- {
99		- $style = '';
100		-
101		- // Always add fixed height as a fallback if autosetting or JS fails.
102		- $height = $this->FixedHeight;
103		- if (!$height) {
104		- $height = 800;
105		- }
106		- $style .= "height: {$height}px; ";
107		-
108		- if ($this->AutoWidth) {
109		- $style .= "width: 100%; ";
110		- } elseif ($this->FixedWidth) {
111		- $style .= "width: {$this->FixedWidth}px; ";
112		- }
113		-
114		- return $style;
115		- }
116		-
117		- /**
118		- * Ensure that the IFrameURL is a valid url and prevents XSS
119		- *
120		- * @throws ValidationException
121		- * @return ValidationResult
122		- */
123		- public function validate()
124		- {
125		- $result = parent::validate();
126		-
127		- //whitelist allowed URL schemes
128		- $allowed_schemes = array('http', 'https');
129		- if ($matches = parse_url($this->IFrameURL)) {
130		- if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
131		- $result->addError(_t('IFramePage.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
132		- }
133		- }
134		-
135		- return $result;
136		- }
	18	+ private static $db = array(
	19	+ 'IFrameURL' => 'Text',
	20	+ 'AutoHeight' => 'Boolean(1)',
	21	+ 'AutoWidth' => 'Boolean(1)',
	22	+ 'FixedHeight' => 'Int(500)',
	23	+ 'FixedWidth' => 'Int(0)',
	24	+ 'AlternateContent' => 'HTMLText',
	25	+ 'BottomContent' => 'HTMLText',
	26	+ 'ForceProtocol' => 'Varchar',
	27	+ );
	28	+
	29	+ private static $defaults = array(
	30	+ 'AutoHeight' => '1',
	31	+ 'AutoWidth' => '1',
	32	+ 'FixedHeight' => '500',
	33	+ 'FixedWidth' => '0'
	34	+ );
	35	+
	36	+ private static $description = 'Embeds an iframe into the body of the page.';
	37	+
	38	+ public function getCMSFields()
	39	+ {
	40	+ $fields = parent::getCMSFields();
	41	+
	42	+ $fields->removeFieldFromTab('Root.Main', 'Content');
	43	+ $fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'));
	44	+ $url->setRightTitle(
	45	+ 'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
	46	+ );
	47	+ $fields->addFieldToTab(
	48	+ 'Root.Main',
	49	+ DropdownField::create('ForceProtocol', 'Force protocol?')
	50	+ ->setSource(array('http://' => 'http://', 'https://' => 'https://'))
	51	+ ->setEmptyString('')
	52	+ ->setDescription(
	53	+ 'Avoids mixed content warnings when iframe content is just available under a specific protocol'
	54	+ ),
	55	+ 'Metadata'
	56	+ );
	57	+ $fields->addFieldsToTab('Root.Main', [
	58	+ CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
	59	+ CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
	60	+ NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
	61	+ NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
	62	+ HtmlEditorField::create('Content', 'Content (appears above iframe)'),
	63	+ HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
	64	+ HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
	65	+ ]);
	66	+
	67	+ // Move the Metadata field to last position, but make a check for it's
	68	+ // existence first.
	69	+ //
	70	+ // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
	71	+ $mainTab = $fields->findOrMakeTab('Root.Main');
	72	+ $mainTabFields = $mainTab->FieldList();
	73	+ $metaDataField = $mainTabFields->fieldByName('Metadata');
	74	+ if ($metaDataField) {
	75	+ $mainTabFields->removeByName('Metadata');
	76	+ $mainTabFields->push($metaDataField);
	77	+ }
	78	+ return $fields;
	79	+ }
	80	+
	81	+ /**
	82	+ * Compute class from the size parameters.
	83	+ */
	84	+ public function getClass()
	85	+ {
	86	+ $class = '';
	87	+ if ($this->AutoHeight) {
	88	+ $class .= 'iframepage-height-auto';
	89	+ }
	90	+
	91	+ return $class;
	92	+ }
	93	+
	94	+ /**
	95	+ * Compute style from the size parameters.
	96	+ */
	97	+ public function getStyle()
	98	+ {
	99	+ $style = '';
	100	+
	101	+ // Always add fixed height as a fallback if autosetting or JS fails.
	102	+ $height = $this->FixedHeight;
	103	+ if (!$height) {
	104	+ $height = 800;
	105	+ }
	106	+ $style .= "height: {$height}px; ";
	107	+
	108	+ if ($this->AutoWidth) {
	109	+ $style .= "width: 100%; ";
	110	+ } elseif ($this->FixedWidth) {
	111	+ $style .= "width: {$this->FixedWidth}px; ";
	112	+ }
	113	+
	114	+ return $style;
	115	+ }
	116	+
	117	+ /**
	118	+ * Ensure that the IFrameURL is a valid url and prevents XSS
	119	+ *
	120	+ * @throws ValidationException
	121	+ * @return ValidationResult
	122	+ */
	123	+ public function validate()
	124	+ {
	125	+ $result = parent::validate();
	126	+
	127	+ //whitelist allowed URL schemes
	128	+ $allowed_schemes = array('http', 'https');
	129	+ if ($matches = parse_url($this->IFrameURL)) {
	130	+ if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
	131	+ $result->addError(_t('IFramePage.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
	132	+ }
	133	+ }
	134	+
	135	+ return $result;
	136	+ }
137	137	}

		@@ -8,22 +8,22 @@
		block discarded – undo
8	8
9	9	class IFramePageController extends ContentController
10	10	{
11		- protected function init()
12		- {
13		- parent::init();
14		- $currentProtocol = Director::protocol();
15		- $desiredProtocol = $this->ForceProtocol;
16		- if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
17		- $enforcedLocation = preg_replace(
18		- "#^${currentProtocol}#",
19		- $desiredProtocol,
20		- $this->AbsoluteLink()
21		- );
22		- return $this->redirect($enforcedLocation);
23		- }
	11	+ protected function init()
	12	+ {
	13	+ parent::init();
	14	+ $currentProtocol = Director::protocol();
	15	+ $desiredProtocol = $this->ForceProtocol;
	16	+ if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
	17	+ $enforcedLocation = preg_replace(
	18	+ "#^${currentProtocol}#",
	19	+ $desiredProtocol,
	20	+ $this->AbsoluteLink()
	21	+ );
	22	+ return $this->redirect($enforcedLocation);
	23	+ }
24	24
25		- if ($this->IFrameURL) {
26		- Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
27		- }
28		- }
	25	+ if ($this->IFrameURL) {
	26	+ Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
	27	+ }
	28	+ }
29	29	}

silverstripe / silverstripe-iframe

Push — master ( df6bd2...c3da4e )

Status

Category

Indentation +129 added lines, -129 removed lines patch added patch discarded remove patch

Indentation +119 added lines, -119 removed lines patch added patch discarded remove patch

Indentation +17 added lines, -17 removed lines patch added patch discarded remove patch