Passed
Pull Request — master (#28)
by
unknown
03:06
created
tests/IFramePageTest.php 1 patch
Indentation   +129 added lines, -129 removed lines patch added patch discarded remove patch
@@ -10,133 +10,133 @@
 block discarded – undo
10 10
 
11 11
 class IFramePageTest extends SapphireTest
12 12
 {
13
-    protected $usesDatabase = true;
14
-
15
-    public function testGetClass()
16
-    {
17
-        $iframe = new IFramePage();
18
-        $iframe->AutoHeight = 1;
19
-        $iframe->getClass();
20
-
21
-        $this->assertContains('iframepage-height-auto', $iframe->getClass());
22
-
23
-        $iframe->AutoHeight = 0;
24
-        $iframe->getClass();
25
-
26
-        $this->assertNotContains('iframepage-height-auto', $iframe->getClass());
27
-    }
28
-
29
-    public function testGetStyle()
30
-    {
31
-        $iframe = new IFramePage();
32
-
33
-        $iframe->FixedHeight = 0;
34
-        $iframe->getStyle();
35
-        $this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
36
-
37
-        $iframe->FixedHeight = 100;
38
-        $iframe->getStyle();
39
-        $this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
40
-
41
-        $iframe->AutoWidth = 1;
42
-        $iframe->FixedWidth = '200';
43
-        $this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
44
-
45
-        $iframe->AutoWidth = 0;
46
-        $iframe->FixedWidth = '200';
47
-        $this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
48
-    }
49
-
50
-    public function testAllowedUrls()
51
-    {
52
-        $iframe = new IFramePage();
53
-
54
-        $tests = array(
55
-            'allowed' => array(
56
-                'http://anything',
57
-                'https://anything',
58
-                'page',
59
-                'sub-page/link',
60
-                'page/link',
61
-                'page.html',
62
-                'page.htm',
63
-                'page.phpissoawesomewhywouldiuseanythingelse',
64
-                '//url.com/page',
65
-                '/root/page/link',
66
-                'http://intranet:8888',
67
-                'http://javascript:8080',
68
-                'http://username:password@hostname/path?arg=value#anchor'
69
-            ),
70
-            'banned' => array(
71
-                'javascript:alert',
72
-                'tel:0210001234',
73
-                'ftp://url',
74
-                'ssh://1.2.3.4',
75
-                'ssh://url.com/page'
76
-            )
77
-        );
78
-
79
-        foreach ($tests['allowed'] as $url) {
80
-            $iframe->IFrameURL = $url;
81
-            $iframe->write();
82
-            $this->assertContains($iframe->IFrameURL, $url);
83
-        }
84
-
85
-        foreach ($tests['banned'] as $url) {
86
-            $iframe->IFrameURL = $url;
87
-            $this->setExpectedException(ValidationException::class);
88
-            $iframe->write();
89
-        }
90
-    }
91
-
92
-    public function testForceProtocol()
93
-    {
94
-        $origServer = $_SERVER;
95
-
96
-        $page = new IFramePage();
97
-        $page->URLSegment = 'iframe';
98
-        $page->IFrameURL = 'http://target.com';
99
-
100
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
101
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
102
-        $page->ForceProtocol = '';
103
-        $controller = new IFramePageController($page);
104
-        $controller->doInit();
105
-        $response = $controller->getResponse();
106
-        $this->assertNull($response->getHeader('Location'));
107
-
108
-        Config::modify()->set(Director::class, 'alternate_protocol', 'https');
109
-        Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
110
-        $page->ForceProtocol = '';
111
-        $controller = new IFramePageController($page);
112
-        $controller->doInit();
113
-        $response = $controller->getResponse();
114
-        $this->assertNull($response->getHeader('Location'));
115
-
116
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
117
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
118
-        $page->ForceProtocol = 'http://';
119
-        $controller = new IFramePageController($page);
120
-        $controller->doInit();
121
-        $response = $controller->getResponse();
122
-        $this->assertNull($response->getHeader('Location'));
123
-
124
-        Config::modify()->set(Director::class, 'alternate_protocol', 'http');
125
-        Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
126
-        $page->ForceProtocol = 'https://';
127
-        $controller = new IFramePageController($page);
128
-        $controller->doInit();
129
-        $response = $controller->getResponse();
130
-        $this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
131
-
132
-        Config::modify()->set(Director::class, 'alternate_protocol', 'https');
133
-        Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
134
-        $page->ForceProtocol = 'http://';
135
-        $controller = new IFramePageController($page);
136
-        $controller->doInit();
137
-        $response = $controller->getResponse();
138
-        $this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
139
-
140
-        $_SERVER = $origServer;
141
-    }
13
+	protected $usesDatabase = true;
14
+
15
+	public function testGetClass()
16
+	{
17
+		$iframe = new IFramePage();
18
+		$iframe->AutoHeight = 1;
19
+		$iframe->getClass();
20
+
21
+		$this->assertContains('iframepage-height-auto', $iframe->getClass());
22
+
23
+		$iframe->AutoHeight = 0;
24
+		$iframe->getClass();
25
+
26
+		$this->assertNotContains('iframepage-height-auto', $iframe->getClass());
27
+	}
28
+
29
+	public function testGetStyle()
30
+	{
31
+		$iframe = new IFramePage();
32
+
33
+		$iframe->FixedHeight = 0;
34
+		$iframe->getStyle();
35
+		$this->assertContains('height: 800px', $iframe->getStyle(), 'Height defaults to 800 if not set.');
36
+
37
+		$iframe->FixedHeight = 100;
38
+		$iframe->getStyle();
39
+		$this->assertContains('height: 100px', $iframe->getStyle(), 'Fixed height is settable');
40
+
41
+		$iframe->AutoWidth = 1;
42
+		$iframe->FixedWidth = '200';
43
+		$this->assertContains('width: 100%', $iframe->getStyle(), 'Auto width overrides fixed width');
44
+
45
+		$iframe->AutoWidth = 0;
46
+		$iframe->FixedWidth = '200';
47
+		$this->assertContains('width: 200px', $iframe->getStyle(), 'Fixed width is settable');
48
+	}
49
+
50
+	public function testAllowedUrls()
51
+	{
52
+		$iframe = new IFramePage();
53
+
54
+		$tests = array(
55
+			'allowed' => array(
56
+				'http://anything',
57
+				'https://anything',
58
+				'page',
59
+				'sub-page/link',
60
+				'page/link',
61
+				'page.html',
62
+				'page.htm',
63
+				'page.phpissoawesomewhywouldiuseanythingelse',
64
+				'//url.com/page',
65
+				'/root/page/link',
66
+				'http://intranet:8888',
67
+				'http://javascript:8080',
68
+				'http://username:password@hostname/path?arg=value#anchor'
69
+			),
70
+			'banned' => array(
71
+				'javascript:alert',
72
+				'tel:0210001234',
73
+				'ftp://url',
74
+				'ssh://1.2.3.4',
75
+				'ssh://url.com/page'
76
+			)
77
+		);
78
+
79
+		foreach ($tests['allowed'] as $url) {
80
+			$iframe->IFrameURL = $url;
81
+			$iframe->write();
82
+			$this->assertContains($iframe->IFrameURL, $url);
83
+		}
84
+
85
+		foreach ($tests['banned'] as $url) {
86
+			$iframe->IFrameURL = $url;
87
+			$this->setExpectedException(ValidationException::class);
88
+			$iframe->write();
89
+		}
90
+	}
91
+
92
+	public function testForceProtocol()
93
+	{
94
+		$origServer = $_SERVER;
95
+
96
+		$page = new IFramePage();
97
+		$page->URLSegment = 'iframe';
98
+		$page->IFrameURL = 'http://target.com';
99
+
100
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
101
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
102
+		$page->ForceProtocol = '';
103
+		$controller = new IFramePageController($page);
104
+		$controller->doInit();
105
+		$response = $controller->getResponse();
106
+		$this->assertNull($response->getHeader('Location'));
107
+
108
+		Config::modify()->set(Director::class, 'alternate_protocol', 'https');
109
+		Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
110
+		$page->ForceProtocol = '';
111
+		$controller = new IFramePageController($page);
112
+		$controller->doInit();
113
+		$response = $controller->getResponse();
114
+		$this->assertNull($response->getHeader('Location'));
115
+
116
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
117
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
118
+		$page->ForceProtocol = 'http://';
119
+		$controller = new IFramePageController($page);
120
+		$controller->doInit();
121
+		$response = $controller->getResponse();
122
+		$this->assertNull($response->getHeader('Location'));
123
+
124
+		Config::modify()->set(Director::class, 'alternate_protocol', 'http');
125
+		Config::modify()->set(Director::class, 'alternate_base_url', 'http://host.com');
126
+		$page->ForceProtocol = 'https://';
127
+		$controller = new IFramePageController($page);
128
+		$controller->doInit();
129
+		$response = $controller->getResponse();
130
+		$this->assertEquals($response->getHeader('Location'), 'https://host.com/iframe/');
131
+
132
+		Config::modify()->set(Director::class, 'alternate_protocol', 'https');
133
+		Config::modify()->set(Director::class, 'alternate_base_url', 'https://host.com');
134
+		$page->ForceProtocol = 'http://';
135
+		$controller = new IFramePageController($page);
136
+		$controller->doInit();
137
+		$response = $controller->getResponse();
138
+		$this->assertEquals($response->getHeader('Location'), 'http://host.com/iframe/');
139
+
140
+		$_SERVER = $origServer;
141
+	}
142 142
 }
Please login to merge, or discard this patch.
code/IFramePage.php 1 patch
Indentation   +119 added lines, -119 removed lines patch added patch discarded remove patch
@@ -15,123 +15,123 @@
 block discarded – undo
15 15
 
16 16
 class IFramePage extends Page
17 17
 {
18
-    private static $db = array(
19
-        'IFrameURL' => 'Text',
20
-        'AutoHeight' => 'Boolean(1)',
21
-        'AutoWidth' => 'Boolean(1)',
22
-        'FixedHeight' => 'Int(500)',
23
-        'FixedWidth' => 'Int(0)',
24
-        'AlternateContent' => 'HTMLText',
25
-        'BottomContent' => 'HTMLText',
26
-        'ForceProtocol' => 'Varchar',
27
-    );
28
-
29
-    private static $defaults = array(
30
-        'AutoHeight' => '1',
31
-        'AutoWidth' => '1',
32
-        'FixedHeight' => '500',
33
-        'FixedWidth' => '0'
34
-    );
35
-
36
-    private static $description = 'Embeds an iframe into the body of the page.';
37
-
38
-    public function getCMSFields()
39
-    {
40
-        $fields = parent::getCMSFields();
41
-
42
-        $fields->removeFieldFromTab('Root.Main', 'Content');
43
-        $fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'));
44
-        $url->setRightTitle(
45
-            'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
46
-        );
47
-        $fields->addFieldToTab(
48
-            'Root.Main',
49
-            DropdownField::create('ForceProtocol', 'Force protocol?')
50
-                ->setSource(array('http://' => 'http://', 'https://' => 'https://'))
51
-                ->setEmptyString('')
52
-                ->setDescription(
53
-                    'Avoids mixed content warnings when iframe content is just available under a specific protocol'
54
-                ),
55
-            'Metadata'
56
-        );
57
-        $fields->addFieldsToTab('Root.Main', [
58
-            CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
59
-            CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
60
-            NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
61
-            NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
62
-            HtmlEditorField::create('Content', 'Content (appears above iframe)'),
63
-            HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
64
-            HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
65
-        ]);
66
-
67
-        // Move the Metadata field to last position, but make a check for it's
68
-        // existence first.
69
-        //
70
-        // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
71
-        $mainTab = $fields->findOrMakeTab('Root.Main');
72
-        $mainTabFields = $mainTab->FieldList();
73
-        $metaDataField = $mainTabFields->fieldByName('Metadata');
74
-        if ($metaDataField) {
75
-            $mainTabFields->removeByName('Metadata');
76
-            $mainTabFields->push($metaDataField);
77
-        }
78
-        return $fields;
79
-    }
80
-
81
-    /**
82
-     * Compute class from the size parameters.
83
-     */
84
-    public function getClass()
85
-    {
86
-        $class = '';
87
-        if ($this->AutoHeight) {
88
-            $class .= 'iframepage-height-auto';
89
-        }
90
-
91
-        return $class;
92
-    }
93
-
94
-    /**
95
-     * Compute style from the size parameters.
96
-     */
97
-    public function getStyle()
98
-    {
99
-        $style = '';
100
-
101
-        // Always add fixed height as a fallback if autosetting or JS fails.
102
-        $height = $this->FixedHeight;
103
-        if (!$height) {
104
-            $height = 800;
105
-        }
106
-        $style .= "height: {$height}px; ";
107
-
108
-        if ($this->AutoWidth) {
109
-            $style .= "width: 100%; ";
110
-        } elseif ($this->FixedWidth) {
111
-            $style .= "width: {$this->FixedWidth}px; ";
112
-        }
113
-
114
-        return $style;
115
-    }
116
-
117
-    /**
118
-     * Ensure that the IFrameURL is a valid url and prevents XSS
119
-     *
120
-     * @throws ValidationException
121
-     * @return ValidationResult
122
-     */
123
-    public function validate()
124
-    {
125
-        $result = parent::validate();
126
-
127
-        //whitelist allowed URL schemes
128
-        $allowed_schemes = array('http', 'https');
129
-        if ($matches = parse_url($this->IFrameURL)) {
130
-            if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
131
-                $result->addError(_t('IFramePage.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
132
-            }
133
-        }
134
-
135
-        return $result;
136
-    }
18
+	private static $db = array(
19
+		'IFrameURL' => 'Text',
20
+		'AutoHeight' => 'Boolean(1)',
21
+		'AutoWidth' => 'Boolean(1)',
22
+		'FixedHeight' => 'Int(500)',
23
+		'FixedWidth' => 'Int(0)',
24
+		'AlternateContent' => 'HTMLText',
25
+		'BottomContent' => 'HTMLText',
26
+		'ForceProtocol' => 'Varchar',
27
+	);
28
+
29
+	private static $defaults = array(
30
+		'AutoHeight' => '1',
31
+		'AutoWidth' => '1',
32
+		'FixedHeight' => '500',
33
+		'FixedWidth' => '0'
34
+	);
35
+
36
+	private static $description = 'Embeds an iframe into the body of the page.';
37
+
38
+	public function getCMSFields()
39
+	{
40
+		$fields = parent::getCMSFields();
41
+
42
+		$fields->removeFieldFromTab('Root.Main', 'Content');
43
+		$fields->addFieldToTab('Root.Main', $url = new TextField('IFrameURL', 'Iframe URL'));
44
+		$url->setRightTitle(
45
+			'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
46
+		);
47
+		$fields->addFieldToTab(
48
+			'Root.Main',
49
+			DropdownField::create('ForceProtocol', 'Force protocol?')
50
+				->setSource(array('http://' => 'http://', 'https://' => 'https://'))
51
+				->setEmptyString('')
52
+				->setDescription(
53
+					'Avoids mixed content warnings when iframe content is just available under a specific protocol'
54
+				),
55
+			'Metadata'
56
+		);
57
+		$fields->addFieldsToTab('Root.Main', [
58
+			CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
59
+			CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
60
+			NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
61
+			NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
62
+			HtmlEditorField::create('Content', 'Content (appears above iframe)'),
63
+			HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
64
+			HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
65
+		]);
66
+
67
+		// Move the Metadata field to last position, but make a check for it's
68
+		// existence first.
69
+		//
70
+		// See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
71
+		$mainTab = $fields->findOrMakeTab('Root.Main');
72
+		$mainTabFields = $mainTab->FieldList();
73
+		$metaDataField = $mainTabFields->fieldByName('Metadata');
74
+		if ($metaDataField) {
75
+			$mainTabFields->removeByName('Metadata');
76
+			$mainTabFields->push($metaDataField);
77
+		}
78
+		return $fields;
79
+	}
80
+
81
+	/**
82
+	 * Compute class from the size parameters.
83
+	 */
84
+	public function getClass()
85
+	{
86
+		$class = '';
87
+		if ($this->AutoHeight) {
88
+			$class .= 'iframepage-height-auto';
89
+		}
90
+
91
+		return $class;
92
+	}
93
+
94
+	/**
95
+	 * Compute style from the size parameters.
96
+	 */
97
+	public function getStyle()
98
+	{
99
+		$style = '';
100
+
101
+		// Always add fixed height as a fallback if autosetting or JS fails.
102
+		$height = $this->FixedHeight;
103
+		if (!$height) {
104
+			$height = 800;
105
+		}
106
+		$style .= "height: {$height}px; ";
107
+
108
+		if ($this->AutoWidth) {
109
+			$style .= "width: 100%; ";
110
+		} elseif ($this->FixedWidth) {
111
+			$style .= "width: {$this->FixedWidth}px; ";
112
+		}
113
+
114
+		return $style;
115
+	}
116
+
117
+	/**
118
+	 * Ensure that the IFrameURL is a valid url and prevents XSS
119
+	 *
120
+	 * @throws ValidationException
121
+	 * @return ValidationResult
122
+	 */
123
+	public function validate()
124
+	{
125
+		$result = parent::validate();
126
+
127
+		//whitelist allowed URL schemes
128
+		$allowed_schemes = array('http', 'https');
129
+		if ($matches = parse_url($this->IFrameURL)) {
130
+			if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
131
+				$result->addError(_t('IFramePage.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
132
+			}
133
+		}
134
+
135
+		return $result;
136
+	}
137 137
 }
Please login to merge, or discard this patch.
code/IFramePageController.php 1 patch
Indentation   +17 added lines, -17 removed lines patch added patch discarded remove patch
@@ -8,22 +8,22 @@
 block discarded – undo
8 8
 
9 9
 class IFramePageController extends ContentController
10 10
 {
11
-    protected function init()
12
-    {
13
-        parent::init();
14
-        $currentProtocol = Director::protocol();
15
-        $desiredProtocol = $this->ForceProtocol;
16
-        if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
17
-            $enforcedLocation = preg_replace(
18
-                "#^${currentProtocol}#",
19
-                $desiredProtocol,
20
-                $this->AbsoluteLink()
21
-            );
22
-            return $this->redirect($enforcedLocation);
23
-        }
11
+	protected function init()
12
+	{
13
+		parent::init();
14
+		$currentProtocol = Director::protocol();
15
+		$desiredProtocol = $this->ForceProtocol;
16
+		if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
17
+			$enforcedLocation = preg_replace(
18
+				"#^${currentProtocol}#",
19
+				$desiredProtocol,
20
+				$this->AbsoluteLink()
21
+			);
22
+			return $this->redirect($enforcedLocation);
23
+		}
24 24
 
25
-        if ($this->IFrameURL) {
26
-            Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
27
-        }
28
-    }
25
+		if ($this->IFrameURL) {
26
+			Requirements::javascript('silverstripe/iframe: javascript/iframe_page.js');
27
+		}
28
+	}
29 29
 }
Please login to merge, or discard this patch.