Browse Source

Bug 27336: Sanitize correctly HTML id

Valid characters are alphanumeric characters (a-zA-Z0-9), hyphen (-)
and underscore (_)

https://www.w3.org/TR/CSS21/syndata.html#value-def-identifier

All invalid characters will be replaced by '_'

Test plan:
1. Go to Administration » System preferences and click on 'Searching'
   tab
2. You should see a console error (Uncaught Error: Syntax error,
   unrecognized expression: #collapse_Did_you_mean/spell_checking)
3. Apply patch
4. Make sure the error is gone
5. prove t/Koha_Template_Plugin_HtmlId.t

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
21.05.x
Julian Maurice 7 months ago
committed by Jonathan Druart
parent
commit
d89f6027be
  1. 28
      Koha/Template/Plugin/HtmlId.pm
  2. 3
      koha-tmpl/intranet-tmpl/prog/en/includes/prefs-menu.inc
  3. 7
      koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt
  4. 25
      t/Koha_Template_Plugin_HtmlId.t

28
Koha/Template/Plugin/HtmlId.pm

@ -0,0 +1,28 @@
package Koha::Template::Plugin::HtmlId;
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use parent qw( Template::Plugin::Filter );
sub filter {
my ( $self, $text ) = @_;
return $text =~ s/[^a-zA-Z0-9-]+/_/gr
}
1;

3
koha-tmpl/intranet-tmpl/prog/en/includes/prefs-menu.inc

@ -1,3 +1,4 @@
[% USE HtmlId %]
<div id="menu">
<ul>
[% IF ( accounting ) %]
@ -176,7 +177,7 @@
<ul>
[% FOREACH LINE IN TAB.LINES %]
[% IF ( LINE.is_group_title ) %]
<li><a class="pref_sublink" href="#[% LINE.title | replace('\s+', '_') | uri %]">[% LINE.title | html %]</a></li>
<li><a class="pref_sublink" href="#[% LINE.title | $HtmlId %]">[% LINE.title | html %]</a></li>
[% END %]
[% END %]
</ul>

7
koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt

@ -2,6 +2,7 @@
[% USE To %]
[% USE Asset %]
[% USE Koha %]
[% USE HtmlId %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Administration &rsaquo; System preferences</title>
@ -49,16 +50,16 @@
[% UNLESS ( loop.first ) %]</tbody></table>[% END %]
<div class="row">
<div class="col-sm-6">
<h3 id="[% LINE.title | replace('\s+', '_') | html %]"><i class="fa fa-caret-down"></i> [% LINE.title | html %]</h3>
<h3 id="[% LINE.title | $HtmlId %]"><i class="fa fa-caret-down"></i> [% LINE.title | html %]</h3>
</div>
<div class="col-sm-6">
[% IF ( searchfield ) %]
<div class="pull-right"><a class="btn btn-link" href="/cgi-bin/koha/admin/preferences.pl?tab=[% TAB.tab_id | html %]#[% LINE.title | replace('\s+', '_') | html %]"><i class="fa fa-list-ul"></i> View all [% LINE.title | html %] preferences</a></div>
<div class="pull-right"><a class="btn btn-link" href="/cgi-bin/koha/admin/preferences.pl?tab=[% TAB.tab_id | html %]#[% LINE.title | $HtmlId %]"><i class="fa fa-list-ul"></i> View all [% LINE.title | html %] preferences</a></div>
[% END %]
</div>
</div>
<table class="preferences" id="collapse_[% LINE.title | replace('\s+', '_') | html %]">
<table class="preferences" id="collapse_[% LINE.title | $HtmlId %]">
<thead><tr><th>Preference</th><th>Value</th></tr></thead>
[% UNLESS ( loop.last ) %]<tbody>[% END %]
[% ELSE %]

25
t/Koha_Template_Plugin_HtmlId.t

@ -0,0 +1,25 @@
#!/usr/bin/perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use Test::More tests => 2;
use_ok( 'Koha::Template::Plugin::HtmlId' );
my $filter = Koha::Template::Plugin::HtmlId->new();
is('Some_not-allowed_characters', $filter->filter('Some/;:not-allowed*$^characters'), 'Forbidden characters are replaced by _');
Loading…
Cancel
Save