[icinga-checkins] icinga.org: icinga-web/master: Bugfix for html entities in cronk params

git at icinga.org git at icinga.org
Fri Oct 5 15:25:18 CEST 2012


Module: icinga-web
Branch: master
Commit: 30c1232a949258d9b351c8c8e4024a8a08ac5002
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=30c1232a949258d9b351c8c8e4024a8a08ac5002

Author: Marius Hein <marius.hein at netways.de>
Date:   Fri Oct  5 09:58:58 2012 +0200

Bugfix for html entities in cronk params

Needed for the cronk builder, fixes #3062

---

 .../models/Provider/CronksDataModel.class.php      |   44 +++++++++++---------
 .../phpunit/tests/regression/bugs/Bug3062Test.php  |   33 +++++++++++++++
 2 files changed, 57 insertions(+), 20 deletions(-)

diff --git a/app/modules/Cronks/models/Provider/CronksDataModel.class.php b/app/modules/Cronks/models/Provider/CronksDataModel.class.php
index 139dab7..2d8da5b 100644
--- a/app/modules/Cronks/models/Provider/CronksDataModel.class.php
+++ b/app/modules/Cronks/models/Provider/CronksDataModel.class.php
@@ -111,7 +111,7 @@ class Cronks_Provider_CronksDataModel extends CronksBaseModel implements AgaviIS
      */
     private function getSecurityModel() {
         if ($this->security === null) {
-            $this->security = $this->getContext()

+            $this->security = $this->getContext()
                 ->getModel('Provider.CronksSecurity', 'Cronks', array(
                     'security_only' => true
                 ));
@@ -126,7 +126,7 @@ class Cronks_Provider_CronksDataModel extends CronksBaseModel implements AgaviIS
      */
     private function getCategoryModel() {
         if ($this->categories === null) {
-            $this->categories = $this->getContext()

+            $this->categories = $this->getContext()
             ->getModel('Provider.CronkCategoryData', 'Cronks');
         }
         
@@ -232,9 +232,9 @@ class Cronks_Provider_CronksDataModel extends CronksBaseModel implements AgaviIS
             /*
              * Database credentials overwrite xml credentials
              */
-            $this->getSecurityModel()->setCronkUid($uid);

-            if ($this->getSecurityModel()->hasDatabaseRoles()) {

-                $cronk['groupsonly'] = $this->getSecurityModel()->getRoleNamesAsString();

+            $this->getSecurityModel()->setCronkUid($uid);
+            if ($this->getSecurityModel()->hasDatabaseRoles()) {
+                $cronk['groupsonly'] = $this->getSecurityModel()->getRoleNamesAsString();
             }
             
             if (isset($cronk['groupsonly']) 
@@ -274,7 +274,7 @@ class Cronks_Provider_CronksDataModel extends CronksBaseModel implements AgaviIS
                 'system' => true,
                 'owner' => false,
                 'position' => isset($cronk['position']) ? $cronk['position'] : 0,
-                'owner_name' => self::DEFAULT_CRONK_OWNER,

+                'owner_name' => self::DEFAULT_CRONK_OWNER,
                 'owner_id' => self::DEFAULT_CRONK_OWNERID
                          );
         }
@@ -350,7 +350,7 @@ class Cronks_Provider_CronksDataModel extends CronksBaseModel implements AgaviIS
 
         if ($get_all === false
            && $this->agaviUser->hasCredential('icinga.cronk.admin')===false) {
-            $query->innerJoin('c.CronkPrincipalCronk cpc')

+            $query->innerJoin('c.CronkPrincipalCronk cpc')
             ->andWhereIn('cpc.cpc_principal_id', $p);
         }
         
@@ -436,7 +436,11 @@ class Cronks_Provider_CronksDataModel extends CronksBaseModel implements AgaviIS
                 if (is_array($value)) {
 
                     foreach($value as $sn=>$sv) {
-                        $se = $dom->createElement('ae:parameter', $sv);
+                        // To avoid "unterminated entity reference" warnings /
+                        // exceptions, putt all into cdata section
+                        $cdata = $dom->createCDATASection($sv);
+                        $se = $dom->createElement('ae:parameter');
+                        $se->appendChild($cdata);
                         $se->setAttribute('name', $sn);
                         $ele->appendChild($se);
                     }
@@ -566,12 +570,12 @@ class Cronks_Provider_CronksDataModel extends CronksBaseModel implements AgaviIS
             $cronk->NsmPrincipal[] = $principal;
         }
         
-        /*

-         * If the cronk is new,

-         * no native owner record is set, do this!

-         */

-        if (!$cronk->NsmUser->user_id) {

-            $cronk->NsmUser = $this->user;

+        /*
+         * If the cronk is new,
+         * no native owner record is set, do this!
+         */
+        if (!$cronk->NsmUser->user_id) {
+            $cronk->NsmUser = $this->user;
         }
         
         return $cronk;
@@ -589,8 +593,8 @@ class Cronks_Provider_CronksDataModel extends CronksBaseModel implements AgaviIS
         
         if (
             $this->agaviUser->hasCredential('icinga.cronk.custom') === false
-           && $this->agaviUser->hasCredential('icinga.cronk.admin') === false) {

-            throw new AppKitModelException('No access to create cronks!');

+           && $this->agaviUser->hasCredential('icinga.cronk.admin') === false) {
+            throw new AppKitModelException('No access to create cronks!');
         }
         
         if (!isset($data['cid'])) {
@@ -628,10 +632,10 @@ class Cronks_Provider_CronksDataModel extends CronksBaseModel implements AgaviIS
 
     public function deleteCronkRecord($cronkid, $cronkname, $own=true) {
         
-        if (

-            $this->agaviUser->hasCredential('icinga.cronk.custom') === false

-           && $this->agaviUser->hasCredential('icinga.cronk.admin') === false) {

-            throw new AppKitModelException('No access to delete cronks!');

+        if (
+            $this->agaviUser->hasCredential('icinga.cronk.custom') === false
+           && $this->agaviUser->hasCredential('icinga.cronk.admin') === false) {
+            throw new AppKitModelException('No access to delete cronks!');
         }
         
         $q = AppKitDoctrineUtil::createQuery()
diff --git a/tests/phpunit/tests/regression/bugs/Bug3062Test.php b/tests/phpunit/tests/regression/bugs/Bug3062Test.php
new file mode 100644
index 0000000..d9c3cee
--- /dev/null
+++ b/tests/phpunit/tests/regression/bugs/Bug3062Test.php
@@ -0,0 +1,33 @@
+<?php
+
+/**
+ * Test case for https://dev.icinga.org/issues/3062
+ */
+class Bug3062Test extends PHPUnit_Framework_TestCase {
+    
+    public function testBug() {
+        static $cronk_name = 'Bug3062Test_Cronk_Record';
+        $ctx = IcingaWebTestTool::getContext();
+        
+        $model = $ctx->getModel('Provider.CronksData', 'Cronks');
+        
+        $testCronkData = array(
+            'cid'           => $cronk_name,
+            'name'          => $cronk_name,
+            'description'   => $cronk_name,
+            'categories'    => 'my',
+            'ae:parameter' => array(
+                'entity1'   => 'd=1&d=2&d=3',
+                'entity2'   => '<a></a>',
+                'entity3'   => '"a", \'b\''
+            )
+        );
+        
+        $record = $model->createCronkRecord($testCronkData);
+        
+        $this->assertInstanceOf('Cronk', $record);
+        $this->assertEquals($cronk_name, $record->cronk_uid);
+        $this->assertEquals($cronk_name, $record->cronk_name);
+    }
+    
+}
\ No newline at end of file





More information about the icinga-checkins mailing list