Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Fix naming sanitiser > sanitizer

Browse Source 
[MAILPOET-3415]
This commit is contained in:
Rostislav Wolny
2021-02-12 12:21:58 +01:00
committed by Veljko V
parent 6d074e37e9
commit 6a63ac26c7
6 changed files with 42 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/API/JSON/v1/Forms.php
View File

@ -9,7 +9,7 @@ use MailPoet\API\JSON\Response;
use MailPoet\API\JSON\ResponseBuilders\FormsResponseBuilder; use MailPoet\API\JSON\ResponseBuilders\FormsResponseBuilder;
use MailPoet\Config\AccessControl; use MailPoet\Config\AccessControl;
use MailPoet\Entities\FormEntity; use MailPoet\Entities\FormEntity;
use MailPoet\Form\ApiDataSanitiser; use MailPoet\Form\ApiDataSanitizer;
use MailPoet\Form\DisplayFormInWPContent; use MailPoet\Form\DisplayFormInWPContent;
use MailPoet\Form\FormFactory; use MailPoet\Form\FormFactory;
use MailPoet\Form\FormsRepository; use MailPoet\Form\FormsRepository;
@ -53,8 +53,8 @@ class Forms extends APIEndpoint {
/** @var Emoji */ /** @var Emoji */
private $emoji; private $emoji;
/** @var ApiDataSanitiser */ /** @var ApiDataSanitizer */
private $dataSanitiser; private $dataSanitizer;
public function __construct( public function __construct(
Listing\BulkActionController $bulkAction, Listing\BulkActionController $bulkAction,
@ -65,7 +65,7 @@ class Forms extends APIEndpoint {
FormsResponseBuilder $formsResponseBuilder, FormsResponseBuilder $formsResponseBuilder,
WPFunctions $wp, WPFunctions $wp,
Emoji $emoji, Emoji $emoji,
ApiDataSanitiser $dataSanitiser ApiDataSanitizer $dataSanitizer
) { ) {
$this->bulkAction = $bulkAction; $this->bulkAction = $bulkAction;
$this->listingHandler = $listingHandler; $this->listingHandler = $listingHandler;
@ -75,7 +75,7 @@ class Forms extends APIEndpoint {
$this->formsRepository = $formsRepository; $this->formsRepository = $formsRepository;
$this->formsResponseBuilder = $formsResponseBuilder; $this->formsResponseBuilder = $formsResponseBuilder;
$this->emoji = $emoji; $this->emoji = $emoji;
$this->dataSanitiser = $dataSanitiser; $this->dataSanitizer = $dataSanitizer;
} }
public function get($data = []) { public function get($data = []) {
@ -196,7 +196,7 @@ class Forms extends APIEndpoint {
$formId = (isset($data['id']) ? (int)$data['id'] : 0); $formId = (isset($data['id']) ? (int)$data['id'] : 0);
$name = (isset($data['name']) ? $data['name'] : WPFunctions::get()->__('New form', 'mailpoet')); $name = (isset($data['name']) ? $data['name'] : WPFunctions::get()->__('New form', 'mailpoet'));
$body = (isset($data['body']) ? $data['body'] : []); $body = (isset($data['body']) ? $data['body'] : []);
$body = $this->dataSanitiser->sanitiseBody($body); $body = $this->dataSanitizer->sanitizeBody($body);
$settings = (isset($data['settings']) ? $data['settings'] : []); $settings = (isset($data['settings']) ? $data['settings'] : []);
$styles = (isset($data['styles']) ? $data['styles'] : ''); $styles = (isset($data['styles']) ? $data['styles'] : '');
$status = (isset($data['status']) ? $data['status'] : FormEntity::STATUS_ENABLED); $status = (isset($data['status']) ? $data['status'] : FormEntity::STATUS_ENABLED);

4
lib/DI/ContainerConfigurator.php
View File

@ -173,7 +173,7 @@ class ContainerConfigurator implements IContainerConfigurator {
$container->autowire(\MailPoet\Features\FeatureFlagsRepository::class)->setPublic(true); $container->autowire(\MailPoet\Features\FeatureFlagsRepository::class)->setPublic(true);
// Form // Form
$container->autowire(\MailPoet\Form\Util\FieldNameObfuscator::class)->setPublic(true); $container->autowire(\MailPoet\Form\Util\FieldNameObfuscator::class)->setPublic(true);
$container->autowire(\MailPoet\Form\ApiDataSanitiser::class)->setPublic(true); $container->autowire(\MailPoet\Form\ApiDataSanitizer::class)->setPublic(true);
$container->autowire(\MailPoet\Form\AssetsController::class)->setPublic(true); $container->autowire(\MailPoet\Form\AssetsController::class)->setPublic(true);
$container->autowire(\MailPoet\Form\DisplayFormInWPContent::class); $container->autowire(\MailPoet\Form\DisplayFormInWPContent::class);
$container->autowire(\MailPoet\Form\FormsRepository::class)->setPublic(true); $container->autowire(\MailPoet\Form\FormsRepository::class)->setPublic(true);
@ -198,7 +198,7 @@ class ContainerConfigurator implements IContainerConfigurator {
$container->autowire(\MailPoet\Form\Block\Text::class); $container->autowire(\MailPoet\Form\Block\Text::class);
$container->autowire(\MailPoet\Form\Block\Textarea::class); $container->autowire(\MailPoet\Form\Block\Textarea::class);
$container->autowire(\MailPoet\Form\FormFactory::class)->setPublic(true); $container->autowire(\MailPoet\Form\FormFactory::class)->setPublic(true);
$container->autowire(\MailPoet\Form\FormHtmlSanitiser::class)->setPublic(true); $container->autowire(\MailPoet\Form\FormHtmlSanitizer::class)->setPublic(true);
$container->autowire(\MailPoet\Form\PreviewPage::class); $container->autowire(\MailPoet\Form\PreviewPage::class);
$container->autowire(\MailPoet\Form\Templates\TemplateRepository::class); $container->autowire(\MailPoet\Form\Templates\TemplateRepository::class);
$container->autowire(\MailPoet\Form\Util\Styles::class); $container->autowire(\MailPoet\Form\Util\Styles::class);

18
lib/Form/ApiDataSanitiser.php → lib/Form/ApiDataSanitizer.php
View File

@ -2,8 +2,8 @@
namespace MailPoet\Form; namespace MailPoet\Form;
class ApiDataSanitiser { class ApiDataSanitizer {
/** @var FormHtmlSanitiser */ /** @var FormHtmlSanitizer */
private $htmlSanitizer; private $htmlSanitizer;
/** /**
@ -22,29 +22,29 @@ class ApiDataSanitiser {
], ],
]; ];
public function __construct(FormHtmlSanitiser $htmlSanitiser) { public function __construct(FormHtmlSanitizer $htmlSanitizer) {
$this->htmlSanitizer = $htmlSanitiser; $this->htmlSanitizer = $htmlSanitizer;
} }
public function sanitiseBody(array $body): array { public function sanitizeBody(array $body): array {
foreach ($body as $key => $block) { foreach ($body as $key => $block) {
$sanitizedBlock = $this->sanitiseBlock($block); $sanitizedBlock = $this->sanitizeBlock($block);
if (isset($sanitizedBlock['body']) && is_array($sanitizedBlock['body']) && !empty($sanitizedBlock['body'])) { if (isset($sanitizedBlock['body']) && is_array($sanitizedBlock['body']) && !empty($sanitizedBlock['body'])) {
$sanitizedBlock['body'] = $this->sanitiseBody($sanitizedBlock['body']); $sanitizedBlock['body'] = $this->sanitizeBody($sanitizedBlock['body']);
} }
$body[$key] = $sanitizedBlock; $body[$key] = $sanitizedBlock;
} }
return $body; return $body;
} }
private function sanitiseBlock(array $block): array { private function sanitizeBlock(array $block): array {
if (!isset($this->htmlSanitizeConfig[$block['type']])) { if (!isset($this->htmlSanitizeConfig[$block['type']])) {
return $block; return $block;
} }
$params = $block['params'] ?? []; $params = $block['params'] ?? [];
foreach ($this->htmlSanitizeConfig[$block['type']] as $parameter) { foreach ($this->htmlSanitizeConfig[$block['type']] as $parameter) {
if (!isset($params[$parameter])) continue; if (!isset($params[$parameter])) continue;
$params[$parameter] = $this->htmlSanitizer->sanitise($params[$parameter]); $params[$parameter] = $this->htmlSanitizer->sanitize($params[$parameter]);
} }
$block['params'] = $params; $block['params'] = $params;
return $block; return $block;

4
lib/Form/FormHtmlSanitiser.php → lib/Form/FormHtmlSanitizer.php
View File

@ -4,7 +4,7 @@ namespace MailPoet\Form;
use MailPoet\WP\Functions as WPFunctions; use MailPoet\WP\Functions as WPFunctions;
class FormHtmlSanitiser { class FormHtmlSanitizer {
/** @var WPFunctions */ /** @var WPFunctions */
private $wp; private $wp;
@ -48,7 +48,7 @@ class FormHtmlSanitiser {
$this->wp = $wp; $this->wp = $wp;
} }
public function sanitise(string $html): string { public function sanitize(string $html): string {
return $this->wp->wpKses($html, $this->allowedHtml); return $this->wp->wpKses($html, $this->allowedHtml);
} }
} }

10
tests/integration/Form/ApiDataSanitiserTest.php → tests/integration/Form/ApiDataSanitizerTest.php
View File

@ -2,10 +2,10 @@
namespace MailPoet\Form; namespace MailPoet\Form;
class ApiDataSanitiserTest extends \MailPoetTest { class ApiDataSanitizerTest extends \MailPoetTest {
/** @var ApiDataSanitiser */ /** @var ApiDataSanitizer */
private $sanitiser; private $sanitizer;
private $body = [ private $body = [
[ [
@ -33,11 +33,11 @@ class ApiDataSanitiserTest extends \MailPoetTest {
public function _before() { public function _before() {
parent::_before(); parent::_before();
$this->sanitiser = $this->diContainer->get(ApiDataSanitiser::class); $this->sanitizer = $this->diContainer->get(ApiDataSanitizer::class);
} }
public function testItSanitizesBody() { public function testItSanitizesBody() {
$result = $this->sanitiser->sanitiseBody($this->body); $result = $this->sanitizer->sanitizeBody($this->body);
$paragraph = $result[0]; $paragraph = $result[0];
$nestedHeading = $result[1]['body'][0]; $nestedHeading = $result[1]['body'][0];
expect($paragraph['params']['content'])->equals('alert(1);Paragraph'); expect($paragraph['params']['content'])->equals('alert(1);Paragraph');

36
tests/integration/Form/FormHtmlSanitiserTest.php → tests/integration/Form/FormHtmlSanitizerTest.php
View File

@ -2,33 +2,33 @@
namespace MailPoet\Form; namespace MailPoet\Form;
class FormHtmlSanitiserTest extends \MailPoetTest { class FormHtmlSanitizerTest extends \MailPoetTest {
/** @var FormHtmlSanitiser */ /** @var FormHtmlSanitizer */
private $sanitiser; private $sanitizer;
public function _before() { public function _before() {
parent::_before(); parent::_before();
$this->sanitiser = $this->diContainer->get(FormHtmlSanitiser::class); $this->sanitizer = $this->diContainer->get(FormHtmlSanitizer::class);
} }
public function testItKeepsAllowedTags() { public function testItKeepsAllowedTags() {
expect($this->sanitiser->sanitise(''))->equals(''); expect($this->sanitizer->sanitize(''))->equals('');
expect($this->sanitiser->sanitise('<span style="font-family: BioRhyme">Style</span>'))->equals('<span style="font-family: BioRhyme">Style</span>'); expect($this->sanitizer->sanitize('<span style="font-family: BioRhyme">Style</span>'))->equals('<span style="font-family: BioRhyme">Style</span>');
expect($this->sanitiser->sanitise('<span data-font="BioRhyme">DataFont</span>'))->equals('<span data-font="BioRhyme">DataFont</span>'); expect($this->sanitizer->sanitize('<span data-font="BioRhyme">DataFont</span>'))->equals('<span data-font="BioRhyme">DataFont</span>');
expect($this->sanitiser->sanitise('<span class="my-class">Class</span>'))->equals('<span class="my-class">Class</span>'); expect($this->sanitizer->sanitize('<span class="my-class">Class</span>'))->equals('<span class="my-class">Class</span>');
expect($this->sanitiser->sanitise('Text <span>👋</span> around'))->equals('Text <span>👋</span> around'); expect($this->sanitizer->sanitize('Text <span>👋</span> around'))->equals('Text <span>👋</span> around');
expect($this->sanitiser->sanitise('<strong>Strong</strong><em>Em</em><br />'))->equals('<strong>Strong</strong><em>Em</em><br />'); expect($this->sanitizer->sanitize('<strong>Strong</strong><em>Em</em><br />'))->equals('<strong>Strong</strong><em>Em</em><br />');
expect($this->sanitiser->sanitise('<sub>Strong</sub><sup>Em</sup><s>s</s><kbd>kbd</kbd>'))->equals('<sub>Strong</sub><sup>Em</sup><s>s</s><kbd>kbd</kbd>'); expect($this->sanitizer->sanitize('<sub>Strong</sub><sup>Em</sup><s>s</s><kbd>kbd</kbd>'))->equals('<sub>Strong</sub><sup>Em</sup><s>s</s><kbd>kbd</kbd>');
expect($this->sanitiser->sanitise('<code>Code</code>'))->equals('<code>Code</code>'); expect($this->sanitizer->sanitize('<code>Code</code>'))->equals('<code>Code</code>');
expect($this->sanitiser->sanitise('<a href="http://example.com/" data-type="post" data-id="1" target="_blank" rel="noreferrer">link</a>'))->equals('<a href="http://example.com/" data-type="post" data-id="1" target="_blank" rel="noreferrer">link</a>'); expect($this->sanitizer->sanitize('<a href="http://example.com/" data-type="post" data-id="1" target="_blank" rel="noreferrer">link</a>'))->equals('<a href="http://example.com/" data-type="post" data-id="1" target="_blank" rel="noreferrer">link</a>');
expect($this->sanitiser->sanitise('<img class="wp-image-55" style="width: 150px;height: 1px" src="http://test.com/logo-1.jpg" alt="alt text">'))->equals('<img class="wp-image-55" style="width: 150px;height: 1px" src="http://test.com/logo-1.jpg" alt="alt text">'); expect($this->sanitizer->sanitize('<img class="wp-image-55" style="width: 150px;height: 1px" src="http://test.com/logo-1.jpg" alt="alt text">'))->equals('<img class="wp-image-55" style="width: 150px;height: 1px" src="http://test.com/logo-1.jpg" alt="alt text">');
} }
public function testItRemovesUnwantedHtml() { public function testItRemovesUnwantedHtml() {
expect($this->sanitiser->sanitise('<script>'))->equals(''); expect($this->sanitizer->sanitize('<script>'))->equals('');
expect($this->sanitiser->sanitise('<span>Hello<img src="http://nonsense" onerror="alert(1)"/></span>'))->equals('<span>Hello<img src="http://nonsense" /></span>'); expect($this->sanitizer->sanitize('<span>Hello<img src="http://nonsense" onerror="alert(1)"/></span>'))->equals('<span>Hello<img src="http://nonsense" /></span>');
expect($this->sanitiser->sanitise('<a href="#" onclick="alert(1)">click me</a>'))->equals('<a href="#">click me</a>'); expect($this->sanitizer->sanitize('<a href="#" onclick="alert(1)">click me</a>'))->equals('<a href="#">click me</a>');
expect($this->sanitiser->sanitise('<a href="javascript:alert(1)">click me</a>'))->equals('<a href="alert(1)">click me</a>'); expect($this->sanitizer->sanitize('<a href="javascript:alert(1)">click me</a>'))->equals('<a href="alert(1)">click me</a>');
} }
} }