[BUGFIX] Properly HTML encode URI in renderer 00/35600/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Sat, 20 Dec 2014 14:00:49 +0000 (15:00 +0100)
committerWouter Wolters <typo3@wouterwolters.nl>
Sat, 20 Dec 2014 14:56:02 +0000 (15:56 +0100)
The audio and video tag renderer fails to properly
encode the URI of the files for HTML.

Fix this and adapt the tests.

Resolves: #64000
Releases: master
Change-Id: Iac6d06ce9cabac31545e8cb5f542f3d096990ebe
Reviewed-on: http://review.typo3.org/35600
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: Roman Schürmann <roman.schuermann@wmdb.de>
Tested-by: Roman Schürmann <roman.schuermann@wmdb.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/core/Classes/Resource/Rendering/AudioTagRenderer.php
typo3/sysext/core/Classes/Resource/Rendering/VideoTagRenderer.php
typo3/sysext/core/Tests/Unit/Resource/Rendering/AudioTagRendererTest.php
typo3/sysext/core/Tests/Unit/Resource/Rendering/VideoTagRendererTest.php

index a1064f0..a2ff205 100644 (file)
@@ -76,7 +76,7 @@ class AudioTagRenderer implements FileRendererInterface {
                return sprintf(
                        '<audio%s><source src="%s" type="%s"></audio>',
                        empty($additionalAttributes) ? '' : ' ' . implode(' ', $additionalAttributes),
-                       $file->getPublicUrl($usedPathsRelativeToCurrentScript),
+                       htmlspecialchars($file->getPublicUrl($usedPathsRelativeToCurrentScript)),
                        $file->getMimeType()
                );
        }
index ced592d..fd1daae 100644 (file)
@@ -78,7 +78,7 @@ class VideoTagRenderer implements FileRendererInterface {
                        (int)$width,
                        (int)$height,
                        empty($additionalAttributes) ? '' : ' ' . implode(' ', $additionalAttributes),
-                       $file->getPublicUrl($usedPathsRelativeToCurrentScript),
+                       htmlspecialchars($file->getPublicUrl($usedPathsRelativeToCurrentScript)),
                        $file->getMimeType()
                );
        }
index 3422947..899e5cf 100644 (file)
@@ -66,10 +66,10 @@ class AudioTagRendererTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
 
                $fileResourceMock = $this->getMock(\TYPO3\CMS\Core\Resource\File::class, array(), array(), '', FALSE);
                $fileResourceMock->expects($this->any())->method('getMimeType')->will($this->returnValue('audio/mpeg'));
-               $fileResourceMock->expects($this->any())->method('getPublicUrl')->will($this->returnValue('//:path/myAudioFile'));
+               $fileResourceMock->expects($this->any())->method('getPublicUrl')->will($this->returnValue('//:path/myAudioFile?foo=bar&baz=true'));
 
                $this->assertSame(
-                       '<audio controls><source src="//:path/myAudioFile" type="audio/mpeg"></audio>',
+                       '<audio controls><source src="//:path/myAudioFile?foo=bar&amp;baz=true" type="audio/mpeg"></audio>',
                        $audioTagRenderer->render($fileResourceMock, '300m', '200')
                );
        }
index 3f2cc72..59481d3 100644 (file)
@@ -69,10 +69,10 @@ class VideoTagRendererTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
 
                $fileResourceMock = $this->getMock(\TYPO3\CMS\Core\Resource\File::class, array(), array(), '', FALSE);
                $fileResourceMock->expects($this->any())->method('getMimeType')->will($this->returnValue('video/mp4'));
-               $fileResourceMock->expects($this->any())->method('getPublicUrl')->will($this->returnValue('//:path/myVideoFile'));
+               $fileResourceMock->expects($this->any())->method('getPublicUrl')->will($this->returnValue('//:path/myVideoFile?foo=bar&baz=true'));
 
                $this->assertSame(
-                       '<video width="300" height="200" controls><source src="//:path/myVideoFile" type="video/mp4"></video>',
+                       '<video width="300" height="200" controls><source src="//:path/myVideoFile?foo=bar&amp;baz=true" type="video/mp4"></video>',
                        $VideoTagRenderer->render($fileResourceMock, '300m', '200')
                );
        }