From 4e899fed95897a5f80af1c9b5ea28c2e9b4ee428 Mon Sep 17 00:00:00 2001 From: Alex Schroeder Date: Sun, 20 Oct 2013 20:00:30 +0200 Subject: [PATCH 1/2] Add facility to fix HTML escaping. --- modules/fix-encoding.pl | 21 +++++++++++++-- modules/translations/german-utf8.pl | 2 +- t/fix-encoding.t | 42 +++++++++++++++++++++++------ 3 files changed, 54 insertions(+), 11 deletions(-) diff --git a/modules/fix-encoding.pl b/modules/fix-encoding.pl index 3d0f68fa..7834e828 100644 --- a/modules/fix-encoding.pl +++ b/modules/fix-encoding.pl @@ -24,7 +24,20 @@ sub FixEncoding { OpenPage($id); my $text = $Page{text}; utf8::decode($text); - Save($id, $text, 'fix encoding', 1) if $text ne $Page{text}; + Save($id, $text, T('Fix character encoding'), 1) if $text ne $Page{text}; + ReleaseLock(); + ReBrowsePage($id); +} + +$Action{'fix-escaping'} = \&FixEscaping; + +sub FixEscaping { + my $id = shift; + ValidIdOrDie($id); + RequestLockOrError(); + OpenPage($id); + my $text = UnquoteHtml($Page{text}); + Save($id, $text, T('Fix HTML escapes'), 1) if $text ne $Page{text}; ReleaseLock(); ReBrowsePage($id); } @@ -35,6 +48,10 @@ sub FixEncodingMenu { my ($id, $menuref, $restref) = @_; if ($id) { push(@$menuref, - ScriptLink('action=fix-encoding;id=' . UrlEncode($id), T('Fix page encoding'))); + ScriptLink('action=fix-encoding;id=' . UrlEncode($id), + T('Fix character encoding'))); + push(@$menuref, + ScriptLink('action=fix-escaping;id=' . UrlEncode($id), + T('Fix HTML escapes'))); } } diff --git a/modules/translations/german-utf8.pl b/modules/translations/german-utf8.pl index fabcb33a..d0640b38 100644 --- a/modules/translations/german-utf8.pl +++ b/modules/translations/german-utf8.pl @@ -672,7 +672,7 @@ ordinary changes normale Änderungen Matching page names: Übereinstimmende Seitennamen: -Fix page encoding +Fix character encoding Zeichenkodierung korrigieren no summary available keine Zusammenfassug vorhanden diff --git a/t/fix-encoding.t b/t/fix-encoding.t index 2ce03408..a7a8efd7 100644 --- a/t/fix-encoding.t +++ b/t/fix-encoding.t @@ -1,4 +1,4 @@ -# Copyright (C) 2012 Alex Schroeder +# Copyright (C) 2012–2013 Alex Schroeder # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software @@ -14,7 +14,7 @@ require 't/test.pl'; package OddMuse; -use Test::More tests => 12; +use Test::More tests => 20; use utf8; # tests contain UTF-8 characters and it matters clear_pages(); @@ -26,14 +26,19 @@ test_page_negative(get_page('action=admin'), 'action=fix-encoding'); # make sure no menu shows up if the page does not exists -test_page(get_page('action=admin id=foo'), 'action=fix-encoding;id=foo'); +test_page(get_page('action=admin id=foo'), + 'action=fix-encoding;id=foo', + 'action=fix-escaping;id=foo'); # make sure nothing is saved if the page does not exist test_page(get_page('action=fix-encoding id=Example'), 'Location: http://localhost/wiki.pl/Example'); -test_page_negative(get_page('action=rc showedit=1'), 'fix encoding'); +test_page(get_page('action=fix-escaping id=Example'), + 'Location: http://localhost/wiki.pl/Example'); + +test_page_negative(get_page('action=rc all=1 showedit=1'), 'fix'); # make sure nothing is saved if there is no change @@ -43,14 +48,19 @@ test_page(update_page('Example', 'Pilgerstätte für die Göttin'), test_page(get_page('action=fix-encoding id=Example'), 'Location: http://localhost/wiki.pl/Example'); -test_page_negative(get_page('action=rc showedit=1'), 'fix encoding'); +test_page(get_page('action=fix-escaping id=Example'), + 'Location: http://localhost/wiki.pl/Example'); + +test_page_negative(get_page('action=rc all=1 showedit=1'), + 'Fix Character encoding'); # the menu shows up if the page exists test_page(get_page('action=admin id=Example'), - 'action=fix-encoding;id=Example'); + 'action=fix-encoding;id=Example', + 'action=fix-escaping;id=Example'); -# here is an actual page you need to fix +# here is an actual page with a character encoding error you need to fix test_page(update_page('Example', 'Pilgerstätte für die Göttin', 'borked encoding'), @@ -62,4 +72,20 @@ test_page(get_page('action=fix-encoding id=Example'), test_page(get_page('Example'), 'Pilgerstätte für die Göttin'); -test_page(get_page('action=rc showedit=1'), 'fix encoding'); +test_page(get_page('action=rc showedit=1'), + 'Fix character encoding'); + +# here is an actual page with an HTML escaping error you need to fix + +test_page(update_page('Example', '&lt;b&gt;bold&lt;/b&gt;', + 'borked escaping'), + '&lt;b&gt;bold&lt;/b&gt;'); + +test_page(get_page('action=fix-escaping id=Example'), + 'Location: http://localhost/wiki.pl/Example'); + +test_page(get_page('Example'), + '<b>bold</b>'); + +test_page(get_page('action=rc showedit=1'), + 'Fix HTML escapes'); From 8385ac5f743f4f596134c97fae818ce03736f123 Mon Sep 17 00:00:00 2001 From: Alex Schroeder Date: Sun, 20 Oct 2013 20:27:12 +0200 Subject: [PATCH 2/2] ReCAPTCHA introduced HTML escaping problems. --- modules/recaptcha.pl | 3 ++- t/recaptcha.t | 16 ++++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/modules/recaptcha.pl b/modules/recaptcha.pl index 9880632e..74df531e 100644 --- a/modules/recaptcha.pl +++ b/modules/recaptcha.pl @@ -231,7 +231,8 @@ sub NewReCaptchaDoPost { print $q->start_div({-class=>'error'}); print $q->p(T('You did not answer correctly.')); print GetFormStart(), ReCaptchaGetQuestion(1), - (map { $q->input({-type=>'hidden', -name=>$_, -value=>GetParam($_)}) } + (map { $q->input({-type=>'hidden', -name=>$_, + -value=>UnquoteHtml(GetParam($_))}) } qw(title text oldtime summary recent_edit aftertext)), $q->end_form; print $q->end_div(); PrintFooter(); diff --git a/t/recaptcha.t b/t/recaptcha.t index 539c2648..1638c456 100644 --- a/t/recaptcha.t +++ b/t/recaptcha.t @@ -21,14 +21,18 @@ use utf8; # test data is UTF-8 and it matters clear_pages(); $ENV{'REMOTE_ADDR'}='127.0.0.1'; add_module('recaptcha.pl'); + +# The recaptcha module used to corrupt UTF-8 encoding and HTML +# escaping. + # non-existing page and no permission -test_page(get_page('title=SandBox text=K%C3%BChlschrank'), +test_page(get_page('title=SandBox text="K%C3%BChlschrank"'), 'Status: 403', - 'Kühlschrank'); + '<b>Kühlschrank</b>'); # update it as an admin -test_page(update_page('SandBox', 'Kühlschrank', undef, undef, 1), - 'Kühlschrank'); +test_page(update_page('SandBox', 'Kühlschrank', undef, undef, 1), + '<b>Kühlschrank</b>'); # existing page and no permission -test_page(get_page('title=SandBox text=K%C3%BChlschrank-test'), +test_page(get_page('title=SandBox text="K%C3%BChlschrank-test"'), 'Status: 403', - 'Kühlschrank-test'); + '<b>Kühlschrank-test</b>');