[noosfero/noosfero][rails4] 4 commits: rails4: fix articles versions' tests
Bráulio Bhavamitra
gitlab at gitlab.com
Thu Apr 9 21:58:10 BRT 2015
Bráulio Bhavamitra pushed to rails4 at Noosfero / noosfero
Commits:
9e26b347 by Braulio Bhavamitra at 2015-04-08T09:30:43Z
rails4: fix articles versions' tests
- - - - -
0449c404 by Braulio Bhavamitra at 2015-04-08T16:08:42Z
rails4: use new rails sanitizer (loofah)
- - - - -
b6e69ae5 by Braulio Bhavamitra at 2015-04-08T21:30:17Z
rails4: fix user tests
- - - - -
b2f7edb5 by Braulio Bhavamitra at 2015-04-09T21:52:44Z
rails4: check tag content
- - - - -
10 changed files:
- app/models/article.rb
- app/models/tiny_mce_article.rb
- app/models/user.rb
- config/application.rb
- + config/initializers/sanitizer.rb
- test/test_helper.rb
- test/unit/article_test.rb
- test/unit/tiny_mce_article_test.rb
- test/unit/user_test.rb
- vendor/plugins/acts_as_versioned/lib/acts_as_versioned.rb
Changes:
=====================================
app/models/article.rb
=====================================
--- a/app/models/article.rb
+++ b/app/models/article.rb
@@ -437,7 +437,7 @@ class Article < ActiveRecord::Base
def rotate_translations
unless self.translations.empty?
- rotate = self.translations
+ rotate = self.translations.all
root = rotate.shift
root.update_attribute(:translation_of_id, nil)
root.translations = rotate
@@ -609,7 +609,7 @@ class Article < ActiveRecord::Base
]
def self.find_by_old_path(old_path)
- self.includes(:versions).where( 'article_versions.path = ?', old_path).order('article_versions.id DESC')
+ self.includes(:versions).where('article_versions.path = ?', old_path).order('article_versions.id DESC').first
end
def hit
@@ -668,11 +668,11 @@ class Article < ActiveRecord::Base
end
def get_version(version_number = nil)
- version_number ? versions.find(:first, :order => 'version', :offset => version_number - 1) : versions.earliest
+ if version_number then self.versions.order('version').offset(version_number - 1).first else self.versions.earliest end
end
def author_by_version(version_number = nil)
- version_number ? profile.environment.people.find_by_id(get_version(version_number).author_id) : author
+ if version_number then profile.environment.people.where(id: get_version(version_number).author_id).first else author end
end
def author_name(version_number = nil)
@@ -771,7 +771,7 @@ class Article < ActiveRecord::Base
end
def first_image
- img = Nokogiri::HTML.fragment(self.lead.to_s).css('img[src]').first || Nokogiri::HTML.fragment(self.body.to_s).search('img').first
+ img = Nokogiri::HTML.fragment(self.lead.to_s).css('img[src]').first || Nokogiri::HTML.fragment(self.body.to_s).css('img').first
img.nil? ? '' : img['src']
end
=====================================
app/models/tiny_mce_article.rb
=====================================
--- a/app/models/tiny_mce_article.rb
+++ b/app/models/tiny_mce_article.rb
@@ -9,7 +9,7 @@ class TinyMceArticle < TextArticle
def self.description
_('Not accessible for visually impaired users.')
end
-
+
xss_terminate :only => [ ]
xss_terminate :only => [ :name, :abstract, :body ], :with => 'white_list', :on => 'validation'
=====================================
app/models/user.rb
=====================================
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -279,12 +279,12 @@ class User < ActiveRecord::Base
end
def name
- name = (self[:name] || login)
+ name = (@name || login)
person.nil? ? name : (person.name || name)
end
def name= name
- self[:name] = name
+ @name = name
end
def enable_email!
=====================================
config/application.rb
=====================================
--- a/config/application.rb
+++ b/config/application.rb
@@ -15,12 +15,6 @@ module Noosfero
require 'noosfero/plugin'
- # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
- config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder', 'controls', 'autoplay', 'colspan', 'rowspan'
-
- # Adds custom tags to the Set of allowed html tags for the #sanitize helper
- config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe', 'audio', 'video', 'source'
-
config.action_controller.include_all_helpers = false
# Settings in config/environments/* take precedence over those specified here.
=====================================
config/initializers/sanitizer.rb
=====================================
--- /dev/null
+++ b/config/initializers/sanitizer.rb
@@ -0,0 +1,35 @@
+require 'loofah/helpers'
+
+ActionView::Base.full_sanitizer = Loofah::Helpers::ActionView::FullSanitizer.new
+ActionView::Base.white_list_sanitizer = Loofah::Helpers::ActionView::WhiteListSanitizer.new
+
+Loofah::HTML5::WhiteList::ALLOWED_ELEMENTS_WITH_LIBXML2.merge %w[
+ img object embed param table tr th td applet comment iframe audio video source
+]
+
+Loofah::HTML5::WhiteList::ALLOWED_ATTRIBUTES.merge %w[
+ align border alt vspace hspace width heigth value type data
+ style target codebase archive classid code flashvars scrolling frameborder controls autoplay colspan
+]
+
+# do not escape COMMENT_NODE
+require 'loofah/scrubber'
+module Loofah
+ class Scrubber
+ private
+
+ def html5lib_sanitize node
+ case node.type
+ when Nokogiri::XML::Node::ELEMENT_NODE
+ if HTML5::Scrub.allowed_element? node.name
+ HTML5::Scrub.scrub_attributes node
+ return Scrubber::CONTINUE
+ end
+ when Nokogiri::XML::Node::TEXT_NODE, Nokogiri::XML::Node::CDATA_SECTION_NODE,Nokogiri::XML::Node::COMMENT_NODE
+ return Scrubber::CONTINUE
+ end
+ Scrubber::STOP
+ end
+
+ end
+end
=====================================
test/test_helper.rb
=====================================
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -135,16 +135,29 @@ class ActiveSupport::TestCase
assert !text.index('<'), "Text '#{text}' expected to be sanitized"
end
+ def find_tag_in_string text, options
+ doc = Nokogiri::HTML.fragment text
+ tag = doc.css(options[:tag]).first
+ content = tag.text.strip
+
+ attributes = {}; tag.attributes.each do |a, v|
+ a = a.to_sym
+ next unless options[:attributes].has_key? a
+ attributes[a] = v.value
+ end
+
+ ret = tag.present?
+ ret &&= options[:attributes].blank? || attributes == options[:attributes]
+ ret &&= options[:content].blank? || content == options[:content]
+ ret
+ end
+
def assert_tag_in_string(text, options)
- doc = HTML::Document.new(text, false, false)
- tag = doc.find(options)
- assert tag, "expected tag #{options.inspect}, but not found in #{text.inspect}"
+ assert find_tag_in_string(text, options), "expected tag #{options.inspect}, but not found in #{text.inspect}"
end
def assert_no_tag_in_string(text, options)
- doc = HTML::Document.new(text, false, false)
- tag = doc.find(options)
- assert !tag, "expected no tag #{options.inspect}, but tag found in #{text.inspect}"
+ assert !find_tag_in_string(text, options), "expected no tag #{options.inspect}, but tag found in #{text.inspect}"
end
def assert_order(reference, original)
=====================================
test/unit/article_test.rb
=====================================
--- a/test/unit/article_test.rb
+++ b/test/unit/article_test.rb
@@ -935,7 +935,7 @@ class ArticleTest < ActiveSupport::TestCase
article.name = "<h1 Malformed >> html >< tag"
article.valid?
- assert_no_match /[<>]/, article.name
+ assert_equal '<h1>> html ></h1>', article.name
end
should 'return truncated title in short_title' do
@@ -1722,6 +1722,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'store first image in tracked action' do
a = create TinyMceArticle, :name => 'Tracked Article', :body => '<p>Foo<img src="foo.png" />Bar</p>', :profile_id => profile.id
+ assert_equal 'foo.png', a.first_image
assert_equal 'foo.png', ActionTracker::Record.last.get_first_image
end
@@ -1893,7 +1894,7 @@ class ArticleTest < ActiveSupport::TestCase
end
should 'display_filter display only public articles if there is no user' do
- p = fast_create(Person)
+ p = fast_create(Person)
Article.delete_all
a = fast_create(Article, :published => true, :profile_id => p.id)
fast_create(Article, :published => false, :profile_id => p.id)
@@ -1903,7 +1904,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'display_filter display public articles for users' do
user = create_user('someuser').person
- p = fast_create(Person)
+ p = fast_create(Person)
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
Article.delete_all
a = fast_create(Article, :published => true, :profile_id => p.id)
@@ -1914,7 +1915,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'display_filter display private article last changed by user' do
user = create_user('someuser').person
- p = fast_create(Person)
+ p = fast_create(Person)
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
Article.delete_all
a = fast_create(Article, :published => false, :last_changed_by_id => user.id, :profile_id => p.id)
@@ -1926,7 +1927,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'display_filter display user private article of his own profile' do
user = create_user('someuser').person
user.stubs(:has_permission?).with(:view_private_content, user).returns(false)
- p = fast_create(Person)
+ p = fast_create(Person)
Article.delete_all
a = fast_create(Article, :published => false, :profile_id => user.id)
fast_create(Article, :published => false, :profile_id => p.id)
@@ -1936,7 +1937,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'display_filter show profile private content if the user has view_private_content permission' do
user = create_user('someuser').person
- p = fast_create(Person)
+ p = fast_create(Person)
Article.delete_all
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
a = fast_create(Article, :published => false, :profile_id => p.id)
=====================================
test/unit/tiny_mce_article_test.rb
=====================================
--- a/test/unit/tiny_mce_article_test.rb
+++ b/test/unit/tiny_mce_article_test.rb
@@ -82,16 +82,16 @@ class TinyMceArticleTest < ActiveSupport::TestCase
assert_no_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://untrusted_site.com/videos.ogg"}
end
- should 'remove iframe if it has 2 or more src' do
+ should 'consider first src if there is 2 or more src' do
assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org'
article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/videos.ogg' src='http://untrusted_site.com/videos.ogg'></iframe>")
- assert_equal '', article.body
+ assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://itheora.org/videos.ogg"}
end
should 'not sanitize html comments' do
article = TinyMceArticle.new
- article.body = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>'
+ article.body = '<!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>'
article.valid?
assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, article.body
@@ -232,7 +232,7 @@ end
:profile => profile
)
assert_tag_in_string article.body, :tag => 'table',
- :attributes => { :colspan => 2, :rowspan => 3 }
+ :attributes => { :colspan => '2', :rowspan => '3' }
end
end
=====================================
test/unit/user_test.rb
=====================================
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -297,7 +297,7 @@ class UserTest < ActiveSupport::TestCase
should 'not has email activation pending if not have environment' do
user = create_user('cooler')
- user.expects(:environment).returns(nil)
+ user.expects(:environment).returns(nil).at_least_once
EmailActivation.create!(:requestor => user.person, :target => Environment.default)
assert !user.email_activation_pending?
end
@@ -355,7 +355,7 @@ class UserTest < ActiveSupport::TestCase
Person.any_instance.stubs(:created_at).returns(DateTime.parse('16-08-2010'))
expected_hash = {
'login' => 'x_and_y', 'is_admin' => true, 'since_month' => 8,
- 'chat_enabled' => false, 'since_year' => 2010, 'email_domain' => nil,
+ 'chat_enabled' => false, 'since_year' => 2010, 'email_domain' => nil,
'amount_of_friends' => 0, 'friends_list' => {}, 'enterprises' => [],
}
@@ -462,9 +462,9 @@ class UserTest < ActiveSupport::TestCase
should 'respond name with user name attribute' do
user = create_user('testuser')
+ user.login = 'Login User'
user.person = nil
user.name = 'Another User'
- user.login = 'Login User'
assert_equal 'Another User', user.name
end
=====================================
vendor/plugins/acts_as_versioned/lib/acts_as_versioned.rb
=====================================
--- a/vendor/plugins/acts_as_versioned/lib/acts_as_versioned.rb
+++ b/vendor/plugins/acts_as_versioned/lib/acts_as_versioned.rb
@@ -264,7 +264,7 @@ module ActiveRecord #:nodoc:
included do
has_many :versions, self.version_association_options
- #before_save :set_new_version
+ before_save :set_new_version
after_save :save_version
after_save :clear_old_versions
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/f3f3c821c79d153bbcac8fbdd3ccab8581989689...b2f7edb5d76b982c9fa5efc67ae3333c0d813792
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150410/1990975c/attachment-0001.html>
More information about the Noosfero-dev
mailing list