Issue #2501705 by tetranz, pwolanin, Cottser, joelpittet, akalata: Remove...

Issue #2501705 by tetranz, pwolanin, Cottser, joelpittet, akalata: Remove SafeMarkup::set() in LinkGenerator and document SafeMarkup::set() in LinkGeneratorTest

Issue #2501705 by tetranz, pwolanin, Cottser, joelpittet, akalata: Remove...
Issue #2501705 by tetranz, pwolanin, Cottser, joelpittet, akalata: Remove SafeMarkup::set() in LinkGenerator and document SafeMarkup::set() in LinkGeneratorTest
c6cc4fa1 · xjm · 287d1e19 · c6cc4fa1 · c6cc4fa1 · c6cc4fa1
Commit c6cc4fa1 authored Jun 13, 2015 by xjm
3 changed files
--- a/core/lib/Drupal/Core/Utility/LinkGenerator.php
+++ b/core/lib/Drupal/Core/Utility/LinkGenerator.php
@@ -125,26 +125,26 @@ public function generate($text, Url $url, $collect_cacheability_metadata = FALSE
    // Allow other modules to modify the structure of the link.
    $this->moduleHandler->alter('link', $variables);

-    // Move attributes out of options. generateFromRoute(() doesn't need them.
-    $attributes = new Attribute($variables['options']['attributes']);
+    // Move attributes out of options since generateFromRoute() doesn't need
+    // them. Include a placeholder for the href.
+    $attributes = array('href' => '') + $variables['options']['attributes'];
    unset($variables['options']['attributes']);
    $url->setOptions($variables['options']);

-    // The result of the url generator is a plain-text URL. Because we are using
-    // it here in an HTML argument context, we need to encode it properly.
    if (!$collect_cacheability_metadata) {
-      $url = SafeMarkup::checkPlain($url->toString($collect_cacheability_metadata));
+      $url_string = $url->toString($collect_cacheability_metadata);
    }
    else {
      $generated_url = $url->toString($collect_cacheability_metadata);
-      $url = SafeMarkup::checkPlain($generated_url->getGeneratedUrl());
+      $url_string = $generated_url->getGeneratedUrl();
      $generated_link = GeneratedLink::createFromObject($generated_url);
    }
+    // The result of the URL generator is a plain-text URL to use as the href
+    // attribute, and it is escaped by \Drupal\Core\Template\Attribute.
+    $attributes['href'] = $url_string;

-    // Make sure the link text is sanitized.
-    $safe_text = SafeMarkup::escape($variables['text']);
+    $result = SafeMarkup::format('<a@attributes>@text</a>', array('@attributes' => new Attribute($attributes), '@text' => $variables['text']));

-    $result = SafeMarkup::set('<a href="' . $url . '"' . $attributes . '>' . $safe_text . '</a>');
    return $collect_cacheability_metadata ? $generated_link->setGeneratedLink($result) : $result;
  }


--- a/core/tests/Drupal/Tests/Core/Utility/LinkGeneratorTest.php
+++ b/core/tests/Drupal/Tests/Core/Utility/LinkGeneratorTest.php
@@ -14,6 +14,7 @@
 use Drupal\Core\Url;
 use Drupal\Core\Utility\LinkGenerator;
 use Drupal\Tests\UnitTestCase;
+use Drupal\Core\DependencyInjection\ContainerBuilder;

 /**
 * @coversDefaultClass \Drupal\Core\Utility\LinkGenerator
@@ -180,6 +181,37 @@ public function testGenerateExternal() {
    ), $result);
  }

+  /**
+   * Tests the generate() method with a url containing double quotes.
+   *
+   * @covers ::generate
+   */
+  public function testGenerateUrlWithQuotes() {
+    $this->urlAssembler->expects($this->once())
+      ->method('assemble')
+      ->with('base:example', array('query' => array('foo' => '"bar"', 'zoo' => 'baz')) + $this->defaultOptions)
+      ->will($this->returnValue('/example?foo=%22bar%22&zoo=baz'));
+
+    $path_validator = $this->getMock('Drupal\Core\Path\PathValidatorInterface');
+    $container_builder = new ContainerBuilder();
+    $container_builder->set('path.validator', $path_validator);
+    \Drupal::setContainer($container_builder);
+
+    $path = '/example?foo="bar"&zoo=baz';
+    $url = Url::fromUserInput($path);
+    $url->setUrlGenerator($this->urlGenerator);
+    $url->setUnroutedUrlAssembler($this->urlAssembler);
+
+    $result = $this->linkGenerator->generate('Drupal', $url);
+
+    $this->assertLink(array(
+      'attributes' => array(
+        'href' => '/example?foo=%22bar%22&zoo=baz',
+      ),
+      'content' => 'Drupal',
+    ), $result, 1);
+  }
+
  /**
   * Tests the link method with additional attributes.
   *
@@ -332,7 +364,9 @@ public function testGenerateWithHtml() {
      ),
    ), $result);

-    // Test that safe HTML is output inside the anchor tag unescaped.
+    // Test that safe HTML is output inside the anchor tag unescaped. The
+    // SafeMarkup::set() call is an intentional unit test for the interaction
+    // between SafeMarkup and the LinkGenerator.
    $url = new Url('test_route_5', array());
    $url->setUrlGenerator($this->urlGenerator);
    $result = $this->linkGenerator->generate(SafeMarkup::set('<em>HTML output</em>'), $url);
@@ -342,6 +376,7 @@ public function testGenerateWithHtml() {
        'tag' => 'em',
      ),
    ), $result);
+    $this->assertTrue(strpos($result, '<em>HTML output</em>') !== FALSE);
  }

  /**

--- a/core/tests/Drupal/Tests/Core/Utility/UnroutedUrlAssemblerTest.php
+++ b/core/tests/Drupal/Tests/Core/Utility/UnroutedUrlAssemblerTest.php
@@ -125,6 +125,8 @@ public function providerTestAssembleWithLocalUri() {
    return [
      ['base:example', [], FALSE, '/example'],
      ['base:example', ['query' => ['foo' => 'bar']], FALSE, '/example?foo=bar'],
+      ['base:example', ['query' => ['foo' => '"bar"']], FALSE, '/example?foo=%22bar%22'],
+      ['base:example', ['query' => ['foo' => '"bar"', 'zoo' => 'baz']], FALSE, '/example?foo=%22bar%22&zoo=baz'],
      ['base:example', ['fragment' => 'example', ], FALSE, '/example#example'],
      ['base:example', [], TRUE, '/subdir/example'],
      ['base:example', ['query' => ['foo' => 'bar']], TRUE, '/subdir/example?foo=bar'],