From 8d38861a2e0db0db9ec732f9f6c536999ce3b3ce Mon Sep 17 00:00:00 2001 From: mark_story Date: Sat, 9 Nov 2013 14:30:19 -0500 Subject: [PATCH] Fix missing HTML encoding on URL's generated by Html->meta(). The input URL was not correctly handled as an asset URL and thus was not correctly HTML or URL escaped. This created invalid HTML when favicon URLs included query string arguments. Refs #2233 --- .../Test/Case/View/Helper/HtmlHelperTest.php | 52 ++++++++++++++----- lib/Cake/View/Helper/HtmlHelper.php | 3 +- 2 files changed, 40 insertions(+), 15 deletions(-) diff --git a/lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php b/lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php index 875bde19c..d3aff9bef 100644 --- a/lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php +++ b/lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php @@ -1711,19 +1711,6 @@ class HtmlHelperTest extends CakeTestCase { ); $this->assertTags($result, $expected); - $result = $this->Html->meta('icon', 'favicon.ico'); - $expected = array( - 'link' => array('href' => 'preg:/.*favicon\.ico/', 'type' => 'image/x-icon', 'rel' => 'icon'), - array('link' => array('href' => 'preg:/.*favicon\.ico/', 'type' => 'image/x-icon', 'rel' => 'shortcut icon')) - ); - $this->assertTags($result, $expected); - $result = $this->Html->meta('icon'); - $expected = array( - 'link' => array('href' => 'preg:/.*favicon\.ico/', 'type' => 'image/x-icon', 'rel' => 'icon'), - array('link' => array('href' => 'preg:/.*favicon\.ico/', 'type' => 'image/x-icon', 'rel' => 'shortcut icon')) - ); - $this->assertTags($result, $expected); - $result = $this->Html->meta('keywords', 'these, are, some, meta, keywords'); $this->assertTags($result, array('meta' => array('name' => 'keywords', 'content' => 'these, are, some, meta, keywords'))); $this->assertRegExp('/\s+\/>$/', $result); @@ -1735,6 +1722,45 @@ class HtmlHelperTest extends CakeTestCase { $this->assertTags($result, array('meta' => array('name' => 'ROBOTS', 'content' => 'ALL'))); } +/** + * Test generating favicon's with meta() + * + * @return void + */ + public function testMetaIcon() { + $result = $this->Html->meta('icon', 'favicon.ico'); + $expected = array( + 'link' => array('href' => 'preg:/.*favicon\.ico/', 'type' => 'image/x-icon', 'rel' => 'icon'), + array('link' => array('href' => 'preg:/.*favicon\.ico/', 'type' => 'image/x-icon', 'rel' => 'shortcut icon')) + ); + $this->assertTags($result, $expected); + + $result = $this->Html->meta('icon'); + $expected = array( + 'link' => array('href' => 'preg:/.*favicon\.ico/', 'type' => 'image/x-icon', 'rel' => 'icon'), + array('link' => array('href' => 'preg:/.*favicon\.ico/', 'type' => 'image/x-icon', 'rel' => 'shortcut icon')) + ); + $this->assertTags($result, $expected); + + $result = $this->Html->meta('icon', '/favicon.png?one=two&three=four'); + $url = '/favicon.png?one=two&three=four'; + $expected = array( + 'link' => array( + 'href' => $url, + 'type' => 'image/x-icon', + 'rel' => 'icon' + ), + array( + 'link' => array( + 'href' => $url, + 'type' => 'image/x-icon', + 'rel' => 'shortcut icon' + ) + ) + ); + $this->assertTags($result, $expected); + } + /** * Test the inline and block options for meta() */ diff --git a/lib/Cake/View/Helper/HtmlHelper.php b/lib/Cake/View/Helper/HtmlHelper.php index 2048302fd..bb44cca96 100644 --- a/lib/Cake/View/Helper/HtmlHelper.php +++ b/lib/Cake/View/Helper/HtmlHelper.php @@ -276,11 +276,10 @@ class HtmlHelper extends AppHelper { $out = null; if (isset($options['link'])) { + $options['link'] = $this->assetUrl($options['link']); if (isset($options['rel']) && $options['rel'] === 'icon') { $out = sprintf($this->_tags['metalink'], $options['link'], $this->_parseAttributes($options, array('block', 'link'), ' ', ' ')); $options['rel'] = 'shortcut icon'; - } else { - $options['link'] = $this->url($options['link'], true); } $out .= sprintf($this->_tags['metalink'], $options['link'], $this->_parseAttributes($options, array('block', 'link'), ' ', ' ')); } else {