diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/comment/comment.module | 4 | ||||
| -rw-r--r-- | modules/search/search.test | 4 | ||||
| -rw-r--r-- | modules/simpletest/tests/common.test | 16 | ||||
| -rw-r--r-- | modules/system/system.js | 2 | ||||
| -rw-r--r-- | modules/update/update.fetch.inc | 4 |
5 files changed, 20 insertions, 10 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index fc1660467..775a2db25 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -2030,10 +2030,10 @@ function theme_comment_post_forbidden($node) { // We cannot use drupal_get_destination() because these links // sometimes appear on /node and taxonomy listing pages. if (variable_get('comment_form_location_' . $node->type, COMMENT_FORM_BELOW) == COMMENT_FORM_SEPARATE_PAGE) { - $destination = 'destination=' . drupal_urlencode("comment/reply/$node->nid#comment-form"); + $destination = 'destination=' . rawurlencode("comment/reply/$node->nid#comment-form"); } else { - $destination = 'destination=' . drupal_urlencode("node/$node->nid#comment-form"); + $destination = 'destination=' . rawurlencode("node/$node->nid#comment-form"); } if (variable_get('user_register', 1)) { diff --git a/modules/search/search.test b/modules/search/search.test index 6788744c1..f39261d3b 100644 --- a/modules/search/search.test +++ b/modules/search/search.test @@ -266,11 +266,11 @@ class SearchAdvancedSearchForm extends DrupalWebTestCase { $this->assertNotEqual($dummy_title, $this->node->title, t("Dummy title doens't equal node title")); // Search for the dummy title with a GET query. - $this->drupalGet('search/node/' . drupal_urlencode($dummy_title)); + $this->drupalGet('search/node/' . $dummy_title); $this->assertNoText($this->node->title, t('Page node is not found with dummy title.')); // Search for the title of the node with a GET query. - $this->drupalGet('search/node/' . drupal_urlencode($this->node->title)); + $this->drupalGet('search/node/' . $this->node->title); $this->assertText($this->node->title, t('Page node is found with GET query.')); // Search for the title of the node with a POST query. diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test index 7c0455952..d4a07be73 100644 --- a/modules/simpletest/tests/common.test +++ b/modules/simpletest/tests/common.test @@ -8,8 +8,8 @@ class CommonLUnitTest extends DrupalUnitTestCase { public static function getInfo() { return array( - 'name' => t('Tests for the l() function'), - 'description' => t('Confirm that url() works correctly with various input.'), + 'name' => t('URL generation tests'), + 'description' => t('Confirm that url(), drupal_query_string_encode(), and l() work correctly with various input.'), 'group' => t('System'), ); } @@ -22,8 +22,18 @@ class CommonLUnitTest extends DrupalUnitTestCase { $path = "<SCRIPT>alert('XSS')</SCRIPT>"; $link = l($text, $path); $sanitized_path = check_url(url($path)); - $this->assertTrue(strpos($link, $sanitized_path) != FALSE, t('XSS attack @path was filtered', array('@path' => $path))); + $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, t('XSS attack @path was filtered', array('@path' => $path))); } + + /** + * Test drupal_query_string_encode(). + */ + function testDrupalQueryStringEncode() { + $this->assertEqual(drupal_query_string_encode(array('a' => ' &#//+%20@۞')), 'a=%20%26%23%2F%2F%2B%2520%40%DB%9E', t('Value was properly encoded.')); + $this->assertEqual(drupal_query_string_encode(array(' &#//+%20@۞' => 'a')), '%20%26%23%2F%2F%2B%2520%40%DB%9E=a', t('Key was properly encoded.')); + $this->assertEqual(drupal_query_string_encode(array('a' => '1', 'b' => '2', 'c' => '3'), array('b')), 'a=1&c=3', t('Value was properly excluded.')); + $this->assertEqual(drupal_query_string_encode(array('a' => array('b' => '2', 'c' => '3')), array('b', 'a[c]')), 'a[b]=2', t('Nested array was properly encoded.')); + } } class CommonSizeTestCase extends DrupalUnitTestCase { diff --git a/modules/system/system.js b/modules/system/system.js index 92925c3a7..7bea58dee 100644 --- a/modules/system/system.js +++ b/modules/system/system.js @@ -92,7 +92,7 @@ Drupal.behaviors.dateTime = { // Attach keyup handler to custom format inputs. $('input.custom-format:not(.date-time-processed)', context).addClass('date-time-processed').keyup(function () { var input = $(this); - var url = settings.dateTime.lookup +(settings.dateTime.lookup.match(/\?q=/) ? '&format=' : '?format=') + Drupal.encodeURIComponent(input.val()); + var url = settings.dateTime.lookup + (settings.dateTime.lookup.match(/\?q=/) ? '&format=' : '?format=') + encodeURIComponent(input.val()); $.getJSON(url, function (data) { $('div.description span', input.parent()).html(data); }); diff --git a/modules/update/update.fetch.inc b/modules/update/update.fetch.inc index 67a4add81..82a078444 100644 --- a/modules/update/update.fetch.inc +++ b/modules/update/update.fetch.inc @@ -114,10 +114,10 @@ function _update_build_fetch_url($project, $site_key = '') { if (!empty($site_key) && (strpos($project['project_type'], 'disabled') === FALSE)) { $url .= (strpos($url, '?') === TRUE) ? '&' : '?'; $url .= 'site_key='; - $url .= drupal_urlencode($site_key); + $url .= rawurlencode($site_key); if (!empty($project['info']['version'])) { $url .= '&version='; - $url .= drupal_urlencode($project['info']['version']); + $url .= rawurlencode($project['info']['version']); } } return $url; |