Merge pull request #27 from astax-t/master

Fixed namespace for exception

Author: Jackson Owens

JBBCode/CodeDefinitionBuilder.php

@@ -84,12 +84,12 @@ public function setParseContent($parseContent)
      * Sets the nest limit for this code definition.
      *
      * @param $nestLimit a positive integer, or -1 if there is no limit.
-     * @throws InvalidArgumentException  if the nest limit is invalid
+     * @throws \InvalidArgumentException  if the nest limit is invalid
      */
     public function setNestLimit($limit)
     {
         if(!is_int($limit) || ($limit <= 0 && -1 != $limit)) {
-            throw new InvalidArgumentException("A nest limit must be a positive integer " .
+            throw new \InvalidArgumentException("A nest limit must be a positive integer " .
                                                "or -1.");
         }
         $this->nestLimit = $limit;
@@ -138,7 +138,7 @@ public function removeBodyValidator()
         $this->bodyValidator = null;
         return $this;
     }
-    
+
     /**
      * Builds a CodeDefinition with the current state of the builder.
      *

JBBCode/tests/HTMLSafeTest.php

@@ -0,0 +1,77 @@
+<?php
+
+require_once(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'Parser.php');
+
+/**
+ * Test cases testing the HTMLSafe visitor, which escapes all html characters in the source text
+ *
+ * @author astax-t
+ */
+class HTMLSafeTest extends PHPUnit_Framework_TestCase
+{
+    /**
+     * Asserts that the given bbcode string produces the given html string
+     * when parsed with the default bbcodes.
+     */
+    public function assertProduces($bbcode, $html)
+    {
+        $parser = new \JBBCode\Parser();
+        $parser->addCodeDefinitionSet(new JBBCode\DefaultCodeDefinitionSet());
+        $parser->parse($bbcode);
+
+		$htmlsafer = new JBBCode\visitors\HTMLSafeVisitor();
+		$parser->accept($htmlsafer);
+
+        $this->assertEquals($html, $parser->getAsHtml());
+    }
+	
+    /**
+     * Tests escaping quotes and ampersands in simple text
+     */
+    public function testQuoteAndAmp()
+    {
+        $this->assertProduces('te"xt te&xt', 'te&quot;xt te&amp;xt');
+    }
+
+    /**
+     * Tests escaping quotes and ampersands inside a BBCode tag
+     */
+    public function testQuoteAndAmpInTag()
+    {
+        $this->assertProduces('[b]te"xt te&xt[/b]', '<strong>te&quot;xt te&amp;xt</strong>');
+    }
+
+    /**
+     * Tests escaping HTML tags
+     */
+    public function testHtmlTag()
+    {
+        $this->assertProduces('<b>not bold</b>', '&lt;b&gt;not bold&lt;/b&gt;');
+        $this->assertProduces('[b]<b>bold</b>[/b] <hr>', '<strong>&lt;b&gt;bold&lt;/b&gt;</strong> &lt;hr&gt;');
+    }
+
+    /**
+     * Tests escaping ampersands in URL using [url]...[/url]
+     */
+    public function testUrlParam()
+    {
+        $this->assertProduces('text [url]http://example.com/?a=b&c=d[/url] more text', 'text <a href="http://example.com/?a=b&amp;c=d">http://example.com/?a=b&amp;c=d</a> more text');
+    }
+
+    /**
+     * Tests escaping ampersands in URL using [url=...] tag
+     */
+    public function testUrlOption()
+    {
+        $this->assertProduces('text [url=http://example.com/?a=b&c=d]this is a "link"[/url]', 'text <a href="http://example.com/?a=b&amp;c=d">this is a &quot;link&quot;</a>');
+    }
+
+    /**
+     * Tests escaping ampersands in URL using [url=...] tag when URL is in quotes
+     */
+    public function testUrlOptionQuotes()
+    {
+        $this->assertProduces('text [url="http://example.com/?a=b&c=d"]this is a "link"[/url]', 'text <a href="http://example.com/?a=b&amp;c=d">this is a &quot;link&quot;</a>');
+    }
+
+}

JBBCode/visitors/HTMLSafeVisitor.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace JBBCode\visitors;
+
+/**
+ * This visitor escapes html content of all strings and attributes
+ *
+ * @author Alexander Polyanskikh
+ */
+class HTMLSafeVisitor implements \JBBCode\NodeVisitor
+{
+	public function visitDocumentElement(\JBBCode\DocumentElement $documentElement)
+	{
+		foreach ($documentElement->getChildren() as $child) {
+			$child->accept($this);
+		}
+	}
+
+	public function visitTextNode(\JBBCode\TextNode $textNode)
+	{
+		$textNode->setValue($this->htmlSafe($textNode->getValue()));
+	}
+
+	public function visitElementNode(\JBBCode\ElementNode $elementNode)
+	{
+		$attrs = $elementNode->getAttribute();
+		if (is_array($attrs))
+		{
+			foreach ($attrs as &$el)
+				$el = $this->htmlSafe($el);
+
+			$elementNode->setAttribute($attrs);
+		}
+
+		foreach ($elementNode->getChildren() as $child) {
+			$child->accept($this);
+		}
+	}
+
+	protected function htmlSafe($str, $options = null)
+	{
+		if (is_null($options))
+		{
+			if (defined('ENT_DISALLOWED'))
+				$options = ENT_QUOTES | ENT_DISALLOWED | ENT_HTML401; // PHP 5.4+
+			else
+				$options = ENT_QUOTES;  // PHP 5.3
+		}
+
+		return htmlspecialchars($str, $options, 'UTF-8');
+	}
+}