Merge branch 'master' of /~https://github.com/zendframework/zf2 into zu…

…cchi/router-tweaks
zendframework · Mar 9, 2012 · 10faaf6 · 10faaf6
commit 10faaf6
Show file tree

Hide file tree

Showing 6 changed files with 98 additions and 15 deletions.
diff --git a/src/Helper/Escape.php b/src/Helper/Escape.php
@@ -55,6 +55,21 @@ class Escape extends AbstractHelper
      */
     protected $encoding = 'UTF-8';
 
+    /**
+     * @var array Supported encodings used to avoid an illegal call
+     */
+    protected $supportedEncodings = array(
+        'iso-8859-1',   'iso8859-1',    'iso-8859-5',   'iso8859-5',
+        'iso-8859-15',  'iso8859-15',   'utf-8',        'cp866',
+        'ibm866',       '866',          'cp1251',       'windows-1251',
+        'win-1251',     '1251',         'cp1252',       'windows-1252',
+        '1252',         'koi8-r',       'koi8-ru',      'koi8r',
+        'big5',         '950',          'gb2312',       '936',
+        'big5-hkscs',   'shift_jis',    'sjis',         'sjis-win',
+        'cp932',        '932',          'euc-jp',       'eucjp',
+        'eucjp-win',    'macroman'
+    );
+
     /**
      * Set the encoding to use for escape operations
      * 
@@ -63,6 +78,18 @@ class Escape extends AbstractHelper
      */
     public function setEncoding($encoding)
     {
+        if (empty($encoding)) {
+            throw new Exception\InvalidArgumentException(
+                get_called_class() . '::setEncoding() does not allow a NULL or '
+                . 'blank string value'
+            );
+        }
+        if (!in_array(strtolower($encoding), $this->supportedEncodings)) {
+            throw new Exception\InvalidArgumentException(
+                'Value of \'' . $encoding . '\' passed to ' . get_called_class()
+                . '::setEncoding() is invalid. Provide an encoding supported by htmlspecialchars()'
+            );
+        }
         $this->encoding = $encoding;
         return $this;
     }

diff --git a/src/Model/JsonModel.php b/src/Model/JsonModel.php
@@ -22,7 +22,7 @@
 namespace Zend\View\Model;
 
 use Traversable,
-    Zend\Stdlib\IteratorToArray;
+    Zend\Stdlib\ArrayUtils;
 
 /**
  * @category   Zend
@@ -33,6 +33,13 @@
  */
 class JsonModel extends ViewModel
 {
+    /**
+     * JSON is usually terminal
+     * 
+     * @var bool
+     */
+    protected $terminate = true;
+
     /**
      * Serialize to JSON
      * 
@@ -42,7 +49,7 @@ public function serialize()
     {
         $variables = $this->getVariables();
         if ($variables instanceof Traversable) {
-            $variables = IteratorToArray::convert($variables);
+            $variables = ArrayUtils::iteratorToArray($variables);
         }
         return json_encode($variables);
     }

diff --git a/src/Model/ViewModel.php b/src/Model/ViewModel.php
@@ -24,7 +24,7 @@
 use ArrayAccess,
     ArrayIterator,
     Traversable,
-    Zend\Stdlib\IteratorToArray,
+    Zend\Stdlib\ArrayUtils,
     Zend\View\Exception,
     Zend\View\Model,
     Zend\View\Variables as ViewVariables;
@@ -84,14 +84,16 @@ class ViewModel implements Model
      * @param  array|Traversable $options 
      * @return void
      */
-    public function __construct($variables = null, $options = array())
+    public function __construct($variables = null, $options = null)
     {
         if (null === $variables) {
             $variables = new ViewVariables();
         }
         $this->setVariables($variables);
 
-        $this->setOptions($options);
+        if(null !== $options) {
+            $this->setOptions($options);
+        }
     }
 
     /**
@@ -175,7 +177,7 @@ public function setOptions($options)
         // Assumption is that lowest common denominator for renderer configuration
         // is an array
         if ($options instanceof Traversable) {
-            $options = IteratorToArray::convert($options);
+            $options = ArrayUtils::iteratorToArray($options);
         }
 
         if (!is_array($options)) {
@@ -230,7 +232,7 @@ public function setVariables($variables)
         }
 
         if ($variables instanceof Traversable) {
-            $variables = IteratorToArray::convert($variables);
+            $variables = ArrayUtils::iteratorToArray($variables);
         }
 
         if (!is_array($variables)) {

diff --git a/src/Renderer/JsonRenderer.php b/src/Renderer/JsonRenderer.php
@@ -24,7 +24,7 @@
 use JsonSerializable,
     Traversable,
     Zend\Json\Json,
-    Zend\Stdlib\IteratorToArray,
+    Zend\Stdlib\ArrayUtils,
     Zend\View\Exception,
     Zend\View\Model,
     Zend\View\Renderer,
@@ -131,7 +131,7 @@ public function render($nameOrModel, $values = null)
             }
 
             if ($nameOrModel instanceof Traversable) {
-                $nameOrModel = IteratorToArray::convert($nameOrModel);
+                $nameOrModel = ArrayUtils::iteratorToArray($nameOrModel);
                 return Json::encode($nameOrModel);
             }
 

diff --git a/src/Resolver/TemplateMapResolver.php b/src/Resolver/TemplateMapResolver.php
@@ -24,7 +24,7 @@
 use ArrayIterator,
     IteratorAggregate,
     Traversable,
-    Zend\Stdlib\IteratorToArray,
+    Zend\Stdlib\ArrayUtils,
     Zend\View\Exception,
     Zend\View\Renderer,
     Zend\View\Resolver;
@@ -85,7 +85,7 @@ public function setMap($map)
         }
 
         if ($map instanceof Traversable) {
-            $map = IteratorToArray::convert($map);
+            $map = ArrayUtils::iteratorToArray($map);
         }
 
         $this->map = $map;
@@ -142,7 +142,7 @@ public function merge($map)
         }
 
         if ($map instanceof Traversable) {
-            $map = IteratorToArray::convert($map);
+            $map = ArrayUtils::iteratorToArray($map);
         }
 
         $this->map = array_replace_recursive($this->map, $map);

diff --git a/test/Helper/EscapeTest.php b/test/Helper/EscapeTest.php
@@ -8,6 +8,20 @@
 
 class EscapeTest extends TestCase
 {
+
+    protected $supportedEncodings = array(
+        'iso-8859-1',   'iso8859-1',    'iso-8859-5',   'iso8859-5',
+        'iso-8859-15',  'iso8859-15',   'utf-8',        'cp866',
+        'ibm866',       '866',          'cp1251',       'windows-1251',
+        'win-1251',     '1251',         'cp1252',       'windows-1252',
+        '1252',         'koi8-r',       'koi8-ru',      'koi8r',
+        'big5',         '950',          'gb2312',       '936',
+        'big5-hkscs',   'shift_jis',    'sjis',         'sjis-win',
+        'cp932',        '932',          'euc-jp',       'eucjp',
+        'eucjp-win',    'macroman'
+    );
+
+
     public function setUp()
     {
         $this->helper = new EscapeHelper;
@@ -20,8 +34,8 @@ public function testUsesUtf8EncodingByDefault()
 
     public function testEncodingIsMutable()
     {
-        $this->helper->setEncoding('ASCII');
-        $this->assertEquals('ASCII', $this->helper->getEncoding());
+        $this->helper->setEncoding('BIG5-HKSCS');
+        $this->assertEquals('BIG5-HKSCS', $this->helper->getEncoding());
     }
 
     public function testDefaultCallbackIsDefined()
@@ -32,7 +46,7 @@ public function testDefaultCallbackIsDefined()
 
     public function testCallbackIsMutable()
     {
-        $this->helper->setCallback('strip_tags');
+        $this->helper->setCallback('strip_tags'); // Don't do this at home ;)
         $this->assertEquals('strip_tags', $this->helper->getCallback());
     }
 
@@ -136,4 +150,37 @@ public function testCanRecurseObjectProperties()
         $test = $this->helper->__invoke($object, EscapeHelper::RECURSE_OBJECT);
         $this->assertEquals($expected, $test);
     }
+
+    /**
+     * @expectedException \Zend\View\Exception\InvalidArgumentException
+     * 
+     * PHP 5.3 instates default encoding on empty string instead of the expected
+     * warning level error for htmlspecialchars() encoding param. PHP 5.4 attempts
+     * to guess the encoding or take it from php.ini default_charset when an empty
+     * string is set. Both are insecure behaviours.
+     */
+    public function testSettingEncodingToEmptyStringShouldThrowException()
+    {
+        $this->helper->setEncoding('');
+    }
+
+    public function testSettingValidEncodingShouldNotThrowExceptions()
+    {
+        foreach ($this->supportedEncodings as $value) {
+            $this->helper->setEncoding($value);
+        }
+    }
+
+    /**
+     * @expectedException \Zend\View\Exception\InvalidArgumentException
+     * 
+     * All versions of PHP - when an invalid encoding is set on htmlspecialchars()
+     * a warning level error is issued and escaping continues with the default encoding
+     * for that PHP version. Preventing the continuation behaviour offsets display_errors
+     * off in production env.
+     */
+    public function testSettingEncodingToInvalidValueShouldThrowException()
+    {
+        $this->helper->setEncoding('completely-invalid');
+    }
 }