diff --git a/core/modules/dblog/src/Controller/DbLogController.php b/core/modules/dblog/src/Controller/DbLogController.php index 3e98512..9c5156e 100644 --- a/core/modules/dblog/src/Controller/DbLogController.php +++ b/core/modules/dblog/src/Controller/DbLogController.php @@ -7,6 +7,7 @@ namespace Drupal\dblog\Controller; +use Drupal\Component\Utility\SafeMarkup; use Drupal\Component\Utility\Unicode; use Drupal\Component\Utility\String; use Drupal\Component\Utility\Xss; @@ -271,7 +272,7 @@ public function eventDetails($event_id) { ), array( array('data' => $this->t('Operations'), 'header' => TRUE), - $dblog->link, + SafeMarkup::set($dblog->link), ), ); $build['dblog_table'] = array( diff --git a/core/modules/dblog/src/Tests/DbLogTest.php b/core/modules/dblog/src/Tests/DbLogTest.php index 4dc37e4..6d4d2bc 100644 --- a/core/modules/dblog/src/Tests/DbLogTest.php +++ b/core/modules/dblog/src/Tests/DbLogTest.php @@ -65,6 +65,7 @@ function testDbLog() { $this->verifyEvents(); $this->verifyReports(); $this->verifyBreadcrumbs(); + $this->verifyLinkEscaping(); // Login the regular user. $this->drupalLogin($this->any_user); @@ -97,7 +98,7 @@ private function verifyRowLimit($row_limit) { */ private function verifyCron($row_limit) { // Generate additional log entries. - $this->generateLogEntries($row_limit + 10); + $this->generateLogEntries($row_limit + 10, 'Log entry added to test the dblog row limit.'); // Verify that the database log row count exceeds the row limit. $count = db_query('SELECT COUNT(wid) FROM {watchdog}')->fetchField(); $this->assertTrue($count > $row_limit, format_string('Dblog row count of @count exceeds row limit of @limit', array('@count' => $count, '@limit' => $row_limit))); @@ -120,16 +121,16 @@ private function verifyCron($row_limit) { * @param int $severity * (optional) The severity of the watchdog entry. Defaults to WATCHDOG_NOTICE. */ - private function generateLogEntries($count, $type = 'custom', $severity = WATCHDOG_NOTICE) { + private function generateLogEntries($count, $message, $type = 'custom', $severity = WATCHDOG_NOTICE, $link = NULL) { global $base_root; // Prepare the fields to be logged $log = array( 'channel' => $type, - 'message' => 'Log entry added to test the dblog row limit.', + 'message' => $message, 'variables' => array(), 'severity' => $severity, - 'link' => NULL, + 'link' => $link, 'user' => $this->big_user, 'uid' => $this->big_user->id(), 'request_uri' => $base_root . request_uri(), @@ -137,9 +138,9 @@ private function generateLogEntries($count, $type = 'custom', $severity = WATCHD 'ip' => '127.0.0.1', 'timestamp' => REQUEST_TIME, ); - $message = 'Log entry added to test the dblog row limit. Entry #'; + $row_message = $message . ' Entry #'; for ($i = 0; $i < $count; $i++) { - $log['message'] = $message . $i; + $log['message'] = $row_message . $i; $this->container->get('logger.dblog')->log($severity, $log['message'], $log); } } @@ -218,6 +219,22 @@ private function verifyEvents() { } /** + * Test the escaping of links in the operation row of a database log detail + * page. + */ + private function verifyLinkEscaping() { + $link = 'View'; + $message = 'Log entry added to do the verifyLinkEscaping test.'; + $this->generateLogEntries(1, $message, 'custom', WATCHDOG_NOTICE, $link); + + $result = db_query_range('SELECT wid FROM {watchdog} ORDER BY wid DESC', 0, 1); + $this->drupalGet('admin/reports/dblog/event/' . $result->fetchField()); + + // Check if the link exists (unescaped). + $this->assertRaw($link); + } + + /** * Generates and then verifies some user events. */ private function doUser() { @@ -419,21 +436,8 @@ protected function testDBLogAddAndClear() { global $base_root; // Get a count of how many watchdog entries already exist. $count = db_query('SELECT COUNT(*) FROM {watchdog}')->fetchField(); - $log = array( - 'channel' => 'system', - 'message' => 'Log entry added to test the doClearTest clear down.', - 'variables' => array(), - 'severity' => WATCHDOG_NOTICE, - 'link' => NULL, - 'user' => $this->big_user, - 'uid' => $this->big_user->id(), - 'request_uri' => $base_root . request_uri(), - 'referer' => \Drupal::request()->server->get('HTTP_REFERER'), - 'ip' => '127.0.0.1', - 'timestamp' => REQUEST_TIME, - ); - // Add a watchdog entry. - $this->container->get('logger.dblog')->log($log['severity'], $log['message'], $log); + $this->generateLogEntries(1, 'Log entry added to test the doClearTest clear down.', 'system'); + // Make sure the table count has actually been incremented. $this->assertEqual($count + 1, db_query('SELECT COUNT(*) FROM {watchdog}')->fetchField(), format_string('dblog_watchdog() added an entry to the dblog :count', array(':count' => $count))); // Login the admin user. @@ -468,7 +472,7 @@ protected function testFilter() { 'type' => $type_name, 'severity' => $severity++, ); - $this->generateLogEntries($type['count'], $type['type'], $type['severity']); + $this->generateLogEntries($type['count'], "Log entry for filter test.", $type['type'], $type['severity']); } }