diff --git a/app/helpers/content_viewer_helper.rb b/app/helpers/content_viewer_helper.rb index 486b2ea..8fc4960 100644 --- a/app/helpers/content_viewer_helper.rb +++ b/app/helpers/content_viewer_helper.rb @@ -30,10 +30,6 @@ module ContentViewerHelper link_to( number_of_comments(article), article.url.merge(:anchor => 'comments_list') ) end - def image_label(image) - image.title.first(40) + (image.title.size > 40 ? '…' : '') - end - def article_translations(article) unless article.native_translation.translations.empty? links = (article.native_translation.translations + [article.native_translation]).map do |translation| diff --git a/app/models/uploaded_file.rb b/app/models/uploaded_file.rb index ef23258..029929b 100644 --- a/app/models/uploaded_file.rb +++ b/app/models/uploaded_file.rb @@ -9,6 +9,8 @@ class UploadedFile < Article include ShortFilename settings_items :title, :type => 'string' + xss_terminate :only => [ :title ] + def title_with_default title_without_default || short_filename(name, 60) end diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb index 52c6b05..5aa1cc2 100644 --- a/test/functional/content_viewer_controller_test.rb +++ b/test/functional/content_viewer_controller_test.rb @@ -875,17 +875,24 @@ class ContentViewerControllerTest < Test::Unit::TestCase assert_no_tag :tag => 'a', :content => 'Upload files', :attributes => {:href => /parent_id=#{b.id}/} end - should 'show only first 40 chars of abstract in image gallery' do + should 'display title of image on image gallery' do login_as(profile.identifier) - folder = Gallery.create!(:name => 'gallery', :profile => profile) - file = UploadedFile.create!(:profile => profile, :parent => folder, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png')) + folder = fast_create(Gallery, :profile_id => profile.id) + file = UploadedFile.create!(:title => 'my img title', :profile => profile, :parent => folder, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png')) + + get :view_page, :profile => profile.identifier, :page => folder.explode_path - file.abstract = 'a long abstract bigger then 40 chars for testing' - file.save! + assert_tag :tag => 'li', :attributes => {:title => 'my img title', :class => 'image-gallery-item'}, :child => {:tag => 'span', :content => 'my img title'} + end + + should 'not allow html on title of the images' do + login_as(profile.identifier) + folder = fast_create(Gallery, :profile_id => profile.id) + file = UploadedFile.create!(:title => 'my img title', :profile => profile, :parent => folder, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png')) get :view_page, :profile => profile.identifier, :page => folder.explode_path - assert_tag :tag => 'li', :attributes => {:class => 'image-gallery-item'}, :child => {:tag => 'span', :content => 'a long abstract bigger then 40 chars for…'} + assert_tag :tag => 'li', :attributes => {:title => 'my img title', :class => 'image-gallery-item'}, :child => {:tag => 'span', :content => 'my img title'} end should 'allow publisher owner view private articles' do diff --git a/test/integration/gallery_test.rb b/test/integration/gallery_test.rb deleted file mode 100644 index b575eea..0000000 --- a/test/integration/gallery_test.rb +++ /dev/null @@ -1,36 +0,0 @@ -require File.dirname(__FILE__) + '/../test_helper' - -class GalleryTest < ActionController::IntegrationTest - - def setup - p = create_user('test_user').person - g = fast_create(Gallery, :profile_id => p.id, :path => 'pics') - image = UploadedFile.create!( - :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'), - :parent => g, - :profile => p, - :title => 'my img1 title', - :abstract => 'my img1 long description' - ) - image = UploadedFile.create!( - :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'), - :parent => g, - :profile => p, - :title => '', - :abstract => 'that is my picture description' - ) - get '/test_user/pics' - end - - should 'display the title of the images when listing' do - assert_tag :tag => 'li', :attributes => { :title => 'my img1 title' } - assert_select '.image-gallery-item span', 'my img1 title' - assert_no_match(/my img1 long description/, @response.body) - end - - should 'scape the title of the images' do - assert_select '.image-gallery-item:first-child span', - '<b must scape title>' - end - -end -- libgit2 0.21.2