From ea8d7255af4061a73dcf2f2b858b2c86cc7f0e37 Mon Sep 17 00:00:00 2001 From: Simon Bear Date: Tue, 15 Jun 2021 16:12:58 +1000 Subject: [PATCH 1/4] Revent accidental replace of imageInstance with imageInstance.imageIdentifier --- grails-app/views/image/_coreImageMetadataFragment.gsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grails-app/views/image/_coreImageMetadataFragment.gsp b/grails-app/views/image/_coreImageMetadataFragment.gsp index 97c09f42..0fa3de40 100644 --- a/grails-app/views/image/_coreImageMetadataFragment.gsp +++ b/grails-app/views/image/_coreImageMetadataFragment.gsp @@ -28,7 +28,7 @@ - + From de0ff0234ccfd8358860030358f9775a4b4f4129 Mon Sep 17 00:00:00 2001 From: Simon Bear Date: Tue, 15 Jun 2021 16:16:20 +1000 Subject: [PATCH 2/4] Increment version for next development iteration --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index b2e5b7e8..89dccdd7 100644 --- a/build.gradle +++ b/build.gradle @@ -18,7 +18,7 @@ plugins { } -version "1.1.5" +version "1.2.0-SNAPSHOT" group "au.org.ala" From f15a5e645aaa6dece7e2f6d5f69d41e10695db2e Mon Sep 17 00:00:00 2001 From: Simon Bear Date: Tue, 15 Jun 2021 16:28:55 +1000 Subject: [PATCH 3/4] Fix sanitise call parameter order --- .../au/org/ala/images/SanitiserService.groovy | 2 +- .../au/org/ala/images/ImagesTagLib.groovy | 2 +- .../ala/images/SanitiserServiceSpec.groovy | 32 ++++++++++++++++++- 3 files changed, 33 insertions(+), 3 deletions(-) diff --git a/grails-app/services/au/org/ala/images/SanitiserService.groovy b/grails-app/services/au/org/ala/images/SanitiserService.groovy index b907c849..b98f2c93 100644 --- a/grails-app/services/au/org/ala/images/SanitiserService.groovy +++ b/grails-app/services/au/org/ala/images/SanitiserService.groovy @@ -44,7 +44,7 @@ class SanitiserService { * @return */ String sanitise(String input, String imageId, String propertyName) { - internalSanitise(policy, imageId, propertyName) + internalSanitise(policy, input, imageId, propertyName) } String truncateAndSanitise(String input, String imageId, String propertyName, int length) { diff --git a/grails-app/taglib/au/org/ala/images/ImagesTagLib.groovy b/grails-app/taglib/au/org/ala/images/ImagesTagLib.groovy index 837ffaff..a2e9d4f4 100644 --- a/grails-app/taglib/au/org/ala/images/ImagesTagLib.groovy +++ b/grails-app/taglib/au/org/ala/images/ImagesTagLib.groovy @@ -295,7 +295,7 @@ class ImagesTagLib { def result if (image && key) { if (length) { - result = sanitiserService.truncateAndSanitise(value, length, image, key) + result = sanitiserService.truncateAndSanitise(value, image, key, length) } else { result = sanitiserService.sanitise(value, image, key) } diff --git a/src/test/groovy/au/org/ala/images/SanitiserServiceSpec.groovy b/src/test/groovy/au/org/ala/images/SanitiserServiceSpec.groovy index 6dc6d549..ebfc3dcf 100644 --- a/src/test/groovy/au/org/ala/images/SanitiserServiceSpec.groovy +++ b/src/test/groovy/au/org/ala/images/SanitiserServiceSpec.groovy @@ -21,7 +21,22 @@ class SanitiserServiceSpec extends Specification implements ServiceUnitTesthello there

How are you?

' | 'hello there How are you?' } - void "text sanitisation with truncation"(String input, String output) { + void "test output == sanitised(input, imageId, key)"(String input, String output) { + + expect: + output == service.sanitise(input, '1234-1234-1234', 'creator') + + where: + input | output + 'Some Guy < some.guy@example.org >' | 'Some Guy < some.guy@example.org >' + 'A' | 'A' + 'A'| 'A' + '' | '' + '\\xss link\\' | '\\xss link\\' + '

hello there

How are you?

' | 'hello there How are you?' + } + + void "test sanitisation with truncation"(String input, String output) { expect: output == service.truncateAndSanitise(input, 10) @@ -35,4 +50,19 @@ class SanitiserServiceSpec extends Specification implements ServiceUnitTesthello there How are you?' | 'hello t...' 'hello there How are you?' | 'hello t...' } + + void "test sanitisation with truncation and context"(String input, String output) { + expect: + + output == service.truncateAndSanitise(input, '1234-1234-1234-1234', 'creator', 10) + + where: + input | output + '\'"&&&&&&&&&&"\'' | ''"&&&&&...' + 'hello there

How are you?' | 'hello t...' + '

hello there

How are you?

' | 'hello t...' + '

hello there How are you?

' | 'hello t...' + 'hello there How are you?' | 'hello t...' + 'hello there How are you?' | 'hello t...' + } } From 815cdf6288537ccbd2ac8982b4f1207a4e41129d Mon Sep 17 00:00:00 2001 From: Simon Bear Date: Tue, 15 Jun 2021 16:32:54 +1000 Subject: [PATCH 4/4] Release 1.1.5.1 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 89dccdd7..ea57bf2e 100644 --- a/build.gradle +++ b/build.gradle @@ -18,7 +18,7 @@ plugins { } -version "1.2.0-SNAPSHOT" +version "1.1.5.1" group "au.org.ala"