From e727bdcde63804a308103adeaa2637c5ee1ebdc8 Mon Sep 17 00:00:00 2001 From: "Rafael G. Martins" Date: Tue, 29 Dec 2015 00:39:01 +0100 Subject: template-parser: do not accept variables startins with numbers and _ --- src/template-parser.c | 19 +++++------ tests/check_template_parser.c | 74 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 83 insertions(+), 10 deletions(-) diff --git a/src/template-parser.c b/src/template-parser.c index e5c750e..030ecca 100644 --- a/src/template-parser.c +++ b/src/template-parser.c @@ -338,21 +338,22 @@ blogc_template_parse(const char *src, size_t src_len, blogc_error_t **err) case TEMPLATE_BLOCK_IF_OPERAND_START: if (c == ' ') break; - if ((c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '_') { + if (c >= 'A' && c <= 'Z') { state = TEMPLATE_BLOCK_IF_VARIABLE_OPERAND; start2 = current; break; } - if (c != '"') { - op_start = 0; - op_end = 0; - *err = blogc_error_parser(BLOGC_ERROR_TEMPLATE_PARSER, src, - src_len, current, - "Invalid 'if' operand. Must be double-quoted static string."); + if (c == '"') { + state = TEMPLATE_BLOCK_IF_STRING_OPERAND; + start2 = current; break; } - state = TEMPLATE_BLOCK_IF_STRING_OPERAND; - start2 = current; + op_start = 0; + op_end = 0; + *err = blogc_error_parser(BLOGC_ERROR_TEMPLATE_PARSER, src, + src_len, current, + "Invalid 'if' operand. Must be double-quoted static " + "string or variable."); break; case TEMPLATE_BLOCK_IF_STRING_OPERAND: diff --git a/tests/check_template_parser.c b/tests/check_template_parser.c index 6aaceed..145a27e 100644 --- a/tests/check_template_parser.c +++ b/tests/check_template_parser.c @@ -569,6 +569,23 @@ test_template_parse_invalid_ifdef_variable(void **state) } +static void +test_template_parse_invalid_ifdef_variable2(void **state) +{ + const char *a = "{% block entry %}{% ifdef 0123 %}\n"; + blogc_error_t *err = NULL; + b_slist_t *stmts = blogc_template_parse(a, strlen(a), &err); + assert_non_null(err); + assert_null(stmts); + assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER); + assert_string_equal(err->msg, + "Invalid variable name. Must begin with uppercase letter.\n" + "Error occurred near line 1, position 27: " + "{% block entry %}{% ifdef 0123 %}"); + blogc_error_free(err); +} + + static void test_template_parse_invalid_foreach_variable(void **state) { @@ -586,6 +603,23 @@ test_template_parse_invalid_foreach_variable(void **state) } +static void +test_template_parse_invalid_foreach_variable2(void **state) +{ + const char *a = "{% block entry %}{% foreach 0123 %}\n"; + blogc_error_t *err = NULL; + b_slist_t *stmts = blogc_template_parse(a, strlen(a), &err); + assert_non_null(err); + assert_null(stmts); + assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER); + assert_string_equal(err->msg, + "Invalid foreach variable name. Must begin with uppercase letter.\n" + "Error occurred near line 1, position 29: {% block entry %}" + "{% foreach 0123 %}"); + blogc_error_free(err); +} + + static void test_template_parse_invalid_if_operator(void **state) { @@ -613,7 +647,7 @@ test_template_parse_invalid_if_operand(void **state) assert_null(stmts); assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER); assert_string_equal(err->msg, - "Invalid 'if' operand. Must be double-quoted static string.\n" + "Invalid 'if' operand. Must be double-quoted static string or variable.\n" "Error occurred near line 1, position 32: " "{% block entry %}{% if BOLA == asd %}"); blogc_error_free(err); @@ -637,6 +671,23 @@ test_template_parse_invalid_if_operand2(void **state) } +static void +test_template_parse_invalid_if_operand3(void **state) +{ + const char *a = "{% block entry %}{% if BOLA == 0123 %}\n"; + blogc_error_t *err = NULL; + b_slist_t *stmts = blogc_template_parse(a, strlen(a), &err); + assert_non_null(err); + assert_null(stmts); + assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER); + assert_string_equal(err->msg, + "Invalid 'if' operand. Must be double-quoted static string or variable.\n" + "Error occurred near line 1, position 32: " + "{% block entry %}{% if BOLA == 0123 %}"); + blogc_error_free(err); +} + + static void test_template_parse_invalid_block_end(void **state) { @@ -687,6 +738,23 @@ test_template_parse_invalid_variable_name2(void **state) } +static void +test_template_parse_invalid_variable_name3(void **state) +{ + const char *a = "{% block entry %}{{ 0123 }}{% endblock %}\n"; + blogc_error_t *err = NULL; + b_slist_t *stmts = blogc_template_parse(a, strlen(a), &err); + assert_non_null(err); + assert_null(stmts); + assert_int_equal(err->type, BLOGC_ERROR_TEMPLATE_PARSER); + assert_string_equal(err->msg, + "Invalid variable name. Must begin with uppercase letter.\n" + "Error occurred near line 1, position 21: {% block entry %}{{ 0123 }}" + "{% endblock %}"); + blogc_error_free(err); +} + + static void test_template_parse_invalid_variable_end(void **state) { @@ -800,13 +868,17 @@ main(void) unit_test(test_template_parse_invalid_ifdef_start), unit_test(test_template_parse_invalid_foreach_start), unit_test(test_template_parse_invalid_ifdef_variable), + unit_test(test_template_parse_invalid_ifdef_variable2), unit_test(test_template_parse_invalid_foreach_variable), + unit_test(test_template_parse_invalid_foreach_variable2), unit_test(test_template_parse_invalid_if_operator), unit_test(test_template_parse_invalid_if_operand), unit_test(test_template_parse_invalid_if_operand2), + unit_test(test_template_parse_invalid_if_operand3), unit_test(test_template_parse_invalid_block_end), unit_test(test_template_parse_invalid_variable_name), unit_test(test_template_parse_invalid_variable_name2), + unit_test(test_template_parse_invalid_variable_name3), unit_test(test_template_parse_invalid_variable_end), unit_test(test_template_parse_invalid_close), unit_test(test_template_parse_invalid_close2), -- cgit v1.2.3-18-g5258