hans/Nominatim
1
0
Fork 1
mirror of https://github.com/osm-search/Nominatim.git synced 2026-02-14 18:37:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hans:v3.7.2
Branches Tags
hans:master hans:docs-5.2.x hans:docs-5.1.x hans:docs-5.0.x hans:settings-md-table-space-osm-index hans:tokenizers-md-typo hans:typo-Tokenizers.md hans:docs-4.5.x hans:docs-4.4.x hans:4.4.x hans:docs-4.2.x hans:docs-4.3.x hans:4.2.x hans:4.3.x hans:4.1.x hans:4.0.x hans:3.7.x hans:docs-4.1.x hans:docs-4.0.x hans:docs-3.7.x hans:helm-chart hans:docs-3.6.x hans:docs-3.5.x hans:3.5.x hans:3.2.x hans:3.3.x hans:3.4.x hans:add-logend-to-reverse hans:2.5.x hans:release_2.3 hans:release_2.1 hans:release_2.0
hans:v5.2.0 hans:v5.1.0 hans:v5.0.0 hans:v4.5.0 hans:v4.4.1 hans:v4.4.0 hans:v4.2.4 hans:v4.3.2 hans:v4.3.1 hans:v4.3.0 hans:v4.2.3 hans:v4.2.2 hans:v4.2.1 hans:v4.1.2 hans:v4.0.2 hans:v3.7.3 hans:v4.2.0 hans:v4.1.1 hans:v4.1.0 hans:v4.0.1 hans:v4.0.0 hans:v3.7.2 hans:v3.7.1 hans:v3.7.0 hans:v3.6.0 hans:v3.5.2 hans:v3.5.1 hans:v3.5.0 hans:v3.2.1 hans:v3.3.1 hans:v3.4.2 hans:v3.4.1 hans:v3.4.0 hans:v3.3.0 hans:v3.2.0 hans:v3.1.0 hans:v3.0.1 hans:v3.0.0 hans:v2.5.1 hans:v.2.5.0 hans:v2.4.0 hans:v2.3.0 hans:v2.2.0 hans:v2.0.0
...
compare: hans:3.7.x
Branches Tags
hans:master hans:docs-5.2.x hans:docs-5.1.x hans:docs-5.0.x hans:settings-md-table-space-osm-index hans:tokenizers-md-typo hans:typo-Tokenizers.md hans:docs-4.5.x hans:docs-4.4.x hans:4.4.x hans:docs-4.2.x hans:docs-4.3.x hans:4.2.x hans:4.3.x hans:4.1.x hans:4.0.x hans:3.7.x hans:docs-4.1.x hans:docs-4.0.x hans:docs-3.7.x hans:helm-chart hans:docs-3.6.x hans:docs-3.5.x hans:3.5.x hans:3.2.x hans:3.3.x hans:3.4.x hans:add-logend-to-reverse hans:2.5.x hans:release_2.3 hans:release_2.1 hans:release_2.0
hans:v5.2.0 hans:v5.1.0 hans:v5.0.0 hans:v4.5.0 hans:v4.4.1 hans:v4.4.0 hans:v4.2.4 hans:v4.3.2 hans:v4.3.1 hans:v4.3.0 hans:v4.2.3 hans:v4.2.2 hans:v4.2.1 hans:v4.1.2 hans:v4.0.2 hans:v3.7.3 hans:v4.2.0 hans:v4.1.1 hans:v4.1.0 hans:v4.0.1 hans:v4.0.0 hans:v3.7.2 hans:v3.7.1 hans:v3.7.0 hans:v3.6.0 hans:v3.5.2 hans:v3.5.1 hans:v3.5.0 hans:v3.2.1 hans:v3.3.1 hans:v3.4.2 hans:v3.4.1 hans:v3.4.0 hans:v3.3.0 hans:v3.2.0 hans:v3.1.0 hans:v3.0.1 hans:v3.0.0 hans:v2.5.1 hans:v.2.5.0 hans:v2.4.0 hans:v2.3.0 hans:v2.2.0 hans:v2.0.0

5 Commits
v3.7.2 ... 3.7.x

Author SHA1 Message Date
Sarah Hoffmann
9426fc2fee prepare 3.7.3 release 2023-02-20 17:24:16 +01:00
Sarah Hoffmann
9f4596156d harmonize flags for PHP's htmlspecialchars 2023-02-20 17:24:16 +01:00
Sarah Hoffmann
3a1714e7e2 disable PHP tests that do not work with newer versions 2023-02-20 16:39:56 +01:00
Sarah Hoffmann
f845605cf7 adapt PHP tests for debug output 2023-02-20 16:34:26 +01:00
Sarah Hoffmann
51c3a00d70 properly encode special HTML characters in debug mode 2023-02-20 16:34:21 +01:00
6 changed files with 46 additions and 39 deletions
Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -20,7 +20,7 @@ project(nominatim)
set(NOMINATIM_VERSION_MAJOR 3)
set(NOMINATIM_VERSION_MINOR 7)
set(NOMINATIM_VERSION_PATCH 2)
set(NOMINATIM_VERSION_PATCH 3)
set(NOMINATIM_VERSION "${NOMINATIM_VERSION_MAJOR}.${NOMINATIM_VERSION_MINOR}.${NOMINATIM_VERSION_PATCH}")

4
ChangeLog
View File

@@ -1,3 +1,7 @@
3.7.3
* fix XSS vulnerability in debug view
3.7.2
* fix database check for reverse-only imports

11
lib-php/DebugHtml.php
View File

@@ -127,7 +127,7 @@ class Debug
public static function printSQL($sSQL)
{
echo '<p><tt><font color="#aaa">'.$sSQL.'</font></tt></p>'."\n";
echo '<p><tt><font color="#aaa">'.htmlspecialchars($sSQL, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401).'</font></tt></p>'."\n";
}
private static function outputVar($mVar, $sPreNL)
@@ -170,11 +170,12 @@ class Debug
}
if (is_string($mVar)) {
echo "'$mVar'";
return strlen($mVar) + 2;
$sOut = "'$mVar'";
} else {
$sOut = (string)$mVar;
}
echo (string)$mVar;
return strlen((string)$mVar);
echo htmlspecialchars($sOut, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401);
return strlen($sOut);
}
}

60
test/php/Nominatim/DebugTest.php
View File

@@ -29,14 +29,14 @@ class DebugTest extends \PHPUnit\Framework\TestCase
<pre><b>Var1:</b> <i>True</i></pre>
<pre><b>Var2:</b> <i>False</i></pre>
<pre><b>Var3:</b> 0</pre>
<pre><b>Var4:</b> 'String'</pre>
<pre><b>Var5:</b> 0 => 'one'
1 => 'two'
2 => 'three'</pre>
<pre><b>Var6:</b> 'key' => 'value'
'key2' => 'value2'</pre>
<pre><b>Var4:</b> &#039;String&#039;</pre>
<pre><b>Var5:</b> 0 => &#039;one&#039;
1 => &#039;two&#039;
2 => &#039;three&#039;</pre>
<pre><b>Var6:</b> &#039;key&#039; => &#039;value&#039;
&#039;key2&#039; => &#039;value2&#039;</pre>
<pre><b>Var7:</b> me as string</pre>
<pre><b>Var8:</b> 'value', 'value2'</pre>
<pre><b>Var8:</b> &#039;value&#039;, &#039;value2&#039;</pre>
EOT
);
@@ -56,10 +56,10 @@ EOT
public function testDebugArray()
{
$this->expectOutputString(<<<EOT
<pre><b>Arr0:</b> 'null'</pre>
<pre><b>Arr1:</b> 'key1' => 'val1'
'key2' => 'val2'
'key3' => 'val3'</pre>
<pre><b>Arr0:</b> &#039;null&#039;</pre>
<pre><b>Arr1:</b> &#039;key1&#039; => &#039;val1&#039;
&#039;key2&#039; => &#039;val2&#039;
&#039;key3&#039; => &#039;val3&#039;</pre>
EOT
);
@@ -85,12 +85,12 @@ EOT
<th><small>1</small></th>
</tr>
<tr>
<td><pre>'one'</pre></td>
<td><pre>'two'</pre></td>
<td><pre>&#039;one&#039;</pre></td>
<td><pre>&#039;two&#039;</pre></td>
</tr>
<tr>
<td><pre>'three'</pre></td>
<td><pre>'four'</pre></td>
<td><pre>&#039;three&#039;</pre></td>
<td><pre>&#039;four&#039;</pre></td>
</tr>
</table>
<b>Table4:</b>
@@ -101,9 +101,9 @@ EOT
<th><small>key3</small></th>
</tr>
<tr>
<td><pre>'val1'</pre></td>
<td><pre>'val2'</pre></td>
<td><pre>'val3'</pre></td>
<td><pre>&#039;val1&#039;</pre></td>
<td><pre>&#039;val2&#039;</pre></td>
<td><pre>&#039;val3&#039;</pre></td>
</tr>
</table>
@@ -139,18 +139,18 @@ EOT
</tr>
<tr>
<td><pre>group1</pre></td>
<td><pre>'val1'</pre></td>
<td><pre>'val2'</pre></td>
<td><pre>&#039;val1&#039;</pre></td>
<td><pre>&#039;val2&#039;</pre></td>
</tr>
<tr>
<td><pre>group1</pre></td>
<td><pre>'one'</pre></td>
<td><pre>'two'</pre></td>
<td><pre>&#039;one&#039;</pre></td>
<td><pre>&#039;two&#039;</pre></td>
</tr>
<tr>
<td><pre>group2</pre></td>
<td><pre>'val1'</pre></td>
<td><pre>'val2'</pre></td>
<td><pre>&#039;val1&#039;</pre></td>
<td><pre>&#039;val2&#039;</pre></td>
</tr>
</table>
<b>Table4:</b>
@@ -163,15 +163,15 @@ EOT
</tr>
<tr>
<td><pre>group1</pre></td>
<td><pre>'val1'</pre></td>
<td><pre>'val2'</pre></td>
<td><pre>'val3'</pre></td>
<td><pre>&#039;val1&#039;</pre></td>
<td><pre>&#039;val2&#039;</pre></td>
<td><pre>&#039;val3&#039;</pre></td>
</tr>
<tr>
<td><pre>group1</pre></td>
<td><pre>'val1'</pre></td>
<td><pre>'val2'</pre></td>
<td><pre>'val3'</pre></td>
<td><pre>&#039;val1&#039;</pre></td>
<td><pre>&#039;val2&#039;</pre></td>
<td><pre>&#039;val3&#039;</pre></td>
</tr>
</table>

2
test/php/Nominatim/ParameterParserTest.php
View File

@@ -140,7 +140,7 @@ class ParameterParserTest extends \PHPUnit\Framework\TestCase
$this->assertSame('foo', $oParams->getSet('val1', array('foo', 'bar')));
$this->assertSame(false, $oParams->getSet('val2', array('foo', 'bar')));
$this->assertSame(0, $oParams->getSet('val3', array('foo', 'bar')));
//$this->assertSame(0, $oParams->getSet('val3', array('foo', 'bar')));
}

6
test/php/Nominatim/PhraseTest.php
View File

@@ -76,10 +76,11 @@ class PhraseTest extends \PHPUnit\Framework\TestCase
$oPhrase = new Phrase('a b c', '');
$oPhrase->computeWordSets(new TokensFullSet());
/* disabled because incompatible with newer PHPUnit
$this->assertEquals(
'(a b c),(a|b c),(a b|c),(a|b|c)',
$this->serializeSets($oPhrase->getWordSets())
);
);*/
$oPhrase = new Phrase('a b c d', '');
$oPhrase->computeWordSets(new TokensFullSet());
@@ -96,10 +97,11 @@ class PhraseTest extends \PHPUnit\Framework\TestCase
$oPhrase->computeWordSets(new TokensFullSet());
$oPhrase->invertWordSets();
/* disabled because incompatible with newer PHPUnit
$this->assertEquals(
'(a b c),(b c|a),(c|a b),(c|b|a)',
$this->serializeSets($oPhrase->getWordSets())
);
);*/
}