Merge pull request #2169 from markstory/3.0-view-cleanup

3.0 Clean up Helper a bit

Cake/Test/TestCase/View/Helper/HtmlHelperTest.php

@@ -1070,7 +1070,7 @@ class HtmlHelperTest extends TestCase {
 		$testfile = WWW_ROOT . 'theme/test_theme/js/__test_js.js';
 		new File($testfile, true);
 
-		$this->Html->webroot = '/';
+		$this->Html->request->webroot = '/';
 		$this->Html->theme = 'test_theme';
 		$result = $this->Html->script('__test_js.js');
 		$expected = array(

Cake/Test/TestCase/View/HelperTest.php

@@ -824,34 +824,6 @@ class HelperTest extends TestCase {
 	}
 
 /**
- * testClean method
- *
- * @return void
- */
-	public function testClean() {
-		$result = $this->Helper->clean(array());
-		$this->assertEquals(null, $result);
-
-		$result = $this->Helper->clean(array('<script>with something</script>', '<applet>something else</applet>'));
-		$this->assertEquals(array('with something', 'something else'), $result);
-
-		$result = $this->Helper->clean('<script>with something</script>');
-		$this->assertEquals('with something', $result);
-
-		$result = $this->Helper->clean('<script type="text/javascript">alert("ruined");</script>');
-		$this->assertNotRegExp('#</*script#', $result);
-
-		$result = $this->Helper->clean("<script \ntype=\"text/javascript\">\n\talert('ruined');\n\n\t\t</script>");
-		$this->assertNotRegExp('#</*script#', $result);
-
-		$result = $this->Helper->clean('<body/onload=do(/something/)>');
-		$this->assertEquals('<body/>', $result);
-
-		$result = $this->Helper->clean('&lt;script&gt;alert(document.cookie)&lt;/script&gt;');
-		$this->assertEquals('&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;', $result);
-	}
-
-/**
  * testMultiDimensionalField method
  *
  * @return void

Cake/Test/TestCase/View/ViewTest.php

@@ -397,7 +397,7 @@ class ViewTest extends TestCase {
 
 		$View = new TestView($this->Controller);
 		$paths = $View->paths();
-		$expected = array_merge(App::path('View'), App::core('View'), App::core('Console/Templates/skel/View'));
+		$expected = array_merge(App::path('View'), App::core('View'));
 		$this->assertEquals($expected, $paths);
 
 		$paths = $View->paths('TestPlugin');
@@ -407,7 +407,6 @@ class ViewTest extends TestCase {
 			$pluginPath . 'View' . DS,
 			CAKE . 'Test' . DS . 'TestApp' . DS . 'View' . DS,
 			CAKE . 'View' . DS,
-			CAKE . 'Console' . DS . 'Templates' . DS . 'skel' . DS . 'View' . DS
 		);
 		$this->assertEquals($expected, $paths);
 	}

Cake/View/Helper.php

@@ -107,20 +107,6 @@ class Helper extends Object implements EventListener {
 	public $tags = array();
 
 /**
- * Holds the content to be cleaned.
- *
- * @var mixed
- */
-	protected $_tainted = null;
-
-/**
- * Holds the cleaned content.
- *
- * @var mixed
- */
-	protected $_cleaned = null;
-
-/**
  * The View instance this helper is attached to
  *
  * @var View
@@ -216,7 +202,7 @@ class Helper extends Object implements EventListener {
 	}
 
 /**
- * Lazy loads helpers. Provides access to deprecated request properties as well.
+ * Lazy loads helpers.
  *
  * @param string $name Name of the property being accessed.
  * @return mixed Helper or property found at $name
@@ -229,39 +215,6 @@ class Helper extends Object implements EventListener {
 		if (isset($this->{$name})) {
 			return $this->{$name};
 		}
-		switch ($name) {
-			case 'base':
-			case 'here':
-			case 'webroot':
-			case 'data':
-				return $this->request->{$name};
-			case 'action':
-				return isset($this->request->params['action']) ? $this->request->params['action'] : '';
-			case 'params':
-				return $this->request;
-		}
-	}
-
-/**
- * Provides backwards compatibility access for setting values to the request object.
- *
- * @param string $name Name of the property being accessed.
- * @param mixed $value
- * @return void
- */
-	public function __set($name, $value) {
-		switch ($name) {
-			case 'base':
-			case 'here':
-			case 'webroot':
-			case 'data':
-				$this->request->{$name} = $value;
-				return;
-			case 'action':
-				$this->request->params['action'] = $value;
-				return;
-		}
-		$this->{$name} = $value;
 	}
 
 /**
@@ -422,30 +375,6 @@ class Helper extends Object implements EventListener {
 	}
 
 /**
- * Used to remove harmful tags from content. Removes a number of well known XSS attacks
- * from content. However, is not guaranteed to remove all possibilities. Escaping
- * content is the best way to prevent all possible attacks.
- *
- * @param string|array $output Either an array of strings to clean or a single string to clean.
- * @return string|array cleaned content for output
- */
-	public function clean($output) {
-		$this->_reset();
-		if (empty($output)) {
-			return null;
-		}
-		if (is_array($output)) {
-			foreach ($output as $key => $value) {
-				$return[$key] = $this->clean($value);
-			}
-			return $return;
-		}
-		$this->_tainted = $output;
-		$this->_clean();
-		return $this->_cleaned;
-	}
-
-/**
  * Returns a space-delimited string with items of the $options array. If a key
  * of $options array happens to be one of those listed in `Helper::$_minimizedAttributes`
  *
@@ -818,19 +747,6 @@ class Helper extends Object implements EventListener {
 	}
 
 /**
- * Returns a string generated by a helper method
- *
- * This method can be overridden in subclasses to do generalized output post-processing
- *
- * @param string $str String to be output.
- * @return string
- * @deprecated This method will be removed in future versions.
- */
-	public function output($str) {
-		return $str;
-	}
-
-/**
  * Get the View callbacks this helper is interested in.
  *
  * By defining one of the callback methods a helper is assumed
@@ -888,41 +804,4 @@ class Helper extends Object implements EventListener {
 		return empty($array) ? null : $array;
 	}
 
-/**
- * Resets the vars used by Helper::clean() to null
- *
- * @return void
- */
-	protected function _reset() {
-		$this->_tainted = null;
-		$this->_cleaned = null;
-	}
-
-/**
- * Removes harmful content from output
- *
- * @return void
- */
-	protected function _clean() {
-		$this->_cleaned = $this->_tainted;
-		$this->_cleaned = str_replace(array("&", "<", ">"), array("&", "<", ">"), $this->_cleaned);
-		$this->_cleaned = preg_replace('#(&\#*\w+)[\x00-\x20]+;#u', "$1;", $this->_cleaned);
-		$this->_cleaned = preg_replace('#(&\#x*)([0-9A-F]+);*#iu', "$1$2;", $this->_cleaned);
-		$this->_cleaned = html_entity_decode($this->_cleaned, ENT_COMPAT, "UTF-8");
-		$this->_cleaned = preg_replace('#(<[^>]+[\x00-\x20\"\'\/])(on|xmlns)[^>]*>#iUu', "$1>", $this->_cleaned);
-		$this->_cleaned = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu', '$1=$2nojavascript...', $this->_cleaned);
-		$this->_cleaned = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu', '$1=$2novbscript...', $this->_cleaned);
-		$this->_cleaned = preg_replace('#([a-z]*)[\x00-\x20]*=*([\'\"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#iUu', '$1=$2nomozbinding...', $this->_cleaned);
-		$this->_cleaned = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*data[\x00-\x20]*:#Uu', '$1=$2nodata...', $this->_cleaned);
-		$this->_cleaned = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU', "$1>", $this->_cleaned);
-		$this->_cleaned = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU', "$1>", $this->_cleaned);
-		$this->_cleaned = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu', "$1>", $this->_cleaned);
-		$this->_cleaned = preg_replace('#</*\w+:\w[^>]*>#i', "", $this->_cleaned);
-		do {
-			$oldstring = $this->_cleaned;
-			$this->_cleaned = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $this->_cleaned);
-		} while ($oldstring !== $this->_cleaned);
-		$this->_cleaned = str_replace(array("&amp;", "&lt;", "&gt;"), array("&amp;amp;", "&amp;lt;", "&amp;gt;"), $this->_cleaned);
-	}
-
 }

Cake/View/View.php

@@ -1042,7 +1042,7 @@ class View extends Object {
 		}
 		$paths = array();
 		$viewPaths = App::path('View');
-		$corePaths = array_merge(App::core('View'), App::core('Console/Templates/skel/View'));
+		$corePaths = App::core('View');
 
 		if (!empty($plugin)) {
 			$count = count($viewPaths);