diff --git a/VERSIONS b/VERSIONS
index d232154f6d332104bff418152902bdfafda2dea9..c605d814d6edd973995a3f14168698b48774a16c 100644
--- a/VERSIONS
+++ b/VERSIONS
@@ -1,3 +1,12 @@
+05/11/2015 - v7.3.25
+
+ - ticket #31887 : Correction de la prise en charge de l'extension de recherche vers Gallica
+
+ - ticket #32179 : Correction de la vignette de notice qui s'ouvre dans un nouvel onglet
+
+ - ticket #32417 : Explorateur de fichiers : Corrige une erreur d'autorisation pour les fichiers dont le nom contient ".."
+
+
03/11/2015 - v7.3.24
- ticket #32361 : Correction de l'impossibilité de charger des images dans le gestionnaire de fichier
diff --git a/library/Class/FileManager.php b/library/Class/FileManager.php
index bdc26e83d14201a09fee035ebdb7ee030718402a..d3d16a926805496f69bd75385bd308d5914d83fd 100644
--- a/library/Class/FileManager.php
+++ b/library/Class/FileManager.php
@@ -21,9 +21,12 @@
class Class_FileManager {
public function isAuthorized($path) {
- return Class_Users::isCurrentUserCanAccesBackend()
- && false !== strpos($path, USERFILESURL)
- && false === strpos($path, '..');
+ if (!Class_Users::isCurrentUserCanAccesBackend()
+ || false === strpos($path, USERFILESURL))
+ return false;
+
+ $parts = explode('/', $path);
+ return !in_array('..', $parts);
}
}
diff --git a/library/ZendAfi/View/Helper/TagSearchExtension.php b/library/ZendAfi/View/Helper/TagSearchExtension.php
index 5dbd86ac584f7217aec1b0f52348af34d24a523c..285ac6a7084067a5ae732149b3903dcb651cdaae 100644
--- a/library/ZendAfi/View/Helper/TagSearchExtension.php
+++ b/library/ZendAfi/View/Helper/TagSearchExtension.php
@@ -60,8 +60,9 @@ class ZendAfi_View_Helper_TagSearchExtension extends ZendAfi_View_Helper_BaseHel
if (!$site_url || !$site_label)
return null;
+ $url = $this->_injectSearchTerm($site_url);
return $this->_tag('span',
- $this->view->tagAnchor($this->_injectSearchTerm($site_url),
+ $this->view->tagAnchor($this->view->escape($url),
$site_label));
}
diff --git a/library/startup.php b/library/startup.php
index fdd211c0a852f92accaaba11c88881199a87df56..e5f5422f74e2e9454f75af5dc8a63eefad37dc81 100644
--- a/library/startup.php
+++ b/library/startup.php
@@ -64,7 +64,7 @@ function defineConstant($name, $value) {
function setupConstants() {
defineConstant('BOKEH_MAJOR_VERSION','7.3');
- defineConstant('BOKEH_RELEASE_NUMBER', BOKEH_MAJOR_VERSION . '.24');
+ defineConstant('BOKEH_RELEASE_NUMBER', BOKEH_MAJOR_VERSION . '.25');
defineConstant('BOKEH_REMOTE_FILES', 'http://git.afi-sa.fr/afi/opacce/');
diff --git a/tests/application/modules/opac/controllers/RechercheControllerSearchExtensionTest.php b/tests/application/modules/opac/controllers/RechercheControllerSearchExtensionTest.php
index 2d82cfd57e19c780984b92a996ab7309f7784154..4b99bbb9b1bfe02ad73dffaaab1990db0a3c1af9 100644
--- a/tests/application/modules/opac/controllers/RechercheControllerSearchExtensionTest.php
+++ b/tests/application/modules/opac/controllers/RechercheControllerSearchExtensionTest.php
@@ -148,7 +148,7 @@ class RechercheControllerSearchExtensionEnabledTest
/** @test */
public function gallicaLinkShouldBeRendered() {
- $this->assertXPathContentContains('//a[contains(@href, "gallica all ")]',
+ $this->assertXPathContentContains('//a[contains(@href, "gallica all ")][contains(@href, "sport")]',
'Gallica');
}
}
diff --git a/tests/library/Class/FileManagerTest.php b/tests/library/Class/FileManagerTest.php
index 7be30a02b468ca625de417e8d8794ccc8da01b43..53c69ef643986282b10d7931d77e5eb49f43d26c 100644
--- a/tests/library/Class/FileManagerTest.php
+++ b/tests/library/Class/FileManagerTest.php
@@ -91,6 +91,15 @@ class FileManagerAsAdminTest extends ModelTestCase {
public function upperDirectoryShouldNotBeAuthorized() {
$this->assertFalse($this->_filemanager->isAuthorized(USERFILESURL . '../'));
}
+
+
+ /**
+ * @test
+ * @see http://forge.afi-sa.fr/issues/32417
+ */
+ public function filenameContainingTwoDotsShouldBeAuthorized() {
+ $this->assertTrue($this->_filemanager->isAuthorized(USERFILESURL . '/Spectacle_14_nov..pdf'));
+ }
}
?>
\ No newline at end of file