From 2d961d7ac3292ea5a874ea1ace28c57ad9b5300e Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Fri, 3 May 2013 12:07:30 -0400
Subject: [PATCH] Added truncation in tag parser to avoid illegal lengths.
---
module/VuFind/src/VuFind/Tags.php | 20 ++++++++++++++++++-
.../VuFind/tests/unit-tests/src/TagsTest.php | 12 +++++++++++
2 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/module/VuFind/src/VuFind/Tags.php b/module/VuFind/src/VuFind/Tags.php
index 1716490aa64..62bfae20022 100644
--- a/module/VuFind/src/VuFind/Tags.php
+++ b/module/VuFind/src/VuFind/Tags.php
@@ -38,6 +38,23 @@ namespace VuFind;
*/
class Tags
{
+ /**
+ * Maximum tag length.
+ *
+ * @var int
+ */
+ protected $maxLength;
+
+ /**
+ * Constructor
+ *
+ * @param int $maxLength Maximum tag length
+ */
+ public function __construct($maxLength = 64)
+ {
+ $this->maxLength = $maxLength;
+ }
+
/**
* Parse a user-submitted tag string into an array of separate tags.
*
@@ -50,7 +67,8 @@ class Tags
preg_match_all('/"[^"]*"|[^ ]+/', trim($tags), $words);
$result = array();
foreach ($words[0] as $tag) {
- $result[] = str_replace('"', '', $tag);
+ // Wipe out double-quotes and trim over-long tags:
+ $result[] = substr(str_replace('"', '', $tag), 0, $this->maxLength);
}
return array_unique($result);
}
diff --git a/module/VuFind/tests/unit-tests/src/TagsTest.php b/module/VuFind/tests/unit-tests/src/TagsTest.php
index 5b338962b92..d3a50d03a1b 100644
--- a/module/VuFind/tests/unit-tests/src/TagsTest.php
+++ b/module/VuFind/tests/unit-tests/src/TagsTest.php
@@ -85,4 +85,16 @@ class TagsTest extends \PHPUnit_Framework_TestCase
{
$this->assertEquals(array('test'), $this->parser->parse('test test test'));
}
+
+ /**
+ * Test truncation
+ *
+ * @return void
+ */
+ public function testTruncation()
+ {
+ // Create custom object w/ small size limit:
+ $parser = new \VuFind\Tags(10);
+ $this->assertEquals(array('0123456789'), $parser->parse('01234567890'));
+ }
}
\ No newline at end of file
--
GitLab