fix: corrected wrong usage of allowedLinkHosts(), closes #3555

Author: thorsten

phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php

@@ -175,7 +175,6 @@ public function cleanUpContent(string $content): string
                 ->allowMediaSchemes(['https', 'http', 'mailto', 'data'])
                 ->allowMediaHosts($allowedHosts)
                 ->allowLinkSchemes(['https', 'http', 'mailto', 'data'])
-                ->allowLinkHosts($allowedHosts)
         );
 
         $sanitizedContent = $htmlSanitizer->sanitize($content);

tests/phpMyFAQ/Helper/FaqHelperTest.php

@@ -10,13 +10,9 @@
 use phpMyFAQ\System;
 use phpMyFAQ\Translation;
 use PHPUnit\Framework\TestCase;
-use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
 
 class FaqHelperTest extends TestCase
 {
-    /** @var Configuration */
-    private Configuration $configuration;
-
     /** @var FaqHelper*/
     private FaqHelper $faqHelper;
 
@@ -34,15 +30,15 @@ protected function setUp(): void
 
         $dbHandle = new Sqlite3();
         $dbHandle->connect(PMF_TEST_DIR . '/test.db', '', '');
-        $this->configuration = new Configuration($dbHandle);
-        $this->configuration->set('main.currentVersion', System::getVersion());
-        $this->configuration->set('main.referenceURL', 'https://localhost:443/');
-        $this->configuration->set('records.allowedMediaHosts', 'www.youtube.com,example.com,phpmyfaq.de');
+        $configuration = new Configuration($dbHandle);
+        $configuration->set('main.currentVersion', System::getVersion());
+        $configuration->set('main.referenceURL', 'https://localhost:443/');
+        $configuration->set('records.allowedMediaHosts', 'www.youtube.com,example.com,phpmyfaq.de');
 
-        $language = new Language($this->configuration);
-        $this->configuration->setLanguage($language);
+        $language = new Language($configuration);
+        $configuration->setLanguage($language);
 
-        $this->faqHelper = new FaqHelper($this->configuration);
+        $this->faqHelper = new FaqHelper($configuration);
     }
 
     public function testRewriteLanguageMarkupClass(): void
@@ -78,7 +74,8 @@ public function testCreateFaqUrl(): void
 
     public function testCleanUpContent(): void
     {
-        $content = '<p>Some text <script>alert("Hello, world!");</script><img src=foo onerror=alert(document.cookie)></p>';
+        $content = '<p>Some text <script>alert("Hello, world!");' .
+            '</script><img src=foo onerror=alert(document.cookie)></p>';
         $expectedOutput = '<p>Some text <img src="foo" /></p>';
 
         $actualOutput = $this->faqHelper->cleanUpContent($content);
@@ -151,6 +148,16 @@ public function testCleanUpContentWithDifferentImageSource(): void
         $this->assertEquals($expectedOutput, $actualOutput);
     }
 
+    public function testExternalLinks(): void
+    {
+        $content = '<a rel="nofollow" target="_blank" href="https://www.phpmyfaq.de">phpMyFAQ</a>';
+        $expectedOutput = '<a rel="nofollow" target="_blank" href="https://www.phpmyfaq.de">phpMyFAQ</a>';
+
+        $actualOutput = $this->faqHelper->cleanUpContent($content);
+
+        $this->assertEquals($expectedOutput, $actualOutput);
+    }
+
     public function testConvertOldInternalLinks(): void
     {
         // Test questions for slug generation