diff --git a/core/modules/dblog/src/Controller/DbLogController.php b/core/modules/dblog/src/Controller/DbLogController.php
index 76c0f49617145cf4bfb0c664448d077eb75f1da5..038c7ca04e56b6f4df00cba8e31935869283fec3 100644
--- a/core/modules/dblog/src/Controller/DbLogController.php
+++ b/core/modules/dblog/src/Controller/DbLogController.php
@@ -277,7 +277,7 @@ public function eventDetails($event_id) {
),
array(
array('data' => $this->t('Operations'), 'header' => TRUE),
- SafeMarkup::checkAdminXss($dblog->link),
+ $dblog->link,
),
);
$build['dblog_table'] = array(
@@ -354,7 +354,7 @@ public function formatMessage($row) {
else {
$message = FALSE;
}
- return ($message) ? Xss::filterAdmin($message) : FALSE;
+ return $message;
}
/**
diff --git a/core/modules/dblog/src/Tests/DbLogTest.php b/core/modules/dblog/src/Tests/DbLogTest.php
index c4d6e69382cc64efbeba65a60eaad992bd2368b7..9726fff2efa7c77092ea838819c13e514f1a2b07 100644
--- a/core/modules/dblog/src/Tests/DbLogTest.php
+++ b/core/modules/dblog/src/Tests/DbLogTest.php
@@ -7,11 +7,9 @@
namespace Drupal\dblog\Tests;
-use Drupal\Component\Utility\String;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Logger\RfcLogLevel;
-use Drupal\Core\Url;
use Drupal\dblog\Controller\DbLogController;
use Drupal\simpletest\WebTestBase;
@@ -73,8 +71,6 @@ function testDbLog() {
$this->verifyEvents();
$this->verifyReports();
$this->verifyBreadcrumbs();
- $this->verifyLinkEscaping();
- $this->verifyMessageEscaping();
// Verify the overview table sorting.
$orders = array('Date', 'Type', 'User');
$sorts = array('asc', 'desc');
@@ -133,33 +129,21 @@ private function verifyCron($row_limit) {
*
* @param int $count
* Number of watchdog entries to generate.
- * @param array $options
- * These options are used to override the defaults for the test.
- * An associative array containing any of the following keys:
- * - 'channel': String identifying the log channel to be output to.
- * If the channel is not set, the default of 'custom' will be used.
- * - 'message': String containing a message to be output to the log.
- * A simple default message is used if not provided.
- * - 'variables': Array of variables that match the message string.
- * - 'severity': Log severity level as defined in logging_severity_levels.
- * - 'link': String linking to view the result of the event.
- * - 'user': String identifying the username.
- * - 'uid': Int identifying the user id for the user.
- * - 'request_uri': String identifying the location of the request.
- * - 'referer': String identifying the referring url.
- * - 'ip': String The ip address of the client machine triggering the log
- * entry.
- * - 'timestamp': Int unix timestamp.
+ * @param string $type
+ * (optional) The type of watchdog entry. Defaults to 'custom'.
+ * @param int $severity
+ * (optional) The severity of the watchdog entry. Defaults to
+ * \Drupal\Core\Logger\RfcLogLevel::NOTICE.
*/
- private function generateLogEntries($count, $options = array()) {
+ private function generateLogEntries($count, $type = 'custom', $severity = RfcLogLevel::NOTICE) {
global $base_root;
// Prepare the fields to be logged
- $log = $options + array(
- 'channel' => 'custom',
- 'message' => 'Dblog test log message',
+ $log = array(
+ 'channel' => $type,
+ 'message' => 'Log entry added to test the dblog row limit.',
'variables' => array(),
- 'severity' => RfcLogLevel::NOTICE,
+ 'severity' => $severity,
'link' => NULL,
'user' => $this->adminUser,
'uid' => $this->adminUser->id(),
@@ -167,13 +151,11 @@ private function generateLogEntries($count, $options = array()) {
'referer' => \Drupal::request()->server->get('HTTP_REFERER'),
'ip' => '127.0.0.1',
'timestamp' => REQUEST_TIME,
- );
-
- $logger = $this->container->get('logger.dblog');
- $message = $log['message'] . ' Entry #';
+ );
+ $message = 'Log entry added to test the dblog row limit. Entry #';
for ($i = 0; $i < $count; $i++) {
$log['message'] = $message . $i;
- $logger->log($log['severity'], $log['message'], $log);
+ $this->container->get('logger.dblog')->log($severity, $log['message'], $log);
}
}
@@ -264,82 +246,6 @@ public function verifySort($sort = 'asc', $order = 'Date') {
$this->assertText(t('Recent log messages'), 'DBLog report was displayed correctly and sorting went fine.');
}
- /**
- * Tests the escaping of links in the operation row of a database log detail
- * page.
- */
- private function verifyLinkEscaping() {
- $link = \Drupal::l('View', Url::fromRoute('entity.node.canonical', array('node' => 1)));
- $message = 'Log entry added to do the verifyLinkEscaping test.';
- $this->generateLogEntries(1, array(
- 'message' => $message,
- 'link' => $link,
- ));
-
- $result = db_query_range('SELECT wid FROM {watchdog} ORDER BY wid DESC', 0, 1);
- $this->drupalGet('admin/reports/dblog/event/' . $result->fetchField());
-
- // Check if the link exists (unescaped).
- $this->assertRaw($link);
-
- // Check for XSS filtering.
- $js_txt = 'This should not pop up!';
- $js = '';
- $this->generateLogEntries(1, array(
- 'message' => $message,
- 'link' => $link . $js,
- ));
-
- $result = db_query_range('SELECT wid FROM {watchdog} ORDER BY wid DESC', 0, 1);
- $this->drupalGet('admin/reports/dblog/event/' . $result->fetchField());
-
- // Check if the link exists (unescaped).
- $this->assertRaw($link);
-
- // Check if javascript was escaped.
- $this->assertNoRaw($js, 'Detail view: javascript in link is blocked');
- $this->assertRaw($js_txt, 'Detail view: javascript text exists');
- }
-
- /**
- * Test the escaping of message in the operation row of a database log detail
- * page.
- */
- private function verifyMessageEscaping() {
- $link = \Drupal::l('View', Url::fromRoute('entity.node.canonical', array('node' => 1)));
- $message = String::format('%message', array(
- '%message' => 'Log entry added to do the verifyMessageEscaping test.',
- ));
- $this->generateLogEntries(1, array(
- 'message' => $message,
- 'link' => $link,
- ));
-
- $result = db_query_range('SELECT wid FROM {watchdog} ORDER BY wid DESC', 0, 1);
- $this->drupalGet('admin/reports/dblog/event/' . $result->fetchField());
-
- // Check if the link exists (unescaped).
- $this->assertRaw($message);
-
- // Check for XSS filtering.
- $js_txt = 'This should not pop up!';
- $js = '';
- $this->generateLogEntries(1, array(
- 'message' => $message . $js,
- 'link' => $link,
- ));
-
- $result = db_query_range('SELECT wid FROM {watchdog} ORDER BY wid DESC', 0, 1);
- $this->drupalGet('admin/reports/dblog/event/' . $result->fetchField());
-
- // Check if the link exists (unescaped).
- $this->assertRaw($message);
-
- // Check if javascript was escaped.
- $this->assertNoRaw($js, 'Detail view: javascript in message is blocked');
- $this->assertRaw($js_txt, 'Detail view: javascript text exists ');
- }
-
/**
* Generates and then verifies some user events.
*/
@@ -591,10 +497,7 @@ public function testFilter() {
'type' => $type_name,
'severity' => $severity++,
);
- $this->generateLogEntries($type['count'], array(
- 'channel' => $type['type'],
- 'severity' => $type['severity'],
- ));
+ $this->generateLogEntries($type['count'], $type['type'], $type['severity']);
}
}