Merge pull request #1576 from johnhenley/issues/fix-html-encoding-part-2-1385

FIX: Additional work on XML/HTML encoding for content display of code blocks

Author: johnhenley

Dnn.CommunityForums/Entities/ReplyInfo.cs

@@ -401,11 +401,11 @@ public string GetProperty(string propertyName, string format, System.Globalizati
                         }
 
                     case "summary":
-                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(length > 0 && this.Summary.Length > length ? this.Summary.Substring(0, length) : this.Summary)), format);
+                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(length > 0 && this.Summary.Length > length ? this.Summary.Substring(0, length) : this.Summary), format);
                     case "body":
-                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body)), format);
+                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(Utilities.EncodeCodeBlocks(length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body)), format);
                     case "bodytitle":
-                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(GetTopicTitle(this.Content.Body))), format);
+                        return PropertyAccess.FormatString(Utilities.EncodeBrackets(GetTopicTitle(this.Content.Body)), format);
                     case "link":
                         {
                             string sTopicURL = new ControlUtils().BuildUrl(this.Forum.PortalSettings.PortalId, this.GetTabId(), this.Forum.ModuleId, this.Forum.ForumGroup.PrefixURL, this.Forum.PrefixURL, this.Forum.ForumGroupId, this.Forum.ForumID, this.TopicId, this.Topic.TopicUrl, -1, -1, string.Empty, 1, this.ContentId, this.Forum.SocialGroupId);

Dnn.CommunityForums/Entities/TopicInfo.cs

@@ -736,15 +736,15 @@ public string GetProperty(string propertyName, string format, System.Globalizati
 
                     return string.Empty;
                 case "bodytitle":
-                    return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(GetTopicTitle(this.Content.Body))), format);
+                    return PropertyAccess.FormatString(Utilities.EncodeBrackets(GetTopicTitle(this.Content.Body)), format);
                 case "summary":
                     return PropertyAccess.FormatString(
-                        Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(
+                        Utilities.EncodeBrackets(
                         !string.IsNullOrEmpty(this.Summary)
                         ? length > 0 && this.Summary.Length > length ? this.Summary.Substring(0, length) : this.Summary
-                        : length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body)), format);
+                        : length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body), format);
                 case "body":
-                    return PropertyAccess.FormatString(Utilities.EncodeBrackets(System.Web.HttpUtility.HtmlEncode(length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body)), format);
+                    return PropertyAccess.FormatString(Utilities.EncodeBrackets(Utilities.EncodeCodeBlocks(length > 0 && this.Content.Body.Length > length ? this.Content.Body.Substring(0, length) : this.Content.Body)), format);
                 case "lastreplyid":
                     return PropertyAccess.FormatString(this.LastReplyId.ToString(), format);
                 case "replycount":

Dnn.CommunityForums/class/CodeParser.cs

@@ -22,7 +22,7 @@ namespace DotNetNuke.Modules.ActiveForums
 {
     using System.Text.RegularExpressions;
 
-    public class CodeParser
+    public static class CodeParser
     {
         public static string ParseCode(string sCode)
         {
@@ -83,5 +83,12 @@ private static string HandleBrackets(string sCode)
 
             return sCode;
         }
+
+        internal static string ConvertCodeBrackets(string text)
+        {
+            text = Regex.Replace(text, "\\[CODE\\]", "<pre><code>", RegexOptions.IgnoreCase);
+            text = Regex.Replace(text, "\\[\\/CODE\\]", "</code></pre>", RegexOptions.IgnoreCase);
+            return text;
+        }
     }
 }

Dnn.CommunityForums/class/TemplateUtils.cs

@@ -595,7 +595,6 @@ private static string ParsePreview(int portalId, string template, string message
                     }
                 }
 
-                var objCode = new CodeParser();
                 template = CodeParser.ParseCode(System.Net.WebUtility.HtmlDecode(template));
             }
 

Dnn.CommunityForums/class/Utilities.cs

@@ -520,7 +520,7 @@ private static string CleanTextBox(int portalId, string text, bool allowHTML, bo
                         strMessage = DotNetNuke.Modules.ActiveForums.Controllers.FilterController.RemoveFilterWords(portalId, moduleId, themePath, strMessage, processEmoticons, false, HttpContext.Current.Request.Url);
                     }
 
-                    strMessage = System.Net.WebUtility.HtmlEncode(strMessage);
+                    //strMessage = System.Net.WebUtility.HtmlEncode(strMessage);
                     strMessage = ReplaceNewLineWithHtmlBreakTag(strMessage);
 
                     i = 0;
@@ -546,7 +546,22 @@ private static string CleanTextBox(int portalId, string text, bool allowHTML, bo
                     strMessage = ReplaceNewLineWithHtmlBreakTag(strMessage);
                 }
 
-                strMessage = EncodeBrackets(strMessage);
+                //strMessage = EncodeBrackets(strMessage);
+            }
+
+            return strMessage;
+        }
+
+        internal static string EncodeCodeBlocks(string text)
+        {
+            string strMessage = text;
+            if (!String.IsNullOrEmpty(strMessage) && (strMessage.ToUpperInvariant().Contains("[CODE]") || strMessage.ToUpperInvariant().Contains("<CODE")))
+            {
+                var pattern = @"[\[<]code[\]>](?<codeblock>(?s:.)*?)[\[<]\/code[\]>]";
+                foreach (Match m in RegexUtils.GetCachedRegex(pattern, RegexOptions.Compiled & RegexOptions.IgnoreCase).Matches(strMessage))
+                {
+                    strMessage = strMessage.Replace(m.Value, System.Web.HttpUtility.HtmlEncode(m.Value));
+                }
             }
 
             return strMessage;

Dnn.CommunityForums/controls/af_post.ascx.cs

@@ -620,7 +620,8 @@ private void PrepareReply()
                                 {
                                     if (body.ToUpperInvariant().Contains("<CODE") || body.ToUpperInvariant().Contains("[CODE]"))
                                     {
-                                        body = CodeParser.ParseCode(System.Net.WebUtility.HtmlDecode(body));
+                                        //body = CodeParser.ParseCode(System.Net.WebUtility.HtmlDecode(body));
+                                        body = Utilities.EncodeCodeBlocks(body);
                                     }
                                 }
                                 else

Dnn.CommunityForums/controls/af_quickreply.ascx.cs

@@ -308,7 +308,7 @@ private void SaveQuickReply()
                 this.AllowHTML = this.IsHtmlPermitted(this.ForumInfo.FeatureSettings.EditorPermittedUsers, this.IsTrusted, DotNetNuke.Modules.ActiveForums.Controllers.PermissionController.HasRequiredPerm(this.ForumInfo.Security.ModerateRoleIds, this.ForumUser.UserRoleIds));
             }
 
-            sBody = Utilities.CleanString(this.PortalId, this.Request.Form["txtBody"], this.AllowHTML, EditorTypes.TEXTBOX, this.UseFilter, this.AllowScripts, this.ForumModuleId, this.ThemePath, this.ForumInfo.FeatureSettings.AllowEmoticons);
+            sBody = Utilities.CleanString(this.PortalId, CodeParser.ConvertCodeBrackets(this.Request.Form["txtBody"]), this.AllowHTML, EditorTypes.TEXTBOX, this.UseFilter, this.AllowScripts, this.ForumModuleId, this.ThemePath, this.ForumInfo.FeatureSettings.AllowEmoticons);
             ri.Content.AuthorId = this.UserId;
             ri.Content.AuthorName = sUsername;
             ri.Content.Body = sBody;

Dnn.CommunityForumsTests/Services/Tokens/TokenReplacerTests.cs

@@ -380,6 +380,9 @@ public void ReplaceForumTokensTest2()
                     ForumGroup = new DotNetNuke.Modules.ActiveForums.Entities.ForumGroupInfo
                     {
                         GroupName = "Test Forum Group",
+                        PortalSettings = DotNetNuke.Entities.Portals.PortalController.Instance.GetCurrentPortalSettings(),
+                        FeatureSettings = new DotNetNuke.Modules.ActiveForums.Entities.FeatureSettings(featureSettings),
+                        Security = mockPermissions.Object,
                     },
                     FeatureSettings = new DotNetNuke.Modules.ActiveForums.Entities.FeatureSettings(featureSettings),
                 },
@@ -424,7 +427,7 @@ public void ReplaceForumTokensTest2()
             // Assert
             Assert.That(actualResult, Is.EqualTo(expectedResult));
         }
-        
+
         [Test]
         public void RemovePrefixedToken1()
         {

Dnn.CommunityForumsTests/class/CodeParserTests.cs

@@ -0,0 +1,58 @@
+// Copyright (c) by DNN Community
+//
+// DNN Community licenses this file to you under the MIT license.
+//
+// See the LICENSE file in the project root for more information.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+// documentation files (the "Software"), to deal in the Software without restriction, including without limitation
+// the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
+// to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all copies or substantial portions
+// of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+// TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+// THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+// CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+// DEALINGS IN THE SOFTWARE.
+
+namespace DotNetNuke.Modules.ActiveForumsTests
+{
+    using System.Reflection;
+
+    using DotNetNuke.Modules.ActiveForums;
+    using NUnit.Framework;
+
+    [TestFixture]
+    public partial class CodeParserTests : DotNetNuke.Modules.ActiveForumsTests.TestBase
+    {
+        [TestCase("[CODE]test[/CODE]", "<div class=\"afcodeblock\"><pre><code>test</code></pre></div>")]
+        [TestCase("No code here", "No code here")]
+        public void ParseCode_ReturnsExpectedHtml(string input, string expected)
+        {
+            var result = CodeParser.ParseCode(input);
+            Assert.That(result, Does.Contain(expected));
+        }
+
+        [TestCase("[CODE]test[/CODE]", "<pre><code>test</code></pre>")]
+        [TestCase("[/CODE]", "</code></pre>")]
+        public void ConvertCodeBrackets_ConvertsBrackets(string input, string expected)
+        {
+            var result = CodeParser.ConvertCodeBrackets(input);
+            Assert.That(result, Does.Contain(expected));
+        }
+
+        [TestCase("&#91;CODE&#93;", "[CODE]")]
+        [TestCase("&amp;#91;CODE&amp;#93;", "[CODE]")]
+        [TestCase("&#93;", "]")]
+        [TestCase("&amp;#93;", "]")]
+        public void HandleBrackets_ReplacesEntities(string input, string expected)
+        {
+            var method = typeof(CodeParser).GetMethod("HandleBrackets", BindingFlags.NonPublic | BindingFlags.Static);
+            var result = method.Invoke(null, new object[] { input }) as string;
+            Assert.That(result, Is.EqualTo(expected));
+        }
+    }
+}

Dnn.CommunityForumsTests/class/UtilitiesTests.cs

@@ -18,11 +18,10 @@
 // CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 // DEALINGS IN THE SOFTWARE.
 
-using System.Collections;
-
 namespace DotNetNuke.Modules.ActiveForumsTests
 {
     using System;
+    using System.Collections;
     using System.Globalization;
 
     using DotNetNuke.Modules.ActiveForums;
@@ -459,5 +458,59 @@ public void GetSha256HashTest()
             // Assert
             Assert.That(actualResult, Is.EqualTo(expectedResult));
         }
+
+        [Test]
+        public void EncodeCodeBlocks_NullOrEmpty_ReturnsInput()
+        {
+            Assert.Multiple(() =>
+            {
+                Assert.That(Utilities.EncodeCodeBlocks(null), Is.Null);
+                Assert.That(Utilities.EncodeCodeBlocks(string.Empty), Is.Empty);
+            });
+        }
+
+        [Test]
+        public void EncodeCodeBlocks_NoCodeTags_ReturnsInput()
+        {
+            var input = "This is a test without code tags.";
+            var result = Utilities.EncodeCodeBlocks(input);
+            Assert.That(result, Is.EqualTo(input));
+        }
+
+        [Test]
+        public void EncodeCodeBlocks_WithCodeTags_EncodesBlock()
+        {
+            var input = "Some text [code]int x = 1;[/code] more text";
+            var expectedEncoded = System.Net.WebUtility.HtmlEncode("[code]int x = 1;[/code]");
+            var result = Utilities.EncodeCodeBlocks(input);
+            Assert.That(result.Contains(expectedEncoded), Is.True);
+        }
+
+        [Test]
+        public void EncodeCodeBlocks_WithAngleCodeTags_EncodesBlock()
+        {
+            var input = "Some text <code>int y = 2;</code> more text";
+            var expectedEncoded = System.Net.WebUtility.HtmlEncode("<code>int y = 2;</code>");
+            var result = Utilities.EncodeCodeBlocks(input);
+            Assert.Multiple(() =>
+            {
+                Assert.That(result.Contains(expectedEncoded), Is.True);
+                Assert.That(result.Contains("<code>int y = 2;</code>"), Is.False);
+            });
+        }
+
+        [Test]
+        public void EncodeCodeBlocks_MultipleCodeBlocks_EncodesAll()
+        {
+            var input = "[code]a[/code] and <code>b</code>";
+            var expected1 = System.Net.WebUtility.HtmlEncode("[code]a[/code]");
+            var expected2 = System.Net.WebUtility.HtmlEncode("<code>b</code>");
+            var result = Utilities.EncodeCodeBlocks(input);
+            Assert.Multiple(() =>
+            {
+                Assert.That(result.Contains(expected1), Is.True);
+                Assert.That(result.Contains(expected2), Is.True);
+            });
+        }
     }
 }