Merge branch 'release/1.1.13' into v1

nystudio107 · Oct 5, 2018 · 0163c85 · 0163c85
2 parents 82d3cf0 + 87111c1
commit 0163c85
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 83 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Typogrify Changelog
 
+## 1.1.13 - 2018.10.05
+### Changed
+* Reverted `\Twig_Markup` regression; added a note to the docs
+
 ## 1.1.12 - 2018.10.04
 ### Changed
 * Fixed an issue where Typogrify could return a `\Twig_Markup` from unsafe input

diff --git a/README.md b/README.md
@@ -133,6 +133,14 @@ Or:
 {{ craft.typogrify.typogrifyFeed(content) }}
 ```
 
+#### Security
+
+In ordered to work, Typogrify outputs raw HTML. Any untrusted user input should therefor be [escaped](https://twig.symfony.com/doc/2.x/filters/escape.html) before passing it into the `typogrify` filter, e.g.:
+
+```twig
+{{ craft.request.getParam('q') | escape | typogrify }}
+```
+
 #### Advanced Usage
 
 Should you need advanced control over Typogrify in your templates, you can use the `getPhpTypographySettings()` Twig function:

diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
     "name": "nystudio107/craft-typogrify",
     "description": "Typogrify prettifies your web typography by preventing ugly quotes and 'widows' and more",
     "type": "craft-plugin",
-    "version": "1.1.12",
+    "version": "1.1.13",
     "keywords": [
         "craft",
         "cms",

diff --git a/src/twigextensions/TypogrifyTwigExtension.php b/src/twigextensions/TypogrifyTwigExtension.php
@@ -89,11 +89,11 @@ public function getFunctions()
      * @param bool   $isTitle Optional. If the HTML fragment is a title.
      *                        Default false
      *
-     * @return string|\Twig_Markup
+     * @return string The processed HTML
      */
     public function typogrify($text, $isTitle = false)
     {
-        return $this->returnText($text, Typogrify::$plugin->typogrify->typogrify($text, $isTitle));
+        return Template::raw(Typogrify::$plugin->typogrify->typogrify($text, $isTitle));
     }
 
     /**
@@ -106,21 +106,21 @@ public function typogrify($text, $isTitle = false)
      * @param bool   $isTitle Optional. If the HTML fragment is a title.
      *                        Default false
      *
-     * @return string|\Twig_Markup
+     * @return string The processed HTML
      */
     public function typogrifyFeed($text, $isTitle = false)
     {
-        return $this->returnText($text, Typogrify::$plugin->typogrify->typogrifyFeed($text, $isTitle));
+        return Template::raw(Typogrify::$plugin->typogrify->typogrifyFeed($text, $isTitle));
     }
 
     /**
      * @param string $text
      *
-     * @return string|\Twig_Markup
+     * @return \Twig_Markup
      */
     public function smartypants($text)
     {
-        return $this->returnText($text, Typogrify::$plugin->typogrify->smartypants($text));
+        return Template::raw(Typogrify::$plugin->typogrify->smartypants($text));
     }
 
     /**
@@ -144,7 +144,7 @@ public function getPhpTypographySettings()
      */
     public function truncate($string, $length, $substring = '…'): string
     {
-        return Typogrify::$plugin->typogrify->truncate($string, $length, $substring);
+        return Template::raw(Typogrify::$plugin->typogrify->truncate($string, $length, $substring));
     }
 
     /**
@@ -161,7 +161,7 @@ public function truncate($string, $length, $substring = '…'): string
      */
     public function truncateOnWord($string, $length, $substring = '…'): string
     {
-        return Typogrify::$plugin->typogrify->truncateOnWord($string, $length, $substring);
+        return Template::raw(Typogrify::$plugin->typogrify->truncateOnWord($string, $length, $substring));
     }
 
     /**
@@ -196,7 +196,7 @@ public function stringy($string = '', $encoding = null)
      */
     public function humanFileSize($bytes, $decimals = 1): string
     {
-        return Typogrify::$plugin->typogrify->humanFileSize($bytes, $decimals);
+        return Template::raw(Typogrify::$plugin->typogrify->humanFileSize($bytes, $decimals));
     }
 
     /**
@@ -216,7 +216,7 @@ public function humanFileSize($bytes, $decimals = 1): string
      */
     public function humanDuration($value)
     {
-        return Typogrify::$plugin->typogrify->humanDuration($value);
+        return Template::raw(Typogrify::$plugin->typogrify->humanDuration($value));
     }
 
     /**
@@ -244,7 +244,7 @@ public function humanDuration($value)
      */
     public function humanRelativeTime($value, $referenceTime = null)
     {
-        return Typogrify::$plugin->typogrify->humanRelativeTime($value, $referenceTime);
+        return Template::raw(Typogrify::$plugin->typogrify->humanRelativeTime($value, $referenceTime));
     }
 
     /**
@@ -253,11 +253,11 @@ public function humanRelativeTime($value, $referenceTime = null)
      *
      * @param int $number
      *
-     * @return string
+     * @return \Twig_Markup
      */
     public function ordinalize(int $number)
     {
-        return Typogrify::$plugin->typogrify->ordinalize($number);
+        return Template::raw(Typogrify::$plugin->typogrify->ordinalize($number));
     }
 
     /**
@@ -267,11 +267,11 @@ public function ordinalize(int $number)
      * @param string $word
      * @param int    $number
      *
-     * @return string
+     * @return \Twig_Markup
      */
     public function pluralize(string $word, int $number = 2)
     {
-        return Typogrify::$plugin->typogrify->pluralize($word, $number);
+        return Template::raw(Typogrify::$plugin->typogrify->pluralize($word, $number));
     }
 
     /**
@@ -281,11 +281,11 @@ public function pluralize(string $word, int $number = 2)
      * @param string $word
      * @param int    $number
      *
-     * @return string
+     * @return \Twig_Markup
      */
     public function singularize(string $word, int $number = 1)
     {
-        return Typogrify::$plugin->typogrify->singularize($word, $number);
+        return Template::raw(Typogrify::$plugin->typogrify->singularize($word, $number));
     }
 
     /**
@@ -296,11 +296,11 @@ public function singularize(string $word, int $number = 1)
      * @param string $string
      * @param null   $transliterator
      *
-     * @return string
+     * @return \Twig_Markup
      */
     public function transliterate(string $string, $transliterator = null)
     {
-        return Typogrify::$plugin->typogrify->transliterate($string, $transliterator);
+        return Template::raw(Typogrify::$plugin->typogrify->transliterate($string, $transliterator));
     }
 
     /**
@@ -316,27 +316,6 @@ public function transliterate(string $string, $transliterator = null)
      */
     public function wordLimit(string $string, int $length, string $substring = '…')
     {
-        return Typogrify::$plugin->typogrify->wordLimit($string, $length, $substring);
-    }
-
-    // Private Methods
-    // =========================================================================
-
-    /**
-     * Return the text as \Twig_Markup if that's what was passed in, otherwise
-     * just return a string
-     *
-     * @param $original
-     * @param $text
-     *
-     * @return string|\Twig_Markup
-     */
-    private function returnText($original, string $text)
-    {
-        if ($original instanceof \Twig_Markup) {
-            return Template::raw($text);
-        }
-
-        return $text;
+        return Template::raw(Typogrify::$plugin->typogrify->wordLimit($string, $length, $substring));
     }
 }
diff --git a/src/variables/TypogrifyVariable.php b/src/variables/TypogrifyVariable.php
@@ -34,11 +34,11 @@ class TypogrifyVariable
      * @param bool   $isTitle Optional. If the HTML fragment is a title.
      *                        Default false
      *
-     * @return string|\Twig_Markup
+     * @return string The processed HTML
      */
     public function typogrify($text, $isTitle = false)
     {
-        return $this->returnText($text, Typogrify::$plugin->typogrify->typogrify($text, $isTitle));
+        return Template::raw(Typogrify::$plugin->typogrify->typogrify($text, $isTitle));
     }
 
     /**
@@ -51,21 +51,21 @@ public function typogrify($text, $isTitle = false)
      * @param bool   $isTitle Optional. If the HTML fragment is a title.
      *                        Default false
      *
-     * @return string|\Twig_Markup
+     * @return string The processed HTML
      */
     public function typogrifyFeed($text, $isTitle = false)
     {
-        return $this->returnText($text, Typogrify::$plugin->typogrify->typogrifyFeed($text, $isTitle));
+        return Template::raw(Typogrify::$plugin->typogrify->typogrifyFeed($text, $isTitle));
     }
 
     /**
      * @param string $text
      *
-     * @return string|\Twig_Markup
+     * @return \Twig_Markup
      */
     public function smartypants($text)
     {
-        return $this->returnText($text, Typogrify::$plugin->typogrify->smartypants($text));
+        return Template::raw(Typogrify::$plugin->typogrify->smartypants($text));
     }
 
     /**
@@ -89,7 +89,7 @@ public function getPhpTypographySettings()
      */
     public function truncate($string, $length, $substring = '…'): string
     {
-        return Typogrify::$plugin->typogrify->truncate($string, $length, $substring);
+        return Template::raw(Typogrify::$plugin->typogrify->truncate($string, $length, $substring));
     }
 
     /**
@@ -106,7 +106,7 @@ public function truncate($string, $length, $substring = '…'): string
      */
     public function truncateOnWord($string, $length, $substring = '…'): string
     {
-        return Typogrify::$plugin->typogrify->truncateOnWord($string, $length, $substring);
+        return Template::raw(Typogrify::$plugin->typogrify->truncateOnWord($string, $length, $substring));
     }
 
     /**
@@ -141,7 +141,7 @@ public function stringy($string = '', $encoding = null)
      */
     public function humanFileSize($bytes, $decimals = 1): string
     {
-        return Typogrify::$plugin->typogrify->humanFileSize($bytes, $decimals);
+        return Template::raw(Typogrify::$plugin->typogrify->humanFileSize($bytes, $decimals));
     }
 
     /**
@@ -161,7 +161,7 @@ public function humanFileSize($bytes, $decimals = 1): string
      */
     public function humanDuration($value)
     {
-        return Typogrify::$plugin->typogrify->humanDuration($value);
+        return Template::raw(Typogrify::$plugin->typogrify->humanDuration($value));
     }
 
     /**
@@ -189,7 +189,7 @@ public function humanDuration($value)
      */
     public function humanRelativeTime($value, $referenceTime = null)
     {
-        return Typogrify::$plugin->typogrify->humanRelativeTime($value, $referenceTime);
+        return Template::raw(Typogrify::$plugin->typogrify->humanRelativeTime($value, $referenceTime));
     }
 
     /**
@@ -198,11 +198,11 @@ public function humanRelativeTime($value, $referenceTime = null)
      *
      * @param int $number
      *
-     * @return string
+     * @return \Twig_Markup
      */
     public function ordinalize(int $number)
     {
-        return Typogrify::$plugin->typogrify->ordinalize($number);
+        return Template::raw(Typogrify::$plugin->typogrify->ordinalize($number));
     }
 
     /**
@@ -211,11 +211,11 @@ public function ordinalize(int $number)
      *
      * @param string $word
      *
-     * @return string
+     * @return \Twig_Markup
      */
     public function pluralize(string $word)
     {
-        return Typogrify::$plugin->typogrify->pluralize($word);
+        return Template::raw(Typogrify::$plugin->typogrify->pluralize($word));
     }
 
     /**
@@ -224,11 +224,11 @@ public function pluralize(string $word)
      *
      * @param string $word
      *
-     * @return string
+     * @return \Twig_Markup
      */
     public function singularize(string $word)
     {
-        return Typogrify::$plugin->typogrify->singularize($word);
+        return Template::raw(Typogrify::$plugin->typogrify->singularize($word));
     }
 
     /**
@@ -239,11 +239,11 @@ public function singularize(string $word)
      * @param string $string
      * @param null   $transliterator
      *
-     * @return string
+     * @return \Twig_Markup
      */
     public function transliterate(string $string, $transliterator = null)
     {
-        return Typogrify::$plugin->typogrify->transliterate($string, $transliterator);
+        return Template::raw(Typogrify::$plugin->typogrify->transliterate($string, $transliterator));
     }
 
     /**
@@ -259,27 +259,6 @@ public function transliterate(string $string, $transliterator = null)
      */
     public function wordLimit(string $string, int $length, string $substring = '…')
     {
-        return Typogrify::$plugin->typogrify->wordLimit($string, $length, $substring);
-    }
-
-    // Private Methods
-    // =========================================================================
-
-    /**
-     * Return the text as \Twig_Markup if that's what was passed in, otherwise
-     * just return a string
-     *
-     * @param $original
-     * @param $text
-     *
-     * @return string|\Twig_Markup
-     */
-    private function returnText($original, string $text)
-    {
-        if ($original instanceof \Twig_Markup) {
-            return Template::raw($text);
-        }
-
-        return $text;
+        return Template::raw(Typogrify::$plugin->typogrify->wordLimit($string, $length, $substring));
     }
 }