|
|
|
@ -1,16 +1,26 @@
|
|
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Tests, without pHPUnit by now
|
|
|
|
|
* @package test.util
|
|
|
|
|
*/
|
|
|
|
|
* Tests, without pHPUnit by now
|
|
|
|
|
* @package test.util
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
require_once('include/text.php');
|
|
|
|
|
require_once("include/template_processor.php");
|
|
|
|
|
require_once('include/text.php');
|
|
|
|
|
|
|
|
|
|
class AntiXSSTest extends PHPUnit_Framework_TestCase {
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* test no tags
|
|
|
|
|
*/
|
|
|
|
|
public function setUp() {
|
|
|
|
|
set_include_path(
|
|
|
|
|
get_include_path() . PATH_SEPARATOR
|
|
|
|
|
. 'include' . PATH_SEPARATOR
|
|
|
|
|
. 'library' . PATH_SEPARATOR
|
|
|
|
|
. 'library/phpsec' . PATH_SEPARATOR
|
|
|
|
|
. '.' );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* test no tags
|
|
|
|
|
*/
|
|
|
|
|
public function testEscapeTags() {
|
|
|
|
|
$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
|
|
|
|
|
|
|
|
|
@ -53,12 +63,12 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase {
|
|
|
|
|
$autoname1=autoname(-23);
|
|
|
|
|
$this->assertEquals(0, count($autoname1));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// public function testAutonameMaxLength() {
|
|
|
|
|
// $autoname2=autoname(PHP_INT_MAX);
|
|
|
|
|
// $this->assertEquals(PHP_INT_MAX, count($autoname2));
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// public function testAutonameMaxLength() {
|
|
|
|
|
// $autoname2=autoname(PHP_INT_MAX);
|
|
|
|
|
// $this->assertEquals(PHP_INT_MAX, count($autoname2));
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
public function testAutonameLength1() {
|
|
|
|
|
$autoname3=autoname(1);
|
|
|
|
|
$this->assertEquals(1, count($autoname3));
|
|
|
|
@ -68,7 +78,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase {
|
|
|
|
|
*xmlify and unxmlify
|
|
|
|
|
*/
|
|
|
|
|
public function testXmlify() {
|
|
|
|
|
$text="<tag>I want to break\n this!11!<?hard?></tag>";
|
|
|
|
|
$text="<tag>I want to break\n this!11!<?hard?></tag>";
|
|
|
|
|
$xml=xmlify($text); //test whether it actually may be part of a xml document
|
|
|
|
|
$retext=unxmlify($text);
|
|
|
|
|
|
|
|
|
@ -85,7 +95,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase {
|
|
|
|
|
$this->assertEquals(12, hex2bin(bin2hex(12)));
|
|
|
|
|
$this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* test expand_acl
|
|
|
|
|
*/
|
|
|
|
@ -93,7 +103,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase {
|
|
|
|
|
$text="<1><2><3>";
|
|
|
|
|
$this->assertEquals(array(1, 2, 3), expand_acl($text));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function testExpandAclBigNumber() {
|
|
|
|
|
$text="<1><279012><15>";
|
|
|
|
|
$this->assertEquals(array(1, 279012, 15), expand_acl($text));
|
|
|
|
@ -133,19 +143,19 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase {
|
|
|
|
|
$text="Another> invalid> string>"; //should be invalid
|
|
|
|
|
$this->assertEquals(array(), expand_acl($text));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function testExpandAclOpenOnly() {
|
|
|
|
|
$text="<Another< invalid string<"; //should be invalid
|
|
|
|
|
$this->assertEquals(array(), expand_acl($text));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function testExpandAclNoMatching1() {
|
|
|
|
|
$text="<Another<> invalid <string>"; //should be invalid
|
|
|
|
|
$this->assertEquals(array(), expand_acl($text));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function testExpandAclNoMatching2() {
|
|
|
|
|
$text="<1>2><3>";
|
|
|
|
|
$text="<1>2><3>";
|
|
|
|
|
$this->assertEquals(array(), expand_acl($text));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -166,7 +176,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase {
|
|
|
|
|
$this->assertTrue(attribute_contains($testAttr, "class3"));
|
|
|
|
|
$this->assertFalse(attribute_contains($testAttr, "class2"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function testAttributeContainsEmpty() {
|
|
|
|
|
$testAttr="";
|
|
|
|
|
$this->assertFalse(attribute_contains($testAttr, "class2"));
|
|
|
|
@ -176,17 +186,71 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase {
|
|
|
|
|
$testAttr="--... %\$ä() /(=?}";
|
|
|
|
|
$this->assertFalse(attribute_contains($testAttr, "class2"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* test get_tags
|
|
|
|
|
*/
|
|
|
|
|
public function testGetTagsShortPerson() {
|
|
|
|
|
$text="hi @Mike";
|
|
|
|
|
|
|
|
|
|
$tags=get_tags($text);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals("@Mike", $tags[0]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testGetTagsShortTag() {
|
|
|
|
|
$text="This is a #test_case";
|
|
|
|
|
|
|
|
|
|
$tags=get_tags($text);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals("#test_case", $tags[0]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testGetTagsShortTagAndPerson() {
|
|
|
|
|
$text="hi @Mike This is a #test_case";
|
|
|
|
|
|
|
|
|
|
$tags=get_tags($text);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals("@Mike", $tags[0]);
|
|
|
|
|
$this->assertEquals("#test_case", $tags[1]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testGetTagsShortTagAndPersonSpecialChars() {
|
|
|
|
|
$text="hi @Mike, This is a #test_case.";
|
|
|
|
|
|
|
|
|
|
$tags=get_tags($text);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals("@Mike", $tags[0]);
|
|
|
|
|
$this->assertEquals("#test_case", $tags[1]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testGetTagsPersonOnly() {
|
|
|
|
|
$text="@Mike I saw the Theme Dev group was created.";
|
|
|
|
|
|
|
|
|
|
$tags=get_tags($text);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals("@Mike", $tags[0]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testGetTags2Persons1TagSpecialChars() {
|
|
|
|
|
$text="hi @Mike, I'm just writing #test_cases, so"
|
|
|
|
|
." so @somebody@friendica.com may change #things.";
|
|
|
|
|
|
|
|
|
|
$tags=get_tags($text);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals("@Mike", $tags[0]);
|
|
|
|
|
$this->assertEquals("#test_cases", $tags[1]);
|
|
|
|
|
$this->assertEquals("@somebody@friendica.com", $tags[2]);
|
|
|
|
|
$this->assertEquals("#things", $tags[3]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testGetTags() {
|
|
|
|
|
$text="hi @Mike, I'm just writing #test_cases, "
|
|
|
|
|
." so @somebody@friendica.com may change #things. Of course I "
|
|
|
|
|
."look for a lot of #pitfalls, like #tags at the end of a sentence "
|
|
|
|
|
."@comment. I hope noone forgets about @fullstops.because that might"
|
|
|
|
|
." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? "
|
|
|
|
|
."Now, add a @first_last tag. ";
|
|
|
|
|
."Now, add a @first_last tag. ";
|
|
|
|
|
//check whether this are all variants (no, auto-stuff is missing).
|
|
|
|
|
|
|
|
|
|
$tags=get_tags($text);
|
|
|
|
@ -210,8 +274,8 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase {
|
|
|
|
|
$tags=get_tags("");
|
|
|
|
|
$this->assertEquals(0, count($tags));
|
|
|
|
|
}
|
|
|
|
|
//function qp, quick and dirty??
|
|
|
|
|
//get_mentions
|
|
|
|
|
//get_contact_block, bis Zeile 538
|
|
|
|
|
//function qp, quick and dirty??
|
|
|
|
|
//get_mentions
|
|
|
|
|
//get_contact_block, bis Zeile 538
|
|
|
|
|
}
|
|
|
|
|
?>
|
|
|
|
|