Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

282 lines
7.5 KiB

  1. <?php
  2. /**
  3. * Tests, without pHPUnit by now
  4. * @package test.util
  5. */
  6. require_once("include/template_processor.php");
  7. require_once('include/text.php');
  8. class AntiXSSTest extends PHPUnit_Framework_TestCase {
  9. public function setUp() {
  10. set_include_path(
  11. get_include_path() . PATH_SEPARATOR
  12. . 'include' . PATH_SEPARATOR
  13. . 'library' . PATH_SEPARATOR
  14. . 'library/phpsec' . PATH_SEPARATOR
  15. . '.' );
  16. }
  17. /**
  18. * test no tags
  19. */
  20. public function testEscapeTags() {
  21. $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
  22. $validstring=notags($invalidstring);
  23. $escapedString=escape_tags($invalidstring);
  24. $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
  25. $this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
  26. }
  27. /**
  28. *autonames should be random, even length
  29. */
  30. public function testAutonameEven() {
  31. $autoname1=autoname(10);
  32. $autoname2=autoname(10);
  33. $this->assertNotEquals($autoname1, $autoname2);
  34. }
  35. /**
  36. *autonames should be random, odd length
  37. */
  38. public function testAutonameOdd() {
  39. $autoname1=autoname(9);
  40. $autoname2=autoname(9);
  41. $this->assertNotEquals($autoname1, $autoname2);
  42. }
  43. /**
  44. * try to fail autonames
  45. */
  46. public function testAutonameNoLength() {
  47. $autoname1=autoname(0);
  48. $this->assertEquals(0, count($autoname1));
  49. }
  50. public function testAutonameNegativeLength() {
  51. $autoname1=autoname(-23);
  52. $this->assertEquals(0, count($autoname1));
  53. }
  54. // public function testAutonameMaxLength() {
  55. // $autoname2=autoname(PHP_INT_MAX);
  56. // $this->assertEquals(PHP_INT_MAX, count($autoname2));
  57. // }
  58. public function testAutonameLength1() {
  59. $autoname3=autoname(1);
  60. $this->assertEquals(1, count($autoname3));
  61. }
  62. /**
  63. *xmlify and unxmlify
  64. */
  65. public function testXmlify() {
  66. $text="<tag>I want to break\n this!11!<?hard?></tag>";
  67. $xml=xmlify($text); //test whether it actually may be part of a xml document
  68. $retext=unxmlify($text);
  69. $this->assertEquals($text, $retext);
  70. }
  71. /**
  72. * test hex2bin and reverse
  73. */
  74. public function testHex2Bin() {
  75. $this->assertEquals(-3, hex2bin(bin2hex(-3)));
  76. $this->assertEquals(0, hex2bin(bin2hex(0)));
  77. $this->assertEquals(12, hex2bin(bin2hex(12)));
  78. $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
  79. }
  80. /**
  81. * test expand_acl
  82. */
  83. public function testExpandAclNormal() {
  84. $text="<1><2><3>";
  85. $this->assertEquals(array(1, 2, 3), expand_acl($text));
  86. }
  87. public function testExpandAclBigNumber() {
  88. $text="<1><279012><15>";
  89. $this->assertEquals(array(1, 279012, 15), expand_acl($text));
  90. }
  91. public function testExpandAclString() {
  92. $text="<1><279012><tt>"; //maybe that's invalid
  93. $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text));
  94. }
  95. public function testExpandAclSpace() {
  96. $text="<1><279 012><32>"; //maybe that's invalid
  97. $this->assertEquals(array(1, "279 012", "32"), expand_acl($text));
  98. }
  99. public function testExpandAclEmpty() {
  100. $text=""; //maybe that's invalid
  101. $this->assertEquals(array(), expand_acl($text));
  102. }
  103. public function testExpandAclNoBrackets() {
  104. $text="According to documentation, that's invalid. "; //should be invalid
  105. $this->assertEquals(array(), expand_acl($text));
  106. }
  107. public function testExpandAclJustOneBracket1() {
  108. $text="<Another invalid string"; //should be invalid
  109. $this->assertEquals(array(), expand_acl($text));
  110. }
  111. public function testExpandAclJustOneBracket2() {
  112. $text="Another invalid> string"; //should be invalid
  113. $this->assertEquals(array(), expand_acl($text));
  114. }
  115. public function testExpandAclCloseOnly() {
  116. $text="Another> invalid> string>"; //should be invalid
  117. $this->assertEquals(array(), expand_acl($text));
  118. }
  119. public function testExpandAclOpenOnly() {
  120. $text="<Another< invalid string<"; //should be invalid
  121. $this->assertEquals(array(), expand_acl($text));
  122. }
  123. public function testExpandAclNoMatching1() {
  124. $text="<Another<> invalid <string>"; //should be invalid
  125. $this->assertEquals(array(), expand_acl($text));
  126. }
  127. public function testExpandAclNoMatching2() {
  128. $text="<1>2><3>";
  129. $this->assertEquals(array(), expand_acl($text));
  130. }
  131. /**
  132. * test attribute contains
  133. */
  134. public function testAttributeContains1() {
  135. $testAttr="class1 notclass2 class3";
  136. $this->assertTrue(attribute_contains($testAttr, "class3"));
  137. $this->assertFalse(attribute_contains($testAttr, "class2"));
  138. }
  139. /**
  140. * test attribute contains
  141. */
  142. public function testAttributeContains2() {
  143. $testAttr="class1 not-class2 class3";
  144. $this->assertTrue(attribute_contains($testAttr, "class3"));
  145. $this->assertFalse(attribute_contains($testAttr, "class2"));
  146. }
  147. public function testAttributeContainsEmpty() {
  148. $testAttr="";
  149. $this->assertFalse(attribute_contains($testAttr, "class2"));
  150. }
  151. public function testAttributeContainsSpecialChars() {
  152. $testAttr="--... %\$ä() /(=?}";
  153. $this->assertFalse(attribute_contains($testAttr, "class2"));
  154. }
  155. /**
  156. * test get_tags
  157. */
  158. public function testGetTagsShortPerson() {
  159. $text="hi @Mike";
  160. $tags=get_tags($text);
  161. $this->assertEquals("@Mike", $tags[0]);
  162. }
  163. public function testGetTagsShortTag() {
  164. $text="This is a #test_case";
  165. $tags=get_tags($text);
  166. $this->assertEquals("#test_case", $tags[0]);
  167. }
  168. public function testGetTagsShortTagAndPerson() {
  169. $text="hi @Mike This is a #test_case";
  170. $tags=get_tags($text);
  171. $this->assertEquals("@Mike", $tags[0]);
  172. $this->assertEquals("#test_case", $tags[1]);
  173. }
  174. public function testGetTagsShortTagAndPersonSpecialChars() {
  175. $text="hi @Mike, This is a #test_case.";
  176. $tags=get_tags($text);
  177. $this->assertEquals("@Mike", $tags[0]);
  178. $this->assertEquals("#test_case", $tags[1]);
  179. }
  180. public function testGetTagsPersonOnly() {
  181. $text="@Mike I saw the Theme Dev group was created.";
  182. $tags=get_tags($text);
  183. $this->assertEquals("@Mike", $tags[0]);
  184. }
  185. public function testGetTags2Persons1TagSpecialChars() {
  186. $text="hi @Mike, I'm just writing #test_cases, so"
  187. ." so @somebody@friendica.com may change #things.";
  188. $tags=get_tags($text);
  189. $this->assertEquals("@Mike", $tags[0]);
  190. $this->assertEquals("#test_cases", $tags[1]);
  191. $this->assertEquals("@somebody@friendica.com", $tags[2]);
  192. $this->assertEquals("#things", $tags[3]);
  193. }
  194. public function testGetTags() {
  195. $text="hi @Mike, I'm just writing #test_cases, "
  196. ." so @somebody@friendica.com may change #things. Of course I "
  197. ."look for a lot of #pitfalls, like #tags at the end of a sentence "
  198. ."@comment. I hope noone forgets about @fullstops.because that might"
  199. ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? "
  200. ."Now, add a @first_last tag. ";
  201. //check whether this are all variants (no, auto-stuff is missing).
  202. $tags=get_tags($text);
  203. $this->assertEquals("@Mike", $tags[0]);
  204. $this->assertEquals("#test_cases", $tags[1]);
  205. $this->assertEquals("@somebody@friendica.com", $tags[2]);
  206. $this->assertEquals("#things", $tags[3]);
  207. $this->assertEquals("#pitfalls", $tags[4]);
  208. $this->assertEquals("#tags", $tags[5]);
  209. $this->assertEquals("@comment", $tags[6]);
  210. $this->assertEquals("@fullstops", $tags[7]);
  211. $this->assertEquals("#things", $tags[8]);
  212. $this->assertEquals("@Mike", $tags[9]);
  213. $this->assertEquals("@campino@friendica.eu", $tags[10]);
  214. $this->assertEquals("#nice", $tags[11]);
  215. $this->assertEquals("@first_last", $tags[12]);
  216. }
  217. public function testGetTagsEmpty() {
  218. $tags=get_tags("");
  219. $this->assertEquals(0, count($tags));
  220. }
  221. //function qp, quick and dirty??
  222. //get_mentions
  223. //get_contact_block, bis Zeile 538
  224. }
  225. ?>