Context Navigation

← Previous Change
Next Change →

test

Timestamp:

02/28/06 19:56:23 (6 years ago)

Author:

haas

Message:

InputFilter? documentation, regression test

Files:

: 1 modified

trunk/trax/test/InputFilterTest.php (modified) (4 diffs, 2 props)

Legend:

: Unmodified
: Added
: Removed

trunk/trax/test/InputFilterTest.php

Property svn:executable set to *
Property svn:keywords set to Id

r155	r156
	1	#!/usr/bin/php -q
1	2	<?php
2	3	/**
…	…
32	33	*/
33	34	class InputFilterTest extends PHPUnit2_Framework_TestCase {
	35
34	36	/**
35	37	* Runs the test methods of this class.
…	…
64	66
65	67	/**
66		* ~~@todo Implement testProcess_all().~~
	68	* Test the process() method
67	69	*/
68		public function testProcess_all() {
69		// Remove the following line when you implement this test.
70		throw new PHPUnit2_Framework_IncompleteTestError;
	70	public function testProcess() {
	71	// Trivial case, nothing to clean
	72	@new InputFilter();
	73	$this->assertEquals(InputFilter::process('foo'),'foo');
	74	$this->assertEquals(InputFilter::process(array('foo','bar')),
	75	array('foo','bar'));
	76	// Default constructor removes all tags
	77	$this->assertEquals(InputFilter::process('<ok>foobar</ok>'),
	78	'foobar');
	79	// Allow all but blacklisted tags and attributes
	80	@new InputFilter(array(),array(),1,1,1);
	81	// Irregular tag names are always filtered out
	82	$this->assertEquals(InputFilter::process('foo<#$>bar</#$>mumble'),
	83	'foobarmumble');
	84	// $xssAuto=1 filters blacklisted tags and attributes
	85	$this->assertEquals(InputFilter::process('<body>foobar</body>'),
	86	'foobar');
	87	$this->assertEquals(InputFilter::process('<ok action="yes">foobar</ok>'),
	88	'<ok>foobar</ok>');
	89	// With $xssAuto off, blacklisted tags and attributes are allowed
	90	@new InputFilter(array(),array(),1,1,0);
	91	$this->assertEquals(InputFilter::process('<body>foobar</body>'),
	92	'<body>foobar</body>');
	93	$this->assertEquals(InputFilter::process('<ok action="yes">foobar</ok>'),
	94	'<ok action="yes">foobar</ok>');
	95	// tagMethod=1 permits all but listed tags
	96	@new InputFilter(array('foo'),array(),1,1,0);
	97	$this->assertEquals(
	98	InputFilter::process('<foo>mumble</foo><bar>grumble</bar>'),
	99	'mumble<bar>grumble</bar>');
	100	// tagMethod=0 permits only listed tags
	101	@new InputFilter(array('foo'),array(),0,1,0);
	102	$this->assertEquals(
	103	InputFilter::process('<foo>mumble</foo><bar>grumble</bar>'),
	104	'<foo>mumble</foo>grumble');
	105	// attrMethod=1 permits all but listed attributes
	106	@new InputFilter(array(),array('dangerous'),1,1,0);
	107	$this->assertEquals(
	108	InputFilter::process('<foo safe="1" dangerous="1">mumble</foo>'),
	109	'<foo safe="1">mumble</foo>');
	110	// attrMethod=0 permits only listed tags
	111	@new InputFilter(array(),array('dangerous'),1,0,0);
	112	$this->assertEquals(
	113	InputFilter::process('<foo safe="1" dangerous="1">mumble</foo>'),
	114	'<foo dangerous="1">mumble</foo>');
	115	// accept only know safe tags
	116	@new InputFilter(array('div','span','strong','em'),
	117	array('id','class'),0,0,0);
	118	$this->assertEquals(
	119	InputFilter::process(
	120	'<body class="full">mumble<span class="error" color="red">'
	121	.'grumble</span>burfl</body>'),
	122	'mumble<span class="error">grumble</span>burfl');
71	123	}
72	124
73	125	/**
74		* ~~@todo Implement testProcess().~~
	126	* Test process_all() method
75	127	*/
76		public function testProcess() {
77		// Remove the following line when you implement this test.
78		throw new PHPUnit2_Framework_IncompleteTestError;
	128	public function testProcess_all() {
	129	$_GET = array('<tag1>foo</tag1>');
	130	$_POST = array('<tag2>bar</tag2>');
	131	$_REQUEST = array('<tag3>mumble</tag3>');
	132
	133	// Default is to remove all tags
	134	InputFilter::process_all();
	135	$this->assertEquals($_GET,array('foo'));
	136	$this->assertEquals($_POST,array('bar'));
	137	$this->assertEquals($_REQUEST,array('mumble'));
79	138	}
80	139
81	140	/**
82		* @todo Implement testSafeSQL().
	141	* Test saveSQL()
	142	* @todo Figure out problem w/ mysql_real_escape_string()
	143	* @todo Figure out how to test with magic quotes either on or off
83	144	*/
84	145	public function testSafeSQL() {
85		// Remove the following line when you implement this test.
86		throw new PHPUnit2_Framework_IncompleteTestError;
	146	$rs = mysql_connect();
	147	if ($rs == false) {
	148	PHPUnit2_Framework_Assert::fail("InputFilterTest:"
	149	." unable to open a connction to MySQL");
	150	}
	151	// Trivial case, nothing to clean
	152	$this->assertEquals(InputFilter::safeSQL('foo',$rs),'foo');
	153	$this->assertEquals(InputFilter::safeSQL(array('foo','bar'),$rs),
	154	array('foo','bar'));
	155	if (get_magic_quotes_gpc()) {
	156	// verify stripping of magic quotes
	157	// FIXME: figure out how to test this case
	158	$this->assertEquals(
	159	InputFilter::safeSQL('a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a',$rs),
	160	'a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a');
	161	}
	162	else {
	163	// verify magic quotes aren't there
	164	$pattern = "a'b\"c\\d\x00e\nf\rg\x1ah";
	165	$non_zero_pattern = "a'b\"c\\de\nf\rg\x1ah";
	166	$quoted_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah";
	167	$quoted_non_zero_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah";
	168	echo "\nIf this fails it means mysql_real_escape_string() is broken: ";
	169	$this->assertEquals(mysql_real_escape_string($non_zero_pattern),
	170	$quoted_non_zero_pattern);
	171	echo "\nIf this fails it means mysql_real_escape_string() is broken: ";
	172	$this->assertEquals(mysql_real_escape_string($pattern),
	173	$quoted_pattern);
	174	$this->assertEquals(
	175	InputFilter::safeSQL($pattern,$rs),$quoted_pattern);
	176	}
87	177	}
88	178	}
…	…
92	182	InputFilterTest::main();
93	183	}
	184
	185	// -- set Emacs parameters --
	186	// Local variables:
	187	// tab-width: 4
	188	// c-basic-offset: 4
	189	// c-hanging-comment-ender-p: nil
	190	// indent-tabs-mode: nil
	191	// End:
94	192	?>

Context Navigation

Changeset 156 for trunk/trax/test

Legend:

trunk/trax/test/InputFilterTest.php

Download in other formats: