- <?php
- /**
- * File for the InputFilterTest class
- *
- * (PHP 5)
- *
- * @package PHPonTraxTest
- * @license http://opensource.org/licenses/gpl-license.php GNU Public License
- * @copyright (c) Walter O. Haas 2006
- * @version $Id: InputFilterTest.php 192 2006-03-27 22:02:53Z haas $
- * @author Walt Haas <haas@xmission.com>
- */
-
- echo "testing InputFilter\n";
- require_once 'testenv.php';
-
- // Call InputFilterTest::main() if this source file is executed directly.
- if (!defined("PHPUnit2_MAIN_METHOD")) {
- define("PHPUnit2_MAIN_METHOD", "InputFilterTest::main");
- }
-
- require_once "PHPUnit2/Framework/TestCase.php";
- require_once "PHPUnit2/Framework/TestSuite.php";
-
- // You may remove the following line when all tests have been implemented.
- require_once "PHPUnit2/Framework/IncompleteTestError.php";
-
- require_once "input_filter.php";
-
- /**
- * Test class for InputFilter.
- * Generated by PHPUnit2_Util_Skeleton on 2006-02-28 at 11:52:31.
- */
- class InputFilterTest extends PHPUnit2_Framework_TestCase {
-
- /**
- * Runs the test methods of this class.
- *
- * @access public
- * @static
- */
- public static function main() {
- require_once "PHPUnit2/TextUI/TestRunner.php";
-
- $suite = new PHPUnit2_Framework_TestSuite("InputFilterTest");
- $result = PHPUnit2_TextUI_TestRunner::run($suite);
- }
-
- /**
- * Sets up the fixture, for example, open a network connection.
- * This method is called before a test is executed.
- *
- * @access protected
- */
- protected function setUp() {
- }
-
- /**
- * Tears down the fixture, for example, close a network connection.
- * This method is called after a test is executed.
- *
- * @access protected
- */
- protected function tearDown() {
- }
-
- /**
- * Test the process() method
- */
- public function testProcess() {
- // Trivial case, nothing to clean
- @new InputFilter();
- $this->assertEquals(InputFilter::process('foo'),'foo');
- $this->assertEquals(InputFilter::process(array('foo','bar')),
- array('foo','bar'));
- // Default constructor removes all tags
- $this->assertEquals(InputFilter::process('<ok>foobar</ok>'),
- 'foobar');
- // Allow all but blacklisted tags and attributes
- @new InputFilter(array(),array(),1,1,1);
- // Irregular tag names are always filtered out
- $this->assertEquals(InputFilter::process('foo<#$>bar</#$>mumble'),
- 'foobarmumble');
- // $xssAuto=1 filters blacklisted tags and attributes
- $this->assertEquals(InputFilter::process('<body>foobar</body>'),
- 'foobar');
- $this->assertEquals(InputFilter::process('<ok action="yes">foobar</ok>'),
- '<ok>foobar</ok>');
- // With $xssAuto off, blacklisted tags and attributes are allowed
- @new InputFilter(array(),array(),1,1,0);
- $this->assertEquals(InputFilter::process('<body>foobar</body>'),
- '<body>foobar</body>');
- $this->assertEquals(InputFilter::process('<ok action="yes">foobar</ok>'),
- '<ok action="yes">foobar</ok>');
- // tagMethod=1 permits all but listed tags
- @new InputFilter(array('foo'),array(),1,1,0);
- $this->assertEquals(
- InputFilter::process('<foo>mumble</foo><bar>grumble</bar>'),
- 'mumble<bar>grumble</bar>');
- // tagMethod=0 permits only listed tags
- @new InputFilter(array('foo'),array(),0,1,0);
- $this->assertEquals(
- InputFilter::process('<foo>mumble</foo><bar>grumble</bar>'),
- '<foo>mumble</foo>grumble');
- // attrMethod=1 permits all but listed attributes
- @new InputFilter(array(),array('dangerous'),1,1,0);
- $this->assertEquals(
- InputFilter::process('<foo safe="1" dangerous="1">mumble</foo>'),
- '<foo safe="1">mumble</foo>');
- // attrMethod=0 permits only listed tags
- @new InputFilter(array(),array('dangerous'),1,0,0);
- $this->assertEquals(
- InputFilter::process('<foo safe="1" dangerous="1">mumble</foo>'),
- '<foo dangerous="1">mumble</foo>');
- // accept only know safe tags
- @new InputFilter(array('div','span','strong','em'),
- array('id','class'),0,0,0);
- $this->assertEquals(
- InputFilter::process(
- '<body class="full">mumble<span class="error" color="red">'
- .'grumble</span>burfl</body>'),
- 'mumble<span class="error">grumble</span>burfl');
- }
-
- /**
- * Test process_all() method
- */
- public function testProcess_all() {
- $_GET = array('<tag1>foo</tag1>');
- $_POST = array('<tag2>bar</tag2>');
- $_REQUEST = array('<tag3>mumble</tag3>');
-
- // Default is to remove all tags
- InputFilter::process_all();
- $this->assertEquals($_GET,array('foo'));
- $this->assertEquals($_POST,array('bar'));
- $this->assertEquals($_REQUEST,array('mumble'));
- }
-
- /**
- * Test saveSQL()
- * @todo Figure out problem w/ mysql_real_escape_string()
- * @todo Figure out how to test with magic quotes either on or off
- */
- public function testSafeSQL() {
- $rs = mysql_connect();
- if ($rs == false) {
- PHPUnit2_Framework_Assert::fail("InputFilterTest:"
- ." unable to open a connction to MySQL");
- }
- // Trivial case, nothing to clean
- $this->assertEquals(InputFilter::safeSQL('foo',$rs),'foo');
- $this->assertEquals(InputFilter::safeSQL(array('foo','bar'),$rs),
- array('foo','bar'));
- if (get_magic_quotes_gpc()) {
- // verify stripping of magic quotes
- // FIXME: figure out how to test this case
- $this->assertEquals(
- InputFilter::safeSQL('a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a',$rs),
- 'a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a');
- }
- else {
- // verify magic quotes aren't there
- $pattern = "a'b\"c\\d\x00e\nf\rg\x1ah";
- $non_zero_pattern = "a'b\"c\\de\nf\rg\x1ah";
- $quoted_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah";
- $quoted_non_zero_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah";
- // echo "\nIf this fails it means mysql_real_escape_string() is broken: ";
- // $this->assertEquals(mysql_real_escape_string($non_zero_pattern),
- // $quoted_non_zero_pattern);
- // echo "\nIf this fails it means mysql_real_escape_string() is broken: ";
- // $this->assertEquals(mysql_real_escape_string($pattern),
- // $quoted_pattern);
- // $this->assertEquals(
- // InputFilter::safeSQL($pattern,$rs),$quoted_pattern);
- }
- // Remove the following line when you complete this test.
- throw new PHPUnit2_Framework_IncompleteTestError;
- }
- }
-
- // Call InputFilterTest::main() if this source file is executed directly.
- if (PHPUnit2_MAIN_METHOD == "InputFilterTest::main") {
- InputFilterTest::main();
- }
-
- // -- set Emacs parameters --
- // Local variables:
- // tab-width: 4
- // c-basic-offset: 4
- // c-hanging-comment-ender-p: nil
- // indent-tabs-mode: nil
- // End:
- ?>