| [ Index ] |
|
Code source de PHPonTrax 2.6.6-svn |
1 <?php 2 /** 3 * File for the InputFilterTest class 4 * 5 * (PHP 5) 6 * 7 * @package PHPonTraxTest 8 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 9 * @copyright (c) Walter O. Haas 2006 10 * @version $Id: InputFilterTest.php 192 2006-03-27 22:02:53Z haas $ 11 * @author Walt Haas <haas@xmission.com> 12 */ 13 14 echo "testing InputFilter\n"; 15 require_once 'testenv.php'; 16 17 // Call InputFilterTest::main() if this source file is executed directly. 18 if (!defined("PHPUnit2_MAIN_METHOD")) { 19 define("PHPUnit2_MAIN_METHOD", "InputFilterTest::main"); 20 } 21 22 require_once "PHPUnit2/Framework/TestCase.php"; 23 require_once "PHPUnit2/Framework/TestSuite.php"; 24 25 // You may remove the following line when all tests have been implemented. 26 require_once "PHPUnit2/Framework/IncompleteTestError.php"; 27 28 require_once "input_filter.php"; 29 30 /** 31 * Test class for InputFilter. 32 * Generated by PHPUnit2_Util_Skeleton on 2006-02-28 at 11:52:31. 33 */ 34 class InputFilterTest extends PHPUnit2_Framework_TestCase { 35 36 /** 37 * Runs the test methods of this class. 38 * 39 * @access public 40 * @static 41 */ 42 public static function main() { 43 require_once "PHPUnit2/TextUI/TestRunner.php"; 44 45 $suite = new PHPUnit2_Framework_TestSuite("InputFilterTest"); 46 $result = PHPUnit2_TextUI_TestRunner::run($suite); 47 } 48 49 /** 50 * Sets up the fixture, for example, open a network connection. 51 * This method is called before a test is executed. 52 * 53 * @access protected 54 */ 55 protected function setUp() { 56 } 57 58 /** 59 * Tears down the fixture, for example, close a network connection. 60 * This method is called after a test is executed. 61 * 62 * @access protected 63 */ 64 protected function tearDown() { 65 } 66 67 /** 68 * Test the process() method 69 */ 70 public function testProcess() { 71 // Trivial case, nothing to clean 72 @new InputFilter(); 73 $this->assertEquals(InputFilter::process('foo'),'foo'); 74 $this->assertEquals(InputFilter::process(array('foo','bar')), 75 array('foo','bar')); 76 // Default constructor removes all tags 77 $this->assertEquals(InputFilter::process('<ok>foobar</ok>'), 78 'foobar'); 79 // Allow all but blacklisted tags and attributes 80 @new InputFilter(array(),array(),1,1,1); 81 // Irregular tag names are always filtered out 82 $this->assertEquals(InputFilter::process('foo<#$>bar</#$>mumble'), 83 'foobarmumble'); 84 // $xssAuto=1 filters blacklisted tags and attributes 85 $this->assertEquals(InputFilter::process('<body>foobar</body>'), 86 'foobar'); 87 $this->assertEquals(InputFilter::process('<ok action="yes">foobar</ok>'), 88 '<ok>foobar</ok>'); 89 // With $xssAuto off, blacklisted tags and attributes are allowed 90 @new InputFilter(array(),array(),1,1,0); 91 $this->assertEquals(InputFilter::process('<body>foobar</body>'), 92 '<body>foobar</body>'); 93 $this->assertEquals(InputFilter::process('<ok action="yes">foobar</ok>'), 94 '<ok action="yes">foobar</ok>'); 95 // tagMethod=1 permits all but listed tags 96 @new InputFilter(array('foo'),array(),1,1,0); 97 $this->assertEquals( 98 InputFilter::process('<foo>mumble</foo><bar>grumble</bar>'), 99 'mumble<bar>grumble</bar>'); 100 // tagMethod=0 permits only listed tags 101 @new InputFilter(array('foo'),array(),0,1,0); 102 $this->assertEquals( 103 InputFilter::process('<foo>mumble</foo><bar>grumble</bar>'), 104 '<foo>mumble</foo>grumble'); 105 // attrMethod=1 permits all but listed attributes 106 @new InputFilter(array(),array('dangerous'),1,1,0); 107 $this->assertEquals( 108 InputFilter::process('<foo safe="1" dangerous="1">mumble</foo>'), 109 '<foo safe="1">mumble</foo>'); 110 // attrMethod=0 permits only listed tags 111 @new InputFilter(array(),array('dangerous'),1,0,0); 112 $this->assertEquals( 113 InputFilter::process('<foo safe="1" dangerous="1">mumble</foo>'), 114 '<foo dangerous="1">mumble</foo>'); 115 // accept only know safe tags 116 @new InputFilter(array('div','span','strong','em'), 117 array('id','class'),0,0,0); 118 $this->assertEquals( 119 InputFilter::process( 120 '<body class="full">mumble<span class="error" color="red">' 121 .'grumble</span>burfl</body>'), 122 'mumble<span class="error">grumble</span>burfl'); 123 } 124 125 /** 126 * Test process_all() method 127 */ 128 public function testProcess_all() { 129 $_GET = array('<tag1>foo</tag1>'); 130 $_POST = array('<tag2>bar</tag2>'); 131 $_REQUEST = array('<tag3>mumble</tag3>'); 132 133 // Default is to remove all tags 134 InputFilter::process_all(); 135 $this->assertEquals($_GET,array('foo')); 136 $this->assertEquals($_POST,array('bar')); 137 $this->assertEquals($_REQUEST,array('mumble')); 138 } 139 140 /** 141 * Test saveSQL() 142 * @todo Figure out problem w/ mysql_real_escape_string() 143 * @todo Figure out how to test with magic quotes either on or off 144 */ 145 public function testSafeSQL() { 146 $rs = mysql_connect(); 147 if ($rs == false) { 148 PHPUnit2_Framework_Assert::fail("InputFilterTest:" 149 ." unable to open a connction to MySQL"); 150 } 151 // Trivial case, nothing to clean 152 $this->assertEquals(InputFilter::safeSQL('foo',$rs),'foo'); 153 $this->assertEquals(InputFilter::safeSQL(array('foo','bar'),$rs), 154 array('foo','bar')); 155 if (get_magic_quotes_gpc()) { 156 // verify stripping of magic quotes 157 // FIXME: figure out how to test this case 158 $this->assertEquals( 159 InputFilter::safeSQL('a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a',$rs), 160 'a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a'); 161 } 162 else { 163 // verify magic quotes aren't there 164 $pattern = "a'b\"c\\d\x00e\nf\rg\x1ah"; 165 $non_zero_pattern = "a'b\"c\\de\nf\rg\x1ah"; 166 $quoted_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah"; 167 $quoted_non_zero_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah"; 168 // echo "\nIf this fails it means mysql_real_escape_string() is broken: "; 169 // $this->assertEquals(mysql_real_escape_string($non_zero_pattern), 170 // $quoted_non_zero_pattern); 171 // echo "\nIf this fails it means mysql_real_escape_string() is broken: "; 172 // $this->assertEquals(mysql_real_escape_string($pattern), 173 // $quoted_pattern); 174 // $this->assertEquals( 175 // InputFilter::safeSQL($pattern,$rs),$quoted_pattern); 176 } 177 // Remove the following line when you complete this test. 178 throw new PHPUnit2_Framework_IncompleteTestError; 179 } 180 } 181 182 // Call InputFilterTest::main() if this source file is executed directly. 183 if (PHPUnit2_MAIN_METHOD == "InputFilterTest::main") { 184 InputFilterTest::main(); 185 } 186 187 // -- set Emacs parameters -- 188 // Local variables: 189 // tab-width: 4 190 // c-basic-offset: 4 191 // c-hanging-comment-ender-p: nil 192 // indent-tabs-mode: nil 193 // End: 194 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 20:04:38 2007 | par Balluche grâce à PHPXref 0.7 |