Merge branch 'ticket/security/211' into ticket/security/211-rhea

author: Marc Alexander <admin@m-a-styles.de> 2018-01-01 11:54:37 +0100
committer: Marc Alexander <admin@m-a-styles.de> 2018-01-01 11:54:37 +0100
commit: bf5f11e11ac0f25441ba891fc16d5a780e4450e2 (patch)
tree: 12aa20249ca31f91fa3c8ab6795a2bce6f55f3a4 /tests
parent: 0ff5f9fa0edf9ac3125cc4e871609a90cee1cfac (diff)
parent: f7d387f93c421e93ef13375bd5e0fb408e921598 (diff)
download: forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.tar
forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.tar.gz
forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.tar.bz2
forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.tar.xz
forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.zip
3 files changed, 95 insertions, 2 deletions
diff --git a/tests/functions/make_clickable_test.php b/tests/functions/make_clickable_test.php
index a351a6d527..a6af12b624 100644
--- a/tests/functions/make_clickable_test.php
+++ b/tests/functions/make_clickable_test.php
@@ -53,6 +53,14 @@ class phpbb_functions_make_clickable_test extends phpbb_test_case
 				'<!-- l --><a class="postlink-local" href="http://testhost/viewtopic.php?t=1">viewtopic.php?t=1</a><!-- l -->'
 			),
 			array(
+				'javascript://testhost/viewtopic.php?t=1',
+				'javascript://testhost/viewtopic.php?t=1'
+			),
+			array(
+				"java\nscri\npt://testhost/viewtopic.php?t=1",
+				"java\nscri\n<!-- m --><a class=\"postlink\" href=\"pt://testhost/viewtopic.php?t=1\">pt://testhost/viewtopic.php?t=1</a><!-- m -->"
+			),
+			array(
 				'email@domain.com',
 				'<!-- e --><a href="mailto:email@domain.com">email@domain.com</a><!-- e -->'
 			),
@@ -90,6 +98,10 @@ class phpbb_functions_make_clickable_test extends phpbb_test_case
 				'<!-- m --><a class="postlink" href="ftp://ftp.täst.de/">ftp://ftp.täst.de/</a><!-- m -->'
 			),
 			array(
+				'javascript://täst.de/',
+				'javascript://täst.de/'
+			),
+			array(
 				'sip://bantu@täst.de',
 				'<!-- m --><a class="postlink" href="sip://bantu@täst.de">sip://bantu@täst.de</a><!-- m -->'
 			),
diff --git a/tests/profilefields/type_string_test.php b/tests/profilefields/type_string_test.php
index 7c7fa3f3e6..a5e1d89ef2 100644
--- a/tests/profilefields/type_string_test.php
+++ b/tests/profilefields/type_string_test.php
@@ -24,7 +24,7 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
 	*/
 	public function setUp()
 	{
-		global $request, $user, $cache, $phpbb_root_path, $phpEx;
+		global $config, $request, $user, $cache, $phpbb_root_path, $phpEx;
 
 		$user = $this->getMock('\phpbb\user', array(), array(
 			new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)),
@@ -34,6 +34,7 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
 		$user->expects($this->any())
 			->method('lang')
 			->will($this->returnCallback(array($this, 'return_callback_implode')));
+		$config = new \phpbb\config\config([]);
 
 		$request = $this->getMock('\phpbb\request\request');
 		$template = $this->getMock('\phpbb\template\template');
@@ -269,6 +270,18 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
 				null,
 				'Field should simply output null for empty vlaue',
 			),
+			array(
+				'http://foobar.com',
+				array('field_show_novalue' => false),
+				'http://foobar.com',
+				'Field should output the given value but not make it clickable',
+			),
+			array(
+				'javascript://foobar.com',
+				array('field_show_novalue' => true),
+				'javascript://foobar.com',
+				'Field should output the given value but not make it clickable',
+			),
 		);
 	}
 
diff --git a/tests/profilefields/type_url_test.php b/tests/profilefields/type_url_test.php
index 1d90e2c34c..3bb5d52899 100644
--- a/tests/profilefields/type_url_test.php
+++ b/tests/profilefields/type_url_test.php
@@ -11,6 +11,10 @@
 *
 */
 
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_content.php';
+require_once dirname(__FILE__) . '/../../phpBB/includes/utf/utf_tools.php';
+
 class phpbb_profilefield_type_url_test extends phpbb_test_case
 {
 	protected $cp;
@@ -24,8 +28,10 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case
 	*/
 	public function setUp()
 	{
-		global $phpbb_root_path, $phpEx;
+		global $config, $request, $user, $cache, $phpbb_root_path, $phpEx;
 
+		$config = new \phpbb\config\config([]);
+		$cache = new phpbb_mock_cache;
 		$user = $this->getMock('\phpbb\user', array(), array(
 			new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)),
 			'\phpbb\datetime'
@@ -92,6 +98,19 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case
 				'FIELD_INVALID_URL-field',
 				'Field should reject invalid URL having multi value parameters',
 			),
+			// Not allowed schemes
+			array(
+				'ftp://example.com/',
+				array(),
+				'FIELD_INVALID_URL-field',
+				'Field should reject invalid URL having multi value parameters',
+			),
+			array(
+				'javascript://alert.com',
+				array(),
+				'FIELD_INVALID_URL-field',
+				'Field should reject invalid URL having multi value parameters',
+			),
 
 			// IDN url type profilefields
 			array(
@@ -165,6 +184,55 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case
 		);
 	}
 
+	public function profile_value_data()
+	{
+		return array(
+			array(
+				'http://foobar.com',
+				array('field_show_novalue' => true),
+				'<!-- l --><a class="postlink-local" href="http://foobar.com">foobar.com</a><!-- l -->',
+				'Field should output the given value',
+			),
+			array(
+				'http://foobar.com',
+				array('field_show_novalue' => false),
+				'<!-- l --><a class="postlink-local" href="http://foobar.com">foobar.com</a><!-- l -->',
+				'Field should output the given value',
+			),
+			array(
+				'test',
+				array('field_show_novalue' => true),
+				null,
+				'Field should output nothing for empty value',
+			),
+			array(
+				'test',
+				array('field_show_novalue' => false),
+				null,
+				'Field should simply output null for empty value',
+			),
+			array(
+				'javascript://foobar.com',
+				array('field_show_novalue' => true),
+				null,
+				'Field should output nothing for empty value',
+			),
+		);
+	}
+
+
+	/**
+	 * @dataProvider profile_value_data
+	 */
+	public function test_get_profile_value($value, $field_options, $expected, $description)
+	{
+		$field_options = array_merge($this->field_options, $field_options);
+
+		$result = $this->cp->get_profile_value($value, $field_options);
+
+		$this->assertSame($expected, $result, $description);
+	}
+
 	/**
 	* @dataProvider profile_value_raw_data
 	*/
author	Marc Alexander <admin@m-a-styles.de>	2018-01-01 11:54:37 +0100
committer	Marc Alexander <admin@m-a-styles.de>	2018-01-01 11:54:37 +0100
commit	bf5f11e11ac0f25441ba891fc16d5a780e4450e2 (patch)
tree	12aa20249ca31f91fa3c8ab6795a2bce6f55f3a4 /tests
parent	0ff5f9fa0edf9ac3125cc4e871609a90cee1cfac (diff)
parent	f7d387f93c421e93ef13375bd5e0fb408e921598 (diff)
download	forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.tar forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.tar.gz forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.tar.bz2 forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.tar.xz forums-bf5f11e11ac0f25441ba891fc16d5a780e4450e2.zip