aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2019-12-21 10:34:17 +0100
committerMarc Alexander <admin@m-a-styles.de>2019-12-21 10:34:17 +0100
commitd26622e9921fdabff9186e0a2e47a2f8ed0a1238 (patch)
tree95dfd71fc22e95776768de6a978548f0adbdb8ac /tests
parent0b3eb2f9eaac66cf76e40703f77f362d1e42e86c (diff)
parent2733ce07129dceb5b60acdceba1689fa5339a523 (diff)
downloadforums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar
forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.gz
forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.bz2
forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.xz
forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.zip
Merge pull request #5770 from JoshyPHP/ticket/16250
[ticket/16250] Add a service to check BBCodes safeness in ACP
Diffstat (limited to 'tests')
-rw-r--r--tests/functional/acp_bbcodes_test.php40
-rw-r--r--tests/text_formatter/s9e/acp_utils_test.php79
2 files changed, 119 insertions, 0 deletions
diff --git a/tests/functional/acp_bbcodes_test.php b/tests/functional/acp_bbcodes_test.php
index 58681dfa07..cc6397fdfd 100644
--- a/tests/functional/acp_bbcodes_test.php
+++ b/tests/functional/acp_bbcodes_test.php
@@ -43,4 +43,44 @@ class phpbb_functional_acp_bbcodes_test extends phpbb_functional_test_case
$this->assertContains('<div>c</div>', $html);
$this->assertContains('<div>d</div>', $html);
}
+
+ /**
+ * @dataProvider get_bbcode_error_tests
+ */
+ public function test_bbcode_error($match, $tpl, $error)
+ {
+ $this->login();
+ $this->admin_login();
+
+ $crawler = self::request('GET', 'adm/index.php?i=acp_bbcodes&sid=' . $this->sid . '&mode=bbcodes&action=add');
+ $form = $crawler->selectButton('Submit')->form([
+ 'bbcode_match' => $match,
+ 'bbcode_tpl' => $tpl
+ ]);
+ $crawler = self::submit($form);
+
+ $text = $crawler->filter('.errorbox')->text();
+ $this->assertStringContainsString($error, $text);
+ }
+
+ public function get_bbcode_error_tests()
+ {
+ return [
+ [
+ 'XXX',
+ '',
+ 'BBCode is constructed in an invalid form'
+ ],
+ [
+ '[x]{TEXT}[/x]',
+ '<xsl:invalid',
+ 'template is invalid'
+ ],
+ [
+ '[x]{TEXT}[/x]',
+ '<script>{TEXT}</script>',
+ 'unsafe'
+ ],
+ ];
+ }
}
diff --git a/tests/text_formatter/s9e/acp_utils_test.php b/tests/text_formatter/s9e/acp_utils_test.php
new file mode 100644
index 0000000000..9d84924042
--- /dev/null
+++ b/tests/text_formatter/s9e/acp_utils_test.php
@@ -0,0 +1,79 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class phpbb_textformatter_s9e_acp_utils_test extends phpbb_test_case
+{
+ /**
+ * @dataProvider get_analyse_bbcode_tests
+ */
+ public function test_analyse_bbcode($definition, $template, $expected)
+ {
+ $container = $this->get_test_case_helpers()->set_s9e_services();
+ $factory = $container->get('text_formatter.s9e.factory');
+ $acp_utils = new \phpbb\textformatter\s9e\acp_utils($factory);
+ $actual = $acp_utils->analyse_bbcode($definition, $template);
+
+ $this->assertEquals($expected, $actual);
+ }
+
+ public function get_analyse_bbcode_tests()
+ {
+ return [
+ [
+ '[x]{TEXT}[/x]',
+ '<b>{TEXT}</b>',
+ [
+ 'status' => 'safe',
+ 'name' => 'X'
+ ]
+ ],
+ [
+ '[hr]',
+ '<hr>',
+ [
+ 'status' => 'safe',
+ 'name' => 'HR'
+ ]
+ ],
+ [
+ '[x]{TEXT}[/x]',
+ '<script>{TEXT}</script>',
+ [
+ 'status' => 'unsafe',
+ 'name' => 'X',
+ 'error_text' => 'Cannot allow unfiltered data in this context',
+ 'error_html' => '&lt;script&gt;
+ <span class="highlight">&lt;xsl:apply-templates/&gt;</span>
+&lt;/script&gt;'
+ ]
+ ],
+ [
+ '???',
+ '<hr>',
+ [
+ 'status' => 'invalid_definition',
+ 'error_text' => 'Cannot interpret the BBCode definition'
+ ]
+ ],
+ [
+ '[x]{TEXT}[/x]',
+ '<xsl:invalid',
+ [
+ 'status' => 'invalid_template',
+ 'name' => 'X',
+ 'error_text' => "Invalid XSL: Couldn't find end of Start Tag invalid line 1\n"
+ ]
+ ],
+ ];
+ }
+}