diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-12-21 10:34:17 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-12-21 10:34:17 +0100 |
| commit | d26622e9921fdabff9186e0a2e47a2f8ed0a1238 (patch) | |
| tree | 95dfd71fc22e95776768de6a978548f0adbdb8ac /tests | |
| parent | 0b3eb2f9eaac66cf76e40703f77f362d1e42e86c (diff) | |
| parent | 2733ce07129dceb5b60acdceba1689fa5339a523 (diff) | |
| download | forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.gz forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.bz2 forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.xz forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.zip | |
Merge pull request #5770 from JoshyPHP/ticket/16250
[ticket/16250] Add a service to check BBCodes safeness in ACP
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/functional/acp_bbcodes_test.php | 40 | ||||
| -rw-r--r-- | tests/text_formatter/s9e/acp_utils_test.php | 79 |
2 files changed, 119 insertions, 0 deletions
diff --git a/tests/functional/acp_bbcodes_test.php b/tests/functional/acp_bbcodes_test.php index 58681dfa07..cc6397fdfd 100644 --- a/tests/functional/acp_bbcodes_test.php +++ b/tests/functional/acp_bbcodes_test.php @@ -43,4 +43,44 @@ class phpbb_functional_acp_bbcodes_test extends phpbb_functional_test_case $this->assertContains('<div>c</div>', $html); $this->assertContains('<div>d</div>', $html); } + + /** + * @dataProvider get_bbcode_error_tests + */ + public function test_bbcode_error($match, $tpl, $error) + { + $this->login(); + $this->admin_login(); + + $crawler = self::request('GET', 'adm/index.php?i=acp_bbcodes&sid=' . $this->sid . '&mode=bbcodes&action=add'); + $form = $crawler->selectButton('Submit')->form([ + 'bbcode_match' => $match, + 'bbcode_tpl' => $tpl + ]); + $crawler = self::submit($form); + + $text = $crawler->filter('.errorbox')->text(); + $this->assertStringContainsString($error, $text); + } + + public function get_bbcode_error_tests() + { + return [ + [ + 'XXX', + '', + 'BBCode is constructed in an invalid form' + ], + [ + '[x]{TEXT}[/x]', + '<xsl:invalid', + 'template is invalid' + ], + [ + '[x]{TEXT}[/x]', + '<script>{TEXT}</script>', + 'unsafe' + ], + ]; + } } diff --git a/tests/text_formatter/s9e/acp_utils_test.php b/tests/text_formatter/s9e/acp_utils_test.php new file mode 100644 index 0000000000..9d84924042 --- /dev/null +++ b/tests/text_formatter/s9e/acp_utils_test.php @@ -0,0 +1,79 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +class phpbb_textformatter_s9e_acp_utils_test extends phpbb_test_case +{ + /** + * @dataProvider get_analyse_bbcode_tests + */ + public function test_analyse_bbcode($definition, $template, $expected) + { + $container = $this->get_test_case_helpers()->set_s9e_services(); + $factory = $container->get('text_formatter.s9e.factory'); + $acp_utils = new \phpbb\textformatter\s9e\acp_utils($factory); + $actual = $acp_utils->analyse_bbcode($definition, $template); + + $this->assertEquals($expected, $actual); + } + + public function get_analyse_bbcode_tests() + { + return [ + [ + '[x]{TEXT}[/x]', + '<b>{TEXT}</b>', + [ + 'status' => 'safe', + 'name' => 'X' + ] + ], + [ + '[hr]', + '<hr>', + [ + 'status' => 'safe', + 'name' => 'HR' + ] + ], + [ + '[x]{TEXT}[/x]', + '<script>{TEXT}</script>', + [ + 'status' => 'unsafe', + 'name' => 'X', + 'error_text' => 'Cannot allow unfiltered data in this context', + 'error_html' => '<script> + <span class="highlight"><xsl:apply-templates/></span> +</script>' + ] + ], + [ + '???', + '<hr>', + [ + 'status' => 'invalid_definition', + 'error_text' => 'Cannot interpret the BBCode definition' + ] + ], + [ + '[x]{TEXT}[/x]', + '<xsl:invalid', + [ + 'status' => 'invalid_template', + 'name' => 'X', + 'error_text' => "Invalid XSL: Couldn't find end of Start Tag invalid line 1\n" + ] + ], + ]; + } +} |