From 78b544920c0d3984dd814cfe59f43c46feac6f12 Mon Sep 17 00:00:00 2001
From: JoshyPHP <s9e.dev@gmail.com>
Date: Tue, 3 Mar 2015 04:18:17 +0100
Subject: [ticket/11768] Added support for creating unsafe BBCodes

PHPBB3-11768
---
 tests/text_formatter/s9e/factory_test.php          | 18 +++++++++++---
 .../text_formatter/s9e/fixtures/unsafe_bbcode.xml  | 28 ++++++++++++++++++++++
 2 files changed, 43 insertions(+), 3 deletions(-)
 create mode 100644 tests/text_formatter/s9e/fixtures/unsafe_bbcode.xml

(limited to 'tests/text_formatter/s9e')

diff --git a/tests/text_formatter/s9e/factory_test.php b/tests/text_formatter/s9e/factory_test.php
index a1378514b4..8df841605d 100644
--- a/tests/text_formatter/s9e/factory_test.php
+++ b/tests/text_formatter/s9e/factory_test.php
@@ -78,9 +78,6 @@ class phpbb_textformatter_s9e_factory_test extends phpbb_database_test_case
 		// This custom BBCode should be set
 		$this->assertTrue(isset($configurator->BBCodes['CUSTOM']));
 
-		// This unsafe custom BBCode will trigger an exception and should be ignored
-		$this->assertFalse(isset($configurator->BBCodes['UNSAFE']));
-
 		$this->assertTrue(isset($configurator->Emoticons[':D']));
 	}
 
@@ -176,4 +173,19 @@ class phpbb_textformatter_s9e_factory_test extends phpbb_database_test_case
 		$expected = $original;
 		$this->assertSame($expected, $renderer->render($parser->parse($original)));
 	}
+
+	/**
+	* @testdox Accepts unsafe custom BBCodes
+	*/
+	public function test_unsafe_bbcode()
+	{
+		$fixture = __DIR__ . '/fixtures/unsafe_bbcode.xml';
+		$container = $this->get_test_case_helpers()->set_s9e_services(null, $fixture);
+		$parser = $container->get('text_formatter.parser');
+		$renderer = $container->get('text_formatter.renderer');
+
+		$original = '[xss=javascript:alert(1)]text[/xss]';
+		$expected = '<a href="javascript:alert(1)">text</a>';
+		$this->assertSame($expected, $renderer->render($parser->parse($original)));
+	}
 }
diff --git a/tests/text_formatter/s9e/fixtures/unsafe_bbcode.xml b/tests/text_formatter/s9e/fixtures/unsafe_bbcode.xml
new file mode 100644
index 0000000000..55a2e689b6
--- /dev/null
+++ b/tests/text_formatter/s9e/fixtures/unsafe_bbcode.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+	<table name="phpbb_bbcodes">
+		<column>bbcode_id</column>
+		<column>bbcode_tag</column>
+		<column>bbcode_helpline</column>
+		<column>display_on_posting</column>
+		<column>bbcode_match</column>
+		<column>bbcode_tpl</column>
+		<column>first_pass_match</column>
+		<column>first_pass_replace</column>
+		<column>second_pass_match</column>
+		<column>second_pass_replace</column>
+
+		<row>
+			<value>13</value>
+			<value>xss=</value>
+			<value></value>
+			<value>1</value>
+			<value>[xss={TEXT1}]{TEXT2}[/xss]</value>
+			<value><![CDATA[<a href="{TEXT1}">{TEXT2}</a>]]></value>
+			<value><![CDATA[!\[xss\=(.*?)\](.*?)\[/xss\]!ies]]></value>
+			<value><![CDATA['[xss='.str_replace(array("\r\n", '\"', '\'', '(', ')'), array("\n", '"', '&#39;', '&#40;', '&#41;'), trim('${1}')).':$uid]'.str_replace(array("\r\n", '\"', '\'', '(', ')'), array("\n", '"', '&#39;', '&#40;', '&#41;'), trim('${2}')).'[/xss:$uid]']]></value>
+			<value><![CDATA[!\[xss\=(.*?):$uid\](.*?)\[/xss:$uid\]!s]]></value>
+			<value><![CDATA[<a href="${1}">${2}</a>]]></value>
+		</row>
+	</table>
+</dataset>
-- 
cgit v1.2.1