From 2926ceba6a06a2f0f95452ae838a89247c493c93 Mon Sep 17 00:00:00 2001
From: JoshyPHP <s9e.dev@gmail.com>
Date: Fri, 13 Dec 2019 01:46:09 +0100
Subject: [ticket/16250] Add a service to check BBCodes safeness

PHPBB3-16250
---
 tests/functional/acp_bbcodes_test.php       | 40 +++++++++++++++
 tests/text_formatter/s9e/acp_utils_test.php | 79 +++++++++++++++++++++++++++++
 2 files changed, 119 insertions(+)
 create mode 100644 tests/text_formatter/s9e/acp_utils_test.php

(limited to 'tests')

diff --git a/tests/functional/acp_bbcodes_test.php b/tests/functional/acp_bbcodes_test.php
index 58681dfa07..cc6397fdfd 100644
--- a/tests/functional/acp_bbcodes_test.php
+++ b/tests/functional/acp_bbcodes_test.php
@@ -43,4 +43,44 @@ class phpbb_functional_acp_bbcodes_test extends phpbb_functional_test_case
 		$this->assertContains('<div>c</div>', $html);
 		$this->assertContains('<div>d</div>', $html);
 	}
+
+	/**
+	* @dataProvider get_bbcode_error_tests
+	*/
+	public function test_bbcode_error($match, $tpl, $error)
+	{
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', 'adm/index.php?i=acp_bbcodes&sid=' . $this->sid . '&mode=bbcodes&action=add');
+		$form = $crawler->selectButton('Submit')->form([
+			'bbcode_match' => $match,
+			'bbcode_tpl'   => $tpl
+		]);
+		$crawler = self::submit($form);
+
+		$text = $crawler->filter('.errorbox')->text();
+		$this->assertStringContainsString($error, $text);
+	}
+
+	public function get_bbcode_error_tests()
+	{
+		return [
+			[
+				'XXX',
+				'',
+				'BBCode is constructed in an invalid form'
+			],
+			[
+				'[x]{TEXT}[/x]',
+				'<xsl:invalid',
+				'template is invalid'
+			],
+			[
+				'[x]{TEXT}[/x]',
+				'<script>{TEXT}</script>',
+				'unsafe'
+			],
+		];
+	}
 }
diff --git a/tests/text_formatter/s9e/acp_utils_test.php b/tests/text_formatter/s9e/acp_utils_test.php
new file mode 100644
index 0000000000..9d84924042
--- /dev/null
+++ b/tests/text_formatter/s9e/acp_utils_test.php
@@ -0,0 +1,79 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class phpbb_textformatter_s9e_acp_utils_test extends phpbb_test_case
+{
+	/**
+	* @dataProvider get_analyse_bbcode_tests
+	*/
+	public function test_analyse_bbcode($definition, $template, $expected)
+	{
+		$container = $this->get_test_case_helpers()->set_s9e_services();
+		$factory   = $container->get('text_formatter.s9e.factory');
+		$acp_utils = new \phpbb\textformatter\s9e\acp_utils($factory);
+		$actual    = $acp_utils->analyse_bbcode($definition, $template);
+
+		$this->assertEquals($expected, $actual);
+	}
+
+	public function get_analyse_bbcode_tests()
+	{
+		return [
+			[
+				'[x]{TEXT}[/x]',
+				'<b>{TEXT}</b>',
+				[
+					'status' => 'safe',
+					'name'   => 'X'
+				]
+			],
+			[
+				'[hr]',
+				'<hr>',
+				[
+					'status' => 'safe',
+					'name'   => 'HR'
+				]
+			],
+			[
+				'[x]{TEXT}[/x]',
+				'<script>{TEXT}</script>',
+				[
+					'status'     => 'unsafe',
+					'name'       => 'X',
+					'error_text' => 'Cannot allow unfiltered data in this context',
+					'error_html' => '&lt;script&gt;
+  <span class="highlight">&lt;xsl:apply-templates/&gt;</span>
+&lt;/script&gt;'
+				]
+			],
+			[
+				'???',
+				'<hr>',
+				[
+					'status'     => 'invalid_definition',
+					'error_text' => 'Cannot interpret the BBCode definition'
+				]
+			],
+			[
+				'[x]{TEXT}[/x]',
+				'<xsl:invalid',
+				[
+					'status'     => 'invalid_template',
+					'name'       => 'X',
+					'error_text' => "Invalid XSL: Couldn't find end of Start Tag invalid line 1\n"
+				]
+			],
+		];
+	}
+}
-- 
cgit v1.2.1