diff options
| -rwxr-xr-x | .gitignore | 3 | ||||
| -rwxr-xr-x | .htaccess | 3 | ||||
| -rw-r--r-- | build.xml | 46 | ||||
| -rw-r--r-- | tests/xss_filter_test.php | 281 | ||||
| -rwxr-xr-x | util/db_update.php | 2 | ||||
| -rwxr-xr-x | view/de/strings.php | 22 |
6 files changed, 341 insertions, 16 deletions
diff --git a/.gitignore b/.gitignore index 6302bc1c8..2531fe4cd 100755 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,9 @@ addon #ignore documentation, it should be newly built doc/api +#ignore reports, should be generted with every build +report/ + #ignore config files from eclipse, we don't want IDE files in our repository .project .buildpath @@ -5,6 +5,9 @@ AddType audio/ogg .oga <FilesMatch "\.(out|log)$"> Deny from all </FilesMatch> +<Files "(include|library)"> +Deny from all +</Files> <IfModule mod_rewrite.c> RewriteEngine on @@ -1,14 +1,49 @@ <?xml version="1.0" encoding="UTF-8"?> <project name="friendica" default="test"> - + <!-- ====================================================== --> + <!-- Target: clean-test --> + <!-- deletes directories with old test reports --> + <!-- ====================================================== --> + <target name="clean-test"> + <delete dir="report" /> + </target> + + <!-- ====================================================== --> + <!-- Target: prepare-test --> + <!-- creates directories for test reports --> + <!-- ====================================================== --> + <target name="prepare-test" depends="clean-test"> + <mkdir dir="report" /> + </target> + <!-- =================================== --> <!-- Target: test --> <!-- this target runs all test files --> <!-- =================================== --> - - <target name="test"> - <!-- there are no tests by now, so, nothing to do --> + <target name="test" depends="prepare-test"> + <!-- coverage-setup database="./report/coverage-database"> + <fileset dir="."> + <include name="**/*.php" /> + <exclude name="*test.php"/> + <exclude name="index.php"/> + <exclude name="library/**"/> + <exclude name="doc/**"/> + <exclude name=".."/> + </fileset> + </coverage-setup --> + <phpunit printsummary="true"> + <batchtest> + <fileset dir="tests"> + <include name="*test.php" /> + </fileset> + </batchtest> + <formatter type="xml" todir="report" outfile="testlog.xml" /> + </phpunit> + <phpunitreport infile="report/testlog.xml" todir="report" /> + <!-- coverage-report outfile="report/coverage-database"> + <report todir="report" styledir="/home/phing/etc" /> + </coverage-report --> </target> <!-- ===================================================== --> @@ -31,6 +66,9 @@ <docblox title="Friendica API" destdir="./doc/api"> <fileset dir="."> <include name="**/*.php" /> + <include name="README"/> + <include name="INSTALL.txt"/> + <include name="LICENSE"/> </fileset> </docblox> </target> diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php new file mode 100644 index 000000000..00e97cf98 --- /dev/null +++ b/tests/xss_filter_test.php @@ -0,0 +1,281 @@ +<?php +/** + * Tests, without pHPUnit by now + * @package test.util + */ + +require_once("include/template_processor.php"); +require_once('include/text.php'); + +class AntiXSSTest extends PHPUnit_Framework_TestCase { + + public function setUp() { + set_include_path(
+ get_include_path() . PATH_SEPARATOR
+ . 'include' . PATH_SEPARATOR
+ . 'library' . PATH_SEPARATOR
+ . 'library/phpsec' . PATH_SEPARATOR
+ . '.' ); + } + + /** + * test no tags + */ + public function testEscapeTags() { + $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />'; + + $validstring=notags($invalidstring); + $escapedString=escape_tags($invalidstring); + + $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring); + $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString); + } + + /** + *autonames should be random, even length + */ + public function testAutonameEven() { + $autoname1=autoname(10); + $autoname2=autoname(10); + + $this->assertNotEquals($autoname1, $autoname2); + } + + /** + *autonames should be random, odd length + */ + public function testAutonameOdd() { + $autoname1=autoname(9); + $autoname2=autoname(9); + + $this->assertNotEquals($autoname1, $autoname2); + } + + /** + * try to fail autonames + */ + public function testAutonameNoLength() { + $autoname1=autoname(0); + $this->assertEquals(0, count($autoname1)); + } + + public function testAutonameNegativeLength() { + $autoname1=autoname(-23); + $this->assertEquals(0, count($autoname1)); + } + + // public function testAutonameMaxLength() { + // $autoname2=autoname(PHP_INT_MAX); + // $this->assertEquals(PHP_INT_MAX, count($autoname2)); + // } + + public function testAutonameLength1() { + $autoname3=autoname(1); + $this->assertEquals(1, count($autoname3)); + } + + /** + *xmlify and unxmlify + */ + public function testXmlify() { + $text="<tag>I want to break\n this!11!<?hard?></tag>"; + $xml=xmlify($text); //test whether it actually may be part of a xml document + $retext=unxmlify($text); + + $this->assertEquals($text, $retext); + } + + /** + * test hex2bin and reverse + */ + + public function testHex2Bin() { + $this->assertEquals(-3, hex2bin(bin2hex(-3))); + $this->assertEquals(0, hex2bin(bin2hex(0))); + $this->assertEquals(12, hex2bin(bin2hex(12))); + $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX))); + } + + /** + * test expand_acl + */ + public function testExpandAclNormal() { + $text="<1><2><3>"; + $this->assertEquals(array(1, 2, 3), expand_acl($text)); + } + + public function testExpandAclBigNumber() { + $text="<1><279012><15>"; + $this->assertEquals(array(1, 279012, 15), expand_acl($text)); + } + + public function testExpandAclString() { + $text="<1><279012><tt>"; //maybe that's invalid + $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text)); + } + + public function testExpandAclSpace() { + $text="<1><279 012><32>"; //maybe that's invalid + $this->assertEquals(array(1, "279 012", "32"), expand_acl($text)); + } + + public function testExpandAclEmpty() { + $text=""; //maybe that's invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclNoBrackets() { + $text="According to documentation, that's invalid. "; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclJustOneBracket1() { + $text="<Another invalid string"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclJustOneBracket2() { + $text="Another invalid> string"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclCloseOnly() { + $text="Another> invalid> string>"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclOpenOnly() { + $text="<Another< invalid string<"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclNoMatching1() { + $text="<Another<> invalid <string>"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclNoMatching2() { + $text="<1>2><3>"; + $this->assertEquals(array(), expand_acl($text)); + } + + /** + * test attribute contains + */ + public function testAttributeContains1() { + $testAttr="class1 notclass2 class3"; + $this->assertTrue(attribute_contains($testAttr, "class3")); + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + /** + * test attribute contains + */ + public function testAttributeContains2() { + $testAttr="class1 not-class2 class3"; + $this->assertTrue(attribute_contains($testAttr, "class3")); + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + public function testAttributeContainsEmpty() { + $testAttr=""; + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + public function testAttributeContainsSpecialChars() { + $testAttr="--... %\$ä() /(=?}"; + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + /** + * test get_tags + */ + public function testGetTagsShortPerson() { + $text="hi @Mike"; + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + } + + public function testGetTagsShortTag() {
+ $text="This is a #test_case";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals("#test_case", $tags[0]);
+ } + + public function testGetTagsShortTagAndPerson() {
+ $text="hi @Mike This is a #test_case";
+
+ $tags=get_tags($text);
+ + $this->assertEquals("@Mike", $tags[0]);
+ $this->assertEquals("#test_case", $tags[1]);
+ } + + public function testGetTagsShortTagAndPersonSpecialChars() {
+ $text="hi @Mike, This is a #test_case.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals("@Mike", $tags[0]);
+ $this->assertEquals("#test_case", $tags[1]);
+ } + + public function testGetTagsPersonOnly() { + $text="@Mike I saw the Theme Dev group was created."; + + $tags=get_tags($text);
+
+ $this->assertEquals("@Mike", $tags[0]); + } + + public function testGetTags2Persons1TagSpecialChars() {
+ $text="hi @Mike, I'm just writing #test_cases, so" + ." so @somebody@friendica.com may change #things.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals("@Mike", $tags[0]);
+ $this->assertEquals("#test_cases", $tags[1]); + $this->assertEquals("@somebody@friendica.com", $tags[2]); + $this->assertEquals("#things", $tags[3]);
+ } + + public function testGetTags() { + $text="hi @Mike, I'm just writing #test_cases, " + ." so @somebody@friendica.com may change #things. Of course I " + ."look for a lot of #pitfalls, like #tags at the end of a sentence " + ."@comment. I hope noone forgets about @fullstops.because that might" + ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? " + ."Now, add a @first_last tag. "; + //check whether this are all variants (no, auto-stuff is missing). + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_cases", $tags[1]); + $this->assertEquals("@somebody@friendica.com", $tags[2]); + $this->assertEquals("#things", $tags[3]); + $this->assertEquals("#pitfalls", $tags[4]); + $this->assertEquals("#tags", $tags[5]); + $this->assertEquals("@comment", $tags[6]); + $this->assertEquals("@fullstops", $tags[7]); + $this->assertEquals("#things", $tags[8]); + $this->assertEquals("@Mike", $tags[9]); + $this->assertEquals("@campino@friendica.eu", $tags[10]); + $this->assertEquals("#nice", $tags[11]); + $this->assertEquals("@first_last", $tags[12]); + } + + public function testGetTagsEmpty() { + $tags=get_tags(""); + $this->assertEquals(0, count($tags)); + } + //function qp, quick and dirty?? + //get_mentions + //get_contact_block, bis Zeile 538 +} +?> diff --git a/util/db_update.php b/util/db_update.php index a6177324a..35620e80b 100755 --- a/util/db_update.php +++ b/util/db_update.php @@ -26,7 +26,7 @@ echo "New DB VERSION: " . DB_UPDATE_VERSION . "\n"; if($build != DB_UPDATE_VERSION) { echo "Updating database..."; - check_config(); + check_config($a); echo "Done\n"; } diff --git a/view/de/strings.php b/view/de/strings.php index a093b7068..f1fe349df 100755 --- a/view/de/strings.php +++ b/view/de/strings.php @@ -4,23 +4,23 @@ function string_plural_select_de($n){ return ($n != 1); } ; -$a->strings["Post successful."] = "Beitrag erfolgreich veröffentlicht."; +$a->strings["Post successful."] = "Beitrag erfolgreich veröffentlicht."; $a->strings["[Embedded content - reload page to view]"] = "[Eingebetteter Inhalt - Seite neu laden zum Betrachten]"; $a->strings["Contact settings applied."] = "Einstellungen zum Kontakt angewandt."; $a->strings["Contact update failed."] = "Konnte den Kontakt nicht aktualisieren."; $a->strings["Permission denied."] = "Zugriff verweigert."; $a->strings["Contact not found."] = "Kontakt nicht gefunden."; $a->strings["Repair Contact Settings"] = "Kontakt-Einstellungen reparieren"; -$a->strings["<strong>WARNING: This is highly advanced</strong> and if you enter incorrect information your communications with this contact may stop working."] = "<strong>ACHTUNG: Das sind Experten-Einstellungen!</strong> Wenn Du etwas Falsches eingibst, funktioniert die Kommunikation mit diesem Kontakt evtl. nicht mehr."; -$a->strings["Please use your browser 'Back' button <strong>now</strong> if you are uncertain what to do on this page."] = "Bitte nutze den Zurück-Button deines Browsers <strong>jetzt</strong>, wenn du dir unsicher bist, was du tun willst."; -$a->strings["Return to contact editor"] = "Zurück zum Kontakteditor"; +$a->strings["<strong>WARNING: This is highly advanced</strong> and if you enter incorrect information your communications with this contact may stop working."] = "<strong>ACHTUNG: Das sind Experten-Einstellungen!</strong> Wenn Du etwas falsches eingibst, funktioniert die Kommunikation mit diesem Kontakt evtl. nicht mehr."; +$a->strings["Please use your browser 'Back' button <strong>now</strong> if you are uncertain what to do on this page."] = "Bitte nutze den Zurück-Button deines Browsers <strong>jetzt</strong>, wenn du dir unsicher bist, was auf dieser Seite gemacht wird."; +$a->strings["Return to contact editor"] = "Zurück zum Kontakteditor"; $a->strings["Name"] = "Name"; $a->strings["Account Nickname"] = "Account-Spitzname"; -$a->strings["@Tagname - overrides Name/Nickname"] = "@Tagname - überschreibt Name/Spitzname"; +$a->strings["@Tagname - overrides Name/Nickname"] = "@Tagname - überschreibt Name/Spitzname"; $a->strings["Account URL"] = "Account-URL"; -$a->strings["Friend Request URL"] = "URL für Freundschaftsanfragen"; -$a->strings["Friend Confirm URL"] = "URL für Bestätigungen von Freundschaftsanfragen"; -$a->strings["Notification Endpoint URL"] = "URL-Endpunkt für Benachrichtigungen"; +$a->strings["Friend Request URL"] = "URL für Freundschaftsanfragen"; +$a->strings["Friend Confirm URL"] = "URL für Bestätigungen von Freundschaftsanfragen"; +$a->strings["Notification Endpoint URL"] = "URL-Endpunkt für Benachrichtigungen"; $a->strings["Poll/Feed URL"] = "Pull/Feed-URL"; $a->strings["New photo from this URL"] = "Neues Foto von dieser URL"; $a->strings["Submit"] = "Senden"; @@ -28,7 +28,7 @@ $a->strings["Help:"] = "Hilfe:"; $a->strings["Help"] = "Hilfe"; $a->strings["Not Found"] = "Nicht gefunden"; $a->strings["Page not found."] = "Seite nicht gefunden."; -$a->strings["File exceeds size limit of %d"] = "Die Datei ist größer als das erlaubte Limit von %d"; +$a->strings["File exceeds size limit of %d"] = "Die Datei ist größer als das erlaubte Limit von %d"; $a->strings["File upload failed."] = "Hochladen der Datei fehlgeschlagen."; $a->strings["Friend suggestion sent."] = "Kontaktvorschlag gesendet."; $a->strings["Suggest Friends"] = "Kontakte vorschlagen"; @@ -40,7 +40,7 @@ $a->strings["link to source"] = "Link zum Originalbeitrag"; $a->strings["Events"] = "Veranstaltungen"; $a->strings["Create New Event"] = "Neue Veranstaltung erstellen"; $a->strings["Previous"] = "Vorherige"; -$a->strings["Next"] = "Nächste"; +$a->strings["Next"] = "Nächste"; $a->strings["hour:minute"] = "Stunde:Minute"; $a->strings["Event details"] = "Veranstaltungsdetails"; $a->strings["Format is %s %s. Starting date and Description are required."] = "Format ist %s %s. Anfangsdatum und Beschreibung sind notwendig."; @@ -643,7 +643,7 @@ $a->strings["Site name"] = "Seitenname"; $a->strings["Banner/Logo"] = "Banner/Logo"; $a->strings["System language"] = "Systemsprache"; $a->strings["System theme"] = "Systemweites Thema"; -$a->strings["Maximum image size"] = "Maximale Größe von Bildern"; +$a->strings["Maximum image size"] = "Maximale Größe von Bildern"; $a->strings["Register policy"] = "Registrierungsmethode"; $a->strings["Register text"] = "Registrierungstext"; $a->strings["Accounts abandoned after x days"] = "Accounts gelten nach x Tagen als unbenutzt"; |