aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-x.gitignore3
-rwxr-xr-x.htaccess3
-rw-r--r--build.xml46
-rwxr-xr-xmod/item.php244
-rwxr-xr-xtests/autoname_test.php73
-rwxr-xr-xtests/contains_attribute_test.php51
-rwxr-xr-xtests/expand_acl_test.php142
-rw-r--r--tests/get_tags_test.php313
-rw-r--r--tests/xss_filter_test.php50
-rwxr-xr-xutil/db_update.php2
-rwxr-xr-xview/de/strings.php20
11 files changed, 828 insertions, 119 deletions
diff --git a/.gitignore b/.gitignore
index 6302bc1c8..2531fe4cd 100755
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,9 @@ addon
#ignore documentation, it should be newly built
doc/api
+#ignore reports, should be generted with every build
+report/
+
#ignore config files from eclipse, we don't want IDE files in our repository
.project
.buildpath
diff --git a/.htaccess b/.htaccess
index 1df509670..5f9531a7e 100755
--- a/.htaccess
+++ b/.htaccess
@@ -5,6 +5,9 @@ AddType audio/ogg .oga
<FilesMatch "\.(out|log)$">
Deny from all
</FilesMatch>
+<Files "(include|library)">
+Deny from all
+</Files>
<IfModule mod_rewrite.c>
RewriteEngine on
diff --git a/build.xml b/build.xml
index 83c530026..a61a5123d 100644
--- a/build.xml
+++ b/build.xml
@@ -1,14 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<project name="friendica" default="test">
-
+ <!-- ====================================================== -->
+ <!-- Target: clean-test -->
+ <!-- deletes directories with old test reports -->
+ <!-- ====================================================== -->
+ <target name="clean-test">
+ <delete dir="report" />
+ </target>
+
+ <!-- ====================================================== -->
+ <!-- Target: prepare-test -->
+ <!-- creates directories for test reports -->
+ <!-- ====================================================== -->
+ <target name="prepare-test" depends="clean-test">
+ <mkdir dir="report" />
+ </target>
+
<!-- =================================== -->
<!-- Target: test -->
<!-- this target runs all test files -->
<!-- =================================== -->
-
- <target name="test">
- <!-- there are no tests by now, so, nothing to do -->
+ <target name="test" depends="prepare-test">
+ <!-- coverage-setup database="./report/coverage-database">
+ <fileset dir=".">
+ <include name="**/*.php" />
+ <exclude name="*test.php"/>
+ <exclude name="index.php"/>
+ <exclude name="library/**"/>
+ <exclude name="doc/**"/>
+ <exclude name=".."/>
+ </fileset>
+ </coverage-setup -->
+ <phpunit printsummary="true">
+ <batchtest>
+ <fileset dir="tests">
+ <include name="*test.php" />
+ </fileset>
+ </batchtest>
+ <formatter type="xml" todir="report" outfile="testlog.xml" />
+ </phpunit>
+ <phpunitreport infile="report/testlog.xml" todir="report" />
+ <!-- coverage-report outfile="report/coverage-database">
+ <report todir="report" styledir="/home/phing/etc" />
+ </coverage-report -->
</target>
<!-- ===================================================== -->
@@ -31,6 +66,9 @@
<docblox title="Friendica API" destdir="./doc/api">
<fileset dir=".">
<include name="**/*.php" />
+ <include name="README"/>
+ <include name="INSTALL.txt"/>
+ <include name="LICENSE"/>
</fileset>
</docblox>
</target>
diff --git a/mod/item.php b/mod/item.php
index 6f31f917f..98cfb4338 100755
--- a/mod/item.php
+++ b/mod/item.php
@@ -425,110 +425,7 @@ function item_post(&$a) {
if(count($tags)) {
foreach($tags as $tag) {
-
- if(isset($profile))
- unset($profile);
- if(strpos($tag,'#') === 0) {
- if(strpos($tag,'[url='))
- continue;
- $basetag = str_replace('_',' ',substr($tag,1));
- $body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body);
-
- $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
- continue;
- }
- if(strpos($tag,'@') === 0) {
- if(strpos($tag,'[url='))
- continue;
- $stat = false;
- $name = substr($tag,1);
- if((strpos($name,'@')) || (strpos($name,'http://'))) {
- $newname = $name;
- $links = @lrdd($name);
- if(count($links)) {
- foreach($links as $link) {
- if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
- $profile = $link['@attributes']['href'];
- if($link['@attributes']['rel'] === 'salmon') {
- if(strlen($inform))
- $inform .= ',';
- $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
- }
- }
- }
- }
- else {
- $newname = $name;
- $alias = '';
- $tagcid = 0;
- if(strrpos($newname,'+')) {
- $tagcid = intval(substr($newname,strrpos($newname,'+') + 1));
- if(strpos($name,' '))
- $name = substr($name,0,strpos($name,' '));
- }
- if($tagcid) {
- $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($tagcid),
- intval($profile_uid)
- );
- }
- elseif(strstr($name,'_') || strstr($name,' ')) {
- $newname = str_replace('_',' ',$name);
- $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($newname),
- intval($profile_uid)
- );
- }
- else {
- $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
- dbesc($name),
- dbesc($name),
- intval($profile_uid)
- );
- }
- if(count($r)) {
- $profile = $r[0]['url'];
- if($r[0]['network'] === 'stat') {
- $newname = $r[0]['nick'];
- $stat = true;
- if($r[0]['alias'])
- $alias = $r[0]['alias'];
- }
- else
- $newname = $r[0]['name'];
- if(strlen($inform))
- $inform .= ',';
- $inform .= 'cid:' . $r[0]['id'];
- }
- }
- if($profile) {
- $body = str_replace('@' . $name, '@' . '[url=' . $profile . ']' . $newname . '[/url]', $body);
- $profile = str_replace(',','%2c',$profile);
- $newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
-
- // Status.Net seems to require the numeric ID URL in a mention if the person isn't
- // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
-
- if(strlen($alias)) {
- $newtag = '@[url=' . $alias . ']' . $newname . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
- }
- }
- }
+ handle_tag($a, $body, $inform, $str_tags, $profile_uid, $tag);
}
}
@@ -922,3 +819,142 @@ function item_content(&$a) {
drop_item($a->argv[2]);
}
}
+
+/**
+ * This function removes the tag $tag from the text $body and replaces it with
+ * the appropiate link.
+ *
+ * @param unknown_type $body the text to replace the tag in
+ * @param unknown_type $inform a comma-seperated string containing everybody to inform
+ * @param unknown_type $str_tags string to add the tag to
+ * @param unknown_type $profile_uid
+ * @param unknown_type $tag the tag to replace
+ */
+function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
+ //is it a hash tag?
+ if(strpos($tag,'#') === 0) {
+ //if the tag is replaced...
+ if(strpos($tag,'[url='))
+ //...do nothing
+ continue;
+ //base tag has the tags name only
+ $basetag = str_replace('_',' ',substr($tag,1));
+ //create text for link
+ $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]';
+ //replace tag by the link
+ $body = str_replace($tag, $newtag, $body);
+
+ //is the link already in str_tags?
+ if(! stristr($str_tags,$newtag)) {
+ //append or set str_tags
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+ return;
+ }
+ //is it a person tag?
+ if(strpos($tag,'@') === 0) {
+ //is it already replaced?
+ if(strpos($tag,'[url='))
+ continue;
+ $stat = false;
+ //get the person's name
+ $name = substr($tag,1);
+ //is it a link or a full dfrn address?
+ if((strpos($name,'@')) || (strpos($name,'http://'))) {
+ $newname = $name;
+ //get the profile links
+ $links = @lrdd($name);
+ if(count($links)) {
+ //for all links, collect how is to inform and how's profile is to link
+ foreach($links as $link) {
+ if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
+ $profile = $link['@attributes']['href'];
+ if($link['@attributes']['rel'] === 'salmon') {
+ if(strlen($inform))
+ $inform .= ',';
+ $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
+ }
+ }
+ }
+ } else { //if it is a name rather than an address
+ $newname = $name;
+ $alias = '';
+ $tagcid = 0;
+ //is it some generated name?
+ if(strrpos($newname,'+')) {
+ //get the id
+ $tagcid = intval(substr($newname,strrpos($newname,'+') + 1));
+ //remove the next word from tag's name
+ if(strpos($name,' ')) {
+ $name = substr($name,0,strpos($name,' '));
+ }
+ }
+ if($tagcid) { //if there was an id
+ //select contact with that id from the logged in user's contact list
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($tagcid),
+ intval($profile_uid)
+ );
+ } elseif(strstr($name,'_') || strstr($name,' ')) { //no id
+ //get the real name
+ $newname = str_replace('_',' ',$name);
+ //select someone from this user's contacts by name
+ $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
+ dbesc($newname),
+ intval($profile_uid)
+ );
+ } else {
+ //select someone by attag or nick and the name passed in
+ $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
+ dbesc($name),
+ dbesc($name),
+ intval($profile_uid)
+ );
+ }
+ //$r is set, if someone could be selected
+ if(count($r)) {
+ $profile = $r[0]['url'];
+ //set newname to nick, find alias
+ if($r[0]['network'] === 'stat') {
+ $newname = $r[0]['nick'];
+ $stat = true;
+ if($r[0]['alias'])
+ $alias = $r[0]['alias'];
+ }
+ else
+ $newname = $r[0]['name'];
+ //add person's id to $inform
+ if(strlen($inform))
+ $inform .= ',';
+ $inform .= 'cid:' . $r[0]['id'];
+ }
+ }
+ //if there is an url for this persons profile
+ if(isset($profile)) {
+ //create profile link
+ $profile = str_replace(',','%2c',$profile);
+ $newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
+ $body = str_replace('@' . $name, $newtag, $body);
+ //append tag to str_tags
+ if(! stristr($str_tags,$newtag)) {
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+
+ // Status.Net seems to require the numeric ID URL in a mention if the person isn't
+ // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
+
+ if(strlen($alias)) {
+ $newtag = '@[url=' . $alias . ']' . $newname . '[/url]';
+ if(! stristr($str_tags,$newtag)) {
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+ }
+ }
+ }
+}
diff --git a/tests/autoname_test.php b/tests/autoname_test.php
new file mode 100755
index 000000000..9dae920ca
--- /dev/null
+++ b/tests/autoname_test.php
@@ -0,0 +1,73 @@
+<?php
+/**
+ * this file contains tests for the autoname function
+ *
+ * @package test.util
+ */
+
+/** required, it is the file under test */
+require_once('include/text.php');
+
+/**
+ * TestCase for the autoname function
+ *
+ * @author Alexander Kampmann
+ * @package test.util
+ */
+class AutonameTest extends PHPUnit_Framework_TestCase {
+ /**
+ *autonames should be random, even length
+ */
+ public function testAutonameEven() {
+ $autoname1=autoname(10);
+ $autoname2=autoname(10);
+
+ $this->assertNotEquals($autoname1, $autoname2);
+ }
+
+ /**
+ *autonames should be random, odd length
+ */
+ public function testAutonameOdd() {
+ $autoname1=autoname(9);
+ $autoname2=autoname(9);
+
+ $this->assertNotEquals($autoname1, $autoname2);
+ }
+
+ /**
+ * try to fail autonames
+ */
+ public function testAutonameNoLength() {
+ $autoname1=autoname(0);
+ $this->assertEquals(0, count($autoname1));
+ }
+
+ /**
+ * try to fail it with invalid input
+ *
+ * TODO: What's corect behaviour here? An exception?
+ */
+ public function testAutonameNegativeLength() {
+ $autoname1=autoname(-23);
+ $this->assertEquals(0, count($autoname1));
+ }
+
+ // public function testAutonameMaxLength() {
+ // $autoname2=autoname(PHP_INT_MAX);
+ // $this->assertEquals(PHP_INT_MAX, count($autoname2));
+ // }
+
+ /**
+ * test with a length, that may be too short
+ */
+ public function testAutonameLength1() {
+ $autoname1=autoname(1);
+ $this->assertEquals(1, count($autoname1));
+
+ $autoname2=autoname(1);
+ $this->assertEquals(1, count($autoname2));
+
+ $this->assertFalse($autoname1==$autoname2);
+ }
+} \ No newline at end of file
diff --git a/tests/contains_attribute_test.php b/tests/contains_attribute_test.php
new file mode 100755
index 000000000..b0bb06acf
--- /dev/null
+++ b/tests/contains_attribute_test.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * this test tests the contains_attribute function
+ *
+ * @package test.util
+ */
+
+/** required, it is the file under test */
+require_once('include/text.php');
+
+/**
+ * TestCase for the contains_attribute function
+ *
+ * @author Alexander Kampmann
+ * @package test.util
+ */
+class ContainsAttributeTest extends PHPUnit_Framework_TestCase {
+ /**
+ * test attribute contains
+ */
+ public function testAttributeContains1() {
+ $testAttr="class1 notclass2 class3";
+ $this->assertTrue(attribute_contains($testAttr, "class3"));
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ /**
+ * test attribute contains
+ */
+ public function testAttributeContains2() {
+ $testAttr="class1 not-class2 class3";
+ $this->assertTrue(attribute_contains($testAttr, "class3"));
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ /**
+ * test with empty input
+ */
+ public function testAttributeContainsEmpty() {
+ $testAttr="";
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ /**
+ * test input with special chars
+ */
+ public function testAttributeContainsSpecialChars() {
+ $testAttr="--... %\$ä() /(=?}";
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+} \ No newline at end of file
diff --git a/tests/expand_acl_test.php b/tests/expand_acl_test.php
new file mode 100755
index 000000000..b516a3f14
--- /dev/null
+++ b/tests/expand_acl_test.php
@@ -0,0 +1,142 @@
+<?php
+/**
+ * this test tests the expand_acl function
+ *
+ * @package test.util
+ */
+
+/** required, it is the file under test */
+require_once('include/text.php');
+
+/**
+ * TestCase for the expand_acl function
+ *
+ * @author Alexander Kampmann
+ * @package test.util
+ */
+class ExpandAclTest extends PHPUnit_Framework_TestCase {
+
+ /**
+ * test expand_acl, perfect input
+ */
+ public function testExpandAclNormal() {
+ $text='<1><2><3>';
+ $this->assertEquals(array(1, 2, 3), expand_acl($text));
+ }
+
+ /**
+ * test with a big number
+ */
+ public function testExpandAclBigNumber() {
+ $text='<1><'.PHP_INT_MAX.'><15>';
+ $this->assertEquals(array(1, PHP_INT_MAX, 15), expand_acl($text));
+ }
+
+ /**
+ * test with a string in it.
+ *
+ * TODO: is this valid input? Otherwise: should there be an exception?
+ */
+ public function testExpandAclString() {
+ $text="<1><279012><tt>";
+ $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text));
+ }
+
+ /**
+ * test with a ' ' in it.
+ *
+ * TODO: is this valid input? Otherwise: should there be an exception?
+ */
+ public function testExpandAclSpace() {
+ $text="<1><279 012><32>";
+ $this->assertEquals(array(1, "279 012", "32"), expand_acl($text));
+ }
+
+ /**
+ * test empty input
+ */
+ public function testExpandAclEmpty() {
+ $text="";
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, no < at all
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclNoBrackets() {
+ $text="According to documentation, that's invalid. "; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, just open <
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclJustOneBracket1() {
+ $text="<Another invalid string"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, just close >
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclJustOneBracket2() {
+ $text="Another invalid> string"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, just close >
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclCloseOnly() {
+ $text="Another> invalid> string>"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, just open <
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclOpenOnly() {
+ $text="<Another< invalid string<"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, open and close do not match
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclNoMatching1() {
+ $text="<Another<> invalid <string>"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, open and close do not match
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclNoMatching2() {
+ $text="<1>2><3>";
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, empty <>
+ *
+ * TODO: should there be an exception? Or array(1, 3)
+ */
+ public function testExpandAclEmptyMatch() {
+ $text="<1><><3>";
+ $this->assertEquals(array(), expand_acl($text));
+ }
+} \ No newline at end of file
diff --git a/tests/get_tags_test.php b/tests/get_tags_test.php
new file mode 100644
index 000000000..9051923be
--- /dev/null
+++ b/tests/get_tags_test.php
@@ -0,0 +1,313 @@
+<?php
+/**
+ * This file contains the tests for get_tags and the tag handling in item.php
+ *
+ * @package test.util
+ */
+
+/**
+ * required, because it contains the get_tags() function
+ */
+require_once 'include/text.php';
+/**
+ * required, because it contains the tag handling
+ */
+require_once 'mod/item.php';
+
+/**
+ * A class which can be used as replacement for an app if
+ * only get_baseurl is used.
+ *
+ * @author Alexander Kampmann
+ * @package test.util
+ */
+class MockApp {
+ function get_baseurl() {
+ return "baseurl";
+ }
+};
+
+/**
+ * the test should not rely on a database,
+ * so this is a replacement for the database access method q.
+ *
+ * It simulates the user with uid 11 has one contact, named Mike Lastname.
+ *
+ * @param string $sql
+ */
+function q($sql) {
+ $result=array(array('id'=>15,
+ 'attag'=>'', 'network'=>'dfrn',
+ 'name'=>'Mike Lastname', 'alias'=>'Mike',
+ 'nick'=>'Mike', 'url'=>"http://justatest.de"));
+
+ $args=func_get_args();
+
+ //last parameter is always (in this test) uid, so, it should be 11
+ if($args[count($args)-1]!=11) {
+ return;
+ }
+
+
+ if(3==count($args)) {
+ //first call in handle_body, id only
+ if($result[0]['id']==$args[1]) {
+ return $result;
+ }
+ //second call in handle_body, name
+ if($result[0]['name']===$args[1]) {
+ return $result;
+ }
+ }
+ //third call in handle_body, nick or attag
+ if($result[0]['nick']===$args[2] || $result[0]['attag']===$args[1]) {
+ return $result;
+ }
+}
+
+/**
+ * replacement for dbesc.
+ * I don't want to test dbesc here, so
+ * I just return the input. It won't be a problem, because
+ * the test does not use a real database.
+ *
+ * DON'T USE HAT FUNCTION OUTSIDE A TEST!
+ *
+ * @param string $str
+ * @return input
+ */
+function dbesc($str) {
+ return $str;
+}
+
+/**
+ * TestCase for tag handling.
+ *
+ * @author alexander
+ * @package test.util
+ */
+class GetTagsTest extends PHPUnit_Framework_TestCase {
+ /** the mock to use as app */
+ private $a;
+
+ /**
+ * initialize the test. That's a phpUnit function,
+ * don't change its name.
+ */
+ public function setUp() {
+ $this->a=new MockApp();
+ }
+
+ /**
+ * test with one Person tag
+ */
+ public function testGetTagsShortPerson() {
+ $text="hi @Mike";
+
+ $tags=get_tags($text);
+
+ $inform='';
+ $str_tags='';
+ foreach($tags as $tag) {
+ handle_tag($this->a, $text, $inform, $str_tags, 11, $tag);
+ }
+
+ //correct tags found?
+ $this->assertEquals(1, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+
+ //correct output from handle_tag?
+ $this->assertEquals("cid:15", $inform);
+ $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url]", $str_tags);
+ $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url]", $text);
+ }
+
+ /**
+ * test with one Person tag.
+ * There's a minor spelling mistake...
+ */
+ public function testGetTagsShortPersonSpelling() {
+ $text="hi @Mike.because";
+
+ $tags=get_tags($text);
+
+ //correct tags found?
+ $this->assertEquals(1, count($tags));
+ $this->assertTrue(in_array("@Mike.because", $tags));
+
+ $inform='';
+ $str_tags='';
+ handle_tag($this->a, $text, $inform, $str_tags, 11, $tags[0]);
+
+ $this->assertEquals("cid:15", $inform);
+ $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url]", $str_tags);
+ $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url].because", $text);
+ }
+
+ /**
+ * test with two Person tags.
+ * There's a minor spelling mistake...
+ */
+ public function testGetTagsPerson2Spelling() {
+ $text="hi @Mike@campino@friendica.eu";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(2, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("@campino@friendica.eu", $tags));
+ }
+
+ /**
+ * Test with one hash tag.
+ */
+ public function testGetTagsShortTag() {
+ $text="This is a #test_case";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(1, count($tags));
+ $this->assertTrue(in_array("#test_case", $tags));
+ }
+
+ /**
+ * test with a person and a hash tag
+ */
+ public function testGetTagsShortTagAndPerson() {
+ $text="hi @Mike This is a #test_case";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(3, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("@Mike This", $tags));
+ $this->assertTrue(in_array("#test_case", $tags));
+
+ $inform='';
+ $str_tags='';
+ foreach($tags as $tag) {
+ handle_tag($this->a, $text, $inform, $str_tags, 11, $tag);
+ }
+
+ $this->assertEquals("cid:15", $inform);
+ $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url],#[url=baseurl/search?search=test%20case]test case[/url]", $str_tags);
+ $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url] This is a #[url=baseurl/search?search=test%20case]test case[/url]", $text);
+
+ }
+
+ /**
+ * test with a person, a hash tag and some special chars.
+ */
+ public function testGetTagsShortTagAndPersonSpecialChars() {
+ $text="hi @Mike, This is a #test_case.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(2, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("#test_case", $tags));
+ }
+
+ /**
+ * Test with a person tag and text behind it.
+ */
+ public function testGetTagsPersonOnly() {
+ $text="@Test I saw the Theme Dev group was created.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(2, count($tags));
+ $this->assertTrue(in_array("@Test I", $tags));
+ $this->assertTrue(in_array("@Test", $tags));
+ }
+
+ /**
+ * this test demonstrates strange behaviour by intval.
+ * It makes the next test fail.
+ */
+ public function testIntval() {
+ $this->assertEquals(15, intval("15 it"));
+ }
+
+ /**
+ * test a tag with an id in it
+ */
+ public function testIdTag() {
+ $text="Test with @mike+15 id tag";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(2, count($tags));
+ $this->assertTrue(in_array("@mike+15", $tags));
+
+ //happens right now, but it shouldn't be necessary
+ $this->assertTrue(in_array("@mike+15 id", $tags));
+
+ $inform='';
+ $str_tags='';
+ foreach($tags as $tag) {
+ handle_tag($this->a, $text, $inform, $str_tags, 11, $tag);
+ }
+
+ $this->assertEquals("Test with @[url=http://justatest.de]Mike Lastname[/url] id tag", $text);
+ $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url]", $str_tags);
+ $this->assertEquals("cid:15", $inform);
+ }
+
+ /**
+ * test with two persons and one special tag.
+ */
+ public function testGetTags2Persons1TagSpecialChars() {
+ $text="hi @Mike, I'm just writing #test_cases, so"
+ ." so @somebody@friendica.com may change #things.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(5, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("#test_cases", $tags));
+ $this->assertTrue(in_array("@somebody@friendica.com", $tags));
+ $this->assertTrue(in_array("@somebody@friendica.com may", $tags));
+ $this->assertTrue(in_array("#things", $tags));
+ }
+
+ /**
+ * test with a long text.
+ */
+ public function testGetTags() {
+ $text="hi @Mike, I'm just writing #test_cases, "
+ ." so @somebody@friendica.com may change #things. Of course I "
+ ."look for a lot of #pitfalls, like #tags at the end of a sentence "
+ ."@comment. I hope noone forgets about @fullstops.because that might"
+ ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? "
+ ."Now, add a @first_last tag. ";
+
+ $tags=get_tags($text);
+
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("#test_cases", $tags));
+ $this->assertTrue(in_array("@somebody@friendica.com", $tags));
+ $this->assertTrue(in_array("#things", $tags));
+ $this->assertTrue(in_array("#pitfalls", $tags));
+ $this->assertTrue(in_array("#tags", $tags));
+ $this->assertTrue(in_array("@comment", $tags));
+ $this->assertTrue(in_array("@fullstops.because", $tags));
+ $this->assertTrue(in_array("#things", $tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("#nice", $tags));
+ $this->assertTrue(in_array("@first_last", $tags));
+
+ //right now, none of the is matched
+ $this->assertFalse(in_array("@Mike@campino@friendica.eu", $tags));
+ $this->assertTrue(in_array("@campino@friendica.eu", $tags));
+ $this->assertTrue(in_array("@campino@friendica.eu is", $tags));
+ }
+
+ /**
+ * test with an empty string
+ */
+ public function testGetTagsEmpty() {
+ $tags=get_tags("");
+ $this->assertEquals(0, count($tags));
+ }
+} \ No newline at end of file
diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php
new file mode 100644
index 000000000..d7dcf0472
--- /dev/null
+++ b/tests/xss_filter_test.php
@@ -0,0 +1,50 @@
+<?php
+/**
+ * tests several functions which are used to prevent xss attacks
+ *
+ * @package test.util
+ */
+
+require_once('include/text.php');
+
+class AntiXSSTest extends PHPUnit_Framework_TestCase {
+
+ /**
+ * test, that tags are escaped
+ */
+ public function testEscapeTags() {
+ $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
+
+ $validstring=notags($invalidstring);
+ $escapedString=escape_tags($invalidstring);
+
+ $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
+ $this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
+ }
+
+ /**
+ *xmlify and unxmlify
+ */
+ public function testXmlify() {
+ $text="<tag>I want to break\n this!11!<?hard?></tag>";
+ $xml=xmlify($text); //test whether it actually may be part of a xml document
+ $retext=unxmlify($text);
+
+ $this->assertEquals($text, $retext);
+ }
+
+ /**
+ * test hex2bin and reverse
+ */
+ public function testHex2Bin() {
+ $this->assertEquals(-3, hex2bin(bin2hex(-3)));
+ $this->assertEquals(0, hex2bin(bin2hex(0)));
+ $this->assertEquals(12, hex2bin(bin2hex(12)));
+ $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
+ }
+
+ //function qp, quick and dirty??
+ //get_mentions
+ //get_contact_block, bis Zeile 538
+}
+?>
diff --git a/util/db_update.php b/util/db_update.php
index a6177324a..35620e80b 100755
--- a/util/db_update.php
+++ b/util/db_update.php
@@ -26,7 +26,7 @@ echo "New DB VERSION: " . DB_UPDATE_VERSION . "\n";
if($build != DB_UPDATE_VERSION) {
echo "Updating database...";
- check_config();
+ check_config($a);
echo "Done\n";
}
diff --git a/view/de/strings.php b/view/de/strings.php
index 3f9176cd7..5438a1c9f 100755
--- a/view/de/strings.php
+++ b/view/de/strings.php
@@ -4,23 +4,23 @@ function string_plural_select_de($n){
return ($n != 1);
}
;
-$a->strings["Post successful."] = "Beitrag erfolgreich veröffentlicht.";
+$a->strings["Post successful."] = "Beitrag erfolgreich ver�ffentlicht.";
$a->strings["[Embedded content - reload page to view]"] = "[Eingebetteter Inhalt - Seite neu laden zum Betrachten]";
$a->strings["Contact settings applied."] = "Einstellungen zum Kontakt angewandt.";
$a->strings["Contact update failed."] = "Konnte den Kontakt nicht aktualisieren.";
$a->strings["Permission denied."] = "Zugriff verweigert.";
$a->strings["Contact not found."] = "Kontakt nicht gefunden.";
$a->strings["Repair Contact Settings"] = "Kontakt-Einstellungen reparieren";
-$a->strings["<strong>WARNING: This is highly advanced</strong> and if you enter incorrect information your communications with this contact may stop working."] = "<strong>ACHTUNG: Das sind Experten-Einstellungen!</strong> Wenn Du etwas Falsches eingibst, funktioniert die Kommunikation mit diesem Kontakt evtl. nicht mehr.";
-$a->strings["Please use your browser 'Back' button <strong>now</strong> if you are uncertain what to do on this page."] = "Bitte nutze den Zurück-Button deines Browsers <strong>jetzt</strong>, wenn du dir unsicher bist, was du tun willst.";
-$a->strings["Return to contact editor"] = "Zurück zum Kontakteditor";
+$a->strings["<strong>WARNING: This is highly advanced</strong> and if you enter incorrect information your communications with this contact may stop working."] = "<strong>ACHTUNG: Das sind Experten-Einstellungen!</strong> Wenn Du etwas falsches eingibst, funktioniert die Kommunikation mit diesem Kontakt evtl. nicht mehr.";
+$a->strings["Please use your browser 'Back' button <strong>now</strong> if you are uncertain what to do on this page."] = "Bitte nutze den Zur�ck-Button deines Browsers <strong>jetzt</strong>, wenn du dir unsicher bist, was auf dieser Seite gemacht wird.";
+$a->strings["Return to contact editor"] = "Zur�ck zum Kontakteditor";
$a->strings["Name"] = "Name";
$a->strings["Account Nickname"] = "Account-Spitzname";
-$a->strings["@Tagname - overrides Name/Nickname"] = "@Tagname - überschreibt Name/Spitzname";
+$a->strings["@Tagname - overrides Name/Nickname"] = "@Tagname - �berschreibt Name/Spitzname";
$a->strings["Account URL"] = "Account-URL";
-$a->strings["Friend Request URL"] = "URL für Freundschaftsanfragen";
-$a->strings["Friend Confirm URL"] = "URL für Bestätigungen von Freundschaftsanfragen";
-$a->strings["Notification Endpoint URL"] = "URL-Endpunkt für Benachrichtigungen";
+$a->strings["Friend Request URL"] = "URL f�r Freundschaftsanfragen";
+$a->strings["Friend Confirm URL"] = "URL f�r Best�tigungen von Freundschaftsanfragen";
+$a->strings["Notification Endpoint URL"] = "URL-Endpunkt f�r Benachrichtigungen";
$a->strings["Poll/Feed URL"] = "Pull/Feed-URL";
$a->strings["New photo from this URL"] = "Neues Foto von dieser URL";
$a->strings["Submit"] = "Senden";
@@ -28,7 +28,7 @@ $a->strings["Help:"] = "Hilfe:";
$a->strings["Help"] = "Hilfe";
$a->strings["Not Found"] = "Nicht gefunden";
$a->strings["Page not found."] = "Seite nicht gefunden.";
-$a->strings["File exceeds size limit of %d"] = "Die Datei ist größer als das erlaubte Limit von %d";
+$a->strings["File exceeds size limit of %d"] = "Die Datei ist gr��er als das erlaubte Limit von %d";
$a->strings["File upload failed."] = "Hochladen der Datei fehlgeschlagen.";
$a->strings["Friend suggestion sent."] = "Kontaktvorschlag gesendet.";
$a->strings["Suggest Friends"] = "Kontakte vorschlagen";
@@ -40,7 +40,7 @@ $a->strings["link to source"] = "Link zum Originalbeitrag";
$a->strings["Events"] = "Veranstaltungen";
$a->strings["Create New Event"] = "Neue Veranstaltung erstellen";
$a->strings["Previous"] = "Vorherige";
-$a->strings["Next"] = "Nächste";
+$a->strings["Next"] = "N�chste";
$a->strings["hour:minute"] = "Stunde:Minute";
$a->strings["Event details"] = "Veranstaltungsdetails";
$a->strings["Format is %s %s. Starting date and Description are required."] = "Format ist %s %s. Anfangsdatum und Beschreibung sind notwendig.";