1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
|
<?php
/**
* Tests, without pHPUnit by now
* @package test.util
*/
require_once("include/template_processor.php");
require_once('include/text.php');
class AntiXSSTest extends PHPUnit_Framework_TestCase {
public function setUp() {
set_include_path(
get_include_path() . PATH_SEPARATOR
. 'include' . PATH_SEPARATOR
. 'library' . PATH_SEPARATOR
. 'library/phpsec' . PATH_SEPARATOR
. '.' );
}
/**
* test no tags
*/
public function testEscapeTags() {
$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
$validstring=notags($invalidstring);
$escapedString=escape_tags($invalidstring);
$this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
$this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString);
}
/**
*autonames should be random, even length
*/
public function testAutonameEven() {
$autoname1=autoname(10);
$autoname2=autoname(10);
$this->assertNotEquals($autoname1, $autoname2);
}
/**
*autonames should be random, odd length
*/
public function testAutonameOdd() {
$autoname1=autoname(9);
$autoname2=autoname(9);
$this->assertNotEquals($autoname1, $autoname2);
}
/**
* try to fail autonames
*/
public function testAutonameNoLength() {
$autoname1=autoname(0);
$this->assertEquals(0, count($autoname1));
}
public function testAutonameNegativeLength() {
$autoname1=autoname(-23);
$this->assertEquals(0, count($autoname1));
}
// public function testAutonameMaxLength() {
// $autoname2=autoname(PHP_INT_MAX);
// $this->assertEquals(PHP_INT_MAX, count($autoname2));
// }
public function testAutonameLength1() {
$autoname3=autoname(1);
$this->assertEquals(1, count($autoname3));
}
/**
*xmlify and unxmlify
*/
public function testXmlify() {
$text="<tag>I want to break\n this!11!<?hard?></tag>";
$xml=xmlify($text); //test whether it actually may be part of a xml document
$retext=unxmlify($text);
$this->assertEquals($text, $retext);
}
/**
* test hex2bin and reverse
*/
public function testHex2Bin() {
$this->assertEquals(-3, hex2bin(bin2hex(-3)));
$this->assertEquals(0, hex2bin(bin2hex(0)));
$this->assertEquals(12, hex2bin(bin2hex(12)));
$this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
}
/**
* test expand_acl
*/
public function testExpandAclNormal() {
$text="<1><2><3>";
$this->assertEquals(array(1, 2, 3), expand_acl($text));
}
public function testExpandAclBigNumber() {
$text="<1><279012><15>";
$this->assertEquals(array(1, 279012, 15), expand_acl($text));
}
public function testExpandAclString() {
$text="<1><279012><tt>"; //maybe that's invalid
$this->assertEquals(array(1, 279012, 'tt'), expand_acl($text));
}
public function testExpandAclSpace() {
$text="<1><279 012><32>"; //maybe that's invalid
$this->assertEquals(array(1, "279 012", "32"), expand_acl($text));
}
public function testExpandAclEmpty() {
$text=""; //maybe that's invalid
$this->assertEquals(array(), expand_acl($text));
}
public function testExpandAclNoBrackets() {
$text="According to documentation, that's invalid. "; //should be invalid
$this->assertEquals(array(), expand_acl($text));
}
public function testExpandAclJustOneBracket1() {
$text="<Another invalid string"; //should be invalid
$this->assertEquals(array(), expand_acl($text));
}
public function testExpandAclJustOneBracket2() {
$text="Another invalid> string"; //should be invalid
$this->assertEquals(array(), expand_acl($text));
}
public function testExpandAclCloseOnly() {
$text="Another> invalid> string>"; //should be invalid
$this->assertEquals(array(), expand_acl($text));
}
public function testExpandAclOpenOnly() {
$text="<Another< invalid string<"; //should be invalid
$this->assertEquals(array(), expand_acl($text));
}
public function testExpandAclNoMatching1() {
$text="<Another<> invalid <string>"; //should be invalid
$this->assertEquals(array(), expand_acl($text));
}
public function testExpandAclNoMatching2() {
$text="<1>2><3>";
$this->assertEquals(array(), expand_acl($text));
}
/**
* test attribute contains
*/
public function testAttributeContains1() {
$testAttr="class1 notclass2 class3";
$this->assertTrue(attribute_contains($testAttr, "class3"));
$this->assertFalse(attribute_contains($testAttr, "class2"));
}
/**
* test attribute contains
*/
public function testAttributeContains2() {
$testAttr="class1 not-class2 class3";
$this->assertTrue(attribute_contains($testAttr, "class3"));
$this->assertFalse(attribute_contains($testAttr, "class2"));
}
public function testAttributeContainsEmpty() {
$testAttr="";
$this->assertFalse(attribute_contains($testAttr, "class2"));
}
public function testAttributeContainsSpecialChars() {
$testAttr="--... %\$ä() /(=?}";
$this->assertFalse(attribute_contains($testAttr, "class2"));
}
/**
* test get_tags
*/
public function testGetTagsShortPerson() {
$text="hi @Mike";
$tags=get_tags($text);
$this->assertEquals("@Mike", $tags[0]);
}
public function testGetTagsShortTag() {
$text="This is a #test_case";
$tags=get_tags($text);
$this->assertEquals("#test_case", $tags[0]);
}
public function testGetTagsShortTagAndPerson() {
$text="hi @Mike This is a #test_case";
$tags=get_tags($text);
$this->assertEquals("@Mike", $tags[0]);
$this->assertEquals("#test_case", $tags[1]);
}
public function testGetTagsShortTagAndPersonSpecialChars() {
$text="hi @Mike, This is a #test_case.";
$tags=get_tags($text);
$this->assertEquals("@Mike", $tags[0]);
$this->assertEquals("#test_case", $tags[1]);
}
public function testGetTagsPersonOnly() {
$text="@Mike I saw the Theme Dev group was created.";
$tags=get_tags($text);
$this->assertEquals("@Mike", $tags[0]);
}
public function testGetTags2Persons1TagSpecialChars() {
$text="hi @Mike, I'm just writing #test_cases, so"
." so @somebody@friendica.com may change #things.";
$tags=get_tags($text);
$this->assertEquals("@Mike", $tags[0]);
$this->assertEquals("#test_cases", $tags[1]);
$this->assertEquals("@somebody@friendica.com", $tags[2]);
$this->assertEquals("#things", $tags[3]);
}
public function testGetTags() {
$text="hi @Mike, I'm just writing #test_cases, "
." so @somebody@friendica.com may change #things. Of course I "
."look for a lot of #pitfalls, like #tags at the end of a sentence "
."@comment. I hope noone forgets about @fullstops.because that might"
." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? "
."Now, add a @first_last tag. ";
//check whether this are all variants (no, auto-stuff is missing).
$tags=get_tags($text);
$this->assertEquals("@Mike", $tags[0]);
$this->assertEquals("#test_cases", $tags[1]);
$this->assertEquals("@somebody@friendica.com", $tags[2]);
$this->assertEquals("#things", $tags[3]);
$this->assertEquals("#pitfalls", $tags[4]);
$this->assertEquals("#tags", $tags[5]);
$this->assertEquals("@comment", $tags[6]);
$this->assertEquals("@fullstops", $tags[7]);
$this->assertEquals("#things", $tags[8]);
$this->assertEquals("@Mike", $tags[9]);
$this->assertEquals("@campino@friendica.eu", $tags[10]);
$this->assertEquals("#nice", $tags[11]);
$this->assertEquals("@first_last", $tags[12]);
}
public function testGetTagsEmpty() {
$tags=get_tags("");
$this->assertEquals(0, count($tags));
}
//function qp, quick and dirty??
//get_mentions
//get_contact_block, bis Zeile 538
}
?>
|
