Source for file InputFilterTest.php
Documentation is available at InputFilterTest.php
* File for the InputFilterTest class * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @copyright (c) Walter O. Haas 2006 * @version $Id: InputFilterTest.php 192 2006-03-27 22:02:53Z haas $ * @author Walt Haas <haas@xmission.com> echo "testing InputFilter\n";require_once 'testenv.php'; // Call InputFilterTest::main() if this source file is executed directly. if (!defined("PHPUnit2_MAIN_METHOD")) { define("PHPUnit2_MAIN_METHOD", "InputFilterTest::main"); require_once "PHPUnit2/Framework/TestCase.php"; require_once "PHPUnit2/Framework/TestSuite.php"; // You may remove the following line when all tests have been implemented. require_once "PHPUnit2/Framework/IncompleteTestError.php"; require_once "input_filter.php"; * Test class for InputFilter. * Generated by PHPUnit2_Util_Skeleton on 2006-02-28 at 11:52:31. * Runs the test methods of this class. public static function main() { require_once "PHPUnit2/TextUI/TestRunner.php"; $suite = new PHPUnit2_Framework_TestSuite("InputFilterTest"); $result = PHPUnit2_TextUI_TestRunner::run($suite); * Sets up the fixture, for example, open a network connection. * This method is called before a test is executed. protected function setUp() { * Tears down the fixture, for example, close a network connection. * This method is called after a test is executed. * Test the process() method // Trivial case, nothing to clean // Default constructor removes all tags // Allow all but blacklisted tags and attributes // Irregular tag names are always filtered out // $xssAuto=1 filters blacklisted tags and attributes // With $xssAuto off, blacklisted tags and attributes are allowed '<ok action="yes">foobar</ok>'); // tagMethod=1 permits all but listed tags 'mumble<bar>grumble</bar>'); // tagMethod=0 permits only listed tags '<foo>mumble</foo>grumble'); // attrMethod=1 permits all but listed attributes '<foo safe="1">mumble</foo>'); // attrMethod=0 permits only listed tags '<foo dangerous="1">mumble</foo>'); // accept only know safe tags array('id','class'),0,0,0); '<body class="full">mumble<span class="error" color="red">' . 'grumble</span>burfl</body>'), 'mumble<span class="error">grumble</span>burfl'); * Test process_all() method $_GET = array('<tag1>foo</tag1>'); $_POST = array('<tag2>bar</tag2>'); $_REQUEST = array('<tag3>mumble</tag3>'); // Default is to remove all tags $this->assertEquals($_GET,array('foo')); $this->assertEquals($_POST,array('bar')); $this->assertEquals($_REQUEST,array('mumble')); * @todo Figure out problem w/ mysql_real_escape_string() * @todo Figure out how to test with magic quotes either on or off PHPUnit2_Framework_Assert::fail("InputFilterTest:" . " unable to open a connction to MySQL"); // Trivial case, nothing to clean $this->assertEquals(InputFilter::safeSQL('foo',$rs),'foo'); $this->assertEquals(InputFilter::safeSQL(array('foo','bar'),$rs), // verify stripping of magic quotes // FIXME: figure out how to test this case InputFilter::safeSQL('a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a',$rs), 'a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a'); // verify magic quotes aren't there $pattern = "a'b\"c\\d\x00e\nf\rg\x1ah"; $non_zero_pattern = "a'b\"c\\de\nf\rg\x1ah"; $quoted_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah"; $quoted_non_zero_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah"; // echo "\nIf this fails it means mysql_real_escape_string() is broken: "; // $this->assertEquals(mysql_real_escape_string($non_zero_pattern), // $quoted_non_zero_pattern); // echo "\nIf this fails it means mysql_real_escape_string() is broken: "; // $this->assertEquals(mysql_real_escape_string($pattern), // InputFilter::safeSQL($pattern,$rs),$quoted_pattern); // Remove the following line when you complete this test. throw new PHPUnit2_Framework_IncompleteTestError;// Call InputFilterTest::main() if this source file is executed directly. // -- set Emacs parameters -- // c-hanging-comment-ender-p: nil
|
