tests/xss_filter_test.php

   1 <?php
   2 /**
   3  * tests several functions which are used to prevent xss attacks
   4  *
   5  * @package test.util
   6  */
   7
   8 require_once('include/text.php');
   9
  10 class AntiXSSTest extends PHPUnit_Framework_TestCase {
  11
  12         /**
  13          * test, that tags are escaped
  14          */
  15         public function testEscapeTags() {
  16                 $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
  17
  18                 $validstring=notags($invalidstring);
  19                 $escapedString=escape_tags($invalidstring);
  20
  21                 $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
  22                 $this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
  23         }
  24
  25         /**
  26          *xmlify and unxmlify
  27          */
  28         public function testXmlify() {
  29                 $text="<tag>I want to break\n this!11!<?hard?></tag>";
  30                 $xml=xmlify($text);
  31                 $retext=unxmlify($text);
  32
  33                 $this->assertEquals($text, $retext);
  34         }
  35
  36         /**
  37          * xmlify and put in a document
  38          */
  39         public function testXmlifyDocument() {
  40                 $tag="<tag>I want to break</tag>";
  41                 $xml=xmlify($tag);
  42                 $text='<text>'.$xml.'</text>';
  43
  44                 $xml_parser=xml_parser_create();
  45                 //should be possible to parse it
  46                 $values=array(); $index=array();
  47                 $this->assertEquals(1, xml_parse_into_struct($xml_parser, $text, $values, $index));
  48
  49                 $this->assertEquals(array('TEXT'=>array(0)),
  50                                 $index);
  51                 $this->assertEquals(array(array('tag'=>'TEXT', 'type'=>'complete', 'level'=>1, 'value'=>$tag)),
  52                                 $values);
  53
  54                 xml_parser_free($xml_parser);
  55         }
  56
  57         /**
  58          * test hex2bin and reverse
  59          */
  60         public function testHex2Bin() {
  61                 $this->assertEquals(-3, hex2bin(bin2hex(-3)));
  62                 $this->assertEquals(0, hex2bin(bin2hex(0)));
  63                 $this->assertEquals(12, hex2bin(bin2hex(12)));
  64                 $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
  65         }
  66
  67         //function qp, quick and dirty??
  68         //get_mentions
  69         //get_contact_block, bis Zeile 538
  70 }