6 require_once("include/template_processor.php");
7 require_once('include/text.php');
9 class AntiXSSTest extends PHPUnit_Framework_TestCase {
11 public function setUp() {
13 get_include_path() . PATH_SEPARATOR
\r
14 . 'include' . PATH_SEPARATOR
\r
15 . 'library' . PATH_SEPARATOR
\r
16 . 'library/phpsec' . PATH_SEPARATOR
\r
23 public function testEscapeTags() {
24 $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
26 $validstring=notags($invalidstring);
27 $escapedString=escape_tags($invalidstring);
29 $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
30 $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString);
34 *autonames should be random, even length
36 public function testAutonameEven() {
37 $autoname1=autoname(10);
38 $autoname2=autoname(10);
40 $this->assertNotEquals($autoname1, $autoname2);
44 *autonames should be random, odd length
46 public function testAutonameOdd() {
47 $autoname1=autoname(9);
48 $autoname2=autoname(9);
50 $this->assertNotEquals($autoname1, $autoname2);
54 * try to fail autonames
56 public function testAutonameNoLength() {
57 $autoname1=autoname(0);
58 $this->assertEquals(0, count($autoname1));
61 public function testAutonameNegativeLength() {
62 $autoname1=autoname(-23);
63 $this->assertEquals(0, count($autoname1));
66 // public function testAutonameMaxLength() {
67 // $autoname2=autoname(PHP_INT_MAX);
68 // $this->assertEquals(PHP_INT_MAX, count($autoname2));
71 public function testAutonameLength1() {
72 $autoname3=autoname(1);
73 $this->assertEquals(1, count($autoname3));
79 public function testXmlify() {
80 $text="<tag>I want to break\n this!11!<?hard?></tag>";
81 $xml=xmlify($text); //test whether it actually may be part of a xml document
82 $retext=unxmlify($text);
84 $this->assertEquals($text, $retext);
88 * test hex2bin and reverse
91 public function testHex2Bin() {
92 $this->assertEquals(-3, hex2bin(bin2hex(-3)));
93 $this->assertEquals(0, hex2bin(bin2hex(0)));
94 $this->assertEquals(12, hex2bin(bin2hex(12)));
95 $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
101 public function testExpandAclNormal() {
103 $this->assertEquals(array(1, 2, 3), expand_acl($text));
106 public function testExpandAclBigNumber() {
107 $text="<1><279012><15>";
108 $this->assertEquals(array(1, 279012, 15), expand_acl($text));
111 public function testExpandAclString() {
112 $text="<1><279012><tt>"; //maybe that's invalid
113 $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text));
116 public function testExpandAclSpace() {
117 $text="<1><279 012><32>"; //maybe that's invalid
118 $this->assertEquals(array(1, "279 012", "32"), expand_acl($text));
121 public function testExpandAclEmpty() {
122 $text=""; //maybe that's invalid
123 $this->assertEquals(array(), expand_acl($text));
126 public function testExpandAclNoBrackets() {
127 $text="According to documentation, that's invalid. "; //should be invalid
128 $this->assertEquals(array(), expand_acl($text));
131 public function testExpandAclJustOneBracket1() {
132 $text="<Another invalid string"; //should be invalid
133 $this->assertEquals(array(), expand_acl($text));
136 public function testExpandAclJustOneBracket2() {
137 $text="Another invalid> string"; //should be invalid
138 $this->assertEquals(array(), expand_acl($text));
141 public function testExpandAclCloseOnly() {
142 $text="Another> invalid> string>"; //should be invalid
143 $this->assertEquals(array(), expand_acl($text));
146 public function testExpandAclOpenOnly() {
147 $text="<Another< invalid string<"; //should be invalid
148 $this->assertEquals(array(), expand_acl($text));
151 public function testExpandAclNoMatching1() {
152 $text="<Another<> invalid <string>"; //should be invalid
153 $this->assertEquals(array(), expand_acl($text));
156 public function testExpandAclNoMatching2() {
158 $this->assertEquals(array(), expand_acl($text));
162 * test attribute contains
164 public function testAttributeContains1() {
165 $testAttr="class1 notclass2 class3";
166 $this->assertTrue(attribute_contains($testAttr, "class3"));
167 $this->assertFalse(attribute_contains($testAttr, "class2"));
171 * test attribute contains
173 public function testAttributeContains2() {
174 $testAttr="class1 not-class2 class3";
175 $this->assertTrue(attribute_contains($testAttr, "class3"));
176 $this->assertFalse(attribute_contains($testAttr, "class2"));
179 public function testAttributeContainsEmpty() {
181 $this->assertFalse(attribute_contains($testAttr, "class2"));
184 public function testAttributeContainsSpecialChars() {
185 $testAttr="--... %\$รค() /(=?}";
186 $this->assertFalse(attribute_contains($testAttr, "class2"));
189 //function qp, quick and dirty??
191 //get_contact_block, bis Zeile 538