Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Enhance phpunit

Browse Source
This commit is contained in:
Laurent Destailleur
2022-11-28 16:54:34 +01:00
parent 75de251402
commit ba4e5ef245
2 changed files with 42 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
test/phpunit/SecurityTest.php
View File

@@ -537,16 +537,19 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print __METHOD__." result=".$result."\n";
$this->assertEquals("Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)", $result, 'Test 14');
$result=GETPOST("param15", 'restricthtml'); // <img onerror<=alert(document.domain)> src=>0xbeefed
$result=GETPOST("param15", 'restricthtml'); // param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
print __METHOD__." result=".$result."\n";
$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15'); // The GETPOST return a harmull string
// Test with restricthtml + MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to test disabling of bad atrributes
// Test with restricthtml + MAIN_RESTRICTHTML_ONLY_VALID_HTML to test disabling of bad atrributes
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;
$result=GETPOST("param15", 'restricthtml');
$result=GETPOST("param15", 'restricthtml'); // param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
print __METHOD__." result=".$result."\n";
$this->assertEquals('InvalidHTMLString', $result, 'Test 15b');
//$this->assertEquals('InvalidHTMLString', $result, 'Test 15b');
$this->assertEquals('<img onerror> src=&gt;0xbeefed', $result, 'Test 15b');
unset($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML);
@@ -555,7 +558,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$result=GETPOST("param15", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('<img src="">0xbeefed', $result, 'Test 15b');
$this->assertEquals('<img src="">0xbeefed', $result, 'Test 15c');
$result=GETPOST('param16', 'restricthtml');
print __METHOD__." result=".$result."\n";
@@ -836,6 +839,36 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertEquals('google.com', $result, 'Test on dol_sanitizeUrl C');
}
/**
* testDolSanitizeEmail
*
* @return void
*/
public function testDolSanitizeEmail()
{
global $conf,$user,$langs,$db;
$conf=$this->savconf;
$user=$this->savuser;
$langs=$this->savlangs;
$db=$this->savdb;
$test = 'aaa@mycompany.com <My name>, bbb@mycompany.com <Another name>';
$result=dol_sanitizeEmail($test);
$this->assertEquals($test, $result, 'Test on dol_sanitizeEmail A');
$test = "aaa@mycompany.com <My name>,\nbbb@mycompany.com <Another name>";
$result=dol_sanitizeEmail($test);
$this->assertEquals('aaa@mycompany.com <My name>,bbb@mycompany.com <Another name>', $result, 'Test on dol_sanitizeEmail B');
$test = 'aaa@mycompany.com <My name>,\nbbb@mycompany.com <Another name>';
$result=dol_sanitizeEmail($test);
$this->assertEquals('aaa@mycompany.com <My name>,nbbb@mycompany.com <Another name>', $result, 'Test on dol_sanitizeEmail C');
$test = 'aaa@mycompany.com <My name>, "bcc:bbb"@mycompany.com <Another name>';
$result=dol_sanitizeEmail($test);
$this->assertEquals('aaa@mycompany.com <My name>, bccbbb@mycompany.com <Another name>', $result, 'Test on dol_sanitizeEmail D');
}
/**
* testDolSanitizeFileName
*