Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-10 01:42:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Qual: Spelling outside htdocs (#27448)

Browse Source 
* Qual: Spelling outside htdocs

# Qual: Fix spelling of files not in the htdocs subdirectory.

Highlight:
- Change in email test from unvalid to invalid that should give the same test result.

* Update Dolibarr-soapui-project.xml

---------

Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>
This commit is contained in:
MDW
2024-01-12 17:14:13 +01:00
committed by GitHub
parent 4cf62b9711
commit 42a0d05b63
51 changed files with 104 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
test/phpunit/SecurityTest.php
View File

@@ -351,7 +351,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject mmm');
$test="Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submited by CKEditor)";
$test="Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submitted by CKEditor)";
$result=testSqlAndScriptInject($test, 0); // result must be 0
$this->assertEquals(0, $result, 'Error on testSqlAndScriptInject mmm, result should be 0 and is not');
@@ -408,7 +408,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$_POST["param12"]='<!DOCTYPE html><html>aaa</html>';
$_POST["param13"]='&#110; &#x6E; &gt; &lt; &quot; <a href=\"j&#x61;vascript:alert(document.domain)\">XSS</a>';
$_POST["param13b"]='&#110; &#x6E; &gt; &lt; &quot; <a href=\"j&#x61vascript:alert(document.domain)\">XSS</a>';
$_POST["param14"]="Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submited by CKEditor)";
$_POST["param14"]="Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submitted by CKEditor)";
$_POST["param15"]="<img onerror<=alert(document.domain)> src=>0xbeefed";
//$_POST["param15b"]="<html><head><title>Example HTML</title></head><body><div><p>This is a paragraph.</div><ul><li>Item 1</li><li>Item 2</li></ol></body><html>";
$_POST["param16"]='<a style="z-index: 1000">abc</a>';
@@ -577,7 +577,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$result=GETPOST("param14", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals("Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submited by CKEditor)", $result, 'Test 14');
$this->assertEquals("Text with ' encoded with the numeric html entity converted into text entity &#39; (like when submitted by CKEditor)", $result, 'Test 14');
$result=GETPOST("param15", 'restricthtml'); // param15 = <img onerror<=alert(document.domain)> src=>0xbeefed that is a dangerous string
print __METHOD__." result=".$result."\n";
@@ -588,7 +588,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertEquals('<a href="&lpar;alert(document.cookie)&rpar;">XSS</a>', $result, 'Test 19');
// Test with restricthtml + MAIN_RESTRICTHTML_ONLY_VALID_HTML only to test disabling of bad atrributes
// Test with restricthtml + MAIN_RESTRICTHTML_ONLY_VALID_HTML only to test disabling of bad attributes
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY = 0;
@@ -615,7 +615,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
//$this->assertEquals('"c:\this is a path~1\aaan 110;" abcdef', $result); // ... on other PHP and libxml versions, we got a HTML that has been cleaned
// Test with restricthtml + MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY only to test disabling of bad atrributes
// Test with restricthtml + MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY only to test disabling of bad attributes
if (extension_loaded('tidy') && class_exists("tidy")) {
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 0;
@@ -639,7 +639,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
}
// Test with restricthtml + MAIN_RESTRICTHTML_ONLY_VALID_HTML + MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY to test disabling of bad atrributes
// Test with restricthtml + MAIN_RESTRICTHTML_ONLY_VALID_HTML + MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY to test disabling of bad attributes
if (extension_loaded('tidy') && class_exists("tidy")) {
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;
@@ -663,7 +663,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
}
// Test with restricthtml + MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to test disabling of bad atrributes
// Test with restricthtml + MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to test disabling of bad attributes
unset($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML);
unset($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY);
@@ -814,23 +814,23 @@ class SecurityTest extends PHPUnit\Framework\TestCase
{
$stringtotest = '<a href="javascript:aaa">bbbڴ';
$decodedstring = dol_string_onlythesehtmltags($stringtotest, 1, 1, 1);
$this->assertEquals('<a href="aaa">bbbڴ', $decodedstring, 'Function did not sanitize correclty with test 1');
$this->assertEquals('<a href="aaa">bbbڴ', $decodedstring, 'Function did not sanitize correctly with test 1');
$stringtotest = '<a href="java'.chr(0).'script:aaa">bbbڴ';
$decodedstring = dol_string_onlythesehtmltags($stringtotest, 1, 1, 1);
$this->assertEquals('<a href="aaa">bbbڴ', $decodedstring, 'Function did not sanitize correclty with test 2');
$this->assertEquals('<a href="aaa">bbbڴ', $decodedstring, 'Function did not sanitize correctly with test 2');
$stringtotest = '<a href="javascript&colon;aaa">bbbڴ';
$decodedstring = dol_string_onlythesehtmltags($stringtotest, 1, 1, 1);
$this->assertEquals('<a href="aaa">bbbڴ', $decodedstring, 'Function did not sanitize correclty with test 3');
$this->assertEquals('<a href="aaa">bbbڴ', $decodedstring, 'Function did not sanitize correctly with test 3');
$stringtotest = 'text <link href="aaa"> text';
$decodedstring = dol_string_onlythesehtmltags($stringtotest, 1, 1, 1, 0, array(), 0);
$this->assertEquals('text text', $decodedstring, 'Function did not sanitize correclty with test 4a');
$this->assertEquals('text text', $decodedstring, 'Function did not sanitize correctly with test 4a');
$stringtotest = 'text <link href="aaa"> text';
$decodedstring = dol_string_onlythesehtmltags($stringtotest, 1, 1, 1, 0, array(), 1);
$this->assertEquals('text <link href="aaa"> text', $decodedstring, 'Function did not sanitize correclty with test 4b');
$this->assertEquals('text <link href="aaa"> text', $decodedstring, 'Function did not sanitize correctly with test 4b');
return 0;
}
@@ -844,12 +844,12 @@ class SecurityTest extends PHPUnit\Framework\TestCase
{
$stringtotest = 'eée';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
$this->assertEquals('e&eacute;e', $decodedstring, 'Function did not sanitize correclty with test 1');
$this->assertEquals('e&eacute;e', $decodedstring, 'Function did not sanitize correctly with test 1');
$stringtotest = '<div onload="ee"><a href="123"><span class="abc">abc</span></a></div>';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
$decodedstring = preg_replace("/\n$/", "", $decodedstring);
$this->assertEquals('<div><a href="123"><span class="abc">abc</span></a></div>', $decodedstring, 'Function did not sanitize correclty with test 2');
$this->assertEquals('<div><a href="123"><span class="abc">abc</span></a></div>', $decodedstring, 'Function did not sanitize correctly with test 2');
return 0;
}
@@ -1182,7 +1182,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
// For a string that is already HTML (contains HTML tags) with special tags but badly formated
// For a string that is already HTML (contains HTML tags) with special tags but badly formatted
$stringtotest = "&quot;&gt;";
$stringfixed = "&quot;&gt;";
//$result = dol_htmlentitiesbr($stringtotest);
@@ -1194,7 +1194,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertEquals($stringfixed, $result, 'Error'); // Expected '' because should failed because login 'auto' does not exists
// For a string that is already HTML (contains HTML tags) with special tags but badly formated
// For a string that is already HTML (contains HTML tags) with special tags but badly formatted
$stringtotest = "testA\n<h1>hhhh</h1><z>ddd</z><header>aaa</header><footer>bbb</footer>";
if (getDolGlobalString("MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY")) {
$stringfixed = "testA\n<h1>hhhh</h1>\nddd\n<header>aaa</header>\n<footer>bbb</footer>\n";
@@ -1210,7 +1210,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$this->assertEquals($stringfixed, $result, 'Error');
// For a string that is already HTML (contains HTML tags) but badly formated
// For a string that is already HTML (contains HTML tags) but badly formatted
$stringtotest = "testB\n<h1>hhh</h1>\n<td>td alone</td><h1>iii</h1>";
if (getDolGlobalString("MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY")) {
$stringfixed = "testB\n<h1>hhh</h1>\n<h1>iii</h1>\n<table>\n<tr>\n<td>td alone</td>\n</tr>\n</table>\n";