Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-07 16:41:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Html entities use now HTML5. Enhance the Dolibarr WAF. More PHPUnit

Browse Source 
tests.
This commit is contained in:
Laurent Destailleur
2020-10-15 19:36:08 +02:00
parent 844c4dec4d
commit 5b37ff0bfd
16 changed files with 127 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
test/phpunit/SecurityTest.php
View File

@@ -294,6 +294,46 @@ class SecurityTest extends PHPUnit\Framework\TestCase
return 0;
}
/**
* testDolStringOnlyTheseHtmlTags
*
* @return number
*/
public function testDolHTMLEntityDecode()
{
$stringtotest = 'a : b " c ' d ' e é';
$decodedstring = dol_html_entity_decode($stringtotest, ENT_QUOTES);
$this->assertEquals('a : b " c \' d ' e é', $decodedstring, 'Function did not sanitize correclty');
$stringtotest = 'a : b " c ' d ' e é';
$decodedstring = dol_html_entity_decode($stringtotest, ENT_QUOTES|ENT_HTML5);
$this->assertEquals('a : b " c \' d \' e é', $decodedstring, 'Function did not sanitize correclty');
return 0;
}
/**
* testDolStringOnlyTheseHtmlTags
*
* @return number
*/
public function testDolStringOnlyTheseHtmlTags()
{
$stringtotest = '<a href="javascript:aaa">bbbڴ';
$decodedstring = dol_string_onlythesehtmltags($stringtotest, 1, 1, 1);
$this->assertEquals('<a href="aaa">bbbڴ', $decodedstring, 'Function did not sanitize correclty with test 1');
$stringtotest = '<a href="java'.chr(0).'script:aaa">bbbڴ';
$decodedstring = dol_string_onlythesehtmltags($stringtotest, 1, 1, 1);
$this->assertEquals('<a href="aaa">bbbڴ', $decodedstring, 'Function did not sanitize correclty with test 2');
$stringtotest = '<a href="javascript&colon;aaa">bbbڴ';
$decodedstring = dol_string_onlythesehtmltags($stringtotest, 1, 1, 1);
$this->assertEquals('<a href="aaa">bbbڴ', $decodedstring, 'Function did not sanitize correclty with test 3');
return 0;
}
/**
* testGetRandomPassword
*