2012-03-08 16:43:12 +00:00
|
|
|
<?php
|
2021-12-03 03:01:39 +00:00
|
|
|
|
2012-03-08 16:43:12 +00:00
|
|
|
/**
|
2012-03-14 11:54:49 +00:00
|
|
|
* tests several functions which are used to prevent xss attacks
|
2016-10-12 19:50:49 +00:00
|
|
|
*
|
2012-03-09 11:16:58 +00:00
|
|
|
* @package test.util
|
|
|
|
*/
|
2012-03-08 16:43:12 +00:00
|
|
|
|
2016-10-12 19:50:49 +00:00
|
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
|
2022-06-17 23:59:11 +00:00
|
|
|
require_once('include/misc.php');
|
2012-03-08 16:43:12 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
class AntiXSSTest extends TestCase
|
|
|
|
{
|
2012-03-08 16:43:12 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
/**
|
|
|
|
* test, that tags are escaped
|
|
|
|
*/
|
|
|
|
public function testEscapeTags()
|
|
|
|
{
|
|
|
|
$invalidstring = '<submit type="button" onclick="alert(\'failed!\');" />';
|
2012-03-08 16:43:12 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$validstring = notags($invalidstring);
|
|
|
|
$escapedString = escape_tags($invalidstring);
|
2012-03-08 16:43:12 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
|
|
|
|
$this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString);
|
|
|
|
}
|
2012-03-08 16:43:12 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
/**
|
|
|
|
*xmlify and unxmlify
|
|
|
|
*/
|
|
|
|
public function testXmlify()
|
|
|
|
{
|
|
|
|
$text = "<tag>I want to break\n this!11!<?hard?></tag>";
|
|
|
|
$xml = xmlify($text);
|
|
|
|
$retext = unxmlify($text);
|
2012-03-08 16:43:12 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$this->assertEquals($text, $retext);
|
|
|
|
}
|
2016-10-12 19:50:49 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
/**
|
|
|
|
* xmlify and put in a document
|
|
|
|
*/
|
|
|
|
public function testXmlifyDocument()
|
|
|
|
{
|
|
|
|
$tag = "<tag>I want to break</tag>";
|
|
|
|
$xml = xmlify($tag);
|
|
|
|
$text = '<text>' . $xml . '</text>';
|
2016-10-12 19:50:49 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$xml_parser = xml_parser_create();
|
|
|
|
//should be possible to parse it
|
|
|
|
$values = [];
|
|
|
|
$index = [];
|
|
|
|
$this->assertEquals(1, xml_parse_into_struct($xml_parser, $text, $values, $index));
|
2016-10-12 19:50:49 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$this->assertEquals(
|
|
|
|
array('TEXT' => array(0)),
|
|
|
|
$index
|
|
|
|
);
|
|
|
|
$this->assertEquals(
|
|
|
|
array(array('tag' => 'TEXT', 'type' => 'complete', 'level' => 1, 'value' => $tag)),
|
|
|
|
$values
|
|
|
|
);
|
2016-10-12 19:50:49 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
xml_parser_free($xml_parser);
|
|
|
|
}
|
2012-03-08 16:43:12 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
/**
|
|
|
|
* test hex2bin and reverse
|
|
|
|
*/
|
|
|
|
public function testHex2Bin()
|
|
|
|
{
|
|
|
|
$this->assertEquals(-3, hex2bin(bin2hex(-3)));
|
|
|
|
$this->assertEquals(0, hex2bin(bin2hex(0)));
|
|
|
|
$this->assertEquals(12, hex2bin(bin2hex(12)));
|
|
|
|
$this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
|
|
|
|
}
|
2012-03-09 11:16:58 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
//function qp, quick and dirty??
|
|
|
|
//get_mentions
|
|
|
|
//get_contact_block, bis Zeile 538
|
2012-03-08 16:43:12 +00:00
|
|
|
}
|