test/libraries/PMA_sanitize_test.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * tests for PMA_sanitize()
   5  *
   6  * @package phpMyAdmin-test
   7  */
   8
   9 /*
  10  * Include to test
  11  */
  12 require_once 'libraries/sanitizing.lib.php';
  13 require_once 'libraries/url_generating.lib.php';
  14 require_once 'libraries/core.lib.php';
  15
  16 class PMA_sanitize_test extends PHPUnit_Framework_TestCase
  17 {
  18     /**
  19      * Tests for proper escaping of XSS.
  20      */
  21     public function testXssInHref()
  22     {
  23         $this->assertEquals('[a@javascript:alert(\'XSS\');@target]link</a>',
  24             PMA_sanitize('[a@javascript:alert(\'XSS\');@target]link[/a]'));
  25     }
  26
  27     /**
  28      * Tests correct generating of link redirector.
  29      */
  30     public function testLink()
  31     {
  32         unset($GLOBALS['server']);
  33         unset($GLOBALS['lang']);
  34         $this->assertEquals('<a href="./url.php?url=http%3A%2F%2Fwww.phpmyadmin.net%2F" target="target">link</a>',
  35             PMA_sanitize('[a@http://www.phpmyadmin.net/@target]link[/a]'));
  36     }
  37
  38     /**
  39      * Tests links to documentation.
  40      */
  41     public function testLinkDoc()
  42     {
  43         $this->assertEquals('<a href="./Documentation.html">doc</a>',
  44             PMA_sanitize('[a@./Documentation.html]doc[/a]'));
  45     }
  46
  47     /**
  48      * Tests link target validation.
  49      */
  50     public function testInvalidTarget()
  51     {
  52         $this->assertEquals('[a@./Documentation.html@INVALID9]doc</a>',
  53             PMA_sanitize('[a@./Documentation.html@INVALID9]doc[/a]'));
  54     }
  55
  56     /**
  57      * Tests XSS escaping after valid link.
  58      */
  59     public function testLinkDocXss()
  60     {
  61         $this->assertEquals('[a@./Documentation.html" onmouseover="alert(foo)"]doc</a>',
  62             PMA_sanitize('[a@./Documentation.html" onmouseover="alert(foo)"]doc[/a]'));
  63     }
  64
  65     /**
  66      * Tests proper handling of multi link code.
  67      */
  68     public function testLinkAndXssInHref()
  69     {
  70         $this->assertEquals('<a href="./Documentation.html">doc</a>[a@javascript:alert(\'XSS\');@target]link</a>',
  71             PMA_sanitize('[a@./Documentation.html]doc[/a][a@javascript:alert(\'XSS\');@target]link[/a]'));
  72     }
  73
  74     /**
  75      * Test escaping of HTML tags
  76      */
  77     public function testHtmlTags()
  78     {
  79         $this->assertEquals('&lt;div onclick=""&gt;',
  80             PMA_sanitize('<div onclick="">'));
  81     }
  82
  83     /**
  84      * Tests basic BB code.
  85      */
  86     public function testBBCode()
  87     {
  88         $this->assertEquals('<strong>strong</strong>',
  89             PMA_sanitize('[b]strong[/b]'));
  90     }
  91
  92     /**
  93      * Tests output escaping.
  94      */
  95     public function testEscape()
  96     {
  97         $this->assertEquals('&lt;strong&gt;strong&lt;/strong&gt;',
  98             PMA_sanitize('[strong]strong[/strong]', true));
  99     }
 100 }
 101 ?>