2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * tests for PMA_sanitize()
6 * @package PhpMyAdmin-test
12 require_once 'libraries/sanitizing.lib.php';
13 require_once 'libraries/url_generating.lib.php';
14 require_once 'libraries/core.lib.php';
16 class PMA_sanitize_test
extends PHPUnit_Framework_TestCase
20 $_SESSION[' PMA_token '] = 'token';
24 * Tests for proper escaping of XSS.
26 public function testXssInHref()
28 $this->assertEquals('[a@javascript:alert(\'XSS\');@target]link</a>',
29 PMA_sanitize('[a@javascript:alert(\'XSS\');@target]link[/a]'));
33 * Tests correct generating of link redirector.
35 public function testLink()
37 unset($GLOBALS['server']);
38 unset($GLOBALS['lang']);
39 unset($GLOBALS['collation_connection']);
40 $this->assertEquals('<a href="./url.php?url=http%3A%2F%2Fwww.phpmyadmin.net%2F&token=token" target="target">link</a>',
41 PMA_sanitize('[a@http://www.phpmyadmin.net/@target]link[/a]'));
45 * Tests links to documentation.
47 public function testLinkDoc()
49 $this->assertEquals('<a href="./Documentation.html">doc</a>',
50 PMA_sanitize('[a@./Documentation.html]doc[/a]'));
54 * Tests link target validation.
56 public function testInvalidTarget()
58 $this->assertEquals('[a@./Documentation.html@INVALID9]doc</a>',
59 PMA_sanitize('[a@./Documentation.html@INVALID9]doc[/a]'));
63 * Tests XSS escaping after valid link.
65 public function testLinkDocXss()
67 $this->assertEquals('[a@./Documentation.html" onmouseover="alert(foo)"]doc</a>',
68 PMA_sanitize('[a@./Documentation.html" onmouseover="alert(foo)"]doc[/a]'));
72 * Tests proper handling of multi link code.
74 public function testLinkAndXssInHref()
76 $this->assertEquals('<a href="./Documentation.html">doc</a>[a@javascript:alert(\'XSS\');@target]link</a>',
77 PMA_sanitize('[a@./Documentation.html]doc[/a][a@javascript:alert(\'XSS\');@target]link[/a]'));
81 * Test escaping of HTML tags
83 public function testHtmlTags()
85 $this->assertEquals('<div onclick="">',
86 PMA_sanitize('<div onclick="">'));
90 * Tests basic BB code.
92 public function testBBCode()
94 $this->assertEquals('<strong>strong</strong>',
95 PMA_sanitize('[b]strong[/b]'));
99 * Tests output escaping.
101 public function testEscape()
103 $this->assertEquals('<strong>strong</strong>',
104 PMA_sanitize('[strong]strong[/strong]', true));