test/libraries/PMA_sanitize_test.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * tests for PMA_sanitize()
   5  *
   6  * @package PhpMyAdmin-test
   7  */
   8
   9 /*
  10  * Include to test
  11  */
  12 require_once 'libraries/sanitizing.lib.php';
  13 require_once 'libraries/url_generating.lib.php';
  14 require_once 'libraries/core.lib.php';
  15
  16 class PMA_sanitize_test extends PHPUnit_Framework_TestCase
  17 {
  18     function setUp()
  19     {
  20         $_SESSION[' PMA_token '] = 'token';
  21     }
  22
  23     /**
  24      * Tests for proper escaping of XSS.
  25      */
  26     public function testXssInHref()
  27     {
  28         $this->assertEquals('[a@javascript:alert(\'XSS\');@target]link</a>',
  29             PMA_sanitize('[a@javascript:alert(\'XSS\');@target]link[/a]'));
  30     }
  31
  32     /**
  33      * Tests correct generating of link redirector.
  34      */
  35     public function testLink()
  36     {
  37         unset($GLOBALS['server']);
  38         unset($GLOBALS['lang']);
  39         unset($GLOBALS['collation_connection']);
  40         $this->assertEquals('<a href="./url.php?url=http%3A%2F%2Fwww.phpmyadmin.net%2F&amp;token=token" target="target">link</a>',
  41             PMA_sanitize('[a@http://www.phpmyadmin.net/@target]link[/a]'));
  42     }
  43
  44     /**
  45      * Tests links to documentation.
  46      */
  47     public function testLinkDoc()
  48     {
  49         $this->assertEquals('<a href="./Documentation.html">doc</a>',
  50             PMA_sanitize('[a@./Documentation.html]doc[/a]'));
  51     }
  52
  53     /**
  54      * Tests link target validation.
  55      */
  56     public function testInvalidTarget()
  57     {
  58         $this->assertEquals('[a@./Documentation.html@INVALID9]doc</a>',
  59             PMA_sanitize('[a@./Documentation.html@INVALID9]doc[/a]'));
  60     }
  61
  62     /**
  63      * Tests XSS escaping after valid link.
  64      */
  65     public function testLinkDocXss()
  66     {
  67         $this->assertEquals('[a@./Documentation.html" onmouseover="alert(foo)"]doc</a>',
  68             PMA_sanitize('[a@./Documentation.html" onmouseover="alert(foo)"]doc[/a]'));
  69     }
  70
  71     /**
  72      * Tests proper handling of multi link code.
  73      */
  74     public function testLinkAndXssInHref()
  75     {
  76         $this->assertEquals('<a href="./Documentation.html">doc</a>[a@javascript:alert(\'XSS\');@target]link</a>',
  77             PMA_sanitize('[a@./Documentation.html]doc[/a][a@javascript:alert(\'XSS\');@target]link[/a]'));
  78     }
  79
  80     /**
  81      * Test escaping of HTML tags
  82      */
  83     public function testHtmlTags()
  84     {
  85         $this->assertEquals('&lt;div onclick=""&gt;',
  86             PMA_sanitize('<div onclick="">'));
  87     }
  88
  89     /**
  90      * Tests basic BB code.
  91      */
  92     public function testBBCode()
  93     {
  94         $this->assertEquals('<strong>strong</strong>',
  95             PMA_sanitize('[b]strong[/b]'));
  96     }
  97
  98     /**
  99      * Tests output escaping.
 100      */
 101     public function testEscape()
 102     {
 103         $this->assertEquals('&lt;strong&gt;strong&lt;/strong&gt;',
 104             PMA_sanitize('[strong]strong[/strong]', true));
 105     }
 106 }
 107 ?>