mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-25 00:41:52 +02:00
Code Issues Releases Wiki Activity

Closes #5133 Admin-UI Search enhancements. Tests added.

Browse Source
This commit is contained in:
camer0n
2023-12-03 12:41:14 -08:00
parent 27a4887681
commit af7eadb7aa
5 changed files with 704 additions and 454 deletions
Download Patch File Download Diff File Expand all files Collapse all files

979
e107_handlers/admin_ui.php
View File

File diff suppressed because it is too large Load Diff

9
e107_handlers/e107_class.php
View File

@@ -5569,7 +5569,7 @@ class e107
$queryString = $_SERVER['QUERY_STRING'] ;
}
$inArray = array("'", '/**/', '/UNION/', '/SELECT/', 'AS ');
$inArray = array(/*"'",*/ '/**/', '/UNION/', '/SELECT/', 'AS ');
foreach($inArray as $res)
{
@@ -5604,8 +5604,15 @@ class e107
$e_QUERY = str_replace(array('{', '}', '%7B', '%7b', '%7D', '%7d'), '', rawurldecode($e_QUERY));
}
$replacements = array(
'\'' => '%27',
'"' => '%22'
);
$e_QUERY = str_replace(array_keys($replacements), $replacements, $e_QUERY); // don't encode quotes.
$e_QUERY = htmlspecialchars(self::getParser()->post_toForm($e_QUERY));
// e_QUERY SHOULD NOT BE DEFINED IF IN SNIGLE ENTRY MODE OR ALL URLS WILL BE BROKEN - it's defined later within the the router
if(!deftrue("e_SINGLE_ENTRY"))
{

8
e107_tests/tests/unit/e107Test.php
View File

@@ -1995,16 +1995,20 @@ class e107Test extends \Codeception\Test\Unit
public function testSet_request()
{
$tests = array(
'mode=main&action=create' => 'mode=main&action=create',
'[debug=counts!]mode=pref_editor&type=vstore' => 'mode=pref_editor&type=vstore',
'searchquery=šýá&mode=main' => 'searchquery=šýá&mode=main',
'mode=main&action=custom&other[key]=1' => 'mode=main&action=custom&other[key]=1',
'mode=main&action=custom&other[key]=1' => 'mode=main&action=custom&other[key]=1',
'searchquery="two words"&mode=main' => 'searchquery=%22two words%22&mode=main',
"searchquery='two words'&mode=main" => "searchquery=%27two words%27&mode=main",
//
);
foreach($tests as $input => $expected)
{
$result = $this->e107->set_request(true, $input);
$this->assertSame($expected, $result);
$this::assertSame($expected, $result);
}

55
e107_tests/tests/unit/e_admin_controller_uiTest.php
View File

@@ -24,9 +24,11 @@
}
catch(Exception $e)
{
$this->fail("Couldn't load e_admin_controller_ui object");
$this::fail("Couldn't load e_admin_controller_ui object");
}
}
public function testJoinAlias()
@@ -99,7 +101,58 @@
}
public function test_ModifyListQrySearch()
{
$listQry = 'SELECT u.* FROM `#user` WHERE 1 ';
$filterOptions = '';
$tablePath = '`#user`.';
$tableFrom = '`#user`';
$primaryName = 'user_id';
$raw = false;
$orderField = null;
$qryAsc = null;
$forceFrom = false;
$qryFrom = 0;
$forceTo = false;
$perPage = 10;
$qryField = null;
$isfilter = false;
$handleAction = 'list';
$this->ui->setFields([
'user_id' => array('title'=>'User ID', '__tableField' => 'u.user_id', 'type'=>'int', 'data'=>'int'),
'user_name' => array('title' => 'Name', '__tableField' => 'u.user_name', 'type' => 'text', 'data'=>'safestr'), // Display name
'user_login' => array('title' => 'Login','__tableField' => 'u.user_login', 'type' => 'text', 'data'=>'safestr'), // Real name (no real vetting)
]);
// Test single word search term.
$result = $this->ui->_modifyListQrySearch($listQry, 'admin', $filterOptions, $tablePath, $tableFrom, $primaryName, $raw, $orderField, $qryAsc, $forceFrom, $qryFrom, $forceTo, $perPage, $qryField, $isfilter, $handleAction);
$expected = "SELECT u.* FROM `#user` WHERE 1 AND ( u.user_name LIKE '%admin%' OR u.user_login LIKE '%admin%' ) LIMIT 0, 10";
$this::assertSame($expected, $result);
// Test multiple word search term.
$result = $this->ui->_modifyListQrySearch($listQry, 'firstname lastname', $filterOptions, $tablePath, $tableFrom, $primaryName, $raw, $orderField, $qryAsc, $forceFrom, $qryFrom, $forceTo, $perPage, $qryField, $isfilter, $handleAction);
$expected = "SELECT u.* FROM `#user` WHERE 1 AND (u.user_name LIKE '%firstname%' OR u.user_login LIKE '%firstname%') AND (u.user_name LIKE '%lastname%' OR u.user_login LIKE '%lastname%') LIMIT 0, 10";
$this::assertSame($expected, $result);
// Search term in quotes.
$expected = "SELECT u.* FROM `#user` WHERE 1 AND ( u.user_name LIKE '%firstname lastname%' OR u.user_login LIKE '%firstname lastname%' ) LIMIT 0, 10";
// Double-quotes.
$result = $this->ui->_modifyListQrySearch($listQry, '"firstname lastname"', $filterOptions, $tablePath, $tableFrom, $primaryName, $raw, $orderField, $qryAsc, $forceFrom, $qryFrom, $forceTo, $perPage, $qryField, $isfilter, $handleAction);
$this::assertSame($expected, $result);
// Single-quotes.
$result = $this->ui->_modifyListQrySearch($listQry, "'firstname lastname'", $filterOptions, $tablePath, $tableFrom, $primaryName, $raw, $orderField, $qryAsc, $forceFrom, $qryFrom, $forceTo, $perPage, $qryField, $isfilter, $handleAction);
$this::assertSame($expected, $result);
// Single quote as apostophie.
$result = $this->ui->_modifyListQrySearch($listQry, "burt's", $filterOptions, $tablePath, $tableFrom, $primaryName, $raw, $orderField, $qryAsc, $forceFrom, $qryFrom, $forceTo, $perPage, $qryField, $isfilter, $handleAction);
$expected = "SELECT u.* FROM `#user` WHERE 1 AND ( u.user_name LIKE '%burt's%' OR u.user_login LIKE '%burt's%' ) LIMIT 0, 10";
$this::assertSame($expected, $result);
}
/*
public function testGetSortParent()
{

107
e107_tests/tests/unit/e_admin_requestTest.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
class e_admin_requestTest extends \Codeception\Test\Unit
{
/**
* @var \e_admin_request
*/
protected $eAdminRequest;
protected function _before()
{
// Instantiate the class e_admin_request
$this->eAdminRequest = new e_admin_request('testQry1=myQry&searchquery="myQuoted"');
}
public function test__construct()
{
$this::assertEquals('main', $this->eAdminRequest->getMode());
$this::assertEquals('index', $this->eAdminRequest->getAction());
$this::assertEquals(0, $this->eAdminRequest->getId());
}
public function testGetQuery()
{
$this::assertNull($this->eAdminRequest->getQuery('some_key'));
$this::assertSame('myQry',$this->eAdminRequest->getQuery('testQry1'));
$this::assertSame('"myQuoted"', $this->eAdminRequest->getQuery('searchquery'));
}
public function testSetQuery()
{
$this->eAdminRequest->setQuery('test', 'value');
$this::assertEquals('value', $this->eAdminRequest->getQuery('test'));
}
public function testGetPosted()
{
$_POST['test_post'] = 'value';
$this::assertEquals('value', $this->eAdminRequest->getPosted('test_post'));
}
public function testSetPosted()
{
$this->eAdminRequest->setPosted('test_post', 'new_value');
$this::assertEquals('new_value', $this->eAdminRequest->getPosted('test_post'));
}
public function testGetMode()
{
$this::assertEquals('main', $this->eAdminRequest->getMode());
}
public function testSetMode()
{
$this->eAdminRequest->setMode('new_mode');
$this::assertEquals('new_mode', $this->eAdminRequest->getMode());
}
public function testGetAction()
{
$this::assertEquals('index', $this->eAdminRequest->getAction());
}
public function testSetAction()
{
$this->eAdminRequest->setAction('new_action');
$this::assertEquals('new_action', $this->eAdminRequest->getAction());
}
public function testGetId()
{
$this::assertEquals(0, $this->eAdminRequest->getId());
}
public function testSetId()
{
$this->eAdminRequest->setId(5);
$this::assertEquals(5, $this->eAdminRequest->getId());
}
public function testBuildQueryString()
{
$array = [
'mode' => 'default',
'action' => 'edit',
'custom_key' => 'custom_value',
];
$expected_result = "testQry1=myQry&amp;searchquery=%22myQuoted%22&amp;mode=default&amp;action=edit&amp;custom_key=custom_value";
$this::assertEquals($expected_result, $this->eAdminRequest->buildQueryString($array));
}
public function testCamelize()
{
$testString = 'test_-string';
$expected = 'TestString';
$this::assertEquals($expected, $this->eAdminRequest->camelize($testString));
}
}