mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-22 13:42:53 +02:00
Code Issues Releases Wiki Activity

[2.1.5] [MFH] Complete the imagecrash added protection fixes

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/php4@1785 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2008-06-11 01:53:31 +00:00
parent 0dbe87bbc7
commit 234cd2196f
13 changed files with 457 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tests/HTMLPurifier/AttrDef/CSS/LengthTest.php
View File

@@ -31,12 +31,20 @@ class HTMLPurifier_AttrDef_CSS_LengthTest extends HTMLPurifier_AttrDefHarness
function testNonNegative() {
$this->def = new HTMLPurifier_AttrDef_CSS_Length(true);
$this->def = new HTMLPurifier_AttrDef_CSS_Length('0');
$this->assertDef('3cm');
$this->assertDef('-3mm', false);
}
function testBounding() {
$this->def = new HTMLPurifier_AttrDef_CSS_Length('-1in', '1in');
$this->assertDef('1cm');
$this->assertDef('-1cm');
$this->assertDef('0');
$this->assertDef('1em', false);
}
}

34
tests/HTMLPurifier/AttrDef/SwitchTest.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
require_once 'HTMLPurifier/AttrDef/Switch.php';
class HTMLPurifier_AttrDef_SwitchTest extends HTMLPurifier_AttrDefHarness
{
var $with, $without;
function setUp() {
parent::setUp();
generate_mock_once('HTMLPurifier_AttrDef');
$this->with = new HTMLPurifier_AttrDefMock();
$this->without = new HTMLPurifier_AttrDefMock();
$this->def = new HTMLPurifier_AttrDef_Switch('tag', $this->with, $this->without);
}
function testWith() {
$token = new HTMLPurifier_Token_Start('tag');
$this->context->register('CurrentToken', $token);
$this->with->expectOnce('validate');
$this->with->setReturnValue('validate', 'foo');
$this->assertDef('bar', 'foo');
}
function testWithout() {
$token = new HTMLPurifier_Token_Start('other-tag');
$this->context->register('CurrentToken', $token);
$this->without->expectOnce('validate');
$this->without->setReturnValue('validate', 'foo');
$this->assertDef('bar', 'foo');
}
}

36
tests/HTMLPurifier/LengthTest.php
View File

@@ -7,14 +7,14 @@ class HTMLPurifier_LengthTest extends HTMLPurifier_Harness
function testConstruct() {
$l = new HTMLPurifier_Length('23', 'in');
$this->assertIdentical($l->n, '23');
$this->assertIdentical($l->unit, 'in');
$this->assertIdentical($l->getN(), '23');
$this->assertIdentical($l->getUnit(), 'in');
}
function testMake() {
$l = HTMLPurifier_Length::make('+23.4in');
$this->assertIdentical($l->n, '+23.4');
$this->assertIdentical($l->unit, 'in');
$this->assertIdentical($l->getN(), '+23.4');
$this->assertIdentical($l->getUnit(), 'in');
}
function testToString() {
@@ -22,16 +22,18 @@ class HTMLPurifier_LengthTest extends HTMLPurifier_Harness
$this->assertIdentical($l->toString(), '23in');
}
function assertValidate($string, $expect = true, $disable_negative = false) {
function assertValidate($string, $expect = true) {
if ($expect === true) $expect = $string;
$l = HTMLPurifier_Length::make($string);
$result = $l->validate($disable_negative, $this->config, $this->context);
$result = $l->isValid();
if ($result === false) $this->assertIdentical($expect, false);
else $this->assertIdentical($l->toString(), $expect);
}
function testValidate() {
$this->assertValidate('0');
$this->assertValidate('+0', '0');
$this->assertValidate('-0', '0');
$this->assertValidate('0px');
$this->assertValidate('4.5px');
$this->assertValidate('-4.5px');
@@ -45,7 +47,27 @@ class HTMLPurifier_LengthTest extends HTMLPurifier_Harness
$this->assertValidate('3PX', '3px');
$this->assertValidate('3', false);
$this->assertValidate('3miles', false);
$this->assertValidate('-3mm', false, true); // no-negatives
}
/**
* @param $s1 First string to compare
* @param $s2 Second string to compare
* @param $expect 0 for $s1 == $s2, 1 for $s1 > $s2 and -1 for $s1 < $s2
*/
function assertComparison($s1, $s2, $expect = 0) {
$l1 = HTMLPurifier_Length::make($s1);
$l2 = HTMLPurifier_Length::make($s2);
$r1 = $l1->compareTo($l2);
$r2 = $l2->compareTo($l1);
$this->assertIdentical($r1 == 0 ? 0 : ($r1 > 0 ? 1 : -1), $expect);
$this->assertIdentical($r2 == 0 ? 0 : ($r2 > 0 ? 1 : -1), - $expect);
}
function testCompareTo() {
$this->assertComparison('12in', '12in');
$this->assertComparison('12in', '12mm', 1);
$this->assertComparison('1px', '1mm', -1);
$this->assertComparison(str_repeat('2', 38) . 'in', '100px', 1);
}
}

39
tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
View File

@@ -180,9 +180,44 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
);
}
function testRemoveCSSWidthAndHeightOnImg() {
function testKeepAbsoluteCSSWidthAndHeightOnImg() {
$this->assertResult(
'<img src="" alt="" style="width:10px;height:10px;border:1px solid #000;" />',
'<img src="" alt="" style="width:10px;height:10px;border:1px solid #000;" />'
);
}
function testRemoveLargeCSSWidthAndHeightOnImg() {
$this->assertResult(
'<img src="" alt="" style="width:10000000px;height:10000000px;border:1px solid #000;" />',
'<img src="" alt="" style="border:1px solid #000;" />'
);
}
function testRemoveLargeCSSWidthAndHeightOnImgWithUserConf() {
$this->config->set('CSS', 'MaxImgLength', '1px');
$this->assertResult(
'<img src="" alt="" style="width:1mm;height:1mm;border:1px solid #000;" />',
'<img src="" alt="" style="border:1px solid #000;" />'
);
}
function testKeepLargeCSSWidthAndHeightOnImgWhenToldTo() {
$this->config->set('CSS', 'MaxImgLength', null);
$this->assertResult(
'<img src="" alt="" style="width:10000000px;height:10000000px;border:1px solid #000;" />'
);
}
function testRemoveRelativeCSSWidthAndHeightOnImg() {
$this->assertResult(
'<img src="" alt="" style="width:10em;height:10em;border:1px solid #000;" />',
'<img src="" alt="" style="border:1px solid #000;" />'
);
}
function testRemovePercentCSSWidthAndHeightOnImg() {
$this->assertResult(
'<img src="" alt="" style="width:100%;height:100%;border:1px solid #000;" />',
'<img src="" alt="" style="border:1px solid #000;" />'
);
}

95
tests/HTMLPurifier/UnitConverterTest.php
View File

@@ -5,12 +5,44 @@ require_once 'HTMLPurifier/UnitConverter.php';
class HTMLPurifier_UnitConverterTest extends HTMLPurifier_Harness
{
function assertConversion($input, $expect) {
$input = HTMLPurifier_Length::make($input);
$expect = HTMLPurifier_Length::make($expect);
$converter = new HTMLPurifier_UnitConverter();
$result = $converter->convert($input, $expect->unit);
$this->assertIdentical($result, $expect);
function assertConversion($input, $expect, $unit = null, $test_negative = true) {
$length = HTMLPurifier_Length::make($input);
if ($expect !== false) $expectl = HTMLPurifier_Length::make($expect);
else $expectl = false;
$to_unit = $unit !== null ? $unit : $expectl->getUnit();
$converter = new HTMLPurifier_UnitConverter(4, 10);
$result = $converter->convert($length, $to_unit);
if (!$result || !$expectl) $this->assertIdentical($result, $expectl);
else $this->assertIdentical($result->toString(), $expectl->toString());
$converter = new HTMLPurifier_UnitConverter(4, 10, true);
$result = $converter->convert($length, $to_unit);
if (!$result || !$expectl) $this->assertIdentical($result, $expectl);
else $this->assertIdentical($result->toString(), $expectl->toString(), 'BCMath substitute: %s');
if ($test_negative) {
$this->assertConversion(
"-$input",
$expect === false ? false : "-$expect",
$unit,
false
);
}
}
function testFail() {
$this->assertConversion('1in', false, 'foo');
$this->assertConversion('1foo', false, 'in');
}
function testZero() {
$this->assertConversion('0', '0', 'in', false);
$this->assertConversion('-0', '0', 'in', false);
$this->assertConversion('0in', '0', 'in', false);
$this->assertConversion('-0in', '0', 'in', false);
$this->assertConversion('0in', '0', 'pt', false);
$this->assertConversion('-0in', '0', 'pt', false);
}
function testEnglish() {
@@ -26,6 +58,9 @@ class HTMLPurifier_UnitConverterTest extends HTMLPurifier_Harness
$this->assertConversion('1pt', '0.01389in');
$this->assertConversion('1.000pt', '0.01389in');
$this->assertConversion('100000pt', '1389in');
$this->assertConversion('1in', '96px');
$this->assertConversion('96px', '1in');
}
function testMetric() {
@@ -41,4 +76,52 @@ class HTMLPurifier_UnitConverterTest extends HTMLPurifier_Harness
$this->assertConversion('0.3937in', '1cm');
}
function testRoundingMinPrecision() {
// One sig-fig, modified to be four, conversion rounds up
$this->assertConversion('100pt', '1.389in');
$this->assertConversion('1000pt', '13.89in');
$this->assertConversion('10000pt', '138.9in');
$this->assertConversion('100000pt', '1389in');
$this->assertConversion('1000000pt', '13890in');
}
function testRoundingUserPrecision() {
// Five sig-figs, conversion rounds down
$this->assertConversion('11112000pt', '154330in');
$this->assertConversion('1111200pt', '15433in');
$this->assertConversion('111120pt', '1543.3in');
$this->assertConversion('11112pt', '154.33in');
$this->assertConversion('1111.2pt', '15.433in');
$this->assertConversion('111.12pt', '1.5433in');
$this->assertConversion('11.112pt', '0.15433in');
}
function assertSigFig($n, $sigfigs) {
$converter = new HTMLPurifier_UnitConverter();
$result = $converter->getSigFigs($n);
$this->assertIdentical($result, $sigfigs);
}
function test_getSigFigs() {
$this->assertSigFig('0', 0);
$this->assertSigFig('1', 1);
$this->assertSigFig('-1', 1);
$this->assertSigFig('+1', 1);
$this->assertSigFig('01', 1);
$this->assertSigFig('001', 1);
$this->assertSigFig('12', 2);
$this->assertSigFig('012', 2);
$this->assertSigFig('10', 1);
$this->assertSigFig('10.', 2);
$this->assertSigFig('100.', 3);
$this->assertSigFig('103', 3);
$this->assertSigFig('130', 2);
$this->assertSigFig('.1', 1);
$this->assertSigFig('0.1', 1);
$this->assertSigFig('00.1', 1);
$this->assertSigFig('0.01', 1);
$this->assertSigFig('0.010', 2);
$this->assertSigFig('0.012', 2);
}
}