mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-06 08:47:45 +02:00
[ticket/16250] Add a service to check BBCodes safeness
PHPBB3-16250
This commit is contained in:
JoshyPHP
@@ -43,4 +43,44 @@ class phpbb_functional_acp_bbcodes_test extends phpbb_functional_test_case
|
||||
$this->assertContains('<div>c</div>', $html);
|
||||
$this->assertContains('<div>d</div>', $html);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider get_bbcode_error_tests
|
||||
*/
|
||||
public function test_bbcode_error($match, $tpl, $error)
|
||||
{
|
||||
$this->login();
|
||||
$this->admin_login();
|
||||
|
||||
$crawler = self::request('GET', 'adm/index.php?i=acp_bbcodes&sid=' . $this->sid . '&mode=bbcodes&action=add');
|
||||
$form = $crawler->selectButton('Submit')->form([
|
||||
'bbcode_match' => $match,
|
||||
'bbcode_tpl' => $tpl
|
||||
]);
|
||||
$crawler = self::submit($form);
|
||||
|
||||
$text = $crawler->filter('.errorbox')->text();
|
||||
$this->assertStringContainsString($error, $text);
|
||||
}
|
||||
|
||||
public function get_bbcode_error_tests()
|
||||
{
|
||||
return [
|
||||
[
|
||||
'XXX',
|
||||
'',
|
||||
'BBCode is constructed in an invalid form'
|
||||
],
|
||||
[
|
||||
'[x]{TEXT}[/x]',
|
||||
'<xsl:invalid',
|
||||
'template is invalid'
|
||||
],
|
||||
[
|
||||
'[x]{TEXT}[/x]',
|
||||
'<script>{TEXT}</script>',
|
||||
'unsafe'
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
79
tests/text_formatter/s9e/acp_utils_test.php
Normal file
79
tests/text_formatter/s9e/acp_utils_test.php
Normal file
@@ -0,0 +1,79 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* This file is part of the phpBB Forum Software package.
|
||||
*
|
||||
* @copyright (c) phpBB Limited <https://www.phpbb.com>
|
||||
* @license GNU General Public License, version 2 (GPL-2.0)
|
||||
*
|
||||
* For full copyright and license information, please see
|
||||
* the docs/CREDITS.txt file.
|
||||
*
|
||||
*/
|
||||
|
||||
class phpbb_textformatter_s9e_acp_utils_test extends phpbb_test_case
|
||||
{
|
||||
/**
|
||||
* @dataProvider get_analyse_bbcode_tests
|
||||
*/
|
||||
public function test_analyse_bbcode($definition, $template, $expected)
|
||||
{
|
||||
$container = $this->get_test_case_helpers()->set_s9e_services();
|
||||
$factory = $container->get('text_formatter.s9e.factory');
|
||||
$acp_utils = new \phpbb\textformatter\s9e\acp_utils($factory);
|
||||
$actual = $acp_utils->analyse_bbcode($definition, $template);
|
||||
|
||||
$this->assertEquals($expected, $actual);
|
||||
}
|
||||
|
||||
public function get_analyse_bbcode_tests()
|
||||
{
|
||||
return [
|
||||
[
|
||||
'[x]{TEXT}[/x]',
|
||||
'<b>{TEXT}</b>',
|
||||
[
|
||||
'status' => 'safe',
|
||||
'name' => 'X'
|
||||
]
|
||||
],
|
||||
[
|
||||
'[hr]',
|
||||
'<hr>',
|
||||
[
|
||||
'status' => 'safe',
|
||||
'name' => 'HR'
|
||||
]
|
||||
],
|
||||
[
|
||||
'[x]{TEXT}[/x]',
|
||||
'<script>{TEXT}</script>',
|
||||
[
|
||||
'status' => 'unsafe',
|
||||
'name' => 'X',
|
||||
'error_text' => 'Cannot allow unfiltered data in this context',
|
||||
'error_html' => '<script>
|
||||
<span class="highlight"><xsl:apply-templates/></span>
|
||||
</script>'
|
||||
]
|
||||
],
|
||||
[
|
||||
'???',
|
||||
'<hr>',
|
||||
[
|
||||
'status' => 'invalid_definition',
|
||||
'error_text' => 'Cannot interpret the BBCode definition'
|
||||
]
|
||||
],
|
||||
[
|
||||
'[x]{TEXT}[/x]',
|
||||
'<xsl:invalid',
|
||||
[
|
||||
'status' => 'invalid_template',
|
||||
'name' => 'X',
|
||||
'error_text' => "Invalid XSL: Couldn't find end of Start Tag invalid line 1\n"
|
||||
]
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user