mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-30 21:40:43 +02:00
Merge branch 'ticket/security/211' into ticket/security/211-rhea
This commit is contained in:
Marc Alexander
@@ -24,7 +24,7 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
|
||||
*/
|
||||
public function setUp()
|
||||
{
|
||||
global $request, $user, $cache, $phpbb_root_path, $phpEx;
|
||||
global $config, $request, $user, $cache, $phpbb_root_path, $phpEx;
|
||||
|
||||
$user = $this->getMock('\phpbb\user', array(), array(
|
||||
new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)),
|
||||
@@ -34,6 +34,7 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
|
||||
$user->expects($this->any())
|
||||
->method('lang')
|
||||
->will($this->returnCallback(array($this, 'return_callback_implode')));
|
||||
$config = new \phpbb\config\config([]);
|
||||
|
||||
$request = $this->getMock('\phpbb\request\request');
|
||||
$template = $this->getMock('\phpbb\template\template');
|
||||
@@ -269,6 +270,18 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
|
||||
null,
|
||||
'Field should simply output null for empty vlaue',
|
||||
),
|
||||
array(
|
||||
'http://foobar.com',
|
||||
array('field_show_novalue' => false),
|
||||
'http://foobar.com',
|
||||
'Field should output the given value but not make it clickable',
|
||||
),
|
||||
array(
|
||||
'javascript://foobar.com',
|
||||
array('field_show_novalue' => true),
|
||||
'javascript://foobar.com',
|
||||
'Field should output the given value but not make it clickable',
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -11,6 +11,10 @@
|
||||
*
|
||||
*/
|
||||
|
||||
require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
|
||||
require_once dirname(__FILE__) . '/../../phpBB/includes/functions_content.php';
|
||||
require_once dirname(__FILE__) . '/../../phpBB/includes/utf/utf_tools.php';
|
||||
|
||||
class phpbb_profilefield_type_url_test extends phpbb_test_case
|
||||
{
|
||||
protected $cp;
|
||||
@@ -24,8 +28,10 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case
|
||||
*/
|
||||
public function setUp()
|
||||
{
|
||||
global $phpbb_root_path, $phpEx;
|
||||
global $config, $request, $user, $cache, $phpbb_root_path, $phpEx;
|
||||
|
||||
$config = new \phpbb\config\config([]);
|
||||
$cache = new phpbb_mock_cache;
|
||||
$user = $this->getMock('\phpbb\user', array(), array(
|
||||
new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)),
|
||||
'\phpbb\datetime'
|
||||
@@ -92,6 +98,19 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case
|
||||
'FIELD_INVALID_URL-field',
|
||||
'Field should reject invalid URL having multi value parameters',
|
||||
),
|
||||
// Not allowed schemes
|
||||
array(
|
||||
'ftp://example.com/',
|
||||
array(),
|
||||
'FIELD_INVALID_URL-field',
|
||||
'Field should reject invalid URL having multi value parameters',
|
||||
),
|
||||
array(
|
||||
'javascript://alert.com',
|
||||
array(),
|
||||
'FIELD_INVALID_URL-field',
|
||||
'Field should reject invalid URL having multi value parameters',
|
||||
),
|
||||
|
||||
// IDN url type profilefields
|
||||
array(
|
||||
@@ -165,6 +184,55 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case
|
||||
);
|
||||
}
|
||||
|
||||
public function profile_value_data()
|
||||
{
|
||||
return array(
|
||||
array(
|
||||
'http://foobar.com',
|
||||
array('field_show_novalue' => true),
|
||||
'<!-- l --><a class="postlink-local" href="http://foobar.com">foobar.com</a><!-- l -->',
|
||||
'Field should output the given value',
|
||||
),
|
||||
array(
|
||||
'http://foobar.com',
|
||||
array('field_show_novalue' => false),
|
||||
'<!-- l --><a class="postlink-local" href="http://foobar.com">foobar.com</a><!-- l -->',
|
||||
'Field should output the given value',
|
||||
),
|
||||
array(
|
||||
'test',
|
||||
array('field_show_novalue' => true),
|
||||
null,
|
||||
'Field should output nothing for empty value',
|
||||
),
|
||||
array(
|
||||
'test',
|
||||
array('field_show_novalue' => false),
|
||||
null,
|
||||
'Field should simply output null for empty value',
|
||||
),
|
||||
array(
|
||||
'javascript://foobar.com',
|
||||
array('field_show_novalue' => true),
|
||||
null,
|
||||
'Field should output nothing for empty value',
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @dataProvider profile_value_data
|
||||
*/
|
||||
public function test_get_profile_value($value, $field_options, $expected, $description)
|
||||
{
|
||||
$field_options = array_merge($this->field_options, $field_options);
|
||||
|
||||
$result = $this->cp->get_profile_value($value, $field_options);
|
||||
|
||||
$this->assertSame($expected, $result, $description);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider profile_value_raw_data
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user