| Server IP : 122.154.253.140 / Your IP : 216.73.216.138 Web Server : Microsoft-IIS/7.5 System : Windows NT SERVER02 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586 User : IUSR ( 0) PHP Version : 5.6.31 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : C:/inetpub/wwwroot/phpMyAdmin/test/libraries/ |
Upload File : |
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* tests for PMA_sanitize()
*
* @package PhpMyAdmin-test
*/
/*
* Include to test
*/
require_once 'libraries/sanitizing.lib.php';
require_once 'libraries/url_generating.lib.php';
/**
* tests for PMA_sanitize()
*
* @package PhpMyAdmin-test
*/
class PMA_Sanitize_Test extends PHPUnit_Framework_TestCase
{
/**
* Setup various pre conditions
*
* @return void
*/
function setUp()
{
}
/**
* Tests for proper escaping of XSS.
*
* @return void
*/
public function testXssInHref()
{
$this->assertEquals(
'[a@javascript:alert(\'XSS\');@target]link</a>',
PMA_sanitize('[a@javascript:alert(\'XSS\');@target]link[/a]')
);
}
/**
* Tests correct generating of link redirector.
*
* @return void
*/
public function testLink()
{
unset($GLOBALS['server']);
unset($GLOBALS['lang']);
unset($GLOBALS['collation_connection']);
$this->assertEquals(
'<a href="./url.php?url=http%3A%2F%2Fwww.phpmyadmin.net%2F" target="target">link</a>',
PMA_sanitize('[a@http://www.phpmyadmin.net/@target]link[/a]')
);
}
/**
* Tests links to documentation.
*
* @return void
*
* @dataProvider docLinks
*/
public function testDoc($link, $expected)
{
$this->assertEquals(
'<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2F' . $expected . '" target="documentation">doclink</a>',
PMA_sanitize('[doc@' . $link . ']doclink[/doc]')
);
}
/**
* Data provider for sanitize [doc@foo] markup
*
* @return array
*/
public function docLinks()
{
return array(
array('foo', 'setup.html%23foo'),
array('cfg_TitleTable', 'config.html%23cfg_TitleTable'),
array('faq3-11', 'faq.html%23faq3-11'),
array('bookmarks@', 'bookmarks.html'),
);
}
/**
* Tests link target validation.
*
* @return void
*/
public function testInvalidTarget()
{
$this->assertEquals(
'[a@./Documentation.html@INVALID9]doc</a>',
PMA_sanitize('[a@./Documentation.html@INVALID9]doc[/a]')
);
}
/**
* Tests XSS escaping after valid link.
*
* @return void
*/
public function testLinkDocXss()
{
$this->assertEquals(
'[a@./Documentation.html" onmouseover="alert(foo)"]doc</a>',
PMA_sanitize('[a@./Documentation.html" onmouseover="alert(foo)"]doc[/a]')
);
}
/**
* Tests proper handling of multi link code.
*
* @return void
*/
public function testLinkAndXssInHref()
{
$this->assertEquals(
'<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2F">doc</a>[a@javascript:alert(\'XSS\');@target]link</a>',
PMA_sanitize('[a@https://docs.phpmyadmin.net/]doc[/a][a@javascript:alert(\'XSS\');@target]link[/a]')
);
}
/**
* Test escaping of HTML tags
*
* @return void
*/
public function testHtmlTags()
{
$this->assertEquals(
'<div onclick="">',
PMA_sanitize('<div onclick="">')
);
}
/**
* Tests basic BB code.
*
* @return void
*/
public function testBBCode()
{
$this->assertEquals(
'<strong>strong</strong>',
PMA_sanitize('[strong]strong[/strong]')
);
}
/**
* Tests output escaping.
*
* @return void
*/
public function testEscape()
{
$this->assertEquals(
'<strong>strong</strong>',
PMA_sanitize('[strong]strong[/strong]', true)
);
}
/**
* Test for PMA_sanitizeFilename
*
* @return void
*/
public function testSanitizeFilename()
{
$this->assertEquals(
'File_name_123',
PMA_sanitizeFilename('File_name 123')
);
}
}