0
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
1 <?php
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
2 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
3 * SanitizeTest file
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
4 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
5 * PHP versions 4 and 5
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
6 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
7 * CakePHP(tm) Tests <http://book.cakephp.org/view/1196/Testing>
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
8 * Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
9 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
10 * Licensed under The Open Group Test Suite License
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
11 * Redistributions of files must retain the above copyright notice.
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
12 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
13 * @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
14 * @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
15 * @package cake
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
16 * @subpackage cake.tests.cases.libs
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
17 * @since CakePHP(tm) v 1.2.0.5428
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
18 * @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
19 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
20 App::import('Core', 'Sanitize');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
21
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
22 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
23 * DataTest class
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
24 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
25 * @package cake
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
26 * @subpackage cake.tests.cases.libs
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
27 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
28 class SanitizeDataTest extends CakeTestModel {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
29
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
30 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
31 * name property
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
32 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
33 * @var string 'SanitizeDataTest'
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
34 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
35 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
36 var $name = 'SanitizeDataTest';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
37
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
38 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
39 * useTable property
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
40 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
41 * @var string 'data_tests'
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
42 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
43 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
44 var $useTable = 'data_tests';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
45 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
46
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
47 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
48 * Article class
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
49 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
50 * @package cake
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
51 * @subpackage cake.tests.cases.libs
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
52 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
53 class SanitizeArticle extends CakeTestModel {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
54
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
55 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
56 * name property
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
57 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
58 * @var string 'Article'
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
59 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
60 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
61 var $name = 'SanitizeArticle';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
62
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
63 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
64 * useTable property
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
65 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
66 * @var string 'articles'
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
67 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
68 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
69 var $useTable = 'articles';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
70 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
71
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
72 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
73 * SanitizeTest class
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
74 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
75 * @package cake
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
76 * @subpackage cake.tests.cases.libs
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
77 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
78 class SanitizeTest extends CakeTestCase {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
79
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
80 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
81 * autoFixtures property
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
82 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
83 * @var bool false
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
84 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
85 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
86 var $autoFixtures = false;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
87
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
88 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
89 * fixtures property
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
90 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
91 * @var array
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
92 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
93 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
94 var $fixtures = array('core.data_test', 'core.article');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
95
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
96 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
97 * startTest method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
98 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
99 * @param mixed $method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
100 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
101 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
102 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
103 function startTest($method) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
104 parent::startTest($method);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
105 $this->_initDb();
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
106 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
107
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
108 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
109 * testEscapeAlphaNumeric method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
110 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
111 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
112 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
113 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
114 function testEscapeAlphaNumeric() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
115 $resultAlpha = Sanitize::escape('abc', 'test_suite');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
116 $this->assertEqual($resultAlpha, 'abc');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
117
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
118 $resultNumeric = Sanitize::escape('123', 'test_suite');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
119 $this->assertEqual($resultNumeric, '123');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
120
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
121 $resultNumeric = Sanitize::escape(1234, 'test_suite');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
122 $this->assertEqual($resultNumeric, 1234);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
123
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
124 $resultNumeric = Sanitize::escape(1234.23, 'test_suite');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
125 $this->assertEqual($resultNumeric, 1234.23);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
126
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
127 $resultNumeric = Sanitize::escape('#1234.23', 'test_suite');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
128 $this->assertEqual($resultNumeric, '#1234.23');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
129
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
130 $resultNull = Sanitize::escape(null, 'test_suite');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
131 $this->assertEqual($resultNull, null);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
132
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
133 $resultNull = Sanitize::escape(false, 'test_suite');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
134 $this->assertEqual($resultNull, false);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
135
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
136 $resultNull = Sanitize::escape(true, 'test_suite');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
137 $this->assertEqual($resultNull, true);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
138 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
139
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
140 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
141 * testClean method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
142 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
143 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
144 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
145 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
146 function testClean() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
147 $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
148 $expected = 'test & "quote" 'other' ;.$ symbol.another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
149 $result = Sanitize::clean($string, array('connection' => 'test_suite'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
150 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
151
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
152 $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
153 $expected = 'test & ' . Sanitize::escape('"quote"', 'test_suite') . ' ' . Sanitize::escape('\'other\'', 'test_suite') . ' ;.$ symbol.another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
154 $result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test_suite'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
155 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
156
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
157 $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
158 $expected = 'test & "quote" \'other\' ;.$ $ symbol.another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
159 $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'connection' => 'test_suite'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
160 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
161
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
162 $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
163 $expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
164 $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false, 'connection' => 'test_suite'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
165 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
166
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
167 $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
168 $expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
169 $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false, 'connection' => 'test_suite'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
170 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
171
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
172 $array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
173 $expected = array(array('test & "quote" 'other' ;.$ symbol.another line'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
174 $result = Sanitize::clean($array, array('connection' => 'test_suite'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
175 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
176
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
177 $array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
178 $expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
179 $result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test_suite'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
180 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
181
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
182 $array = array(array('test odd Ä spacesé'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
183 $expected = array(array('test odd Ä spacesé'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
184 $result = Sanitize::clean($array, array('odd_spaces' => false, 'escape' => false, 'connection' => 'test_suite'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
185 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
186
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
187 $array = array(array('\\$', array('key' => 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line')));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
188 $expected = array(array('$', array('key' => 'test & "quote" \'other\' ;.$ $ symbol.another line')));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
189 $result = Sanitize::clean($array, array('encode' => false, 'escape' => false));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
190 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
191
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
192 $string = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
193 $expected = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
194 $result = Sanitize::clean($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
195 $this->assertEqual($string, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
196
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
197 $data = array(
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
198 'Grant' => array(
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
199 'title' => '2 o clock grant',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
200 'grant_peer_review_id' => 3,
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
201 'institution_id' => 5,
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
202 'created_by' => 1,
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
203 'modified_by' => 1,
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
204 'created' => '2010-07-15 14:11:00',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
205 'modified' => '2010-07-19 10:45:41'
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
206 ),
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
207 'GrantsMember' => array(
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
208 0 => array(
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
209 'id' => 68,
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
210 'grant_id' => 120,
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
211 'member_id' => 16,
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
212 'program_id' => 29,
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
213 'pi_percent_commitment' => 1
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
214 )
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
215 )
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
216 );
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
217 $result = Sanitize::clean($data);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
218 $this->assertEqual($result, $data);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
219 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
220
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
221 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
222 * testHtml method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
223 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
224 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
225 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
226 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
227 function testHtml() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
228 $string = '<p>This is a <em>test string</em> & so is this</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
229 $expected = 'This is a test string & so is this';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
230 $result = Sanitize::html($string, array('remove' => true));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
231 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
232
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
233 $string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
234 $expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
235 $result = Sanitize::html($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
236 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
237
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
238 $string = 'The "lazy" dog \'jumped\'';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
239 $expected = 'The "lazy" dog \'jumped\'';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
240 $result = Sanitize::html($string, array('quotes' => ENT_COMPAT));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
241 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
242
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
243 $string = 'The "lazy" dog \'jumped\'';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
244 $result = Sanitize::html($string, array('quotes' => ENT_NOQUOTES));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
245 $this->assertEqual($result, $string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
246
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
247 $string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
248 $expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
249 $result = Sanitize::html($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
250 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
251 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
252
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
253 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
254 * testStripWhitespace method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
255 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
256 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
257 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
258 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
259 function testStripWhitespace() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
260 $string = "This sentence \t\t\t has lots of \n\n white\nspace \rthat \r\n needs to be \t \n trimmed.";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
261 $expected = "This sentence has lots of whitespace that needs to be trimmed.";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
262 $result = Sanitize::stripWhitespace($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
263 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
264 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
265
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
266 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
267 * testParanoid method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
268 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
269 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
270 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
271 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
272 function testParanoid() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
273 $string = 'I would like to !%@#% & dance & sing ^$&*()-+';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
274 $expected = 'Iwouldliketodancesing';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
275 $result = Sanitize::paranoid($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
276 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
277
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
278 $string = array('This |s th% s0ng that never ends it g*es',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
279 'on and on my friends, b^ca#use it is the',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
280 'so&g th===t never ends.');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
281 $expected = array('This s th% s0ng that never ends it g*es',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
282 'on and on my friends bcause it is the',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
283 'sog tht never ends.');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
284 $result = Sanitize::paranoid($string, array('%', '*', '.', ' '));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
285 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
286
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
287 $string = "anything' OR 1 = 1";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
288 $expected = 'anythingOR11';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
289 $result = Sanitize::paranoid($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
290 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
291
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
292 $string = "x' AND email IS NULL; --";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
293 $expected = 'xANDemailISNULL';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
294 $result = Sanitize::paranoid($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
295 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
296
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
297 $string = "x' AND 1=(SELECT COUNT(*) FROM users); --";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
298 $expected = "xAND1SELECTCOUNTFROMusers";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
299 $result = Sanitize::paranoid($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
300 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
301
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
302 $string = "x'; DROP TABLE members; --";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
303 $expected = "xDROPTABLEmembers";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
304 $result = Sanitize::paranoid($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
305 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
306 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
307
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
308 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
309 * testStripImages method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
310 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
311 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
312 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
313 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
314 function testStripImages() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
315 $string = '<img src="/img/test.jpg" alt="my image" />';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
316 $expected = 'my image<br />';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
317 $result = Sanitize::stripImages($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
318 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
319
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
320 $string = '<img src="javascript:alert(\'XSS\');" />';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
321 $expected = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
322 $result = Sanitize::stripImages($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
323 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
324
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
325 $string = '<a href="http://www.badsite.com/phising"><img src="/img/test.jpg" alt="test image alt" title="test image title" id="myImage" class="image-left"/></a>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
326 $expected = '<a href="http://www.badsite.com/phising">test image alt</a><br />';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
327 $result = Sanitize::stripImages($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
328 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
329
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
330 $string = '<a onclick="medium()" href="http://example.com"><img src="foobar.png" onclick="evilFunction(); return false;"/></a>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
331 $expected = '<a onclick="medium()" href="http://example.com"></a>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
332 $result = Sanitize::stripImages($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
333 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
334 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
335
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
336 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
337 * testStripScripts method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
338 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
339 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
340 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
341 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
342 function testStripScripts() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
343 $string = '<link href="/css/styles.css" media="screen" rel="stylesheet" />';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
344 $expected = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
345 $result = Sanitize::stripScripts($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
346 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
347
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
348 $string = '<link href="/css/styles.css" media="screen" rel="stylesheet" />' . "\n" . '<link rel="icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . '<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . '<link rel="alternate" href="/feed.xml" title="RSS Feed" type="application/rss+xml" />';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
349 $expected = "\n" . '<link rel="icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . '<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />'."\n".'<link rel="alternate" href="/feed.xml" title="RSS Feed" type="application/rss+xml" />';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
350 $result = Sanitize::stripScripts($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
351 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
352
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
353 $string = '<script type="text/javascript"> alert("hacked!");</script>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
354 $expected = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
355 $result = Sanitize::stripScripts($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
356 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
357
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
358 $string = '<script> alert("hacked!");</script>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
359 $expected = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
360 $result = Sanitize::stripScripts($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
361 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
362
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
363 $string = '<style>#content { display:none; }</style>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
364 $expected = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
365 $result = Sanitize::stripScripts($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
366 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
367
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
368 $string = '<style type="text/css"><!-- #content { display:none; } --></style>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
369 $expected = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
370 $result = Sanitize::stripScripts($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
371 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
372
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
373 $string = <<<HTML
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
374 text
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
375 <style type="text/css">
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
376 <!--
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
377 #content { display:none; }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
378 -->
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
379 </style>
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
380 text
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
381 HTML;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
382 $expected = "text\n\ntext";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
383 $result = Sanitize::stripScripts($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
384 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
385
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
386 $string = <<<HTML
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
387 text
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
388 <script type="text/javascript">
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
389 <!--
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
390 alert('wooo');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
391 -->
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
392 </script>
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
393 text
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
394 HTML;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
395 $expected = "text\n\ntext";
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
396 $result = Sanitize::stripScripts($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
397 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
398 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
399
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
400 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
401 * testStripAll method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
402 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
403 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
404 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
405 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
406 function testStripAll() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
407 $string = '<img """><script>alert("xss")</script>"/>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
408 $expected ='"/>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
409 $result = Sanitize::stripAll($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
410 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
411
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
412 $string = '<IMG SRC=javascript:alert('XSS')>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
413 $expected = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
414 $result = Sanitize::stripAll($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
415 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
416
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
417 $string = '<<script>alert("XSS");//<</script>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
418 $expected = '<';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
419 $result = Sanitize::stripAll($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
420 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
421
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
422 $string = '<img src="http://google.com/images/logo.gif" onload="window.location=\'http://sam.com/\'" />'."\n".
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
423 "<p>This is ok \t\n text</p>\n".
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
424 '<link rel="stylesheet" href="/css/master.css" type="text/css" media="screen" title="my sheet" charset="utf-8">'."\n".
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
425 '<script src="xss.js" type="text/javascript" charset="utf-8"></script>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
426 $expected = '<p>This is ok text</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
427 $result = Sanitize::stripAll($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
428 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
429
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
430 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
431
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
432 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
433 * testStripTags method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
434 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
435 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
436 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
437 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
438 function testStripTags() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
439 $string = '<h2>Headline</h2><p><a href="http://example.com">My Link</a> could go to a bad site</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
440 $expected = 'Headline<p>My Link could go to a bad site</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
441 $result = Sanitize::stripTags($string, 'h2', 'a');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
442 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
443
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
444 $string = '<script type="text/javascript" src="http://evildomain.com"> </script>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
445 $expected = ' ';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
446 $result = Sanitize::stripTags($string, 'script');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
447 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
448
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
449 $string = '<h2>Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
450 $expected = 'Important<p>Additional information here <img src="/img/test.png" />. Read even more here</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
451 $result = Sanitize::stripTags($string, 'h2', 'a');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
452 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
453
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
454 $string = '<h2>Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
455 $expected = 'Important<p>Additional information here . Read even more here</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
456 $result = Sanitize::stripTags($string, 'h2', 'a', 'img');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
457 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
458
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
459 $string = '<b>Important message!</b><br>This message will self destruct!';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
460 $expected = 'Important message!<br>This message will self destruct!';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
461 $result = Sanitize::stripTags($string, 'b');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
462 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
463
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
464 $string = '<b>Important message!</b><br />This message will self destruct!';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
465 $expected = 'Important message!<br />This message will self destruct!';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
466 $result = Sanitize::stripTags($string, 'b');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
467 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
468
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
469 $string = '<h2 onclick="alert(\'evil\'); onmouseover="badness()">Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
470 $expected = 'Important<p>Additional information here . Read even more here</p>';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
471 $result = Sanitize::stripTags($string, 'h2', 'a', 'img');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
472 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
473 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
474
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
475 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
476 * testFormatColumns method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
477 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
478 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
479 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
480 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
481 function testFormatColumns() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
482 $this->loadFixtures('DataTest', 'Article');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
483
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
484 $this->DataTest =& new SanitizeDataTest(array('alias' => 'DataTest'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
485 $data = array('DataTest' => array(
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
486 'id' => 'z',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
487 'count' => '12a',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
488 'float' => '2.31456',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
489 'updated' => '2008-01-01'
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
490 )
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
491 );
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
492 $this->DataTest->set($data);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
493 $expected = array('DataTest' => array(
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
494 'id' => '0',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
495 'count' => '12',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
496 'float' => 2.31456,
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
497 'updated' => '2008-01-01 00:00:00',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
498 ));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
499 Sanitize::formatColumns($this->DataTest);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
500 $result = $this->DataTest->data;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
501 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
502
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
503 $this->Article =& new SanitizeArticle(array('alias' => 'Article'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
504 $data = array('Article' => array(
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
505 'id' => 'ZB',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
506 'user_id' => '12',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
507 'title' => 'title of article',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
508 'body' => 'body text',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
509 'published' => 'QQQQQQQ',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
510 ));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
511 $this->Article->set($data);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
512 $expected = array('Article' => array(
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
513 'id' => '0',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
514 'user_id' => '12',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
515 'title' => 'title of article',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
516 'body' => 'body text',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
517 'published' => 'QQQQQQQ',
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
518 ));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
519 Sanitize::formatColumns($this->Article);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
520 $result = $this->Article->data;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
521 $this->assertEqual($result, $expected);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
522 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
523 }
|
