* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The Open Group Test Suite License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests
* @package cake
* @subpackage cake.tests.cases.libs
* @since CakePHP(tm) v 1.2.0.5428
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
*/
App::import('Core', 'Sanitize');
/**
* DataTest class
*
* @package cake
* @subpackage cake.tests.cases.libs
*/
class SanitizeDataTest extends CakeTestModel {
/**
* name property
*
* @var string 'SanitizeDataTest'
* @access public
*/
var $name = 'SanitizeDataTest';
/**
* useTable property
*
* @var string 'data_tests'
* @access public
*/
var $useTable = 'data_tests';
}
/**
* Article class
*
* @package cake
* @subpackage cake.tests.cases.libs
*/
class SanitizeArticle extends CakeTestModel {
/**
* name property
*
* @var string 'Article'
* @access public
*/
var $name = 'SanitizeArticle';
/**
* useTable property
*
* @var string 'articles'
* @access public
*/
var $useTable = 'articles';
}
/**
* SanitizeTest class
*
* @package cake
* @subpackage cake.tests.cases.libs
*/
class SanitizeTest extends CakeTestCase {
/**
* autoFixtures property
*
* @var bool false
* @access public
*/
var $autoFixtures = false;
/**
* fixtures property
*
* @var array
* @access public
*/
var $fixtures = array('core.data_test', 'core.article');
/**
* startTest method
*
* @param mixed $method
* @access public
* @return void
*/
function startTest($method) {
parent::startTest($method);
$this->_initDb();
}
/**
* testEscapeAlphaNumeric method
*
* @access public
* @return void
*/
function testEscapeAlphaNumeric() {
$resultAlpha = Sanitize::escape('abc', 'test_suite');
$this->assertEqual($resultAlpha, 'abc');
$resultNumeric = Sanitize::escape('123', 'test_suite');
$this->assertEqual($resultNumeric, '123');
$resultNumeric = Sanitize::escape(1234, 'test_suite');
$this->assertEqual($resultNumeric, 1234);
$resultNumeric = Sanitize::escape(1234.23, 'test_suite');
$this->assertEqual($resultNumeric, 1234.23);
$resultNumeric = Sanitize::escape('#1234.23', 'test_suite');
$this->assertEqual($resultNumeric, '#1234.23');
$resultNull = Sanitize::escape(null, 'test_suite');
$this->assertEqual($resultNull, null);
$resultNull = Sanitize::escape(false, 'test_suite');
$this->assertEqual($resultNull, false);
$resultNull = Sanitize::escape(true, 'test_suite');
$this->assertEqual($resultNull, true);
}
/**
* testClean method
*
* @access public
* @return void
*/
function testClean() {
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" 'other' ;.$ symbol.another line';
$result = Sanitize::clean($string, array('connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & ' . Sanitize::escape('"quote"', 'test_suite') . ' ' . Sanitize::escape('\'other\'', 'test_suite') . ' ;.$ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ $ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
$result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'));
$expected = array(array('test & "quote" 'other' ;.$ symbol.another line'));
$result = Sanitize::clean($array, array('connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'));
$expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line'));
$result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$array = array(array('test odd Ä spacesé'));
$expected = array(array('test odd Ä spacesé'));
$result = Sanitize::clean($array, array('odd_spaces' => false, 'escape' => false, 'connection' => 'test_suite'));
$this->assertEqual($result, $expected);
$array = array(array('\\$', array('key' => 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line')));
$expected = array(array('$', array('key' => 'test & "quote" \'other\' ;.$ $ symbol.another line')));
$result = Sanitize::clean($array, array('encode' => false, 'escape' => false));
$this->assertEqual($result, $expected);
$string = '';
$expected = '';
$result = Sanitize::clean($string);
$this->assertEqual($string, $expected);
$data = array(
'Grant' => array(
'title' => '2 o clock grant',
'grant_peer_review_id' => 3,
'institution_id' => 5,
'created_by' => 1,
'modified_by' => 1,
'created' => '2010-07-15 14:11:00',
'modified' => '2010-07-19 10:45:41'
),
'GrantsMember' => array(
0 => array(
'id' => 68,
'grant_id' => 120,
'member_id' => 16,
'program_id' => 29,
'pi_percent_commitment' => 1
)
)
);
$result = Sanitize::clean($data);
$this->assertEqual($result, $data);
}
/**
* testHtml method
*
* @access public
* @return void
*/
function testHtml() {
$string = 'This is a test string & so is this
';
$expected = 'This is a test string & so is this';
$result = Sanitize::html($string, array('remove' => true));
$this->assertEqual($result, $expected);
$string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 is true, (2-1) = 1 is also true';
$expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
$result = Sanitize::html($string);
$this->assertEqual($result, $expected);
$string = 'The "lazy" dog \'jumped\'';
$expected = 'The "lazy" dog \'jumped\'';
$result = Sanitize::html($string, array('quotes' => ENT_COMPAT));
$this->assertEqual($result, $expected);
$string = 'The "lazy" dog \'jumped\'';
$result = Sanitize::html($string, array('quotes' => ENT_NOQUOTES));
$this->assertEqual($result, $string);
$string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 is true, (2-1) = 1 is also true';
$expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
$result = Sanitize::html($string);
$this->assertEqual($result, $expected);
}
/**
* testStripWhitespace method
*
* @access public
* @return void
*/
function testStripWhitespace() {
$string = "This sentence \t\t\t has lots of \n\n white\nspace \rthat \r\n needs to be \t \n trimmed.";
$expected = "This sentence has lots of whitespace that needs to be trimmed.";
$result = Sanitize::stripWhitespace($string);
$this->assertEqual($result, $expected);
}
/**
* testParanoid method
*
* @access public
* @return void
*/
function testParanoid() {
$string = 'I would like to !%@#% & dance & sing ^$&*()-+';
$expected = 'Iwouldliketodancesing';
$result = Sanitize::paranoid($string);
$this->assertEqual($result, $expected);
$string = array('This |s th% s0ng that never ends it g*es',
'on and on my friends, b^ca#use it is the',
'so&g th===t never ends.');
$expected = array('This s th% s0ng that never ends it g*es',
'on and on my friends bcause it is the',
'sog tht never ends.');
$result = Sanitize::paranoid($string, array('%', '*', '.', ' '));
$this->assertEqual($result, $expected);
$string = "anything' OR 1 = 1";
$expected = 'anythingOR11';
$result = Sanitize::paranoid($string);
$this->assertEqual($result, $expected);
$string = "x' AND email IS NULL; --";
$expected = 'xANDemailISNULL';
$result = Sanitize::paranoid($string);
$this->assertEqual($result, $expected);
$string = "x' AND 1=(SELECT COUNT(*) FROM users); --";
$expected = "xAND1SELECTCOUNTFROMusers";
$result = Sanitize::paranoid($string);
$this->assertEqual($result, $expected);
$string = "x'; DROP TABLE members; --";
$expected = "xDROPTABLEmembers";
$result = Sanitize::paranoid($string);
$this->assertEqual($result, $expected);
}
/**
* testStripImages method
*
* @access public
* @return void
*/
function testStripImages() {
$string = '
';
$expected = 'my image
';
$result = Sanitize::stripImages($string);
$this->assertEqual($result, $expected);
$string = ';)
';
$expected = '';
$result = Sanitize::stripImages($string);
$this->assertEqual($result, $expected);
$string = '';
$expected = 'test image alt
';
$result = Sanitize::stripImages($string);
$this->assertEqual($result, $expected);
$string = '
';
$expected = '';
$result = Sanitize::stripImages($string);
$this->assertEqual($result, $expected);
}
/**
* testStripScripts method
*
* @access public
* @return void
*/
function testStripScripts() {
$string = '';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
$string = '' . "\n" . '' . "\n" . '' . "\n" . '';
$expected = "\n" . '' . "\n" . ''."\n".'';
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
$string = '';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
$string = '';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
$string = '';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
$string = '';
$expected = '';
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
$string = <<
text
HTML;
$expected = "text\n\ntext";
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
$string = <<
text
HTML;
$expected = "text\n\ntext";
$result = Sanitize::stripScripts($string);
$this->assertEqual($result, $expected);
}
/**
* testStripAll method
*
* @access public
* @return void
*/
function testStripAll() {
$string = '![]()
"/>';
$expected ='"/>';
$result = Sanitize::stripAll($string);
$this->assertEqual($result, $expected);
$string = ')
';
$expected = '';
$result = Sanitize::stripAll($string);
$this->assertEqual($result, $expected);
$string = '<';
$expected = '<';
$result = Sanitize::stripAll($string);
$this->assertEqual($result, $expected);
$string = '
'."\n".
"This is ok \t\n text
\n".
''."\n".
'';
$expected = 'This is ok text
';
$result = Sanitize::stripAll($string);
$this->assertEqual($result, $expected);
}
/**
* testStripTags method
*
* @access public
* @return void
*/
function testStripTags() {
$string = 'Headline
My Link could go to a bad site
';
$expected = 'HeadlineMy Link could go to a bad site
';
$result = Sanitize::stripTags($string, 'h2', 'a');
$this->assertEqual($result, $expected);
$string = '';
$expected = ' ';
$result = Sanitize::stripTags($string, 'script');
$this->assertEqual($result, $expected);
$string = 'Important
Additional information here 
. Read even more here
';
$expected = 'ImportantAdditional information here . Read even more here
';
$result = Sanitize::stripTags($string, 'h2', 'a');
$this->assertEqual($result, $expected);
$string = 'Important
Additional information here . Read even more here
';
$expected = 'ImportantAdditional information here . Read even more here
';
$result = Sanitize::stripTags($string, 'h2', 'a', 'img');
$this->assertEqual($result, $expected);
$string = 'Important message!
This message will self destruct!';
$expected = 'Important message!
This message will self destruct!';
$result = Sanitize::stripTags($string, 'b');
$this->assertEqual($result, $expected);
$string = 'Important message!
This message will self destruct!';
$expected = 'Important message!
This message will self destruct!';
$result = Sanitize::stripTags($string, 'b');
$this->assertEqual($result, $expected);
$string = 'Important
Additional information here . Read even more here
';
$expected = 'ImportantAdditional information here . Read even more here
';
$result = Sanitize::stripTags($string, 'h2', 'a', 'img');
$this->assertEqual($result, $expected);
}
/**
* testFormatColumns method
*
* @access public
* @return void
*/
function testFormatColumns() {
$this->loadFixtures('DataTest', 'Article');
$this->DataTest =& new SanitizeDataTest(array('alias' => 'DataTest'));
$data = array('DataTest' => array(
'id' => 'z',
'count' => '12a',
'float' => '2.31456',
'updated' => '2008-01-01'
)
);
$this->DataTest->set($data);
$expected = array('DataTest' => array(
'id' => '0',
'count' => '12',
'float' => 2.31456,
'updated' => '2008-01-01 00:00:00',
));
Sanitize::formatColumns($this->DataTest);
$result = $this->DataTest->data;
$this->assertEqual($result, $expected);
$this->Article =& new SanitizeArticle(array('alias' => 'Article'));
$data = array('Article' => array(
'id' => 'ZB',
'user_id' => '12',
'title' => 'title of article',
'body' => 'body text',
'published' => 'QQQQQQQ',
));
$this->Article->set($data);
$expected = array('Article' => array(
'id' => '0',
'user_id' => '12',
'title' => 'title of article',
'body' => 'body text',
'published' => 'QQQQQQQ',
));
Sanitize::formatColumns($this->Article);
$result = $this->Article->data;
$this->assertEqual($result, $expected);
}
}