| [ Index ] |
PHP Cross Reference of YOURLS |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * Escaping formatting functions. 5 * Note: tests about escaping and sanitizing URLs are in urls.php 6 * 7 * @since 0.1 8 */ 9 #[\PHPUnit\Framework\Attributes\Group('formatting')] 10 class EscTest extends PHPUnit\Framework\TestCase { 11 12 /** 13 * Attributes and how they should be escaped 14 */ 15 static function html_attributes(): \Iterator 16 { 17 yield array( 18 '"double quotes"', 19 '"double quotes"', 20 ); 21 yield array( 22 "'single quotes'", 23 ''single quotes'', 24 ); 25 yield array( 26 "'mixed' " . '"quotes"', 27 ''mixed' "quotes"', 28 ); 29 yield array( 30 'foo & bar &baz; '', 31 'foo & bar &baz; '', 32 ); 33 } 34 35 36 /** 37 * Attribute escaping 38 * 39 * @since 0.1 40 */ 41 #[\PHPUnit\Framework\Attributes\DataProvider('html_attributes')] 42 function test_esc_attr( $attr, $escaped ) { 43 $this->assertSame( $escaped, yourls_esc_attr( $attr ) ); 44 } 45 46 /** 47 * Attribute escaping -- escaping twice shouldn't change 48 * 49 * @since 0.1 50 */ 51 #[\PHPUnit\Framework\Attributes\DataProvider('html_attributes')] 52 function test_esc_attr_twice( $attr, $escaped ) { 53 $this->assertSame( $escaped, yourls_esc_attr( yourls_esc_attr( $attr ) ) ); 54 } 55 56 /** 57 * HTML string and how they should be escaped 58 */ 59 static function html_strings(): \Iterator 60 { 61 // Simple string 62 yield array( 63 'The quick brown fox.', 64 'The quick brown fox.', 65 ); 66 // URL with & 67 yield array( 68 'https://127.0.0.1/admin/admin-ajax.php?id=y1120844669&action=edit&keyword=1a&nonce=bf3115ac3a', 69 'https://127.0.0.1/admin/admin-ajax.php?id=y1120844669&action=edit&keyword=1a&nonce=bf3115ac3a', 70 ); 71 // More ampersands 72 yield array( 73 'H&M and Dungeons & Dragons', 74 'H&M and Dungeons & Dragons', 75 ); 76 // Simple quotes 77 yield array( 78 "SELECT stuff FROM table WHERE blah IN ('omg', 'wtf') AND foo = 1", 79 'SELECT stuff FROM table WHERE blah IN ('omg', 'wtf') AND foo = 1', 80 ); 81 // Double quotes 82 yield array( 83 'I am "special"', 84 'I am "special"', 85 ); 86 // Greater and less than 87 yield array( 88 'this > that < that <randomhtml />', 89 'this > that < that <randomhtml />', 90 ); 91 // Ignore actual entities 92 yield array( 93 '& £ " &', 94 '& £ " &', 95 ); 96 // Empty string 97 yield array( 98 '', 99 '', 100 ); 101 } 102 103 /** 104 * HTML escaping 105 * 106 * @since 0.1 107 */ 108 #[\PHPUnit\Framework\Attributes\DataProvider('html_strings')] 109 function test_esc_html( $html, $escaped ) { 110 $this->assertSame( $escaped, yourls_esc_html( $html ) ); 111 } 112 113 /** 114 * String to escape and what they should look like once escaped 115 */ 116 public function strings_to_escape() { 117 return array( 118 array( "I'm rock n' rollin'", "I\'m rock n\' rollin\'" ), 119 array( 'I am "nice"', 'I am \"nice\"' ), 120 array( 'Back\Slash', 'Back\\\Slash' ), 121 array( "NULL\0NULL", 'NULL\0NULL' ), // notice the quote change 122 ); 123 } 124 125 /** 126 * List of URLs and how they should be escaped 127 */ 128 static function list_of_URLs(): \Iterator 129 { 130 yield array( 131 'http://example.com/?this=that&that=this', 132 'http://example.com/?this=that&that=this', 133 ); 134 yield array( 135 'http://example.com/?this=that&that="this"', 136 'http://example.com/?this=that&that=this', 137 ); 138 yield array( 139 "http://example.com/?this=that&that='this'", 140 'http://example.com/?this=that&that='this'', 141 ); 142 yield array( 143 "http://example.com/?this=that&that=<this>", 144 'http://example.com/?this=that&that=this', 145 ); 146 } 147 148 /** 149 * Escape URLs for display 150 * 151 * @since 0.1 152 */ 153 #[\PHPUnit\Framework\Attributes\DataProvider('list_of_URLs')] 154 #[\PHPUnit\Framework\Attributes\Group('url')] 155 function test_esc_urls( $url, $escaped ) { 156 $this->assertEquals( $escaped, yourls_esc_url( $url ) ); 157 } 158 159 /** 160 * Some strings and how they should be escaped in javascript 161 */ 162 static function list_of_JS(): \Iterator 163 { 164 yield array( 165 'hello world();', 166 'hello world();', 167 ); 168 yield array( 169 'hello("world");', 170 'hello("world");', 171 ); 172 yield array( 173 'foo & bar &baz; '', 174 'foo & bar &baz; '', 175 ); 176 } 177 178 /** 179 * Escape JS 180 * 181 * @since 0.1 182 */ 183 #[\PHPUnit\Framework\Attributes\DataProvider('list_of_JS')] 184 function test_esc_js( $js, $escaped ) { 185 $this->assertEquals( $escaped, yourls_esc_js( $js ) ); 186 } 187 188 /** 189 * Strings in a textarea and how they should be escaped 190 */ 191 static function list_of_textarea(): \Iterator 192 { 193 yield array( 194 'hello<br/>world', 195 'hello<br/>world', 196 ); 197 yield array( 198 '"omg"', 199 '"omg"', 200 ); 201 yield array( 202 "'omg'", 203 ''omg'', 204 ); 205 } 206 207 /** 208 * Escape JS 209 * 210 * @since 0.1 211 */ 212 #[\PHPUnit\Framework\Attributes\DataProvider('list_of_textarea')] 213 function test_esc_textarea( $text, $escaped ) { 214 $this->assertEquals( $escaped, yourls_esc_textarea( $text ) ); 215 } 216 217 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sat Apr 26 05:10:07 2025 | Cross-referenced by PHPXref 0.7.1 |