| [ Index ] |
PHP Cross Reference of YOURLS |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * Escaping formatting functions. 5 * Note: tests about escaping and sanitizing URLs are in urls.php 6 * 7 * @group formatting 8 * @since 0.1 9 */ 10 class Format_Esc extends PHPUnit\Framework\TestCase { 11 12 /** 13 * Attributes and how they should be escaped 14 */ 15 function html_attributes() { 16 return array( 17 array( 18 '"double quotes"', 19 '"double quotes"', 20 ), 21 array( 22 "'single quotes'", 23 ''single quotes'', 24 ), 25 array( 26 "'mixed' " . '"quotes"', 27 ''mixed' "quotes"', 28 ), 29 array( 30 'foo & bar &baz; '', 31 'foo & bar &baz; '', 32 ), 33 ); 34 } 35 36 37 /** 38 * Attribute escaping 39 * 40 * @dataProvider html_attributes 41 * @since 0.1 42 */ 43 function test_esc_attr( $attr, $escaped ) { 44 $this->assertSame( $escaped, yourls_esc_attr( $attr ) ); 45 } 46 47 /** 48 * Attribute escaping -- escaping twice shouldn't change 49 * 50 * @dataProvider html_attributes 51 * @since 0.1 52 */ 53 function test_esc_attr_twice( $attr, $escaped ) { 54 $this->assertSame( $escaped, yourls_esc_attr( yourls_esc_attr( $attr ) ) ); 55 } 56 57 /** 58 * HTML string and how they should be escaped 59 */ 60 function html_strings() { 61 return array( 62 // Simple string 63 array( 64 'The quick brown fox.', 65 'The quick brown fox.', 66 ), 67 // URL with & 68 array( 69 'https://127.0.0.1/admin/admin-ajax.php?id=y1120844669&action=edit&keyword=1a&nonce=bf3115ac3a', 70 'https://127.0.0.1/admin/admin-ajax.php?id=y1120844669&action=edit&keyword=1a&nonce=bf3115ac3a', 71 ), 72 // More ampersands 73 array( 74 'H&M and Dungeons & Dragons', 75 'H&M and Dungeons & Dragons', 76 ), 77 // Simple quotes 78 array( 79 "SELECT stuff FROM table WHERE blah IN ('omg', 'wtf') AND foo = 1", 80 'SELECT stuff FROM table WHERE blah IN ('omg', 'wtf') AND foo = 1', 81 ), 82 // Double quotes 83 array( 84 'I am "special"', 85 'I am "special"', 86 ), 87 // Greater and less than 88 array( 89 'this > that < that <randomhtml />', 90 'this > that < that <randomhtml />', 91 ), 92 // Ignore actual entities 93 array( 94 '& £ " &', 95 '& £ " &', 96 ), 97 // Empty string 98 array( 99 '', 100 '', 101 ), 102 ); 103 } 104 105 /** 106 * HTML escaping 107 * 108 * @dataProvider html_strings 109 * @since 0.1 110 */ 111 function test_esc_html( $html, $escaped ) { 112 $this->assertSame( $escaped, yourls_esc_html( $html ) ); 113 } 114 115 /** 116 * String to escape and what they should look like once escaped 117 */ 118 public function strings_to_escape() { 119 return array( 120 array( "I'm rock n' rollin'", "I\'m rock n\' rollin\'" ), 121 array( 'I am "nice"', 'I am \"nice\"' ), 122 array( 'Back\Slash', 'Back\\\Slash' ), 123 array( "NULL\0NULL", 'NULL\0NULL' ), // notice the quote change 124 ); 125 } 126 127 /** 128 * List of URLs and how they should be escaped 129 */ 130 function list_of_URLs() { 131 return array( 132 array( 133 'http://example.com/?this=that&that=this', 134 'http://example.com/?this=that&that=this', 135 ), 136 array( 137 'http://example.com/?this=that&that="this"', 138 'http://example.com/?this=that&that=this', 139 ), 140 array( 141 "http://example.com/?this=that&that='this'", 142 'http://example.com/?this=that&that='this'', 143 ), 144 array( 145 "http://example.com/?this=that&that=<this>", 146 'http://example.com/?this=that&that=this', 147 ), 148 ); 149 } 150 151 /** 152 * Escape URLs for display 153 * 154 * @since 0.1 155 * @group url 156 * @dataProvider list_of_URLs 157 */ 158 function test_esc_urls( $url, $escaped ) { 159 $this->assertEquals( $escaped, yourls_esc_url( $url ) ); 160 } 161 162 /** 163 * Some strings and how they should be escaped in javascript 164 */ 165 function list_of_JS() { 166 return array( 167 array( 168 'hello world();', 169 'hello world();', 170 ), 171 array( 172 'hello("world");', 173 'hello("world");', 174 ), 175 array( 176 'foo & bar &baz; '', 177 'foo & bar &baz; '', 178 ), 179 ); 180 } 181 182 /** 183 * Escape JS 184 * 185 * @since 0.1 186 * @dataProvider list_of_JS 187 */ 188 function test_esc_js( $js, $escaped ) { 189 $this->assertEquals( $escaped, yourls_esc_js( $js ) ); 190 } 191 192 /** 193 * Strings in a textarea and how they should be escaped 194 */ 195 function list_of_textarea() { 196 return array( 197 array( 198 'hello<br/>world', 199 'hello<br/>world', 200 ), 201 array( 202 '"omg"', 203 '"omg"', 204 ), 205 array( 206 "'omg'", 207 ''omg'', 208 ), 209 ); 210 } 211 212 /** 213 * Escape JS 214 * 215 * @since 0.1 216 * @dataProvider list_of_textarea 217 */ 218 function test_esc_textarea( $text, $escaped ) { 219 $this->assertEquals( $escaped, yourls_esc_textarea( $text ) ); 220 } 221 222 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Sep 19 05:10:04 2024 | Cross-referenced by PHPXref 0.7.1 |