* Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org) * * Licensed under The MIT License * Redistributions of files must retain the above copyright notice * * @copyright Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org) * @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests * @package Cake.Test.Case.Utility * @since CakePHP(tm) v 1.2.0.5428 * @license MIT License (http://www.opensource.org/licenses/mit-license.php) */ App::uses('Sanitize', 'Utility'); /** * DataTest class * * @package Cake.Test.Case.Utility */ class SanitizeDataTest extends CakeTestModel { /** * name property * * @var string 'SanitizeDataTest' * @access public */ public $name = 'SanitizeDataTest'; /** * useTable property * * @var string 'data_tests' * @access public */ public $useTable = 'data_tests'; } /** * Article class * * @package Cake.Test.Case.Utility */ class SanitizeArticle extends CakeTestModel { /** * name property * * @var string 'Article' * @access public */ public $name = 'SanitizeArticle'; /** * useTable property * * @var string 'articles' * @access public */ public $useTable = 'articles'; } /** * SanitizeTest class * * @package Cake.Test.Case.Utility */ class SanitizeTest extends CakeTestCase { /** * autoFixtures property * * @var bool false * @access public */ public $autoFixtures = false; /** * fixtures property * * @var array * @access public */ public $fixtures = array('core.data_test', 'core.article'); /** * testEscapeAlphaNumeric method * * @access public * @return void */ public function testEscapeAlphaNumeric() { $resultAlpha = Sanitize::escape('abc', 'test'); $this->assertEqual($resultAlpha, 'abc'); $resultNumeric = Sanitize::escape('123', 'test'); $this->assertEqual($resultNumeric, '123'); $resultNumeric = Sanitize::escape(1234, 'test'); $this->assertEqual($resultNumeric, 1234); $resultNumeric = Sanitize::escape(1234.23, 'test'); $this->assertEqual($resultNumeric, 1234.23); $resultNumeric = Sanitize::escape('#1234.23', 'test'); $this->assertEqual($resultNumeric, '#1234.23'); $resultNull = Sanitize::escape(null, 'test'); $this->assertEqual($resultNull, null); $resultNull = Sanitize::escape(false, 'test'); $this->assertEqual($resultNull, false); $resultNull = Sanitize::escape(true, 'test'); $this->assertEqual($resultNull, true); } /** * testClean method * * @access public * @return void */ public function testClean() { $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" 'other' ;.$ symbol.another line'; $result = Sanitize::clean($string, array('connection' => 'test')); $this->assertEqual($expected, $result); $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & ' . Sanitize::escape('"quote"', 'test') . ' ' . Sanitize::escape('\'other\'', 'test') . ' ;.$ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test')); $this->assertEqual($expected, $result); $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ $ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'connection' => 'test')); $this->assertEqual($expected, $result); $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false, 'connection' => 'test')); $this->assertEqual($expected, $result); $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false, 'connection' => 'test')); $this->assertEqual($expected, $result); $array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line')); $expected = array(array('test & "quote" 'other' ;.$ symbol.another line')); $result = Sanitize::clean($array, array('connection' => 'test')); $this->assertEqual($expected, $result); $array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line')); $expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line')); $result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test')); $this->assertEqual($expected, $result); $array = array(array('test odd Ä spacesé')); $expected = array(array('test odd Ä spacesé')); $result = Sanitize::clean($array, array('odd_spaces' => false, 'escape' => false, 'connection' => 'test')); $this->assertEqual($expected, $result); $array = array(array('\\$', array('key' => 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'))); $expected = array(array('$', array('key' => 'test & "quote" \'other\' ;.$ $ symbol.another line'))); $result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test')); $this->assertEqual($expected, $result); $string = ''; $expected = ''; $result = Sanitize::clean($string, array('connection' => 'test')); $this->assertEqual($string, $expected); $data = array( 'Grant' => array( 'title' => '2 o clock grant', 'grant_peer_review_id' => 3, 'institution_id' => 5, 'created_by' => 1, 'modified_by' => 1, 'created' => '2010-07-15 14:11:00', 'modified' => '2010-07-19 10:45:41' ), 'GrantsMember' => array( 0 => array( 'id' => 68, 'grant_id' => 120, 'member_id' => 16, 'program_id' => 29, 'pi_percent_commitment' => 1 ) ) ); $result = Sanitize::clean($data, array('connection' => 'test')); $this->assertEqual($result, $data); } /** * testHtml method * * @access public * @return void */ public function testHtml() { $string = '
This is a test string & so is this
'; $expected = 'This is a test string & so is this'; $result = Sanitize::html($string, array('remove' => true)); $this->assertEqual($expected, $result); $string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 is true, (2-1) = 1 is also true'; $expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true'; $result = Sanitize::html($string); $this->assertEqual($expected, $result); $string = 'The "lazy" dog \'jumped\''; $expected = 'The "lazy" dog \'jumped\''; $result = Sanitize::html($string, array('quotes' => ENT_COMPAT)); $this->assertEqual($expected, $result); $string = 'The "lazy" dog \'jumped\''; $result = Sanitize::html($string, array('quotes' => ENT_NOQUOTES)); $this->assertEqual($result, $string); $string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 is true, (2-1) = 1 is also true'; $expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true'; $result = Sanitize::html($string); $this->assertEqual($expected, $result); $string = 'The "lazy" dog & his friend Apple® conquered the world'; $expected = 'The "lazy" dog & his friend Apple® conquered the world'; $result = Sanitize::html($string); $this->assertEqual($expected, $result); $string = 'The "lazy" dog & his friend Apple® conquered the world'; $expected = 'The "lazy" dog & his friend Apple® conquered the world'; $result = Sanitize::html($string, array('double' => false)); $this->assertEqual($expected, $result); } /** * testStripWhitespace method * * @access public * @return void */ public function testStripWhitespace() { $string = "This sentence \t\t\t has lots of \n\n white\nspace \rthat \r\n needs to be \t \n trimmed."; $expected = "This sentence has lots of whitespace that needs to be trimmed."; $result = Sanitize::stripWhitespace($string); $this->assertEqual($expected, $result); } /** * testParanoid method * * @access public * @return void */ public function testParanoid() { $string = 'I would like to !%@#% & dance & sing ^$&*()-+'; $expected = 'Iwouldliketodancesing'; $result = Sanitize::paranoid($string); $this->assertEqual($expected, $result); $string = array('This |s th% s0ng that never ends it g*es', 'on and on my friends, b^ca#use it is the', 'so&g th===t never ends.'); $expected = array('This s th% s0ng that never ends it g*es', 'on and on my friends bcause it is the', 'sog tht never ends.'); $result = Sanitize::paranoid($string, array('%', '*', '.', ' ')); $this->assertEqual($expected, $result); $string = "anything' OR 1 = 1"; $expected = 'anythingOR11'; $result = Sanitize::paranoid($string); $this->assertEqual($expected, $result); $string = "x' AND email IS NULL; --"; $expected = 'xANDemailISNULL'; $result = Sanitize::paranoid($string); $this->assertEqual($expected, $result); $string = "x' AND 1=(SELECT COUNT(*) FROM users); --"; $expected = "xAND1SELECTCOUNTFROMusers"; $result = Sanitize::paranoid($string); $this->assertEqual($expected, $result); $string = "x'; DROP TABLE members; --"; $expected = "xDROPTABLEmembers"; $result = Sanitize::paranoid($string); $this->assertEqual($expected, $result); } /** * testStripImages method * * @access public * @return void */ public function testStripImages() { $string = ''; $expected = 'my imageThis is ok \t\n text
\n". ''."\n". ''; $expected = 'This is ok text
'; $result = Sanitize::stripAll($string); $this->assertEqual($expected, $result); } /** * testStripTags method * * @access public * @return void */ public function testStripTags() { $string = 'My Link could go to a bad site
'; $expected = 'HeadlineMy Link could go to a bad site
'; $result = Sanitize::stripTags($string, 'h2', 'a'); $this->assertEqual($expected, $result); $string = ''; $expected = ' '; $result = Sanitize::stripTags($string, 'script'); $this->assertEqual($expected, $result); $string = 'Additional information here . Read even more here
'; $expected = 'ImportantAdditional information here . Read even more here
'; $result = Sanitize::stripTags($string, 'h2', 'a'); $this->assertEqual($expected, $result); $string = 'Additional information here . Read even more here
'; $expected = 'ImportantAdditional information here . Read even more here
'; $result = Sanitize::stripTags($string, 'h2', 'a', 'img'); $this->assertEqual($expected, $result); $string = 'Important message!Additional information here . Read even more here
'; $expected = 'ImportantAdditional information here . Read even more here
'; $result = Sanitize::stripTags($string, 'h2', 'a', 'img'); $this->assertEqual($expected, $result); } }