2013-07-07 01:34:19 +04:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Fenom;
|
|
|
|
|
|
|
|
|
|
|
2013-07-29 14:58:14 +04:00
|
|
|
class AutoEscapeTest extends TestCase
|
|
|
|
|
{
|
2013-07-07 01:34:19 +04:00
|
|
|
|
2014-05-06 00:45:37 +04:00
|
|
|
|
2013-07-29 14:58:14 +04:00
|
|
|
public static function providerHTML()
|
|
|
|
|
{
|
2013-07-07 01:34:19 +04:00
|
|
|
$html = "<script>alert('injection');</script>";
|
|
|
|
|
$escaped = htmlspecialchars($html, ENT_COMPAT, 'UTF-8');
|
|
|
|
|
$vars = array(
|
|
|
|
|
"html" => $html
|
|
|
|
|
);
|
|
|
|
|
return array(
|
|
|
|
|
// variable
|
2013-07-22 18:03:43 +04:00
|
|
|
array('{$html}, {$html}', "$html, $html", $vars, 0),
|
|
|
|
|
array('{$html}, {$html}', "$escaped, $escaped", $vars, \Fenom::AUTO_ESCAPE),
|
2013-07-07 11:29:26 +04:00
|
|
|
array('{raw $html}, {$html}', "$html, $escaped", $vars, \Fenom::AUTO_ESCAPE),
|
2014-05-06 14:22:58 +04:00
|
|
|
array('{raw $html}, {$html}', "$html, $html", $vars, 0),
|
2013-07-29 14:58:14 +04:00
|
|
|
array('{raw "{$html|up}"}, {$html}', strtoupper($html) . ", $escaped", $vars, \Fenom::AUTO_ESCAPE),
|
2013-07-07 01:34:19 +04:00
|
|
|
array('{autoescape true}{$html}{/autoescape}, {$html}', "$escaped, $html", $vars, 0),
|
|
|
|
|
array('{autoescape false}{$html}{/autoescape}, {$html}', "$html, $escaped", $vars, \Fenom::AUTO_ESCAPE),
|
|
|
|
|
array('{autoescape true}{$html}{/autoescape}, {$html}', "$escaped, $escaped", $vars, \Fenom::AUTO_ESCAPE),
|
|
|
|
|
array('{autoescape false}{$html}{/autoescape}, {$html}', "$html, $html", $vars, 0),
|
2013-07-22 18:03:43 +04:00
|
|
|
array('{autoescape true}{raw $html}{/autoescape}, {$html}', "$html, $html", $vars, 0),
|
|
|
|
|
array('{autoescape false}{raw $html}{/autoescape}, {$html}', "$html, $escaped", $vars, \Fenom::AUTO_ESCAPE),
|
|
|
|
|
array('{autoescape true}{raw $html}{/autoescape}, {$html}', "$html, $escaped", $vars, \Fenom::AUTO_ESCAPE),
|
|
|
|
|
array('{autoescape false}{raw $html}{/autoescape}, {$html}', "$html, $html", $vars, 0),
|
2013-07-07 01:34:19 +04:00
|
|
|
// inline function
|
2014-05-06 00:45:37 +04:00
|
|
|
array('{test_function text=$html}, {$html}', "$html, $html", $vars, 0),
|
|
|
|
|
array('{test_function text=$html}, {$html}', "$escaped, $escaped", $vars, \Fenom::AUTO_ESCAPE),
|
|
|
|
|
array('{test_function:raw text=$html}, {$html}', "$html, $escaped", $vars, \Fenom::AUTO_ESCAPE),
|
2014-05-06 14:22:58 +04:00
|
|
|
array(
|
|
|
|
|
'{test_function:raw text="{$html|up}"}, {$html}',
|
|
|
|
|
strtoupper($html) . ", $escaped",
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape true}{test_function text=$html}{/autoescape}, {test_function text=$html}',
|
|
|
|
|
"$escaped, $html",
|
|
|
|
|
$vars,
|
|
|
|
|
0
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape false}{test_function text=$html}{/autoescape}, {test_function text=$html}',
|
|
|
|
|
"$html, $escaped",
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape true}{test_function text=$html}{/autoescape}, {test_function text=$html}',
|
|
|
|
|
"$escaped, $escaped",
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape false}{test_function text=$html}{/autoescape}, {test_function text=$html}',
|
|
|
|
|
"$html, $html",
|
|
|
|
|
$vars,
|
|
|
|
|
0
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape true}{test_function:raw text=$html}{/autoescape}, {test_function text=$html}',
|
|
|
|
|
"$html, $html",
|
|
|
|
|
$vars,
|
|
|
|
|
0
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape false}{test_function:raw text=$html}{/autoescape}, {test_function text=$html}',
|
|
|
|
|
"$html, $escaped",
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape true}{test_function:raw text=$html}{/autoescape}, {test_function text=$html}',
|
|
|
|
|
"$html, $escaped",
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape false}{test_function:raw text=$html}{/autoescape}, {test_function text=$html}',
|
|
|
|
|
"$html, $html",
|
|
|
|
|
$vars,
|
|
|
|
|
0
|
|
|
|
|
),
|
2014-04-09 18:03:49 +04:00
|
|
|
// block function
|
2014-05-06 00:45:37 +04:00
|
|
|
array('{test_block_function}{$html}{/test_block_function}', $html, $vars, 0),
|
|
|
|
|
array('{test_block_function}{$html}{/test_block_function}', $escaped, $vars, \Fenom::AUTO_ESCAPE),
|
|
|
|
|
array('{test_block_function:raw}{$html}{/test_block_function}', $html, $vars, \Fenom::AUTO_ESCAPE),
|
2014-05-06 14:22:58 +04:00
|
|
|
array(
|
|
|
|
|
'{test_block_function:raw}{"{$html|up}"}{/test_block_function}',
|
|
|
|
|
strtoupper($html),
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape true}{test_block_function}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}',
|
|
|
|
|
"$escaped, $html",
|
|
|
|
|
$vars,
|
|
|
|
|
0
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape false}{test_block_function}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}',
|
|
|
|
|
"$html, $escaped",
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape true}{test_block_function}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}',
|
|
|
|
|
"$escaped, $escaped",
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape false}{test_block_function}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}',
|
|
|
|
|
"$html, $html",
|
|
|
|
|
$vars,
|
|
|
|
|
0
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape true}{test_block_function:raw}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}',
|
|
|
|
|
"$html, $html",
|
|
|
|
|
$vars,
|
|
|
|
|
0
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape false}{test_block_function:raw}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}',
|
|
|
|
|
"$html, $escaped",
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape true}{test_block_function}{$html}{/test_block_function}{/autoescape}, {test_block_function:raw}{$html}{/test_block_function}',
|
|
|
|
|
"$escaped, $html",
|
|
|
|
|
$vars,
|
|
|
|
|
\Fenom::AUTO_ESCAPE
|
|
|
|
|
),
|
|
|
|
|
array(
|
|
|
|
|
'{autoescape true}{test_block_function:raw}{$html}{/test_block_function}{/autoescape}, {test_block_function:raw}{$html}{/test_block_function}',
|
|
|
|
|
"$html, $html",
|
|
|
|
|
$vars,
|
|
|
|
|
0
|
|
|
|
|
),
|
2013-07-07 01:34:19 +04:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider providerHTML
|
|
|
|
|
*/
|
2013-07-29 14:58:14 +04:00
|
|
|
public function testEscaping($tpl, $result, $vars, $options)
|
|
|
|
|
{
|
2013-07-07 01:34:19 +04:00
|
|
|
$this->values = $vars;
|
|
|
|
|
$this->fenom->setOptions($options);
|
|
|
|
|
$this->assertRender($tpl, $result);
|
|
|
|
|
}
|
|
|
|
|
}
|
