From 968671d8a79cd7f9919790bfe819d871f06a5bce Mon Sep 17 00:00:00 2001
From: bzick <aco.best@gmail.com>
Date: Sun, 7 Jul 2013 01:34:19 +0400
Subject: [PATCH] Add tests for auto escaping

---
 tests/TestCase.php                           | 10 ++++
 tests/cases/Fenom/AutoEscapeTest.php         | 55 ++++++++++++++++++++
 tests/cases/{CytroTest.php => FenomTest.php} |  0
 3 files changed, 65 insertions(+)
 create mode 100644 tests/cases/Fenom/AutoEscapeTest.php
 rename tests/cases/{CytroTest.php => FenomTest.php} (100%)

diff --git a/tests/TestCase.php b/tests/TestCase.php
index 6e19e6c..aeabfdb 100644
--- a/tests/TestCase.php
+++ b/tests/TestCase.php
@@ -26,6 +26,8 @@ class TestCase extends \PHPUnit_Framework_TestCase {
         $this->fenom = Fenom::factory(FENOM_RESOURCES.'/template', FENOM_RESOURCES.'/compile');
         $this->fenom->addModifier('dots', __CLASS__.'::dots');
         $this->fenom->addModifier('concat', __CLASS__.'::concat');
+        $this->fenom->addFunction('test_function', __CLASS__.'::inlineFunction');
+        $this->fenom->addBlockFunction('test_block_function', __CLASS__.'::blockFunction');
     }
 
     public static function dots($value) {
@@ -36,6 +38,14 @@ class TestCase extends \PHPUnit_Framework_TestCase {
 		return call_user_func_array('var_export', func_get_args());
 	}
 
+    public static function inlineFunction($params) {
+        return isset($params["text"]) ? $params["text"] : "";
+    }
+
+    public static function blockFunction($params, $text) {
+        return $text;
+    }
+
     public static function setUpBeforeClass() {
         if(!file_exists(FENOM_RESOURCES.'/template')) {
             mkdir(FENOM_RESOURCES.'/template', 0777, true);
diff --git a/tests/cases/Fenom/AutoEscapeTest.php b/tests/cases/Fenom/AutoEscapeTest.php
new file mode 100644
index 0000000..8189f0c
--- /dev/null
+++ b/tests/cases/Fenom/AutoEscapeTest.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Fenom;
+
+
+class AutoEscapeTest extends TestCase {
+
+    public static function providerHTML() {
+        $html = "<script>alert('injection');</script>";
+        $escaped = htmlspecialchars($html, ENT_COMPAT, 'UTF-8');
+        $vars = array(
+            "html" => $html
+        );
+        return array(
+            // variable
+            array('{$html}', $html, $vars, 0),
+            array('{$html}', $escaped, $vars, \Fenom::AUTO_ESCAPE),
+            array('{raw $html}', $html, $vars, \Fenom::AUTO_ESCAPE),
+            array('{raw "{$html|up}"}', strtoupper($html), $vars, \Fenom::AUTO_ESCAPE),
+            array('{autoescape true}{$html}{/autoescape}, {$html}', "$escaped, $html", $vars, 0),
+            array('{autoescape false}{$html}{/autoescape}, {$html}', "$html, $escaped", $vars, \Fenom::AUTO_ESCAPE),
+            array('{autoescape true}{$html}{/autoescape}, {$html}', "$escaped, $escaped", $vars, \Fenom::AUTO_ESCAPE),
+            array('{autoescape false}{$html}{/autoescape}, {$html}', "$html, $html", $vars, 0),
+
+            // inline function
+            array('{test_function text=$html}', $html, $vars, 0),
+            array('{test_function text=$html}', $escaped, $vars, \Fenom::AUTO_ESCAPE),
+            array('{raw:test_function text=$html}', $html, $vars, \Fenom::AUTO_ESCAPE),
+            array('{raw:test_function text="{$html|up}"}', strtoupper($html), $vars, \Fenom::AUTO_ESCAPE),
+            array('{autoescape true}{test_function text=$html}{/autoescape}, {test_function text=$html}', "$escaped, $html", $vars, 0),
+            array('{autoescape false}{test_function text=$html}{/autoescape}, {test_function text=$html}', "$html, $escaped", $vars, \Fenom::AUTO_ESCAPE),
+            array('{autoescape true}{test_function text=$html}{/autoescape}, {test_function text=$html}', "$escaped, $escaped", $vars, \Fenom::AUTO_ESCAPE),
+            array('{autoescape false}{test_function text=$html}{/autoescape}, {test_function text=$html}', "$html, $html", $vars, 0),
+
+            // block function
+            array('{test_block_function}{$html}{/test_block_function}', $html, $vars, 0),
+            array('{test_block_function}{$html}{/test_block_function}', $escaped, $vars, \Fenom::AUTO_ESCAPE),
+            array('{raw:test_block_function}{$html}{/test_block_function}', $html, $vars, \Fenom::AUTO_ESCAPE),
+            array('{raw:test_block_function}{"{$html|up}"}{/test_block_function}', strtoupper($html), $vars, \Fenom::AUTO_ESCAPE),
+            array('{autoescape true}{test_block_function}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}', "$escaped, $html", $vars, 0),
+            array('{autoescape false}{test_block_function}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}', "$html, $escaped", $vars, \Fenom::AUTO_ESCAPE),
+            array('{autoescape true}{test_block_function}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}', "$escaped, $escaped", $vars, \Fenom::AUTO_ESCAPE),
+            array('{autoescape false}{test_block_function}{$html}{/test_block_function}{/autoescape}, {test_block_function}{$html}{/test_block_function}', "$html, $html", $vars, 0),
+        );
+    }
+
+    /**
+     * @dataProvider providerHTML
+     */
+    public function testEscaping($tpl, $result, $vars, $options) {
+        $this->values = $vars;
+        $this->fenom->setOptions($options);
+        $this->assertRender($tpl, $result);
+    }
+}
\ No newline at end of file
diff --git a/tests/cases/CytroTest.php b/tests/cases/FenomTest.php
similarity index 100%
rename from tests/cases/CytroTest.php
rename to tests/cases/FenomTest.php