aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/Updater/UpdaterTest.php
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2017-02-27 19:45:55 +0100
committerArthurHoaro <arthur@hoa.ro>2017-02-28 19:16:54 +0100
commite03761011521929a375ebb56f21adacb226a3a8d (patch)
tree6cc318939e74a35d74a037f18bca912b73e5c81e /tests/Updater/UpdaterTest.php
parent5978588578ca103152598ccfbe41019b12e00a4f (diff)
downloadShaarli-e03761011521929a375ebb56f21adacb226a3a8d.tar.gz
Shaarli-e03761011521929a375ebb56f21adacb226a3a8d.tar.zst
Shaarli-e03761011521929a375ebb56f21adacb226a3a8d.zip
Add markdown_escape setting
This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
Diffstat (limited to 'tests/Updater/UpdaterTest.php')
-rw-r--r--tests/Updater/UpdaterTest.php66
1 files changed, 66 insertions, 0 deletions
diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php
index de330ae2..39be88f9 100644
--- a/tests/Updater/UpdaterTest.php
+++ b/tests/Updater/UpdaterTest.php
@@ -506,4 +506,70 @@ $GLOBALS[\'privateLinkByDefault\'] = true;';
506 $this->conf = new ConfigManager($sandboxConf); 506 $this->conf = new ConfigManager($sandboxConf);
507 $this->assertEquals($theme, $this->conf->get('resource.theme')); 507 $this->assertEquals($theme, $this->conf->get('resource.theme'));
508 } 508 }
509
510 /**
511 * Test updateMethodEscapeMarkdown with markdown plugin enabled
512 * => setting markdown_escape set to false.
513 */
514 public function testEscapeMarkdownSettingToFalse()
515 {
516 $sandboxConf = 'sandbox/config';
517 copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
518 $this->conf = new ConfigManager($sandboxConf);
519
520 $this->conf->set('general.enabled_plugins', ['markdown']);
521 $updater = new Updater([], [], $this->conf, true);
522 $this->assertTrue($updater->updateMethodEscapeMarkdown());
523 $this->assertFalse($this->conf->get('security.markdown_escape'));
524
525 // reload from file
526 $this->conf = new ConfigManager($sandboxConf);
527 $this->assertFalse($this->conf->get('security.markdown_escape'));
528 }
529
530
531 /**
532 * Test updateMethodEscapeMarkdown with markdown plugin disabled
533 * => setting markdown_escape set to true.
534 */
535 public function testEscapeMarkdownSettingToTrue()
536 {
537 $sandboxConf = 'sandbox/config';
538 copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
539 $this->conf = new ConfigManager($sandboxConf);
540
541 $this->conf->set('general.enabled_plugins', []);
542 $updater = new Updater([], [], $this->conf, true);
543 $this->assertTrue($updater->updateMethodEscapeMarkdown());
544 $this->assertTrue($this->conf->get('security.markdown_escape'));
545
546 // reload from file
547 $this->conf = new ConfigManager($sandboxConf);
548 $this->assertTrue($this->conf->get('security.markdown_escape'));
549 }
550
551 /**
552 * Test updateMethodEscapeMarkdown with nothing to do (setting already enabled)
553 */
554 public function testEscapeMarkdownSettingNothingToDoEnabled()
555 {
556 $sandboxConf = 'sandbox/config';
557 copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
558 $this->conf = new ConfigManager($sandboxConf);
559 $this->conf->set('security.markdown_escape', true);
560 $updater = new Updater([], [], $this->conf, true);
561 $this->assertTrue($updater->updateMethodEscapeMarkdown());
562 $this->assertTrue($this->conf->get('security.markdown_escape'));
563 }
564
565 /**
566 * Test updateMethodEscapeMarkdown with nothing to do (setting already disabled)
567 */
568 public function testEscapeMarkdownSettingNothingToDoDisabled()
569 {
570 $this->conf->set('security.markdown_escape', false);
571 $updater = new Updater([], [], $this->conf, true);
572 $this->assertTrue($updater->updateMethodEscapeMarkdown());
573 $this->assertFalse($this->conf->get('security.markdown_escape'));
574 }
509} 575}