aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/Updater/UpdaterTest.php66
-rw-r--r--tests/plugins/PluginMarkdownTest.php57
-rw-r--r--tests/plugins/resources/markdown.html6
3 files changed, 120 insertions, 9 deletions
diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php
index de330ae2..39be88f9 100644
--- a/tests/Updater/UpdaterTest.php
+++ b/tests/Updater/UpdaterTest.php
@@ -506,4 +506,70 @@ $GLOBALS[\'privateLinkByDefault\'] = true;';
506 $this->conf = new ConfigManager($sandboxConf); 506 $this->conf = new ConfigManager($sandboxConf);
507 $this->assertEquals($theme, $this->conf->get('resource.theme')); 507 $this->assertEquals($theme, $this->conf->get('resource.theme'));
508 } 508 }
509
510 /**
511 * Test updateMethodEscapeMarkdown with markdown plugin enabled
512 * => setting markdown_escape set to false.
513 */
514 public function testEscapeMarkdownSettingToFalse()
515 {
516 $sandboxConf = 'sandbox/config';
517 copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
518 $this->conf = new ConfigManager($sandboxConf);
519
520 $this->conf->set('general.enabled_plugins', ['markdown']);
521 $updater = new Updater([], [], $this->conf, true);
522 $this->assertTrue($updater->updateMethodEscapeMarkdown());
523 $this->assertFalse($this->conf->get('security.markdown_escape'));
524
525 // reload from file
526 $this->conf = new ConfigManager($sandboxConf);
527 $this->assertFalse($this->conf->get('security.markdown_escape'));
528 }
529
530
531 /**
532 * Test updateMethodEscapeMarkdown with markdown plugin disabled
533 * => setting markdown_escape set to true.
534 */
535 public function testEscapeMarkdownSettingToTrue()
536 {
537 $sandboxConf = 'sandbox/config';
538 copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
539 $this->conf = new ConfigManager($sandboxConf);
540
541 $this->conf->set('general.enabled_plugins', []);
542 $updater = new Updater([], [], $this->conf, true);
543 $this->assertTrue($updater->updateMethodEscapeMarkdown());
544 $this->assertTrue($this->conf->get('security.markdown_escape'));
545
546 // reload from file
547 $this->conf = new ConfigManager($sandboxConf);
548 $this->assertTrue($this->conf->get('security.markdown_escape'));
549 }
550
551 /**
552 * Test updateMethodEscapeMarkdown with nothing to do (setting already enabled)
553 */
554 public function testEscapeMarkdownSettingNothingToDoEnabled()
555 {
556 $sandboxConf = 'sandbox/config';
557 copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
558 $this->conf = new ConfigManager($sandboxConf);
559 $this->conf->set('security.markdown_escape', true);
560 $updater = new Updater([], [], $this->conf, true);
561 $this->assertTrue($updater->updateMethodEscapeMarkdown());
562 $this->assertTrue($this->conf->get('security.markdown_escape'));
563 }
564
565 /**
566 * Test updateMethodEscapeMarkdown with nothing to do (setting already disabled)
567 */
568 public function testEscapeMarkdownSettingNothingToDoDisabled()
569 {
570 $this->conf->set('security.markdown_escape', false);
571 $updater = new Updater([], [], $this->conf, true);
572 $this->assertTrue($updater->updateMethodEscapeMarkdown());
573 $this->assertFalse($this->conf->get('security.markdown_escape'));
574 }
509} 575}
diff --git a/tests/plugins/PluginMarkdownTest.php b/tests/plugins/PluginMarkdownTest.php
index d359b2a1..d4cd1b97 100644
--- a/tests/plugins/PluginMarkdownTest.php
+++ b/tests/plugins/PluginMarkdownTest.php
@@ -14,11 +14,17 @@ require_once 'plugins/markdown/markdown.php';
14class PluginMarkdownTest extends PHPUnit_Framework_TestCase 14class PluginMarkdownTest extends PHPUnit_Framework_TestCase
15{ 15{
16 /** 16 /**
17 * @var ConfigManager instance.
18 */
19 protected $conf;
20
21 /**
17 * Reset plugin path 22 * Reset plugin path
18 */ 23 */
19 public function setUp() 24 public function setUp()
20 { 25 {
21 PluginManager::$PLUGINS_PATH = 'plugins'; 26 PluginManager::$PLUGINS_PATH = 'plugins';
27 $this->conf = new ConfigManager('tests/utils/config/configJson');
22 } 28 }
23 29
24 /** 30 /**
@@ -36,7 +42,7 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
36 ), 42 ),
37 ); 43 );
38 44
39 $data = hook_markdown_render_linklist($data); 45 $data = hook_markdown_render_linklist($data, $this->conf);
40 $this->assertNotFalse(strpos($data['links'][0]['description'], '<h1>')); 46 $this->assertNotFalse(strpos($data['links'][0]['description'], '<h1>'));
41 $this->assertNotFalse(strpos($data['links'][0]['description'], '<p>')); 47 $this->assertNotFalse(strpos($data['links'][0]['description'], '<p>'));
42 } 48 }
@@ -61,7 +67,7 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
61 ), 67 ),
62 ); 68 );
63 69
64 $data = hook_markdown_render_daily($data); 70 $data = hook_markdown_render_daily($data, $this->conf);
65 $this->assertNotFalse(strpos($data['cols'][0][0]['formatedDescription'], '<h1>')); 71 $this->assertNotFalse(strpos($data['cols'][0][0]['formatedDescription'], '<h1>'));
66 $this->assertNotFalse(strpos($data['cols'][0][0]['formatedDescription'], '<p>')); 72 $this->assertNotFalse(strpos($data['cols'][0][0]['formatedDescription'], '<p>'));
67 } 73 }
@@ -110,6 +116,8 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
110 $output = escape($input); 116 $output = escape($input);
111 $input .= '<a href="#" onmouseHover="alert(\'xss\');" attr="tt">link</a>'; 117 $input .= '<a href="#" onmouseHover="alert(\'xss\');" attr="tt">link</a>';
112 $output .= '<a href="#" attr="tt">link</a>'; 118 $output .= '<a href="#" attr="tt">link</a>';
119 $input .= '<a href="#" onmouseHover=alert(\'xss\'); attr="tt">link</a>';
120 $output .= '<a href="#" attr="tt">link</a>';
113 $this->assertEquals($output, sanitize_html($input)); 121 $this->assertEquals($output, sanitize_html($input));
114 // Do not touch escaped HTML. 122 // Do not touch escaped HTML.
115 $input = escape($input); 123 $input = escape($input);
@@ -130,10 +138,10 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
130 )) 138 ))
131 ); 139 );
132 140
133 $processed = hook_markdown_render_linklist($data); 141 $processed = hook_markdown_render_linklist($data, $this->conf);
134 $this->assertEquals($str, $processed['links'][0]['description']); 142 $this->assertEquals($str, $processed['links'][0]['description']);
135 143
136 $processed = hook_markdown_render_feed($data); 144 $processed = hook_markdown_render_feed($data, $this->conf);
137 $this->assertEquals($str, $processed['links'][0]['description']); 145 $this->assertEquals($str, $processed['links'][0]['description']);
138 146
139 $data = array( 147 $data = array(
@@ -151,7 +159,7 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
151 ), 159 ),
152 ); 160 );
153 161
154 $data = hook_markdown_render_daily($data); 162 $data = hook_markdown_render_daily($data, $this->conf);
155 $this->assertEquals($str, $data['cols'][0][0]['formatedDescription']); 163 $this->assertEquals($str, $data['cols'][0][0]['formatedDescription']);
156 } 164 }
157 165
@@ -169,7 +177,7 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
169 )) 177 ))
170 ); 178 );
171 179
172 $data = hook_markdown_render_feed($data); 180 $data = hook_markdown_render_feed($data, $this->conf);
173 $this->assertContains('<em>', $data['links'][0]['description']); 181 $this->assertContains('<em>', $data['links'][0]['description']);
174 } 182 }
175 183
@@ -185,4 +193,41 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
185 $data = process_markdown($md); 193 $data = process_markdown($md);
186 $this->assertEquals($html, $data); 194 $this->assertEquals($html, $data);
187 } 195 }
196
197 /**
198 * Make sure that the HTML tags are escaped.
199 */
200 public function testMarkdownWithHtmlEscape()
201 {
202 $md = '**strong** <strong>strong</strong>';
203 $html = '<div class="markdown"><p><strong>strong</strong> &lt;strong&gt;strong&lt;/strong&gt;</p></div>';
204 $data = array(
205 'links' => array(
206 0 => array(
207 'description' => $md,
208 ),
209 ),
210 );
211 $data = hook_markdown_render_linklist($data, $this->conf);
212 $this->assertEquals($html, $data['links'][0]['description']);
213 }
214
215 /**
216 * Make sure that the HTML tags aren't escaped with the setting set to false.
217 */
218 public function testMarkdownWithHtmlNoEscape()
219 {
220 $this->conf->set('security.markdown_escape', false);
221 $md = '**strong** <strong>strong</strong>';
222 $html = '<div class="markdown"><p><strong>strong</strong> <strong>strong</strong></p></div>';
223 $data = array(
224 'links' => array(
225 0 => array(
226 'description' => $md,
227 ),
228 ),
229 );
230 $data = hook_markdown_render_linklist($data, $this->conf);
231 $this->assertEquals($html, $data['links'][0]['description']);
232 }
188} 233}
diff --git a/tests/plugins/resources/markdown.html b/tests/plugins/resources/markdown.html
index c0fbe7f4..07a5a32e 100644
--- a/tests/plugins/resources/markdown.html
+++ b/tests/plugins/resources/markdown.html
@@ -12,11 +12,11 @@
12<li><a href="http://link.tld">two</a></li> 12<li><a href="http://link.tld">two</a></li>
13<li><a href="http://link.tld">three</a></li> 13<li><a href="http://link.tld">three</a></li>
14<li><a href="http://link.tld">four</a></li> 14<li><a href="http://link.tld">four</a></li>
15<li>foo <a href="?addtag=foobar" title="Hashtag foobar">#foobar</a></li> 15<li>foo &lt;a href=&quot;?addtag=foobar&quot; title=&quot;Hashtag foobar&quot;&gt;#foobar&lt;/a&gt;</li>
16</ol></li> 16</ol></li>
17</ol> 17</ol>
18<p><a href="?addtag=foobar" title="Hashtag foobar">#foobar</a> foo <code>lol #foo</code> <a href="?addtag=bar" title="Hashtag bar">#bar</a></p> 18<p>&lt;a href=&quot;?addtag=foobar&quot; title=&quot;Hashtag foobar&quot;&gt;#foobar&lt;/a&gt; foo <code>lol #foo</code> &lt;a href=&quot;?addtag=bar&quot; title=&quot;Hashtag bar&quot;&gt;#bar&lt;/a&gt;</p>
19<p>fsdfs <a href="http://link.tld">http://link.tld</a> <a href="?addtag=foobar" title="Hashtag foobar">#foobar</a> <code>http://link.tld</code></p> 19<p>fsdfs <a href="http://link.tld">http://link.tld</a> &lt;a href=&quot;?addtag=foobar&quot; title=&quot;Hashtag foobar&quot;&gt;#foobar&lt;/a&gt; <code>http://link.tld</code></p>
20<pre><code>http://link.tld #foobar 20<pre><code>http://link.tld #foobar
21next #foo</code></pre> 21next #foo</code></pre>
22<p>Block:</p> 22<p>Block:</p>