|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Provides test methods for commenting functionality. |
|
5
|
|
|
*/ |
|
6
|
|
|
class CommentTest extends FetchPageTestCase { |
|
7
|
|
|
/** |
|
8
|
|
|
* Loads the comments testing fixture. |
|
9
|
|
|
*/ |
|
10
|
|
|
public function getDataSet() { |
|
11
|
|
|
return $this->createMySQLXMLDataSet(dirname(__FILE__) . '/_fixtures/comment.xml'); |
|
|
|
|
|
|
12
|
|
|
} |
|
13
|
|
|
|
|
14
|
|
|
private function fetch_page($vars) { |
|
15
|
|
|
return $this->base_fetch_page($vars, '', 'section.php'); |
|
16
|
|
|
} |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* Ensures the database is prepared and the comment class is included for every test. |
|
20
|
|
|
*/ |
|
21
|
|
|
public function setUp(): void { |
|
22
|
|
|
|
|
23
|
|
|
parent::setUp(); |
|
24
|
|
|
|
|
25
|
|
|
include_once('www/includes/easyparliament/comment.php'); |
|
26
|
|
|
} |
|
27
|
|
|
|
|
28
|
|
|
/** |
|
29
|
|
|
* Makes sure the body of the test comment is returned correctly, testing HTML cleaning. |
|
30
|
|
|
*/ |
|
31
|
|
|
public function testHTMLCleaningGetBody() { |
|
32
|
|
|
$comment = new COMMENT(1); |
|
33
|
|
|
$this->assertEquals($comment->body(), "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, email addresses like [email protected], <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're rendered correctly. |
|
34
|
|
|
|
|
35
|
|
|
It also spans multiple lines."); |
|
36
|
|
|
} |
|
37
|
|
|
|
|
38
|
|
|
/** |
|
39
|
|
|
* Makes sure a comment is correctly rendered, testing HTML cleaning. |
|
40
|
|
|
* As we're now doing markdown we don't do this anymore |
|
41
|
|
|
public function testHTMLCleaningPrepareCommentForDisplay() { |
|
42
|
|
|
$comment = new COMMENT(1); |
|
43
|
|
|
$this->assertEquals(prepare_comment_for_display($comment->body()), "<p>This is a test comment, including <a href=\"https://www.theyworkforyou.com\" rel=\"nofollow\">https://www.theyworkforyou.com</a> <a href=\"https://www.theyworkforyou.com\">links</a>, email addresses like <a href=\"mailto:[email protected]\">[email protected]</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're rendered correctly.</p> |
|
44
|
|
|
<p>It also spans multiple lines.</p>"); |
|
45
|
|
|
} |
|
46
|
|
|
*/ |
|
47
|
|
|
|
|
48
|
|
|
public function testCommentWithVeryLongLink() { |
|
49
|
|
|
$comment = new COMMENT(2); |
|
50
|
|
|
$this->assertEquals( |
|
51
|
|
|
prepare_comment_for_display($comment->body()), |
|
52
|
|
|
'<p><a href="https://www.theyworkforyou.example.org/this/is/a/coment/with/a/very/long/URL/that/contains/http://something/as/it/is/an/archive" rel="nofollow">https://www.theyworkforyou.example.org/this/is/a/coment/with...</a></p>' |
|
53
|
|
|
); |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
public function testMarkdownInComments() { |
|
57
|
|
|
$comment = new COMMENT(3); |
|
58
|
|
|
$this->assertEquals( |
|
59
|
|
|
prepare_comment_for_display($comment->body()), |
|
60
|
|
|
'<p>This is a comment with <strong>bold</strong> and <a href="https://www.theyworkforyou.com" rel="nofollow">a link</a>.</p>' |
|
61
|
|
|
); |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
public function testAddCommentPermissions() { |
|
65
|
|
|
|
|
66
|
|
|
global $THEUSER; |
|
67
|
|
|
|
|
68
|
|
|
$THEUSER = new THEUSER(); |
|
69
|
|
|
|
|
70
|
|
|
$THEUSER->init(2); |
|
71
|
|
|
|
|
72
|
|
|
$comment = new COMMENT(); |
|
73
|
|
|
|
|
74
|
|
|
$data = [ |
|
75
|
|
|
'epobject_id' => 1, |
|
76
|
|
|
'body' => "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped. |
|
77
|
|
|
|
|
78
|
|
|
It also includes <script>alert('malicious!');</script> script tags, to ensure they are stripped correctly. |
|
79
|
|
|
|
|
80
|
|
|
It also spans multiple lines.", |
|
81
|
|
|
'gid' => '', |
|
82
|
|
|
]; |
|
83
|
|
|
|
|
84
|
|
|
$commentId = $comment->create($data); |
|
85
|
|
|
$this->assertFalse($commentId); |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
|
|
/** |
|
89
|
|
|
* Tests adding a new comment, testing HTML cleaning. |
|
90
|
|
|
*/ |
|
91
|
|
|
public function testHTMLCleaningAddComment() { |
|
92
|
|
|
|
|
93
|
|
|
global $THEUSER; |
|
94
|
|
|
|
|
95
|
|
|
$THEUSER = new THEUSER(); |
|
96
|
|
|
|
|
97
|
|
|
$THEUSER->init(1); |
|
98
|
|
|
|
|
99
|
|
|
$comment = new COMMENT(); |
|
100
|
|
|
|
|
101
|
|
|
$data = [ |
|
102
|
|
|
'epobject_id' => 1, |
|
103
|
|
|
'body' => "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped. |
|
104
|
|
|
|
|
105
|
|
|
It also includes <script>alert('malicious!');</script> script tags, to ensure they are stripped correctly. |
|
106
|
|
|
|
|
107
|
|
|
It also spans multiple lines.", |
|
108
|
|
|
'gid' => '', |
|
109
|
|
|
]; |
|
110
|
|
|
|
|
111
|
|
|
$commentId = $comment->create($data); |
|
112
|
|
|
|
|
113
|
|
|
// A correctly inserted comment returns an integer |
|
114
|
|
|
$this->assertIsInt($commentId); |
|
115
|
|
|
|
|
116
|
|
|
$comment = new COMMENT($commentId); |
|
117
|
|
|
|
|
118
|
|
|
$this->assertEquals("This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped. |
|
119
|
|
|
|
|
120
|
|
|
It also includes alert('malicious!'); script tags, to ensure they are stripped correctly. |
|
121
|
|
|
|
|
122
|
|
|
It also spans multiple lines.", $comment->body()); |
|
123
|
|
|
|
|
124
|
|
|
} |
|
125
|
|
|
|
|
126
|
|
|
public function testCommentsFromNoCommentPermissionUserNotShown() { |
|
127
|
|
|
global $THEUSER; |
|
128
|
|
|
|
|
129
|
|
|
$THEUSER = new THEUSER(); |
|
130
|
|
|
|
|
131
|
|
|
$THEUSER->init(1); |
|
132
|
|
|
|
|
133
|
|
|
$comment = new COMMENT(); |
|
134
|
|
|
|
|
135
|
|
|
$data = [ |
|
136
|
|
|
'epobject_id' => 603, |
|
137
|
|
|
'body' => "This is a test comment that should not be displayed as the user doesn't have permissions", |
|
138
|
|
|
'gid' => '', |
|
139
|
|
|
]; |
|
140
|
|
|
|
|
141
|
|
|
$commentId = $comment->create($data); |
|
|
|
|
|
|
142
|
|
|
|
|
143
|
|
|
$page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]); |
|
144
|
|
|
$this->assertStringContainsString('This is a...', $page); |
|
145
|
|
|
|
|
146
|
|
|
$THEUSER->_update([ |
|
147
|
|
|
'user_id' => 1, |
|
148
|
|
|
'firstname' => $THEUSER->firstname, |
|
149
|
|
|
'lastname' => $THEUSER->lastname, |
|
150
|
|
|
'postcode' => $THEUSER->postcode, |
|
151
|
|
|
'url' => $THEUSER->url, |
|
152
|
|
|
'optin' => $THEUSER->optin, |
|
153
|
|
|
'can_annotate' => 0, |
|
154
|
|
|
'organisation' => '', |
|
155
|
|
|
]); |
|
156
|
|
|
|
|
157
|
|
|
$page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]); |
|
158
|
|
|
$this->assertStringNotContainsString('This is a...', $page); |
|
159
|
|
|
} |
|
160
|
|
|
|
|
161
|
|
|
public function testOldCommentsShown() { |
|
162
|
|
|
global $THEUSER; |
|
163
|
|
|
|
|
164
|
|
|
$THEUSER = new THEUSER(); |
|
165
|
|
|
|
|
166
|
|
|
$THEUSER->init(1); |
|
167
|
|
|
|
|
168
|
|
|
$comment = new COMMENT(); |
|
169
|
|
|
|
|
170
|
|
|
$data = [ |
|
171
|
|
|
'epobject_id' => 603, |
|
172
|
|
|
'body' => "This is a test comment that should be displayed as it is old", |
|
173
|
|
|
'gid' => '', |
|
174
|
|
|
]; |
|
175
|
|
|
|
|
176
|
|
|
$commentId = $comment->create($data); |
|
177
|
|
|
|
|
178
|
|
|
self::$db->query("UPDATE comments SET user_id = 2 WHERE comment_id = $commentId"); |
|
179
|
|
|
|
|
180
|
|
|
$page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]); |
|
181
|
|
|
$this->assertStringNotContainsString('This is a...', $page); |
|
182
|
|
|
|
|
183
|
|
|
self::$db->query("UPDATE comments SET posted = '2024-10-09 12:42:11' WHERE comment_id = $commentId"); |
|
184
|
|
|
|
|
185
|
|
|
$page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]); |
|
186
|
|
|
$this->assertStringContainsString('This is a...', $page); |
|
187
|
|
|
} |
|
188
|
|
|
|
|
189
|
|
|
public function testHTMLCleaningOfAngleBrackets() { |
|
190
|
|
|
$text = 'Is 2 < 3?'; |
|
191
|
|
|
|
|
192
|
|
|
$this->assertEquals('Is 2 < 3?', filter_user_input($text, 'comment')); |
|
193
|
|
|
} |
|
194
|
|
|
|
|
195
|
|
|
public function testHTMLCleaningWithNonASCIIChars() { |
|
196
|
|
|
// everything is UTF-8 so we don't need to encode |
|
197
|
|
|
$text = "This is a curly ’ apostrophe. Is 2 < 3 ø ø € ’ « ö à"; |
|
198
|
|
|
|
|
199
|
|
|
$this->assertEquals("<p>This is a curly ’ apostrophe. Is 2 < 3 ø ø € ’ « ö à</p>", prepare_comment_for_display($text)); |
|
200
|
|
|
} |
|
201
|
|
|
|
|
202
|
|
|
} |
|
203
|
|
|
|
mysociety /
theyworkforyou
Loading history...
This check looks for function or method calls that always return null and whose return value is used.
The method
getObject()can return nothing but null, so it makes no sense to use the return value.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.