CommentTest::testAddCommentPermissions() - Code Metrics - Inspection of "fix handling of external links when glossarising" - mysociety/theyworkforyou - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 0e9327...12087f )

by Struan

created 2025-10-08 13:10 UTC

CommentTest::testAddCommentPermissions() A

↳ Parent: CommentTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	22
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	10
nc	1
nop	0
dl	0
loc	22
rs	9.9332
c	0
b	0
f	0

<?php

/**
 * Provides test methods for commenting functionality.
 */
class CommentTest extends FetchPageTestCase {
    /**
     * Loads the comments testing fixture.
     */
    public function getDataSet() {
        return $this->createMySQLXMLDataSet(dirname(__FILE__) . '/_fixtures/comment.xml');
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
    }

    private function fetch_page($vars) {
        return $this->base_fetch_page($vars, '', 'section.php');
    }

    /**
     * Ensures the database is prepared and the comment class is included for every test.
     */
    public function setUp(): void {

        parent::setUp();

        include_once('www/includes/easyparliament/comment.php');
    }

    /**
     * Makes sure the body of the test comment is returned correctly, testing HTML cleaning.
     */
    public function testHTMLCleaningGetBody() {
        $comment = new COMMENT(1);
        $this->assertEquals($comment->body(), "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, email addresses like [email protected], <b>bold</b>, <i>italics</i>, and stray &lt; brackets to ensure they're rendered correctly.

It also spans multiple lines.");
    }

    /**
     * Makes sure a comment is correctly rendered, testing HTML cleaning.
     */
    public function testHTMLCleaningPrepareCommentForDisplay() {
        $comment = new COMMENT(1);
        $this->assertEquals(prepare_comment_for_display($comment->body()), "This is a test comment, including <a href=\"https://www.theyworkforyou.com\" rel=\"nofollow\">https://www.theyworkforyou.com</a> <a href=\"https://www.theyworkforyou.com\">links</a>, email addresses like <a href=\"mailto:[email protected]\">[email protected]</a>, <b>bold</b>, <i>italics</i>, and stray &lt; brackets to ensure they're rendered correctly.<br>
<br>
It also spans multiple lines.");
    }

    public function testCommentWithVeryLongLink() {
        $comment = new COMMENT(2);
        $this->assertEquals(
            prepare_comment_for_display($comment->body()),
            '<a href="https://www.theyworkforyou.example.org/this/is/a/coment/with/a/very/long/URL/that/contains/http://something/as/it/is/an/archive" rel="nofollow">https://www.theyworkforyou.example.org/this/is/a/coment/with...</a>'
        );
    }

    public function testAddCommentPermissions() {

        global $THEUSER;

        $THEUSER = new THEUSER();

        $THEUSER->init(2);

        $comment = new COMMENT();

        $data = [
            'epobject_id' => 1,
            'body' => "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped.

It also includes <script>alert('malicious!');</script> script tags, to ensure they are stripped correctly.

It also spans multiple lines.",
            'gid' => '',
        ];

        $commentId = $comment->create($data);
        $this->assertFalse($commentId);
    }

    /**
     * Tests adding a new comment, testing HTML cleaning.
     */
    public function testHTMLCleaningAddComment() {

        global $THEUSER;

        $THEUSER = new THEUSER();

        $THEUSER->init(1);

        $comment = new COMMENT();

        $data = [
            'epobject_id' => 1,
            'body' => "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped.

It also includes <script>alert('malicious!');</script> script tags, to ensure they are stripped correctly.

It also spans multiple lines.",
            'gid' => '',
        ];

        $commentId = $comment->create($data);

        // A correctly inserted comment returns an integer
        $this->assertIsInt($commentId);

        $comment = new COMMENT($commentId);

        $this->assertEquals("This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray &lt; brackets to ensure they're not stripped.

It also includes alert('malicious!'); script tags, to ensure they are stripped correctly.

It also spans multiple lines.", $comment->body());

    }

    public function testCommentsFromNoCommentPermissionUserNotShown() {
        global $THEUSER;

        $THEUSER = new THEUSER();

        $THEUSER->init(1);

        $comment = new COMMENT();

        $data = [
            'epobject_id' => 603,
            'body' => "This is a test comment that should not be displayed as the user doesn't have permissions",
            'gid' => '',
        ];

        $commentId = $comment->create($data);


        $page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]);
        $this->assertStringContainsString('This is a...', $page);

        $THEUSER->_update([
            'user_id' => 1,
            'firstname' => $THEUSER->firstname,
            'lastname' => $THEUSER->lastname,
            'postcode' => $THEUSER->postcode,
            'url' => $THEUSER->url,
            'optin' => $THEUSER->optin,
            'can_annotate' => 0,
            'organisation' => '',
        ]);

        $page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]);
        $this->assertStringNotContainsString('This is a...', $page);
    }

    public function testOldCommentsShown() {
        global $THEUSER;

        $THEUSER = new THEUSER();

        $THEUSER->init(1);

        $comment = new COMMENT();

        $data = [
            'epobject_id' => 603,
            'body' => "This is a test comment that should be displayed as it is old",
            'gid' => '',
        ];

        $commentId = $comment->create($data);

        self::$db->query("UPDATE comments SET user_id = 2 WHERE comment_id = $commentId");

        $page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]);
        $this->assertStringNotContainsString('This is a...', $page);

        self::$db->query("UPDATE comments SET posted = '2024-10-09 12:42:11' WHERE comment_id = $commentId");

        $page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]);
        $this->assertStringContainsString('This is a...', $page);
    }

    public function testHTMLCleaningOfAngleBrackets() {
        $text = 'Is 2 < 3?';

        $this->assertEquals('Is 2 &lt; 3?', filter_user_input($text, 'comment'));
    }

    public function testHTMLCleaningWithNonASCIIChars() {
        // this file is UTF-8 but odd comments are sent up looking like Windows-1252 so we need the
        // input text to be encoded thus otherwise the output is different
        $text = "This is a curly  ’ apostrophe. Is 2 &lt; 3 ø ø €  ’ « ö à";

        $this->assertEquals("This is a curly  &rsquo; apostrophe. Is 2 &lt; 3 &oslash; &oslash; &euro;  &rsquo; &laquo; &ouml; &agrave;", prepare_comment_for_display($text));
    }

}


1			<?php
2
3			/**
4			* Provides test methods for commenting functionality.
5			*/
6			class CommentTest extends FetchPageTestCase {
7			/**
8			* Loads the comments testing fixture.
9			*/
10			public function getDataSet() {
11			return $this->createMySQLXMLDataSet(dirname(__FILE__) . '/_fixtures/comment.xml');
			0 ignored issues – show Bug introduced 2023-12-18 14:28 UTC by Report Bug Copy Issue Report Are you sure the usage of `$this->createMySQLXMLDat..._fixtures/comment.xml')` targeting `TWFY_Database_TestCase::createMySQLXMLDataSet()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
12			}
13
14			private function fetch_page($vars) {
15			return $this->base_fetch_page($vars, '', 'section.php');
16			}
17
18			/**
19			* Ensures the database is prepared and the comment class is included for every test.
20			*/
21			public function setUp(): void {
22
23			parent::setUp();
24
25			include_once('www/includes/easyparliament/comment.php');
26			}
27
28			/**
29			* Makes sure the body of the test comment is returned correctly, testing HTML cleaning.
30			*/
31			public function testHTMLCleaningGetBody() {
32			$comment = new COMMENT(1);
33			$this->assertEquals($comment->body(), "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, email addresses like [email protected], <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're rendered correctly.
34
35			It also spans multiple lines.");
36			}
37
38			/**
39			* Makes sure a comment is correctly rendered, testing HTML cleaning.
40			*/
41			public function testHTMLCleaningPrepareCommentForDisplay() {
42			$comment = new COMMENT(1);
43			$this->assertEquals(prepare_comment_for_display($comment->body()), "This is a test comment, including <a href=\"https://www.theyworkforyou.com\" rel=\"nofollow\">https://www.theyworkforyou.com</a> <a href=\"https://www.theyworkforyou.com\">links</a>, email addresses like <a href=\"mailto:[email protected]\">[email protected]</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're rendered correctly.<br>
44			<br>
45			It also spans multiple lines.");
46			}
47
48			public function testCommentWithVeryLongLink() {
49			$comment = new COMMENT(2);
50			$this->assertEquals(
51			prepare_comment_for_display($comment->body()),
52			'<a href="https://www.theyworkforyou.example.org/this/is/a/coment/with/a/very/long/URL/that/contains/http://something/as/it/is/an/archive" rel="nofollow">https://www.theyworkforyou.example.org/this/is/a/coment/with...</a>'
53			);
54			}
55
56			public function testAddCommentPermissions() {
57
58			global $THEUSER;
59
60			$THEUSER = new THEUSER();
61
62			$THEUSER->init(2);
63
64			$comment = new COMMENT();
65
66			$data = [
67			'epobject_id' => 1,
68			'body' => "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped.
69
70			It also includes <script>alert('malicious!');</script> script tags, to ensure they are stripped correctly.
71
72			It also spans multiple lines.",
73			'gid' => '',
74			];
75
76			$commentId = $comment->create($data);
77			$this->assertFalse($commentId);
78			}
79
80			/**
81			* Tests adding a new comment, testing HTML cleaning.
82			*/
83			public function testHTMLCleaningAddComment() {
84
85			global $THEUSER;
86
87			$THEUSER = new THEUSER();
88
89			$THEUSER->init(1);
90
91			$comment = new COMMENT();
92
93			$data = [
94			'epobject_id' => 1,
95			'body' => "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped.
96
97			It also includes <script>alert('malicious!');</script> script tags, to ensure they are stripped correctly.
98
99			It also spans multiple lines.",
100			'gid' => '',
101			];
102
103			$commentId = $comment->create($data);
104
105			// A correctly inserted comment returns an integer
106			$this->assertIsInt($commentId);
107
108			$comment = new COMMENT($commentId);
109
110			$this->assertEquals("This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped.
111
112			It also includes alert('malicious!'); script tags, to ensure they are stripped correctly.
113
114			It also spans multiple lines.", $comment->body());
115
116			}
117
118			public function testCommentsFromNoCommentPermissionUserNotShown() {
119			global $THEUSER;
120
121			$THEUSER = new THEUSER();
122
123			$THEUSER->init(1);
124
125			$comment = new COMMENT();
126
127			$data = [
128			'epobject_id' => 603,
129			'body' => "This is a test comment that should not be displayed as the user doesn't have permissions",
130			'gid' => '',
131			];
132
133			$commentId = $comment->create($data);
			0 ignored issues – show Unused Code introduced 2025-10-08 13:19 UTC by Report Bug Copy Issue Report The assignment to `$commentId` is dead and can be removed. Loading history...
134
135			$page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]);
136			$this->assertStringContainsString('This is a...', $page);
137
138			$THEUSER->_update([
139			'user_id' => 1,
140			'firstname' => $THEUSER->firstname,
141			'lastname' => $THEUSER->lastname,
142			'postcode' => $THEUSER->postcode,
143			'url' => $THEUSER->url,
144			'optin' => $THEUSER->optin,
145			'can_annotate' => 0,
146			'organisation' => '',
147			]);
148
149			$page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]);
150			$this->assertStringNotContainsString('This is a...', $page);
151			}
152
153			public function testOldCommentsShown() {
154			global $THEUSER;
155
156			$THEUSER = new THEUSER();
157
158			$THEUSER->init(1);
159
160			$comment = new COMMENT();
161
162			$data = [
163			'epobject_id' => 603,
164			'body' => "This is a test comment that should be displayed as it is old",
165			'gid' => '',
166			];
167
168			$commentId = $comment->create($data);
169
170			self::$db->query("UPDATE comments SET user_id = 2 WHERE comment_id = $commentId");
171
172			$page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]);
173			$this->assertStringNotContainsString('This is a...', $page);
174
175			self::$db->query("UPDATE comments SET posted = '2024-10-09 12:42:11' WHERE comment_id = $commentId");
176
177			$page = $this->fetch_page([ 'type' => 'debates', 'id' => '2014-01-01b.1.2' ]);
178			$this->assertStringContainsString('This is a...', $page);
179			}
180
181			public function testHTMLCleaningOfAngleBrackets() {
182			$text = 'Is 2 < 3?';
183
184			$this->assertEquals('Is 2 < 3?', filter_user_input($text, 'comment'));
185			}
186
187			public function testHTMLCleaningWithNonASCIIChars() {
188			// this file is UTF-8 but odd comments are sent up looking like Windows-1252 so we need the
189			// input text to be encoded thus otherwise the output is different
190			$text = "This is a curly ’ apostrophe. Is 2 < 3 ø ø € ’ « ö à";
191
192			$this->assertEquals("This is a curly ’ apostrophe. Is 2 < 3 ø ø € ’ « ö à", prepare_comment_for_display($text));
193			}
194
195			}
196

mysociety / theyworkforyou

Push — master ( 0e9327...12087f )

CommentTest::testAddCommentPermissions() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like