|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Provides test methods for commenting functionality. |
|
5
|
|
|
*/ |
|
6
|
|
|
class CommentTest extends TWFY_Database_TestCase { |
|
7
|
|
|
/** |
|
8
|
|
|
* Loads the comments testing fixture. |
|
9
|
|
|
*/ |
|
10
|
|
|
public function getDataSet() { |
|
11
|
|
|
return $this->createMySQLXMLDataSet(dirname(__FILE__) . '/_fixtures/comment.xml'); |
|
|
|
|
|
|
12
|
|
|
} |
|
13
|
|
|
|
|
14
|
|
|
/** |
|
15
|
|
|
* Ensures the database is prepared and the comment class is included for every test. |
|
16
|
|
|
*/ |
|
17
|
|
|
public function setUp(): void { |
|
18
|
|
|
|
|
19
|
|
|
parent::setUp(); |
|
20
|
|
|
|
|
21
|
|
|
include_once('www/includes/easyparliament/comment.php'); |
|
22
|
|
|
} |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* Makes sure the body of the test comment is returned correctly, testing HTML cleaning. |
|
26
|
|
|
*/ |
|
27
|
|
|
public function testHTMLCleaningGetBody() { |
|
28
|
|
|
$comment = new COMMENT(1); |
|
29
|
|
|
$this->assertEquals($comment->body(), "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, email addresses like [email protected], <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're rendered correctly. |
|
30
|
|
|
|
|
31
|
|
|
It also spans multiple lines."); |
|
32
|
|
|
} |
|
33
|
|
|
|
|
34
|
|
|
/** |
|
35
|
|
|
* Makes sure a comment is correctly rendered, testing HTML cleaning. |
|
36
|
|
|
*/ |
|
37
|
|
|
public function testHTMLCleaningPrepareCommentForDisplay() { |
|
38
|
|
|
$comment = new COMMENT(1); |
|
39
|
|
|
$this->assertEquals(prepare_comment_for_display($comment->body()), "This is a test comment, including <a href=\"https://www.theyworkforyou.com\" rel=\"nofollow\">https://www.theyworkforyou.com</a> <a href=\"https://www.theyworkforyou.com\">links</a>, email addresses like <a href=\"mailto:[email protected]\">[email protected]</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're rendered correctly.<br> |
|
40
|
|
|
<br> |
|
41
|
|
|
It also spans multiple lines."); |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
|
|
public function testCommentWithVeryLongLink() { |
|
45
|
|
|
$comment = new COMMENT(2); |
|
46
|
|
|
$this->assertEquals( |
|
47
|
|
|
prepare_comment_for_display($comment->body()), |
|
48
|
|
|
'<a href="https://www.theyworkforyou.example.org/this/is/a/coment/with/a/very/long/URL/that/contains/http://something/as/it/is/an/archive" rel="nofollow">https://www.theyworkforyou.example.org/this/is/a/coment/with...</a>' |
|
49
|
|
|
); |
|
50
|
|
|
} |
|
51
|
|
|
|
|
52
|
|
|
/** |
|
53
|
|
|
* Tests adding a new comment, testing HTML cleaning. |
|
54
|
|
|
*/ |
|
55
|
|
|
public function testHTMLCleaningAddComment() |
|
56
|
|
|
{ |
|
57
|
|
|
|
|
58
|
|
|
global $THEUSER; |
|
59
|
|
|
|
|
60
|
|
|
$THEUSER = new THEUSER; |
|
61
|
|
|
|
|
62
|
|
|
$THEUSER->init(1); |
|
63
|
|
|
|
|
64
|
|
|
$comment = new COMMENT(); |
|
65
|
|
|
|
|
66
|
|
|
$data = array( |
|
67
|
|
|
'epobject_id' => 1, |
|
68
|
|
|
'body' => "This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped. |
|
69
|
|
|
|
|
70
|
|
|
It also includes <script>alert('malicious!');</script> script tags, to ensure they are stripped correctly. |
|
71
|
|
|
|
|
72
|
|
|
It also spans multiple lines.", |
|
73
|
|
|
'gid' => '' |
|
74
|
|
|
); |
|
75
|
|
|
|
|
76
|
|
|
$commentId = $comment->create($data); |
|
77
|
|
|
|
|
78
|
|
|
// A correctly inserted comment returns an integer |
|
79
|
|
|
$this->assertInternalType('integer', $commentId); |
|
|
|
|
|
|
80
|
|
|
|
|
81
|
|
|
$comment = new COMMENT($commentId); |
|
82
|
|
|
|
|
83
|
|
|
$this->assertEquals("This is a test comment, including https://www.theyworkforyou.com <a href=\"https://www.theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped. |
|
84
|
|
|
|
|
85
|
|
|
It also includes alert('malicious!'); script tags, to ensure they are stripped correctly. |
|
86
|
|
|
|
|
87
|
|
|
It also spans multiple lines.", $comment->body()); |
|
88
|
|
|
|
|
89
|
|
|
} |
|
90
|
|
|
|
|
91
|
|
|
public function testHTMLCleaningOfAngleBrackets() { |
|
92
|
|
|
$text = 'Is 2 < 3?'; |
|
93
|
|
|
|
|
94
|
|
|
$this->assertEquals('Is 2 < 3?', filter_user_input($text, 'comment')); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
public function testHTMLCleaningWithNonASCIIChars() { |
|
98
|
|
|
// this file is UTF-8 but odd comments are sent up looking like Windows-1252 so we need the |
|
99
|
|
|
// input text to be encoded thus otherwise the output is different |
|
100
|
|
|
$text = "This is a curly ’ apostrophe. Is 2 < 3 ø ø € ’ « ö à"; |
|
101
|
|
|
|
|
102
|
|
|
$this->assertEquals("This is a curly ’ apostrophe. Is 2 < 3 ø ø € ’ « ö à", prepare_comment_for_display($text)); |
|
103
|
|
|
} |
|
104
|
|
|
|
|
105
|
|
|
} |
|
106
|
|
|
|
mysociety /
theyworkforyou
Loading history...
This check looks for function or method calls that always return null and whose return value is used.
The method
getObject()can return nothing but null, so it makes no sense to use the return value.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.