opdavies/drupalcampbristol
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update to Drupal 8.0.0-beta15. For more information, see: https://www.drupal.org/node/2563023

Browse source
This commit is contained in:
Pantheon Automation 2015-09-04 13:20:09 -07:00 committed by Greg Anderson
parent 2720a9ec4b
commit f3791f1da3
1898 changed files with 54300 additions and 11481 deletions
Download patch file Download diff file Expand all files Collapse all files

51
core/tests/Drupal/Tests/Component/Utility/HtmlTest.php
View file

@ -259,4 +259,55 @@ class HtmlTest extends UnitTestCase {
);
}
/**
* Tests Html::escape().
*
* @dataProvider providerEscape
* @covers ::escape
*/
public function testEscape($expected, $text) {
$this->assertEquals($expected, Html::escape($text));
}
/**
* Data provider for testEscape().
*
* @see testCheckPlain()
*/
public function providerEscape() {
return array(
array('Drupal', 'Drupal'),
array('&lt;script&gt;', '<script>'),
array('&amp;lt;script&amp;gt;', '&lt;script&gt;'),
array('&amp;#34;', '&#34;'),
array('&quot;', '"'),
array('&amp;quot;', '&quot;'),
array('&#039;', "'"),
array('&amp;#039;', '&#039;'),
array('©', '©'),
array('→', '→'),
array('➼', '➼'),
array('€', '€'),
array('Drup<75>al', "Drup\x80al"),
);
}
/**
* Tests relationship between escaping and decoding HTML entities.
*
* @covers ::decodeEntities
* @covers ::escape
*/
public function testDecodeEntitiesAndEscape() {
$string = "<em>répét&eacute;</em>";
$escaped = Html::escape($string);
$this->assertSame('&lt;em&gt;répét&amp;eacute;&lt;/em&gt;', $escaped);
$decoded = Html::decodeEntities($escaped);
$this->assertSame('<em>répét&eacute;</em>', $decoded);
$decoded = Html::decodeEntities($decoded);
$this->assertSame('<em>répété</em>', $decoded);
$escaped = Html::escape($decoded);
$this->assertSame('&lt;em&gt;répété&lt;/em&gt;', $escaped);
}
}

5
core/tests/Drupal/Tests/Component/Utility/RandomTest.php
View file

@ -8,7 +8,6 @@
namespace Drupal\Tests\Component\Utility;
use Drupal\Component\Utility\Random;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Tests\UnitTestCase;
/**
@ -39,7 +38,7 @@ class RandomTest extends UnitTestCase {
$random = new Random();
for ($i = 0; $i <= 50; $i++) {
$str = $random->string(1, TRUE);
$this->assertFalse(isset($strings[$str]), SafeMarkup::format('Generated duplicate random string !string', array('!string' => $str)));
$this->assertFalse(isset($strings[$str]), 'Generated duplicate random string ' . $str);
$strings[$str] = TRUE;
}
}
@ -54,7 +53,7 @@ class RandomTest extends UnitTestCase {
$random = new Random();
for ($i = 0; $i <= 10; $i++) {
$str = $random->name(1, TRUE);
$this->assertFalse(isset($names[$str]), SafeMarkup::format('Generated duplicate random name !name', array('!name' => $str)));
$this->assertFalse(isset($names[$str]), 'Generated duplicate random name ' . $str);
$names[$str] = TRUE;
}
}

239
core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
View file

@ -8,7 +8,8 @@
namespace Drupal\Tests\Component\Utility;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Xss;
use Drupal\Component\Utility\SafeStringInterface;
use Drupal\Component\Utility\SafeStringTrait;
use Drupal\Tests\UnitTestCase;
/**
@ -20,54 +21,81 @@ use Drupal\Tests\UnitTestCase;
class SafeMarkupTest extends UnitTestCase {
/**
* Tests SafeMarkup::set() and SafeMarkup::isSafe().
* Helper function to add a string to the safe list for testing.
*
* @dataProvider providerSet
* @param string $string
* The content to be marked as secure.
* @param string $strategy
* The escaping strategy used for this string. Two values are supported
* by default:
* - 'html': (default) The string is safe for use in HTML code.
* - 'all': The string is safe for all use cases.
* See the
* @link http://twig.sensiolabs.org/doc/filters/escape.html Twig escape documentation @endlink
* for more information on escaping strategies in Twig.
*
* @param string $text
* The text or object to provide to SafeMarkup::set().
* @param string $message
* The message to provide as output for the test.
*
* @covers ::set
* @return string
* The input string that was marked as safe.
*/
public function testSet($text, $message) {
$returned = SafeMarkup::set($text);
$this->assertTrue(is_string($returned), 'The return value of SafeMarkup::set() is really a string');
$this->assertEquals($returned, $text, 'The passed in value should be equal to the string value according to PHP');
$this->assertTrue(SafeMarkup::isSafe($text), $message);
$this->assertTrue(SafeMarkup::isSafe($returned), 'The return value has been marked as safe');
protected function safeMarkupSet($string, $strategy = 'html') {
$reflected_class = new \ReflectionClass('\Drupal\Component\Utility\SafeMarkup');
$reflected_property = $reflected_class->getProperty('safeStrings');
$reflected_property->setAccessible(true);
$current_value = $reflected_property->getValue();
$current_value[$string][$strategy] = TRUE;
$reflected_property->setValue($current_value);
return $string;
}
/**
* Tests SafeMarkup::isSafe() with different providers.
*
* @covers ::isSafe
*/
public function testStrategy() {
$returned = $this->safeMarkupSet('string0', 'html');
$this->assertTrue(SafeMarkup::isSafe($returned), 'String set with "html" provider is safe for default (html)');
$returned = $this->safeMarkupSet('string1', 'all');
$this->assertTrue(SafeMarkup::isSafe($returned), 'String set with "all" provider is safe for default (html)');
$returned = $this->safeMarkupSet('string2', 'css');
$this->assertFalse(SafeMarkup::isSafe($returned), 'String set with "css" provider is not safe for default (html)');
$returned = $this->safeMarkupSet('string3');
$this->assertFalse(SafeMarkup::isSafe($returned, 'all'), 'String set with "html" provider is not safe for "all"');
}
/**
* Data provider for testSet().
*
* @see testSet()
*/
public function providerSet() {
// Checks that invalid multi-byte sequences are rejected.
$tests[] = array("Foo\xC0barbaz", '', 'SafeMarkup::checkPlain() rejects invalid sequence "Foo\xC0barbaz"', TRUE);
$tests[] = array("Fooÿñ", 'SafeMarkup::set() accepts valid sequence "Fooÿñ"');
$tests[] = array(new TextWrapper("Fooÿñ"), 'SafeMarkup::set() accepts valid sequence "Fooÿñ" in an object implementing __toString()');
$tests[] = array("<div>", 'SafeMarkup::set() accepts HTML');
// Checks that invalid multi-byte sequences are escaped.
$tests[] = array(
'Foo<6F>barbaz',
'SafeMarkup::setMarkup() functions with valid sequence "Foo<6F>barbaz"',
TRUE
);
$tests[] = array(
"Fooÿñ",
'SafeMarkup::setMarkup() functions with valid sequence "Fooÿñ"'
);
$tests[] = array("<div>", 'SafeMarkup::setMultiple() does not escape HTML');
return $tests;
}
/**
* Tests SafeMarkup::set() and SafeMarkup::isSafe() with different providers.
* Tests SafeMarkup::setMultiple().
* @dataProvider providerSet
*
* @covers ::isSafe
* @param string $text
* The text or object to provide to SafeMarkup::setMultiple().
* @param string $message
* The message to provide as output for the test.
*
* @covers ::setMultiple
*/
public function testStrategy() {
$returned = SafeMarkup::set('string0', 'html');
$this->assertTrue(SafeMarkup::isSafe($returned), 'String set with "html" provider is safe for default (html)');
$returned = SafeMarkup::set('string1', 'all');
$this->assertTrue(SafeMarkup::isSafe($returned), 'String set with "all" provider is safe for default (html)');
$returned = SafeMarkup::set('string2', 'css');
$this->assertFalse(SafeMarkup::isSafe($returned), 'String set with "css" provider is not safe for default (html)');
$returned = SafeMarkup::set('string3');
$this->assertFalse(SafeMarkup::isSafe($returned, 'all'), 'String set with "html" provider is not safe for "all"');
public function testSet($text, $message) {
SafeMarkup::setMultiple([$text => ['html' => TRUE]]);
$this->assertTrue(SafeMarkup::isSafe($text), $message);
}
/**
@ -140,10 +168,10 @@ class SafeMarkupTest extends UnitTestCase {
* @see testCheckPlain()
*/
function providerCheckPlain() {
// Checks that invalid multi-byte sequences are rejected.
$tests[] = array("Foo\xC0barbaz", '', 'SafeMarkup::checkPlain() rejects invalid sequence "Foo\xC0barbaz"', TRUE);
$tests[] = array("\xc2\"", '', 'SafeMarkup::checkPlain() rejects invalid sequence "\xc2\""', TRUE);
$tests[] = array("Fooÿñ", "Fooÿñ", 'SafeMarkup::checkPlain() accepts valid sequence "Fooÿñ"');
// Checks that invalid multi-byte sequences are escaped.
$tests[] = array("Foo\xC0barbaz", 'Foo<EFBFBD>barbaz', 'SafeMarkup::checkPlain() escapes invalid sequence "Foo\xC0barbaz"', TRUE);
$tests[] = array("\xc2\"", '<EFBFBD>&quot;', 'SafeMarkup::checkPlain() escapes invalid sequence "\xc2\""', TRUE);
$tests[] = array("Fooÿñ", "Fooÿñ", 'SafeMarkup::checkPlain() does not escape valid sequence "Fooÿñ"');
// Checks that special characters are escaped.
$tests[] = array("<script>", '&lt;script&gt;', 'SafeMarkup::checkPlain() escapes &lt;script&gt;');
@ -160,7 +188,7 @@ class SafeMarkupTest extends UnitTestCase {
*
* @param string $string
* The string to run through SafeMarkup::format().
* @param string $args
* @param string[] $args
* The arguments to pass into SafeMarkup::format().
* @param string $expected
* The expected result from calling the function.
@ -169,10 +197,14 @@ class SafeMarkupTest extends UnitTestCase {
* @param bool $expected_is_safe
* Whether the result is expected to be safe for HTML display.
*/
function testFormat($string, $args, $expected, $message, $expected_is_safe) {
public function testFormat($string, array $args, $expected, $message, $expected_is_safe) {
$result = SafeMarkup::format($string, $args);
$this->assertEquals($expected, $result, $message);
$this->assertEquals($expected_is_safe, SafeMarkup::isSafe($result), 'SafeMarkup::format correctly sets the result as safe or not safe.');
foreach ($args as $arg) {
$this->assertSame($arg instanceof SafeMarkupTestSafeString, SafeMarkup::isSafe($arg));
}
}
/**
@ -183,124 +215,11 @@ class SafeMarkupTest extends UnitTestCase {
function providerFormat() {
$tests[] = array('Simple text', array(), 'Simple text', 'SafeMarkup::format leaves simple text alone.', TRUE);
$tests[] = array('Escaped text: @value', array('@value' => '<script>'), 'Escaped text: &lt;script&gt;', 'SafeMarkup::format replaces and escapes string.', TRUE);
$tests[] = array('Escaped text: @value', array('@value' => SafeMarkup::set('<span>Safe HTML</span>')), 'Escaped text: <span>Safe HTML</span>', 'SafeMarkup::format does not escape an already safe string.', TRUE);
$tests[] = array('Escaped text: @value', array('@value' => SafeMarkupTestSafeString::create('<span>Safe HTML</span>')), 'Escaped text: <span>Safe HTML</span>', 'SafeMarkup::format does not escape an already safe string.', TRUE);
$tests[] = array('Placeholder text: %value', array('%value' => '<script>'), 'Placeholder text: <em class="placeholder">&lt;script&gt;</em>', 'SafeMarkup::format replaces, escapes and themes string.', TRUE);
$tests[] = array('Placeholder text: %value', array('%value' => SafeMarkup::set('<span>Safe HTML</span>')), 'Placeholder text: <em class="placeholder"><span>Safe HTML</span></em>', 'SafeMarkup::format does not escape an already safe string themed as a placeholder.', TRUE);
$tests[] = array('Placeholder text: %value', array('%value' => SafeMarkupTestSafeString::create('<span>Safe HTML</span>')), 'Placeholder text: <em class="placeholder"><span>Safe HTML</span></em>', 'SafeMarkup::format does not escape an already safe string themed as a placeholder.', TRUE);
$tests[] = array('Verbatim text: !value', array('!value' => '<script>'), 'Verbatim text: <script>', 'SafeMarkup::format replaces verbatim string as-is.', FALSE);
$tests[] = array('Verbatim text: !value', array('!value' => SafeMarkup::set('<span>Safe HTML</span>')), 'Verbatim text: <span>Safe HTML</span>', 'SafeMarkup::format replaces verbatim string as-is.', TRUE);
return $tests;
}
/**
* Tests SafeMarkup::placeholder().
*
* @covers ::placeholder
*/
function testPlaceholder() {
$this->assertEquals('<em class="placeholder">Some text</em>', SafeMarkup::placeholder('Some text'));
}
/**
* Tests SafeMarkup::replace().
*
* @dataProvider providerReplace
* @covers ::replace
*/
public function testReplace($search, $replace, $subject, $expected, $is_safe) {
$result = SafeMarkup::replace($search, $replace, $subject);
$this->assertEquals($expected, $result);
$this->assertEquals($is_safe, SafeMarkup::isSafe($result));
}
/**
* Tests the interaction between the safe list and XSS filtering.
*
* @covers ::xssFilter
* @covers ::escape
*/
public function testAdminXss() {
// Use the predefined XSS admin tag list. This strips the <marquee> tags.
$this->assertEquals('text', SafeMarkup::xssFilter('<marquee>text</marquee>', Xss::getAdminTagList()));
$this->assertTrue(SafeMarkup::isSafe('text'), 'The string \'text\' is marked as safe.');
// This won't strip the <marquee> tags and the string with HTML will be
// marked as safe.
$filtered = SafeMarkup::xssFilter('<marquee>text</marquee>', array('marquee'));
$this->assertEquals('<marquee>text</marquee>', $filtered);
$this->assertTrue(SafeMarkup::isSafe('<marquee>text</marquee>'), 'The string \'<marquee>text</marquee>\' is marked as safe.');
// SafeMarkup::xssFilter() with the default tag list will strip the
// <marquee> tag even though the string was marked safe above.
$this->assertEquals('text', SafeMarkup::xssFilter('<marquee>text</marquee>'));
// SafeMarkup::escape() will not escape the markup tag since the string was
// marked safe above.
$this->assertEquals('<marquee>text</marquee>', SafeMarkup::escape($filtered));
// SafeMarkup::checkPlain() will escape the markup tag even though the
// string was marked safe above.
$this->assertEquals('&lt;marquee&gt;text&lt;/marquee&gt;', SafeMarkup::checkPlain($filtered));
// Ensure that SafeMarkup::xssFilter strips all tags when passed an empty
// array and uses the default tag list when not passed a tag list.
$this->assertEquals('text', SafeMarkup::xssFilter('<em>text</em>', []));
$this->assertEquals('<em>text</em>', SafeMarkup::xssFilter('<em>text</em>'));
}
/**
* Data provider for testReplace().
*
* @see testReplace()
*/
public function providerReplace() {
$tests = [];
// Subject unsafe.
$tests[] = [
'<placeholder>',
SafeMarkup::set('foo'),
'<placeholder>bazqux',
'foobazqux',
FALSE,
];
// All safe.
$tests[] = [
'<placeholder>',
SafeMarkup::set('foo'),
SafeMarkup::set('<placeholder>barbaz'),
'foobarbaz',
TRUE,
];
// Safe subject, but should result in unsafe string because replacement is
// unsafe.
$tests[] = [
'<placeholder>',
'fubar',
SafeMarkup::set('<placeholder>barbaz'),
'fubarbarbaz',
FALSE,
];
// Array with all safe.
$tests[] = [
['<placeholder1>', '<placeholder2>', '<placeholder3>'],
[SafeMarkup::set('foo'), SafeMarkup::set('bar'), SafeMarkup::set('baz')],
SafeMarkup::set('<placeholder1><placeholder2><placeholder3>'),
'foobarbaz',
TRUE,
];
// Array with unsafe replacement.
$tests[] = [
['<placeholder1>', '<placeholder2>', '<placeholder3>',],
[SafeMarkup::set('bar'), SafeMarkup::set('baz'), 'qux'],
SafeMarkup::set('<placeholder1><placeholder2><placeholder3>'),
'barbazqux',
FALSE,
];
$tests[] = array('Verbatim text: !value', array('!value' => SafeMarkupTestSafeString::create('<span>Safe HTML</span>')), 'Verbatim text: <span>Safe HTML</span>', 'SafeMarkup::format replaces verbatim string as-is.', TRUE);
return $tests;
}
@ -320,3 +239,13 @@ class SafeMarkupTestString {
}
}
/**
* Marks text as safe.
*
* SafeMarkupTestSafeString is used to mark text as safe because
* SafeMarkup::$safeStrings is a global static that affects all tests.
*/
class SafeMarkupTestSafeString implements SafeStringInterface {
use SafeStringTrait;
}

15
core/tests/Drupal/Tests/Component/Utility/UrlHelperTest.php
View file

@ -8,7 +8,6 @@
namespace Drupal\Tests\Component\Utility;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Tests\UnitTestCase;
/**
@ -94,7 +93,7 @@ class UrlHelperTest extends UnitTestCase {
public function testValidAbsolute($url, $scheme) {
$test_url = $scheme . '://' . $url;
$valid_url = UrlHelper::isValid($test_url, TRUE);
$this->assertTrue($valid_url, SafeMarkup::format('@url is a valid URL.', array('@url' => $test_url)));
$this->assertTrue($valid_url, $test_url . ' is a valid URL.');
}
/**
@ -125,7 +124,7 @@ class UrlHelperTest extends UnitTestCase {
public function testInvalidAbsolute($url, $scheme) {
$test_url = $scheme . '://' . $url;
$valid_url = UrlHelper::isValid($test_url, TRUE);
$this->assertFalse($valid_url, SafeMarkup::format('@url is NOT a valid URL.', array('@url' => $test_url)));
$this->assertFalse($valid_url, $test_url . ' is NOT a valid URL.');
}
/**
@ -159,7 +158,7 @@ class UrlHelperTest extends UnitTestCase {
public function testValidRelative($url, $prefix) {
$test_url = $prefix . $url;
$valid_url = UrlHelper::isValid($test_url);
$this->assertTrue($valid_url, SafeMarkup::format('@url is a valid URL.', array('@url' => $test_url)));
$this->assertTrue($valid_url, $test_url . ' is a valid URL.');
}
/**
@ -190,7 +189,7 @@ class UrlHelperTest extends UnitTestCase {
public function testInvalidRelative($url, $prefix) {
$test_url = $prefix . $url;
$valid_url = UrlHelper::isValid($test_url);
$this->assertFalse($valid_url, SafeMarkup::format('@url is NOT a valid URL.', array('@url' => $test_url)));
$this->assertFalse($valid_url, $test_url . ' is NOT a valid URL.');
}
/**
@ -381,8 +380,10 @@ class UrlHelperTest extends UnitTestCase {
*/
public function testFilterBadProtocol($uri, $expected, $protocols) {
UrlHelper::setAllowedProtocols($protocols);
$filtered = UrlHelper::filterBadProtocol($uri);
$this->assertEquals($expected, $filtered);
$this->assertEquals($expected, UrlHelper::filterBadProtocol($uri));
// Multiple calls to UrlHelper::filterBadProtocol() do not cause double
// escaping.
$this->assertEquals($expected, UrlHelper::filterBadProtocol(UrlHelper::filterBadProtocol($uri)));
}
/**

5
core/tests/Drupal/Tests/Component/Utility/VariableTest.php
View file

@ -78,6 +78,11 @@ class VariableTest extends UnitTestCase {
'"\'"',
"'",
),
array(
// Quotes with $ symbols.
'"\$settings[\'foo\']"',
'$settings[\'foo\']',
),
// Object.
array(
// A stdClass object.