<?php
/* Copyright (C) 2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2023 Alexandre Janniaux <alexandre.janniaux@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file test/phpunit/WebsiteTest.php
* \ingroup test
* \brief PHPUnit test
* \remarks To run this script as CLI: phpunit filename.php
*/
global $conf,$user,$langs,$db;
//define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver
//require_once 'PHPUnit/Autoload.php';
require_once dirname(__FILE__).'/CommonClassTest.class.php';
if (! defined('NOREQUIRESOC')) {
define('NOREQUIRESOC', '1');
}
if (! defined('NOCSRFCHECK')) {
define('NOCSRFCHECK', '1');
}
if (! defined('NOTOKENRENEWAL')) {
define('NOTOKENRENEWAL', '1');
}
if (! defined('NOREQUIREMENU')) {
define('NOREQUIREMENU', '1'); // If there is no menu to show
}
if (! defined('NOREQUIREHTML')) {
define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
}
if (! defined('NOREQUIREAJAX')) {
define('NOREQUIREAJAX', '1');
}
if (! defined("NOLOGIN")) {
define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
}
if (! defined("NOSESSION")) {
define("NOSESSION", '1');
}
require_once dirname(__FILE__).'/../../htdocs/main.inc.php';
require_once dirname(__FILE__).'/../../htdocs/core/lib/website.lib.php';
require_once dirname(__FILE__).'/../../htdocs/core/lib/website2.lib.php';
require_once dirname(__FILE__).'/../../htdocs/website/class/website.class.php';
if (empty($user->id)) {
print "Load permissions for admin user nb 1\n";
$user->fetch(1);
$user->getrights();
if (empty($user->rights->website)) {
$user->rights->website = new stdClass();
}
}
$conf->global->MAIN_DISABLE_ALL_MAILS = 1;
/**
* Class for PHPUnit tests
*
* @backupGlobals disabled
* @backupStaticAttributes enabled
* @remarks backupGlobals must be disabled to have db,conf,user and lang not erased.
*/
class WebsiteTest extends CommonClassTest
{
/**
* testGetPagesFromSearchCriterias
*
* @return void
*/
public function testGetPagesFromSearchCriterias()
{
global $db, $website; // We need the $website as global, it is used by the getPagesFromSearchCriterias()
$website = new Website($db); // $website must be defined globally for getPagesFromSearchCriterias()
$s = "123') OR 1=1-- \' xxx";
/*
var_dump($s);
var_dump($db->escapeforlike($s));
var_dump($db->escape($db->escapeforlike($s)));
*/
$res = getPagesFromSearchCriterias('page,blogpost', 'meta,content', $s, 2, 'date_creation', 'DESC', 'en');
//var_dump($res);
print __METHOD__." message=".$res['code']."\n";
// We must found no line (so code should be KO). If we found somethiing, it means there is a SQL injection of the 1=1
$this->assertEquals($res['code'], 'KO');
}
/**
* testDolStripPhpCode
*
* @return void
*/
public function testDolStripPhpCode()
{
global $db;
$s = "abc\n<?php echo 'def'\n// comment\n ?>ghi";
$result = dolStripPhpCode($s);
$this->assertEquals("abc\n<span phptag></span>ghi", $result);
$s = "abc\n<?PHP echo 'def'\n// comment\n ?>ghi";
$result = dolStripPhpCode($s);
$this->assertEquals("abc\n<span phptag></span>ghi", $result);
}
/**
* testCheckPHPCode
*
* @return void
*/
public function testCheckPHPCode()
{
global $user;
// Force permission so this is not the permission that will affect result of checkPHPCode
$user->rights->website->writephp = 1;
$t = '';
$s = '<?php exec("eee"); ?>';
$result = checkPHPCode($t, $s);
print __METHOD__." result checkPHPCode=".$result."\n";
$this->assertEquals($result, 1, 'checkPHPCode did not detect the string was dangerous');
$t = '';
$s = '<?php $_="{"; $_=($_^"<").($_^">;").($_^"/"); ?><?=${\'_\'.$_}["_"](${\'_\'.$_}["__"]);?>';
$result = checkPHPCode($t, $s);
print __METHOD__." result checkPHPCode=".$result."\n";
$this->assertEquals($result, 1, 'checkPHPCode did not detect the string was dangerous');
}
/**
* testDolKeepOnlyPhpCode
*
* @return void
*/
public function testDolKeepOnlyPhpCode()
{
$s = 'HTML content <?php exec("eee"); ?> and more HTML content';
$result = dolKeepOnlyPhpCode($s);
print __METHOD__." result dolKeepOnlyPhpCode=".$result."\n";
$this->assertEquals('<?php exec("eee"); ?>', $result, 'dolKeepOnlyPhpCode did extract the correct string');
$s = 'HTML content <? exec("eee"); ?> and more HTML content';
$result = dolKeepOnlyPhpCode($s);
print __METHOD__." result dolKeepOnlyPhpCode=".$result."\n";
$this->assertEquals('<?php exec("eee"); ?>', $result, 'dolKeepOnlyPhpCode did extract the correct string');
$s = 'HTML content <?php test() <?php test2(); ?> and more HTML content';
$result = dolKeepOnlyPhpCode($s);
print __METHOD__." result dolKeepOnlyPhpCode=".$result."\n";
$this->assertEquals('<?php test() ?><?php test2(); ?>', $result, 'dolKeepOnlyPhpCode did extract the correct string');
}
}