assertEquals(
'[a@javascript:alert(\'XSS\');@target]link',
PMA_sanitize('[a@javascript:alert(\'XSS\');@target]link[/a]')
);
}
/**
* Tests correct generating of link redirector.
*
* @return void
*/
public function testLink()
{
unset($GLOBALS['server']);
unset($GLOBALS['lang']);
unset($GLOBALS['collation_connection']);
$this->assertEquals(
'link',
PMA_sanitize('[a@https://www.phpmyadmin.net/@target]link[/a]')
);
}
/**
* Tests links to documentation.
*
* @return void
*
* @dataProvider docLinks
*/
public function testDoc($link, $expected)
{
$this->assertEquals(
'doclink',
PMA_sanitize('[doc@' . $link . ']doclink[/doc]')
);
}
/**
* Data provider for sanitize [doc@foo] markup
*
* @return array
*/
public function docLinks()
{
return array(
array('foo', 'setup.html%23foo'),
array('cfg_TitleTable', 'config.html%23cfg_TitleTable'),
array('faq3-11', 'faq.html%23faq3-11'),
array('bookmarks@', 'bookmarks.html'),
);
}
/**
* Tests link target validation.
*
* @return void
*/
public function testInvalidTarget()
{
$this->assertEquals(
'[a@./Documentation.html@INVALID9]doc',
PMA_sanitize('[a@./Documentation.html@INVALID9]doc[/a]')
);
}
/**
* Tests XSS escaping after valid link.
*
* @return void
*/
public function testLinkDocXss()
{
$this->assertEquals(
'[a@./Documentation.html" onmouseover="alert(foo)"]doc',
PMA_sanitize('[a@./Documentation.html" onmouseover="alert(foo)"]doc[/a]')
);
}
/**
* Tests proper handling of multi link code.
*
* @return void
*/
public function testLinkAndXssInHref()
{
$this->assertEquals(
'doc[a@javascript:alert(\'XSS\');@target]link',
PMA_sanitize('[a@https://docs.phpmyadmin.net/]doc[/a][a@javascript:alert(\'XSS\');@target]link[/a]')
);
}
/**
* Test escaping of HTML tags
*
* @return void
*/
public function testHtmlTags()
{
$this->assertEquals(
'<div onclick="">',
PMA_sanitize('')
);
}
/**
* Tests basic BB code.
*
* @return void
*/
public function testBBCode()
{
$this->assertEquals(
'strong',
PMA_sanitize('[strong]strong[/strong]')
);
}
/**
* Tests output escaping.
*
* @return void
*/
public function testEscape()
{
$this->assertEquals(
'<strong>strong</strong>',
PMA_sanitize('[strong]strong[/strong]', true)
);
}
/**
* Test for PMA_sanitizeFilename
*
* @return void
*/
public function testSanitizeFilename()
{
$this->assertEquals(
'File_name_123',
PMA_sanitizeFilename('File_name 123')
);
}
}