lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add more php units

Browse Source
This commit is contained in:
Laurent Destailleur 2010-11-20 15:25:08 +00:00
parent 3759fef702
commit 1880a1d59a
2 changed files with 181 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/lib/functions.lib.php
View File

@ -47,7 +47,7 @@ if (! defined('ADODB_DATE_VERSION')) include_once(DOL_DOCUMENT_ROOT."/includes/a
function GETPOST($paramname,$check='',$method=0)
{
if ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:'';
else if ($method==2) isset($_POST[$paramname])?$_POST[$paramname]:'';
else if ($method==2) $out = isset($_POST[$paramname])?$_POST[$paramname]:'';
else $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
if (!empty($check))
@ -55,7 +55,7 @@ function GETPOST($paramname,$check='',$method=0)
// Check if integer
if ($check == 'int' && ! is_numeric(trim($out))) $out='';
// Check if alpha
if ($check == 'alpha' && ! preg_match('/^[#\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
if ($check == 'alpha' && ! preg_match('/^[#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
}
return $out;

179
test/phpunit/SecurityTest.php Executable file
View File

@ -0,0 +1,179 @@
<?php
/* Copyright (C) 2010 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/**
* \file test/phpunit/SecurityTest.php
* \ingroup test
* \brief PHPUnit test
* \version $Id$
* \remarks To run this script as CLI: phpunit filename.php
*/
global $conf,$user,$langs,$db;
//define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver
require_once 'PHPUnit/Framework.php';
require_once dirname(__FILE__).'/../../htdocs/master.inc.php';
require_once dirname(__FILE__).'/../../htdocs/lib/functions.lib.php';
if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1');
if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1');
if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1');
if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1');
if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1');
if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1');
if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no menu to show
if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php
if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1');
if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session)
/**
* @xcovers DoliDb
* @xcovers Translate
* @xcovers Conf
* @xcovers Interfaces
* @xcovers CommonObject
* @xcovers Adherent
*
* @backupGlobals disabled
* @backupStaticAttributes enabled
* @remarks backupGlobals must be disabled to have db,conf,user and lang not erased.
*/
class SecurityTest extends PHPUnit_Framework_TestCase
{
protected $savconf;
protected $savuser;
protected $savlangs;
protected $savdb;
/**
* Constructor
* We save global variables into local variables
*
* @return CMailFile
*/
function SecurityTest()
{
//$this->sharedFixture
global $conf,$user,$langs,$db;
$this->savconf=$conf;
$this->savuser=$user;
$this->savlangs=$langs;
$this->savdb=$db;
print __METHOD__." db->type=".$db->type." user->id=".$user->id;
//print " - db ".$db->db;
print "\n";
}
// Static methods
public static function setUpBeforeClass()
{
global $conf,$user,$langs,$db;
$db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
print __METHOD__."\n";
}
public static function tearDownAfterClass()
{
global $conf,$user,$langs,$db;
$db->rollback();
print __METHOD__."\n";
}
/**
*/
protected function setUp()
{
global $conf,$user,$langs,$db;
$conf=$this->savconf;
$user=$this->savuser;
$langs=$this->savlangs;
$db=$this->savdb;
print __METHOD__."\n";
}
/**
*/
protected function tearDown()
{
print __METHOD__."\n";
}
/**
*/
public function testGETPOST()
{
global $conf,$user,$langs,$db;
$conf=$this->savconf;
$user=$this->savuser;
$langs=$this->savlangs;
$db=$this->savdb;
$_COOKIE["id"]=111;
$_GET["param1"]="222";
$_POST["param1"]="333";
$_GET["param2"]='a/b#e(pr)qq-rr\cc';
$_GET["param3"]='"a/b#e(pr)qq-rr\cc'; // Same than param2 + "
$result=GETPOST("id"); // Must return nothing
print __METHOD__." result=".$result."\n";
$this->assertEquals($result,'');
$result=GETPOST("param1",'int');
print __METHOD__." result=".$result."\n";
$this->assertEquals($result,222);
$result=GETPOST("param1",'int',2);
print __METHOD__." result=".$result."\n";
$this->assertEquals($result,333);
$result=GETPOST("param2",'alpha');
print __METHOD__." result=".$result."\n";
$this->assertEquals($result,$_GET["param2"]);
$result=GETPOST("param3",'alpha'); // Must return '' as there is a forbidden char
print __METHOD__." result=".$result."\n";
$this->assertEquals($result,'');
return $result;
}
/**
*/
/* public function testAnalyseSqlAndScript()
{
global $conf,$user,$langs,$db;
$conf=$this->savconf;
$user=$this->savuser;
$langs=$this->savlangs;
$db=$this->savdb;
$_GET["param1"]="azert";
$_POST["param2"]="a/b#e(pr)qq-rr\cc";
$result=analyse_sql_and_script($_GET);
print __METHOD__." result=".$result."\n";
$this->assertFalse($result); // False because mail send disabled
return $result;
}
*/
}
?>