From 020281d932c566476222e6c825ada3affff239a6 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 29 Aug 2009 10:45:47 -0700
Subject: Adding SafeString which is going to replace p::clean() and
 p::purify(). Refactoring of Xss_Security_Test. t() and t2() return a
 SafeString instance.

TODO:
 - Update all code to use SafeString where appropriate.
 - Update golden fole of Xss_Security_Test
 - Stop reporting CLEAN vars in Xss_Security_Test
---
 modules/gallery/tests/SafeString_Test.php | 111 ++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)
 create mode 100644 modules/gallery/tests/SafeString_Test.php

(limited to 'modules/gallery/tests/SafeString_Test.php')

diff --git a/modules/gallery/tests/SafeString_Test.php b/modules/gallery/tests/SafeString_Test.php
new file mode 100644
index 00000000..cdae3e99
--- /dev/null
+++ b/modules/gallery/tests/SafeString_Test.php
@@ -0,0 +1,111 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class SafeString_Test extends Unit_Test_Case {
+  public function p_clean_returns_safestring_instance_test() {
+    $safe_string = p::clean("hello <p>world</p>");
+    $this->assert_true($safe_string instanceof SafeString);
+    $this->assert_equal("hello <p>world</p>",
+			$safe_string->unescaped());
+  }
+
+  public function toString_escapes_for_html_test() {
+    $safe_string = new SafeString("hello <p>world</p>");
+    $this->assert_equal("hello &lt;p&gt;world&lt;/p&gt;",
+			$safe_string);
+  }
+
+  public function toString_for_safe_string_test() {
+    $safe_string = new SafeString("hello <p>world</p>");
+    $safe_string->mark_html_safe();
+    $this->assert_equal("hello <p>world</p>",
+			$safe_string);
+  }
+
+  public function for_html_test() {
+    $safe_string = new SafeString("hello <p>world</p>");
+    $this->assert_equal("hello &lt;p&gt;world&lt;/p&gt;",
+			$safe_string->for_html());
+  }
+
+  public function safestring_of_safestring_test() {
+    $safe_string = new SafeString("hello <p>world</p>");
+    $safe_string_2 = new SafeString($safe_string);
+    $this->assert_true($safe_string_2 instanceof SafeString);
+    $raw_string = $safe_string_2->unescaped();
+    $this->assert_false(is_object($raw_string));
+    $this->assert_equal("hello <p>world</p>", $raw_string);
+    $this->assert_equal("hello &lt;p&gt;world&lt;/p&gt;", $safe_string_2);
+  }
+
+  public function for_js_test() {
+    $safe_string = new SafeString('"<em>Foo</em>\'s bar"');
+    $js_string = $safe_string->for_js();
+    $this->assert_equal('\\"<em>Foo<\\/em>\\\'s bar\\"',
+			$js_string);
+  }
+
+  public function string_safestring_equality_test() {
+    $safe_string = new SafeString("hello <p>world</p>");
+    $this->assert_equal("hello <p>world</p>",
+			$safe_string->unescaped());
+    $escaped_string = "hello &lt;p&gt;world&lt;/p&gt;";
+    $this->assert_equal($escaped_string, $safe_string);
+
+    $this->assert_true($escaped_string == $safe_string);
+    $this->assert_false($escaped_string === $safe_string);
+    $this->assert_false("meow" == $safe_string);
+  }
+
+  public function of_test() {
+    $safe_string = SafeString::of("hello <p>world</p>");
+    $this->assert_equal("hello <p>world</p>", $safe_string->unescaped());
+  }
+
+  public function of_safe_html_test() {
+    $safe_string = SafeString::of("hello <p>world</p>")->mark_html_safe();
+    $this->assert_equal("hello <p>world</p>", $safe_string->for_html());
+  }
+
+  public function of_fluid_api_test() {
+    $escaped_string = SafeString::of("Foo's bar")->for_js();
+    $this->assert_equal("Foo\\'s bar", $escaped_string);
+  }
+
+  public function safestring_of_safestring_preserves_safe_status_test() {
+    $safe_string = SafeString::of("hello's <p>world</p>")->mark_html_safe();
+    $safe_string_2 = new SafeString($safe_string);
+    $this->assert_equal("hello's <p>world</p>", $safe_string_2);
+    $this->assert_equal("hello\\'s <p>world<\\/p>", $safe_string_2->for_js());
+  }
+
+  public function safestring_of_safestring_preserves_html_safe_status_test() {
+    $safe_string = SafeString::of("hello's <p>world</p>")
+      ->mark_html_safe();
+    $safe_string_2 = new SafeString($safe_string);
+    $this->assert_equal("hello's <p>world</p>", $safe_string_2);
+    $this->assert_equal("hello\\'s <p>world<\\/p>", $safe_string_2->for_js());
+  }
+
+  public function safestring_of_safestring_safe_status_override_test() {
+    $safe_string = new SafeString("hello <p>world</p>");
+    $safe_string_2 = SafeString::of($safe_string)->mark_html_safe();
+    $this->assert_equal("hello <p>world</p>", $safe_string_2);
+  }
+}
-- 
cgit v1.2.3