From 0d3ddd9e11eeafbc51d95e20226117bc3424bcaf Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 24 Apr 2014 15:34:09 +0200 Subject: [PATCH 1/3] Remove redundant test case for non-HTML string. --- tests/lib/template.php | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/tests/lib/template.php b/tests/lib/template.php index b3d0975b79..40aec40234 100644 --- a/tests/lib/template.php +++ b/tests/lib/template.php @@ -39,7 +39,9 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase { p($badString); $result = ob_get_clean(); $this->assertEquals('<script>alert('Hacked!');</script>', $result); + } + public function testPNormalString() { $goodString = 'This is a good string without HTML.'; ob_start(); p($goodString); @@ -47,15 +49,6 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase { $this->assertEquals('This is a good string without HTML.', $result); } - public function testPNormalString() { - $normalString = "This is a good string!"; - ob_start(); - p($normalString); - $result = ob_get_clean(); - - $this->assertEquals("This is a good string!", $result); - } - public function testPrintUnescaped() { $htmlString = ""; From 88778b569e73dd2319c547be53df6aab6b8fa667 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 24 Apr 2014 15:36:02 +0200 Subject: [PATCH 2/3] Split testP() tests into multiple methods. --- tests/lib/template.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/lib/template.php b/tests/lib/template.php index 40aec40234..299eb2b936 100644 --- a/tests/lib/template.php +++ b/tests/lib/template.php @@ -27,13 +27,15 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase { $loader->load('OC_Template'); } - public function testP() { + public function testPJavaScript() { $badString = ''; ob_start(); p($badString); $result = ob_get_clean(); $this->assertEquals('<img onload="alert(1)" />', $result); + } + public function testPJavaScriptWithScriptTags() { $badString = ""; ob_start(); p($badString); From f45080e8116bc06a95c5ff2b2bfa92029fdb2590 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 24 Apr 2014 15:45:07 +0200 Subject: [PATCH 3/3] Use PHPUnit's expectOutputString() instead of performing output buffering. --- tests/lib/template.php | 37 +++++++++++-------------------------- 1 file changed, 11 insertions(+), 26 deletions(-) diff --git a/tests/lib/template.php b/tests/lib/template.php index 299eb2b936..eedf688721 100644 --- a/tests/lib/template.php +++ b/tests/lib/template.php @@ -28,46 +28,31 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase { } public function testPJavaScript() { - $badString = ''; - ob_start(); - p($badString); - $result = ob_get_clean(); - $this->assertEquals('<img onload="alert(1)" />', $result); + $this->expectOutputString('<img onload="alert(1)" />'); + p(''); } public function testPJavaScriptWithScriptTags() { - $badString = ""; - ob_start(); - p($badString); - $result = ob_get_clean(); - $this->assertEquals('<script>alert('Hacked!');</script>', $result); + $this->expectOutputString('<script>alert('Hacked!');</script>'); + p(""); } public function testPNormalString() { - $goodString = 'This is a good string without HTML.'; - ob_start(); - p($goodString); - $result = ob_get_clean(); - $this->assertEquals('This is a good string without HTML.', $result); + $string = 'This is a good string without HTML.'; + $this->expectOutputString($string); + p($string); } public function testPrintUnescaped() { $htmlString = ""; - - ob_start(); + $this->expectOutputString($htmlString); print_unescaped($htmlString); - $result = ob_get_clean(); - - $this->assertEquals($htmlString, $result); } public function testPrintUnescapedNormalString() { - $normalString = "This is a good string!"; - ob_start(); - print_unescaped($normalString); - $result = ob_get_clean(); - - $this->assertEquals("This is a good string!", $result); + $string = 'This is a good string!'; + $this->expectOutputString($string); + print_unescaped($string); } // ---------------------------------------------------------------------------