Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.
 All Data Structures Functions Variables Pages
DataUtilTest.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
37  class DataUtilTest extends BaseTest
38  {
39  public function testPurifyHtml()
40  {
41  $text = '<b>This</b> is <a href="http://www.zurmo.com">valid text</a>';
42  $purifiedText = DataUtil::purifyHtml($text);
43  $this->assertEquals($text, $purifiedText);
44 
45  $text = "<IMG SRC=JaVaScRiPt:alert('XSS')>"; // Not Coding Standard
46  $purifiedText = DataUtil::purifyHtml($text);
47  $this->assertEquals('', $purifiedText);
48 
49  $text = "Valid text.<SCRIPT>alert('XSS')</SCRIPT>";
50  $purifiedText = DataUtil::purifyHtml($text);
51  $this->assertEquals('Valid text.', $purifiedText);
52 
53  $text = "<SCRIPT>alert('XSS')</SCRIPT>Valid text.";
54  $purifiedText = DataUtil::purifyHtml($text);
55  $this->assertEquals('Valid text.', $purifiedText);
56 
57  $text = "|\/!'#$%&()=?«»´`~^ºª.;,<>Çéã"; // Not Coding Standard
58  $purifiedText = DataUtil::purifyHtml($text);
59  $this->assertEquals($text, $purifiedText);
60 
61  $text = '"';
62  $purifiedText = DataUtil::purifyHtml($text);
63  $this->assertEquals($text, $purifiedText);
64  }
65 
69  public function testPurifyHtmlAndModifyInput()
70  {
71  $text = '<b>This</b> is <a href="http://www.zurmo.com">valid text</a>';
73  $this->assertEquals('<b>This</b> is <a href="http://www.zurmo.com">valid text</a>', $text);
74 
75  $text = "<IMG SRC=JaVaScRiPt:alert('XSS')>"; // Not Coding Standard
77  $this->assertEquals('', $text);
78 
79  $text = "Valid text.<SCRIPT>alert('XSS')</SCRIPT>";
81  $this->assertEquals('Valid text.', $text);
82 
83  $text = "<SCRIPT>alert('XSS')</SCRIPT>Valid text.";
85  $this->assertEquals('Valid text.', $text);
86  }
87 
92  {
93  $data = array(
94  "Valid text.",
95  "<SCRIPT>alert('XSS')</SCRIPT>Valid text 2.",
96  "<SCRIPT>alert('XSS')</SCRIPT>",
97  "<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">",
98  "Valid text 3.<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">",
99  "inner" => array(
100  "<SCRIPT>alert('XSS')</SCRIPT>Valid text 4.",
101  "<SCRIPT>alert('XSS')</SCRIPT>",
102  ),
103  );
104  array_walk_recursive($data, array('DataUtil', 'purifyHtmlAndModifyInput'));
105  $compareData = array(
106  "Valid text.",
107  "Valid text 2.",
108  "",
109  "",
110  "Valid text 3.",
111  "inner" => array(
112  "Valid text 4.",
113  "",
114  )
115  );
116  $this->assertEquals($compareData, $data);
117  }
118 
123  {
124  $data = array(
125  'firstName' => 'Steve',
126  'lastName' => 'Thunder<SCRIPT>alert(\'XSS\')</SCRIPT>',
127  'boolean' => array('value' => 0),
128  'date' => '3/25/2011',
129  'dateTime' => '04/05/2011 5:00 AM',
130  'float' => '3.68',
131  'integer' => '10',
132  'phone' => '435655',
133  'string' => 'some string<SCRIPT>alert(\'XSS\')</SCRIPT>',
134  'textArea' => 'more text here<SCRIPT>alert(\'XSS\')</SCRIPT>',
135  'url' => 'http://www.zurmo.org',
136  'dropDown' => array('value' => 'test value<SCRIPT>alert(\'XSS\')</SCRIPT>'),
137  'radioDropDown' => array('value' => 'my value'),
138  'multiDropDown' => array('values' => array('multi1', 'multi2')), // Not Coding Standard
139  'tagCloud' => array('values' => 'tag1,tag2<SCRIPT>alert(\'XSS\')</SCRIPT>') // Not Coding Standard
140  );
141  $model = new TestDataUtilModel;
142  $sanitizedData = DataUtil::sanitizeDataByDesignerTypeForSavingModel($model, $data);
143  $compareData = array(
144  'firstName' => 'Steve',
145  'lastName' => 'Thunder',
146  'boolean' => false,
147  'date' => DateTimeUtil::resolveValueForDateDBFormatted('3/25/2011'),
149  'float' => '3.68',
150  'integer' => '10',
151  'phone' => '435655',
152  'string' => 'some string',
153  'textArea' => 'more text here',
154  'url' => 'http://www.zurmo.org',
155  'dropDown' => array('value' => 'test value'),
156  'radioDropDown' => array('value' => 'my value'),
157  'multiDropDown' => array('values' => array('multi1', 'multi2')),
158  'tagCloud' => array('values' => array('tag1', 'tag2'))
159  );
160  $this->assertEquals($compareData, $sanitizedData);
161  }
162 
163  public function testSanitizeDataToJustHavingElementForSavingModel()
164  {
165  $sanitizedData = array(
166  'name' => 'Global Inc.',
167  'phone' => '3432432'
168  );
169  $elementName = 'phone';
170  $data = DataUtil::sanitizeDataToJustHavingElementForSavingModel($sanitizedData, $elementName);
171  $this->assertEquals(array($elementName => '3432432'), $data);
172 
173  $elementName = "annualRavenue";
174  $data = DataUtil::sanitizeDataToJustHavingElementForSavingModel($sanitizedData, $elementName);
175  $this->assertNull($data);
176  }
177 
178  public function testRemoveElementFromDataForSavingModel()
179  {
180  $sanitizedData = array(
181  'name' => 'Global Inc.',
182  'phone' => '3432432'
183  );
184  $elementName = "annualRavenue";
185  $data = DataUtil::removeElementFromDataForSavingModel($sanitizedData, $elementName);
186  $this->assertEquals($sanitizedData, $data);
187 
188  $elementName = 'phone';
189  $data = DataUtil::removeElementFromDataForSavingModel($sanitizedData, $elementName);
190  $this->assertEquals(array('name' => 'Global Inc.'), $data);
191  }
192  }
193 ?>
static sanitizeDataByDesignerTypeForSavingModel($model, $data)
Definition: DataUtil.php:49
testSanitizeDataByDesignerTypeForSavingModel()
static convertDateTimeLocaleFormattedDisplayToDbFormattedDateTimeWithSecondsAsZero($localeFormattedDateTime)
static purifyHtmlAndModifyInput(&$item)
Definition: DataUtil.php:199
testPurifyHtmlAndModifyInput()
static removeElementFromDataForSavingModel($sanitizedData, $elementName)
Definition: DataUtil.php:149
testPurifyHtmlAndModifyInputUsingArrayWalkRecursive()
static purifyHtml($text)
Definition: DataUtil.php:165
static sanitizeDataToJustHavingElementForSavingModel($sanitizedData, $elementName)
Definition: DataUtil.php:133
Generated on Sat Jul 11 2020 07:10:25
Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.