diff options
Diffstat (limited to 'tests/codeigniter')
| -rw-r--r-- | tests/codeigniter/core/Security_test.php | 32 | ||||
| -rw-r--r-- | tests/codeigniter/database/query_builder/escape_test.php | 41 | ||||
| -rw-r--r-- | tests/codeigniter/libraries/Table_test.php | 24 |
3 files changed, 81 insertions, 16 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 1796ba74d..b2f8c69d2 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -70,4 +70,36 @@ class Security_test extends CI_TestCase { $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string); } + + // -------------------------------------------------------------------- + + public function test_xss_hash() + { + $this->assertEmpty($this->security->xss_hash); + + // Perform hash + $this->security->xss_hash(); + + $this->assertTrue(preg_match('#^[0-9a-f]{32}$#iS', $this->security->xss_hash) === 1); + } + + // -------------------------------------------------------------------- + + public function test_entity_decode() + { + $encoded = '<div>Hello <b>Booya</b></div>'; + $decoded = $this->security->entity_decode($encoded); + + $this->assertEquals('<div>Hello <b>Booya</b></div>', $decoded); + } + + // -------------------------------------------------------------------- + + public function test_sanitize_filename() + { + $filename = './<!--foo-->'; + $safe_filename = $this->security->sanitize_filename($filename); + + $this->assertEquals('foo', $safe_filename); + } }
\ No newline at end of file diff --git a/tests/codeigniter/database/query_builder/escape_test.php b/tests/codeigniter/database/query_builder/escape_test.php index 50685922a..5d575a37b 100644 --- a/tests/codeigniter/database/query_builder/escape_test.php +++ b/tests/codeigniter/database/query_builder/escape_test.php @@ -22,15 +22,22 @@ class Escape_test extends CI_TestCase { */ public function test_escape_like_percent_sign() { - $string = '\%foo' -; - $this->db->select('value'); - $this->db->from('misc'); - $this->db->like('key', $string, 'after'); - $res = $this->db->get(); + // Escape the like string + $string = $this->db->escape_like_str('\%foo'); + if (strpos(DB_DRIVER, 'mysql') !== FALSE) + { + $sql = "SELECT `value` FROM `misc` WHERE `key` LIKE '$string%' ESCAPE '';"; + } + else + { + $sql = 'SELECT "value" FROM "misc" WHERE "key" LIKE \''.$string.'%\' ESCAPE \'!\';'; + } + + $res = $this->db->query($sql)->result_array(); + // Check the result - $this->assertEquals(1, count($res->result_array())); + $this->assertEquals(1, count($res)); } // ------------------------------------------------------------------------ @@ -40,15 +47,21 @@ class Escape_test extends CI_TestCase { */ public function test_escape_like_backslash_sign() { - $string = '\\'; + // Escape the like string + $string = $this->db->escape_like_str('\\'); - $this->db->select('value'); - $this->db->from('misc'); - $this->db->like('key', $string, 'after'); - $res = $this->db->get(); + if (strpos(DB_DRIVER, 'mysql') !== FALSE) + { + $sql = "SELECT `value` FROM `misc` WHERE `key` LIKE '$string%' ESCAPE '';"; + } + else + { + $sql = 'SELECT "value" FROM "misc" WHERE "key" LIKE \''.$string.'%\' ESCAPE \'!\';'; + } + $res = $this->db->query($sql)->result_array(); + // Check the result - $this->assertEquals(2, count($res->result_array())); + $this->assertEquals(2, count($res)); } - }
\ No newline at end of file diff --git a/tests/codeigniter/libraries/Table_test.php b/tests/codeigniter/libraries/Table_test.php index 13f338c6b..f5133de1e 100644 --- a/tests/codeigniter/libraries/Table_test.php +++ b/tests/codeigniter/libraries/Table_test.php @@ -291,6 +291,26 @@ class Table_test extends CI_TestCase { ); } - // Test main generate method - // -------------------------------------------------------------------- + function test_generate() + { + // Prepare the data + $data = array( + array('Name', 'Color', 'Size'), + array('Fred', 'Blue', 'Small'), + array('Mary', 'Red', 'Large'), + array('John', 'Green', 'Medium') + ); + + $table = $this->table->generate($data); + + // Test the table header + $this->assertTrue(strpos($table, '<th>Name</th>') !== FALSE); + $this->assertTrue(strpos($table, '<th>Color</th>') !== FALSE); + $this->assertTrue(strpos($table, '<th>Size</th>') !== FALSE); + + // Test the first entry + $this->assertTrue(strpos($table, '<td>Fred</td>') !== FALSE); + $this->assertTrue(strpos($table, '<td>Blue</td>') !== FALSE); + $this->assertTrue(strpos($table, '<td>Small</td>') !== FALSE); + } }
\ No newline at end of file |