/[drupal]/drupal/modules/simpletest/tests/common.test
ViewVC logotype

Diff of /drupal/modules/simpletest/tests/common.test

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.91 by webchick, Sat Nov 21 00:43:42 2009 UTC revision 1.92 by dries, Sat Nov 21 14:35:05 2009 UTC
# Line 1  Line 1 
1  <?php  <?php
2  // $Id: common.test,v 1.90 2009/11/11 00:48:56 webchick Exp $  // $Id: common.test,v 1.91 2009/11/21 00:43:42 webchick Exp $
3    
4  /**  /**
5   * @file   * @file
# Line 56  class DrupalAlterTestCase extends Drupal Line 56  class DrupalAlterTestCase extends Drupal
56    
57  /**  /**
58   * Tests for URL generation functions.   * Tests for URL generation functions.
59     *
60     * url() calls module_implements(), which may issue a db query, which requires
61     * inheriting from a web test case rather than a unit test case.
62   */   */
63  class CommonURLUnitTest extends DrupalUnitTestCase {  class CommonURLUnitTest extends DrupalWebTestCase {
64    public static function getInfo() {    public static function getInfo() {
65      return array(      return array(
66        'name' => 'URL generation tests',        'name' => 'URL generation tests',
# Line 70  class CommonURLUnitTest extends DrupalUn Line 73  class CommonURLUnitTest extends DrupalUn
73     * Confirm that invalid text given as $path is filtered.     * Confirm that invalid text given as $path is filtered.
74     */     */
75    function testLXSS() {    function testLXSS() {
     global $conf;  
76      $text = $this->randomName();      $text = $this->randomName();
77      $path = "<SCRIPT>alert('XSS')</SCRIPT>";      $path = "<SCRIPT>alert('XSS')</SCRIPT>";
     // Regardless of whether there is a theme override of theme_link() or not,  
     // unless the 'theme_link' configuration variable is FALSE, l() will  
     // attempt to initialize the theme system in order to determine if  
     // the link needs to be themed. However, drupal_theme_initialize() requires  
     // a database query, which doesn't work in the context of unit tests,  
     // because simpletest sets up a table prefix, but doesn't generate the  
     // corresponding prefixed tables. We need to either circumvent theme system  
     // initialization, or make CommonURLUnitTest inherit from DrupalWebTestCase.  
     // Since our goal in this unit test is specifically to test the default  
     // implementation, we choose the former.  
     $theme_link_saved = isset($conf['theme_link']) ? $conf['theme_link'] : NULL;  
     $conf['theme_link'] = FALSE;  
78      $link = l($text, $path);      $link = l($text, $path);
     $conf['theme_link'] = $theme_link_saved;  
79      $sanitized_path = check_url(url($path));      $sanitized_path = check_url(url($path));
80      $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, t('XSS attack @path was filtered', array('@path' => $path)));      $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, t('XSS attack @path was filtered', array('@path' => $path)));
81    }    }
Legend:
Removed from v.1.91  
changed lines
  Added in v.1.92
  ViewVC Help
Powered by ViewVC 1.1.3