Changeset 48937 for trunk/tests/phpunit/tests/kses.php
- Timestamp:
- 09/02/2020 12:35:36 AM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/tests/phpunit/tests/kses.php
r48744 r48937 30 30 $string = "<address $name='$value'>1 WordPress Avenue, The Internet.</address>"; 31 31 $expect_string = "<address $name='" . str_replace( '; ', ';', trim( $value, ';' ) ) . "'>1 WordPress Avenue, The Internet.</address>"; 32 $this->assert Equals( $expect_string, wp_kses( $string, $allowedposttags ) );32 $this->assertSame( $expect_string, wp_kses( $string, $allowedposttags ) ); 33 33 } 34 34 } … … 64 64 $string = "<a $attr>I link this</a>"; 65 65 $expect_string = "<a $expected_attr>I link this</a>"; 66 $this->assert Equals( $expect_string, wp_kses( $string, $allowedposttags ) );66 $this->assertSame( $expect_string, wp_kses( $string, $allowedposttags ) ); 67 67 } 68 68 } … … 138 138 $string = "<abbr $name='$value'>WP</abbr>"; 139 139 $expect_string = "<abbr $name='" . trim( $value, ';' ) . "'>WP</abbr>"; 140 $this->assert Equals( $expect_string, wp_kses( $string, $allowedposttags ) );140 $this->assertSame( $expect_string, wp_kses( $string, $allowedposttags ) ); 141 141 } 142 142 } … … 173 173 EOF; 174 174 175 $this->assert Equals( $expected, wp_kses( $content, $allowedposttags ) );175 $this->assertSame( $expected, wp_kses( $content, $allowedposttags ) ); 176 176 } 177 177 … … 212 212 switch ( $k ) { 213 213 case 6: 214 $this->assert Equals( 'javascript&#0000058alert(1);', $result );214 $this->assertSame( 'javascript&#0000058alert(1);', $result ); 215 215 break; 216 216 case 12: 217 $this->assert Equals( str_replace( '&', '&', $x ), $result );217 $this->assertSame( str_replace( '&', '&', $x ), $result ); 218 218 break; 219 219 case 22: 220 $this->assert Equals( 'javascript&#0000058alert(1);', $result );220 $this->assertSame( 'javascript&#0000058alert(1);', $result ); 221 221 break; 222 222 case 23: 223 $this->assert Equals( 'javascript&#0000058alert(1)//?:', $result );223 $this->assertSame( 'javascript&#0000058alert(1)//?:', $result ); 224 224 break; 225 225 case 24: 226 $this->assert Equals( 'feed:alert(1)', $result );226 $this->assertSame( 'feed:alert(1)', $result ); 227 227 break; 228 228 case 26: 229 $this->assert Equals( 'javascript&#58alert(1)', $result );229 $this->assertSame( 'javascript&#58alert(1)', $result ); 230 230 break; 231 231 case 27: 232 $this->assert Equals( 'javascript&#x3ax=1;alert(1)', $result );232 $this->assertSame( 'javascript&#x3ax=1;alert(1)', $result ); 233 233 break; 234 234 default: … … 305 305 switch ( $attack->name ) { 306 306 case 'XSS Locator': 307 $this->assert Equals( '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//-->">\'>alert(String.fromCharCode(88,83,83))=&{}', $result );307 $this->assertSame( '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//-->">\'>alert(String.fromCharCode(88,83,83))=&{}', $result ); 308 308 break; 309 309 case 'XSS Quick Test': 310 $this->assert Equals( '\'\';!--"=&{()}', $result );310 $this->assertSame( '\'\';!--"=&{()}', $result ); 311 311 break; 312 312 case 'SCRIPT w/Alert()': 313 $this->assert Equals( "alert('XSS')", $result );313 $this->assertSame( "alert('XSS')", $result ); 314 314 break; 315 315 case 'SCRIPT w/Char Code': 316 $this->assert Equals( 'alert(String.fromCharCode(88,83,83))', $result );316 $this->assertSame( 'alert(String.fromCharCode(88,83,83))', $result ); 317 317 break; 318 318 case 'IMG STYLE w/expression': 319 $this->assert Equals( 'exp/*', $result );319 $this->assertSame( 'exp/*', $result ); 320 320 break; 321 321 case 'List-style-image': 322 $this->assert Equals( 'li {list-style-image: url("javascript:alert(\'XSS\')");}XSS', $result );322 $this->assertSame( 'li {list-style-image: url("javascript:alert(\'XSS\')");}XSS', $result ); 323 323 break; 324 324 case 'STYLE': 325 $this->assert Equals( "alert('XSS');", $result );325 $this->assertSame( "alert('XSS');", $result ); 326 326 break; 327 327 case 'STYLE w/background-image': 328 $this->assert Equals( '.XSS{background-image:url("javascript:alert(\'XSS\')");}<A></A>', $result );328 $this->assertSame( '.XSS{background-image:url("javascript:alert(\'XSS\')");}<A></A>', $result ); 329 329 break; 330 330 case 'STYLE w/background': 331 $this->assert Equals( 'BODY{background:url("javascript:alert(\'XSS\')")}', $result );331 $this->assertSame( 'BODY{background:url("javascript:alert(\'XSS\')")}', $result ); 332 332 break; 333 333 case 'Remote Stylesheet 2': 334 $this->assert Equals( "@import'http://ha.ckers.org/xss.css';", $result );334 $this->assertSame( "@import'http://ha.ckers.org/xss.css';", $result ); 335 335 break; 336 336 case 'Remote Stylesheet 3': 337 $this->assert Equals( '<META HTTP-EQUIV="Link" Content="; REL=stylesheet">', $result );337 $this->assertSame( '<META HTTP-EQUIV="Link" Content="; REL=stylesheet">', $result ); 338 338 break; 339 339 case 'Remote Stylesheet 4': 340 $this->assert Equals( 'BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}', $result );340 $this->assertSame( 'BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}', $result ); 341 341 break; 342 342 case 'XML data island w/CDATA': 343 $this->assert Equals( '<![CDATA[]]>', $result );343 $this->assertSame( '<![CDATA[]]>', $result ); 344 344 break; 345 345 case 'XML data island w/comment': 346 $this->assert Equals( "<I><B><IMG SRC="javas<!-- -->cript:alert('XSS')\"></B></I>", $result );346 $this->assertSame( "<I><B><IMG SRC="javas<!-- -->cript:alert('XSS')\"></B></I>", $result ); 347 347 break; 348 348 case 'XML HTML+TIME': 349 $this->assert Equals( '<t:set attributeName="innerHTML" to="XSSalert(\'XSS\')">', $result );349 $this->assertSame( '<t:set attributeName="innerHTML" to="XSSalert(\'XSS\')">', $result ); 350 350 break; 351 351 case 'Commented-out Block': 352 $this->assert Equals( "<!--[if gte IE 4]>-->\nalert('XSS');", $result );352 $this->assertSame( "<!--[if gte IE 4]>-->\nalert('XSS');", $result ); 353 353 break; 354 354 case 'Cookie Manipulation': 355 $this->assert Equals( '<META HTTP-EQUIV="Set-Cookie" Content="USERID=alert(\'XSS\')">', $result );355 $this->assertSame( '<META HTTP-EQUIV="Set-Cookie" Content="USERID=alert(\'XSS\')">', $result ); 356 356 break; 357 357 case 'SSI': 358 $this->assert Equals( '<!--#exec cmd="/bin/echo '<!--#exec cmd="/bin/echo \'=http://ha.ckers.org/xss.js>\'"-->', $result );358 $this->assertSame( '<!--#exec cmd="/bin/echo '<!--#exec cmd="/bin/echo \'=http://ha.ckers.org/xss.js>\'"-->', $result ); 359 359 break; 360 360 case 'PHP': 361 $this->assert Equals( '<? echo('alert("XSS")\'); ?>', $result );361 $this->assertSame( '<? echo('alert("XSS")\'); ?>', $result ); 362 362 break; 363 363 case 'UTF-7 Encoding': 364 $this->assert Equals( '+ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-', $result );364 $this->assertSame( '+ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-', $result ); 365 365 break; 366 366 case 'Escaping JavaScript escapes': 367 $this->assert Equals( '\";alert(\'XSS\');//', $result );367 $this->assertSame( '\";alert(\'XSS\');//', $result ); 368 368 break; 369 369 case 'STYLE w/broken up JavaScript': 370 $this->assert Equals( '@im\port\'\ja\vasc\ript:alert("XSS")\';', $result );370 $this->assertSame( '@im\port\'\ja\vasc\ript:alert("XSS")\';', $result ); 371 371 break; 372 372 case 'Null Chars 2': 373 $this->assert Equals( '&alert("XSS")', $result );373 $this->assertSame( '&alert("XSS")', $result ); 374 374 break; 375 375 case 'No Closing Script Tag': 376 $this->assert Equals( '<SCRIPT SRC=http://ha.ckers.org/xss.js', $result );376 $this->assertSame( '<SCRIPT SRC=http://ha.ckers.org/xss.js', $result ); 377 377 break; 378 378 case 'Half-Open HTML/JavaScript': 379 $this->assert Equals( '<IMG SRC="javascript:alert('XSS')"', $result );379 $this->assertSame( '<IMG SRC="javascript:alert('XSS')"', $result ); 380 380 break; 381 381 case 'Double open angle brackets': 382 $this->assert Equals( '<IFRAME SRC=http://ha.ckers.org/scriptlet.html <', $result );382 $this->assertSame( '<IFRAME SRC=http://ha.ckers.org/scriptlet.html <', $result ); 383 383 break; 384 384 case 'Extraneous Open Brackets': 385 $this->assert Equals( '<alert("XSS");//<', $result );385 $this->assertSame( '<alert("XSS");//<', $result ); 386 386 break; 387 387 case 'Malformed IMG Tags': 388 $this->assert Equals( 'alert("XSS")">', $result );388 $this->assertSame( 'alert("XSS")">', $result ); 389 389 break; 390 390 case 'No Quotes/Semicolons': 391 $this->assert Equals( "a=/XSS/\nalert(a.source)", $result );391 $this->assertSame( "a=/XSS/\nalert(a.source)", $result ); 392 392 break; 393 393 case 'Evade Regex Filter 1': 394 $this->assert Equals( '" SRC="http://ha.ckers.org/xss.js">', $result );394 $this->assertSame( '" SRC="http://ha.ckers.org/xss.js">', $result ); 395 395 break; 396 396 case 'Evade Regex Filter 4': 397 $this->assert Equals( '\'" SRC="http://ha.ckers.org/xss.js">', $result );397 $this->assertSame( '\'" SRC="http://ha.ckers.org/xss.js">', $result ); 398 398 break; 399 399 case 'Evade Regex Filter 5': 400 $this->assert Equals( '` SRC="http://ha.ckers.org/xss.js">', $result );400 $this->assertSame( '` SRC="http://ha.ckers.org/xss.js">', $result ); 401 401 break; 402 402 case 'Filter Evasion 1': 403 $this->assert Equals( 'document.write("<SCRI");PT SRC="http://ha.ckers.org/xss.js">', $result );403 $this->assertSame( 'document.write("<SCRI");PT SRC="http://ha.ckers.org/xss.js">', $result ); 404 404 break; 405 405 case 'Filter Evasion 2': 406 $this->assert Equals( '\'>" SRC="http://ha.ckers.org/xss.js">', $result );406 $this->assertSame( '\'>" SRC="http://ha.ckers.org/xss.js">', $result ); 407 407 break; 408 408 default: … … 426 426 global $allowedposttags, $allowedtags, $allowedentitynames; 427 427 428 $this->assert Equals( $allowedposttags, wp_kses_allowed_html( 'post' ) );428 $this->assertSame( $allowedposttags, wp_kses_allowed_html( 'post' ) ); 429 429 430 430 $tags = wp_kses_allowed_html( 'post' ); … … 437 437 } 438 438 439 $this->assert Equals( $allowedtags, wp_kses_allowed_html( 'data' ) );440 $this->assert Equals( $allowedtags, wp_kses_allowed_html( '' ) );441 $this->assert Equals( $allowedtags, wp_kses_allowed_html() );439 $this->assertSame( $allowedtags, wp_kses_allowed_html( 'data' ) ); 440 $this->assertSame( $allowedtags, wp_kses_allowed_html( '' ) ); 441 $this->assertSame( $allowedtags, wp_kses_allowed_html() ); 442 442 443 443 $tags = wp_kses_allowed_html( 'user_description' ); … … 447 447 $this->assertFalse( isset( $tags['a']['rel'] ) ); 448 448 449 $this->assert Equals( array(), wp_kses_allowed_html( 'strip' ) );449 $this->assertSame( array(), wp_kses_allowed_html( 'strip' ) ); 450 450 451 451 $custom_tags = array( … … 459 459 ); 460 460 461 $this->assert Equals( $custom_tags, wp_kses_allowed_html( $custom_tags ) );461 $this->assertSame( $custom_tags, wp_kses_allowed_html( $custom_tags ) ); 462 462 463 463 add_filter( 'wp_kses_allowed_html', array( $this, '_wp_kses_allowed_html_filter' ), 10, 2 ); 464 464 465 $this->assert Equals( array( 'a' => array( 'href' => true ) ), wp_kses_allowed_html( 'post' ) );466 $this->assert Equals( array( 'a' => array( 'href' => false ) ), wp_kses_allowed_html( 'data' ) );465 $this->assertSame( array( 'a' => array( 'href' => true ) ), wp_kses_allowed_html( 'post' ) ); 466 $this->assertSame( array( 'a' => array( 'href' => false ) ), wp_kses_allowed_html( 'data' ) ); 467 467 468 468 remove_filter( 'wp_kses_allowed_html', array( $this, '_wp_kses_allowed_html_filter' ) ); 469 $this->assert Equals( $allowedposttags, wp_kses_allowed_html( 'post' ) );470 $this->assert Equals( $allowedtags, wp_kses_allowed_html( 'data' ) );469 $this->assertSame( $allowedposttags, wp_kses_allowed_html( 'post' ) ); 470 $this->assertSame( $allowedtags, wp_kses_allowed_html( 'data' ) ); 471 471 } 472 472 … … 481 481 482 482 $expect_valid_string = '<hyphenated-tag attribute="value">Alot of hyphens.</hyphenated-tag>'; 483 $this->assert Equals( $expect_stripped_string, wp_kses_post( $string ) );484 $this->assert Equals( $expect_valid_string, wp_kses( $string, $custom_tags ) );483 $this->assertSame( $expect_stripped_string, wp_kses_post( $string ) ); 484 $this->assertSame( $expect_valid_string, wp_kses( $string, $custom_tags ) ); 485 485 } 486 486 … … 489 489 */ 490 490 public function test_wp_kses_normalize_entities() { 491 $this->assert Equals( '♠', wp_kses_normalize_entities( '♠' ) );492 493 $this->assert Equals( '¹', wp_kses_normalize_entities( '¹' ) );494 $this->assert Equals( '²', wp_kses_normalize_entities( '²' ) );495 $this->assert Equals( '³', wp_kses_normalize_entities( '³' ) );496 $this->assert Equals( '¼', wp_kses_normalize_entities( '¼' ) );497 $this->assert Equals( '½', wp_kses_normalize_entities( '½' ) );498 $this->assert Equals( '¾', wp_kses_normalize_entities( '¾' ) );499 $this->assert Equals( '∴', wp_kses_normalize_entities( '∴' ) );491 $this->assertSame( '♠', wp_kses_normalize_entities( '♠' ) ); 492 493 $this->assertSame( '¹', wp_kses_normalize_entities( '¹' ) ); 494 $this->assertSame( '²', wp_kses_normalize_entities( '²' ) ); 495 $this->assertSame( '³', wp_kses_normalize_entities( '³' ) ); 496 $this->assertSame( '¼', wp_kses_normalize_entities( '¼' ) ); 497 $this->assertSame( '½', wp_kses_normalize_entities( '½' ) ); 498 $this->assertSame( '¾', wp_kses_normalize_entities( '¾' ) ); 499 $this->assertSame( '∴', wp_kses_normalize_entities( '∴' ) ); 500 500 } 501 501 … … 509 509 global $allowedposttags; 510 510 511 return $this->assert Equals( $output, wp_kses( $input, $allowedposttags ) );511 return $this->assertSame( $output, wp_kses( $input, $allowedposttags ) ); 512 512 } 513 513 … … 546 546 global $allowedposttags; 547 547 548 return $this->assert Equals( $output, wp_kses( $input, $allowedposttags ) );548 return $this->assertSame( $output, wp_kses( $input, $allowedposttags ) ); 549 549 } 550 550 … … 596 596 */ 597 597 function test_hair_parse( $input, $output ) { 598 return $this->assert Equals( $output, wp_kses_hair_parse( $input ) );598 return $this->assertSame( $output, wp_kses_hair_parse( $input ) ); 599 599 } 600 600 … … 662 662 */ 663 663 function test_attr_parse( $input, $output ) { 664 return $this->assert Equals( $output, wp_kses_attr_parse( $input ) );664 return $this->assertSame( $output, wp_kses_attr_parse( $input ) ); 665 665 } 666 666 … … 720 720 */ 721 721 function test_one_attr( $element, $input, $output ) { 722 return $this->assert Equals( $output, wp_kses_one_attr( $input, $element ) );722 return $this->assertSame( $output, wp_kses_one_attr( $input, $element ) ); 723 723 } 724 724 … … 801 801 $input = '<p>This is <bdo dir="rtl">a BDO tag</bdo>. Weird, <bdo dir="ltr">right?</bdo></p>'; 802 802 803 $this->assert Equals( $input, wp_kses( $input, $allowedposttags ) );803 $this->assertSame( $input, wp_kses( $input, $allowedposttags ) ); 804 804 } 805 805 … … 812 812 $input = '<ol reversed="reversed"><li>Item 1</li><li>Item 2</li><li>Item 3</li></ol>'; 813 813 814 $this->assert Equals( $input, wp_kses( $input, $allowedposttags ) );814 $this->assertSame( $input, wp_kses( $input, $allowedposttags ) ); 815 815 } 816 816 … … 822 822 $attribute = 'title="foo" class="bar"'; 823 823 824 $this->assert Equals( "<{$element}>", wp_kses_attr( $element, $attribute, array( 'foo' => array() ), array() ) );824 $this->assertSame( "<{$element}>", wp_kses_attr( $element, $attribute, array( 'foo' => array() ), array() ) ); 825 825 } 826 826 … … 832 832 $attribute = 'title="foo" class="bar"'; 833 833 834 $this->assert Equals( "<{$element}>", wp_kses_attr( $element, $attribute, array( 'foo' => true ), array() ) );834 $this->assertSame( "<{$element}>", wp_kses_attr( $element, $attribute, array( 'foo' => true ), array() ) ); 835 835 } 836 836 … … 842 842 $attribute = 'title="foo" class="bar"'; 843 843 844 $this->assert Equals( "<{$element} title=\"foo\">", wp_kses_attr( $element, $attribute, array( 'foo' => array( 'title' => true ) ), array() ) );844 $this->assertSame( "<{$element} title=\"foo\">", wp_kses_attr( $element, $attribute, array( 'foo' => array( 'title' => true ) ), array() ) ); 845 845 } 846 846 … … 852 852 $attribute = 'title="foo" class="bar"'; 853 853 854 $this->assert Equals( "<{$element}>", wp_kses_attr( $element, $attribute, array( 'foo' => false ), array() ) );854 $this->assertSame( "<{$element}>", wp_kses_attr( $element, $attribute, array( 'foo' => false ), array() ) ); 855 855 } 856 856 … … 1058 1058 $expected = '<div data-foo="foo" data-bar="bar" data-two-hyphens="remains">Pens and pencils</div>'; 1059 1059 1060 $this->assert Equals( $expected, wp_kses_post( $test ) );1060 $this->assertSame( $expected, wp_kses_post( $test ) ); 1061 1061 } 1062 1062
Note: See TracChangeset
for help on using the changeset viewer.