|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test class to test rcube_utils class
|
|
|
|
*
|
|
|
|
* @package Tests
|
|
|
|
*/
|
|
|
|
class Framework_Utils extends PHPUnit_Framework_TestCase
|
|
|
|
{
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Valid email addresses for test_valid_email()
|
|
|
|
*/
|
|
|
|
function data_valid_email()
|
|
|
|
{
|
|
|
|
return array(
|
|
|
|
array('email@domain.com', 'Valid email'),
|
|
|
|
array('firstname.lastname@domain.com', 'Email contains dot in the address field'),
|
|
|
|
array('email@subdomain.domain.com', 'Email contains dot with subdomain'),
|
|
|
|
array('firstname+lastname@domain.com', 'Plus sign is considered valid character'),
|
|
|
|
array('email@[123.123.123.123]', 'Square bracket around IP address'),
|
|
|
|
array('email@[IPv6:::1]', 'Square bracket around IPv6 address (1)'),
|
|
|
|
array('email@[IPv6:::1.2.3.4]', 'Square bracket around IPv6 address (2)'),
|
|
|
|
array('email@[IPv6:2001:2d12:c4fe:5afe::1]', 'Square bracket around IPv6 address (3)'),
|
|
|
|
array('"email"@domain.com', 'Quotes around email is considered valid'),
|
|
|
|
array('1234567890@domain.com', 'Digits in address are valid'),
|
|
|
|
array('email@domain-one.com', 'Dash in domain name is valid'),
|
|
|
|
array('_______@domain.com', 'Underscore in the address field is valid'),
|
|
|
|
array('email@domain.name', '.name is valid Top Level Domain name'),
|
|
|
|
array('email@domain.co.jp', 'Dot in Top Level Domain name also considered valid (use co.jp as example here)'),
|
|
|
|
array('firstname-lastname@domain.com', 'Dash in address field is valid'),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Invalid email addresses for test_invalid_email()
|
|
|
|
*/
|
|
|
|
function data_invalid_email()
|
|
|
|
{
|
|
|
|
return array(
|
|
|
|
array('plainaddress', 'Missing @ sign and domain'),
|
|
|
|
array('#@%^%#$@#$@#.com', 'Garbage'),
|
|
|
|
array('@domain.com', 'Missing username'),
|
|
|
|
array('Joe Smith <email@domain.com>', 'Encoded html within email is invalid'),
|
|
|
|
array('email.domain.com', 'Missing @'),
|
|
|
|
array('email@domain@domain.com', 'Two @ sign'),
|
|
|
|
array('.email@domain.com', 'Leading dot in address is not allowed'),
|
|
|
|
array('email.@domain.com', 'Trailing dot in address is not allowed'),
|
|
|
|
array('email..email@domain.com', 'Multiple dots'),
|
|
|
|
array('あいうえお@domain.com', 'Unicode char as address'),
|
|
|
|
array('email@domain.com (Joe Smith)', 'Text followed email is not allowed'),
|
|
|
|
array('email@domain', 'Missing top level domain (.com/.net/.org/etc)'),
|
|
|
|
array('email@-domain.com', 'Leading dash in front of domain is invalid'),
|
|
|
|
// array('email@domain.web', '.web is not a valid top level domain'),
|
|
|
|
array('email@123.123.123.123', 'IP address without brackets'),
|
|
|
|
array('email@2001:2d12:c4fe:5afe::1', 'IPv6 address without brackets'),
|
|
|
|
array('email@IPv6:2001:2d12:c4fe:5afe::1', 'IPv6 address without brackets (2)'),
|
|
|
|
array('email@[111.222.333.44444]', 'Invalid IP format'),
|
|
|
|
array('email@[111.222.255.257]', 'Invalid IP format (2)'),
|
|
|
|
array('email@[.222.255.257]', 'Invalid IP format (3)'),
|
|
|
|
array('email@[::1]', 'Invalid IPv6 format (1)'),
|
|
|
|
array('email@[IPv6:2001:23x2:1]', 'Invalid IPv6 format (2)'),
|
|
|
|
array('email@[IPv6:1111:2222:33333::4444:5555]', 'Invalid IPv6 format (3)'),
|
|
|
|
array('email@[IPv6:1111::3333::4444:5555]', 'Invalid IPv6 format (4)'),
|
|
|
|
array('email@domain..com', 'Multiple dot in the domain portion is invalid'),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @dataProvider data_valid_email
|
|
|
|
*/
|
|
|
|
function test_valid_email($email, $title)
|
|
|
|
{
|
|
|
|
$this->assertTrue(rcube_utils::check_email($email, false), $title);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @dataProvider data_invalid_email
|
|
|
|
*/
|
|
|
|
function test_invalid_email($email, $title)
|
|
|
|
{
|
|
|
|
$this->assertFalse(rcube_utils::check_email($email, false), $title);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Valid IP addresses for test_valid_ip()
|
|
|
|
*/
|
|
|
|
function data_valid_ip()
|
|
|
|
{
|
|
|
|
return array(
|
|
|
|
array('0.0.0.0'),
|
|
|
|
array('123.123.123.123'),
|
|
|
|
array('::'),
|
|
|
|
array('::1'),
|
|
|
|
array('::1.2.3.4'),
|
|
|
|
array('2001:2d12:c4fe:5afe::1'),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Valid IP addresses for test_invalid_ip()
|
|
|
|
*/
|
|
|
|
function data_invalid_ip()
|
|
|
|
{
|
|
|
|
return array(
|
|
|
|
array(''),
|
|
|
|
array(0),
|
|
|
|
array('123.123.123.1234'),
|
|
|
|
array('1.1.1.1.1'),
|
|
|
|
array('::1.2.3.260'),
|
|
|
|
array('::1.0'),
|
|
|
|
array('2001::c4fe:5afe::1'),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @dataProvider data_valid_ip
|
|
|
|
*/
|
|
|
|
function test_valid_ip($ip)
|
|
|
|
{
|
|
|
|
$this->assertTrue(rcube_utils::check_ip($ip));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @dataProvider data_invalid_ip
|
|
|
|
*/
|
|
|
|
function test_invalid_ip($ip)
|
|
|
|
{
|
|
|
|
$this->assertFalse(rcube_utils::check_ip($ip));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Data for test_rep_specialchars_output()
|
|
|
|
*/
|
|
|
|
function data_rep_specialchars_output()
|
|
|
|
{
|
|
|
|
return array(
|
|
|
|
array('', '', 'abc', 'abc'),
|
|
|
|
array('', '', '?', '?'),
|
|
|
|
array('', '', '"', '"'),
|
|
|
|
array('', '', '<', '<'),
|
|
|
|
array('', '', '>', '>'),
|
|
|
|
array('', '', '&', '&'),
|
|
|
|
array('', '', '&', '&amp;'),
|
|
|
|
array('', '', '<a>', '<a>'),
|
|
|
|
array('', 'remove', '<a>', ''),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test for rep_specialchars_output
|
|
|
|
* @dataProvider data_rep_specialchars_output
|
|
|
|
*/
|
|
|
|
function test_rep_specialchars_output($type, $mode, $str, $res)
|
|
|
|
{
|
|
|
|
$result = rcube_utils::rep_specialchars_output(
|
|
|
|
$str, $type ? $type : 'html', $mode ? $mode : 'strict');
|
|
|
|
|
|
|
|
$this->assertEquals($result, $res);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* rcube_utils::mod_css_styles()
|
|
|
|
*/
|
|
|
|
function test_mod_css_styles()
|
|
|
|
{
|
|
|
|
$css = file_get_contents(TESTS_DIR . 'src/valid.css');
|
|
|
|
$mod = rcube_utils::mod_css_styles($css, 'rcmbody');
|
|
|
|
|
|
|
|
$this->assertRegExp('/#rcmbody\s+\{/', $mod, "Replace body style definition");
|
|
|
|
$this->assertRegExp('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)");
|
|
|
|
$this->assertRegExp('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)");
|
|
|
|
$this->assertRegExp('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles");
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* rcube_utils::mod_css_styles()
|
|
|
|
*/
|
|
|
|
function test_mod_css_styles_xss()
|
|
|
|
{
|
|
|
|
$mod = rcube_utils::mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody');
|
|
|
|
$this->assertEquals("/* evil! */", $mod, "No url() values allowed");
|
|
|
|
|
|
|
|
$mod = rcube_utils::mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody');
|
|
|
|
$this->assertEquals("/* evil! */", $mod, "No import statements");
|
|
|
|
|
|
|
|
$mod = rcube_utils::mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody');
|
|
|
|
$this->assertEquals("/* evil! */", $mod, "No expression properties");
|
|
|
|
|
|
|
|
$mod = rcube_utils::mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody');
|
|
|
|
$this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks");
|
|
|
|
|
|
|
|
$mod = rcube_utils::mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody');
|
|
|
|
$this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)");
|
|
|
|
}
|
|
|
|
}
|