diff options
| author | Julius Härtl <jus@bitgrid.net> | 2019-07-31 10:05:46 +0200 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2019-07-31 10:20:57 +0200 |
| commit | 47a0254bb372cf68626302175d2e5f9d0c10e73b (patch) | |
| tree | 4e7c87c80007e7a9ed863b7d18866fb2b283c061 /apps/theming/tests | |
| parent | 3f8f0f76091bf0f0fae7e602f14a3a5f225f111b (diff) | |
| download | nextcloud-server-47a0254bb372cf68626302175d2e5f9d0c10e73b.tar.gz nextcloud-server-47a0254bb372cf68626302175d2e5f9d0c10e73b.zip | |
Validate urls in theming settings and properly handle error messages
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'apps/theming/tests')
| -rw-r--r-- | apps/theming/tests/Controller/ThemingControllerTest.php | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/apps/theming/tests/Controller/ThemingControllerTest.php b/apps/theming/tests/Controller/ThemingControllerTest.php index 457e9900b5e..93a1e040b4b 100644 --- a/apps/theming/tests/Controller/ThemingControllerTest.php +++ b/apps/theming/tests/Controller/ThemingControllerTest.php @@ -123,10 +123,13 @@ class ThemingControllerTest extends TestCase { public function dataUpdateStylesheetSuccess() { return [ ['name', str_repeat('a', 250), 'Saved'], - ['url', str_repeat('a', 500), 'Saved'], + ['url', 'https://nextcloud.com/' . str_repeat('a', 478), 'Saved'], ['slogan', str_repeat('a', 500), 'Saved'], ['color', '#0082c9', 'Saved'], ['color', '#0082C9', 'Saved'], + ['color', '#0082C9', 'Saved'], + ['imprintUrl', 'https://nextcloud.com/' . str_repeat('a', 478), 'Saved'], + ['privacyUrl', 'https://nextcloud.com/' . str_repeat('a', 478), 'Saved'], ]; } @@ -175,11 +178,17 @@ class ThemingControllerTest extends TestCase { public function dataUpdateStylesheetError() { return [ ['name', str_repeat('a', 251), 'The given name is too long'], - ['url', str_repeat('a', 501), 'The given web address is too long'], + ['url', 'http://example.com/' . str_repeat('a', 501), 'The given web address is too long'], + ['url', str_repeat('a', 501), 'The given web address is not a valid URL'], + ['url', 'javascript:alert(1)', 'The given web address is not a valid URL'], ['slogan', str_repeat('a', 501), 'The given slogan is too long'], ['color', '0082C9', 'The given color is invalid'], ['color', '#0082Z9', 'The given color is invalid'], ['color', 'Nextcloud', 'The given color is invalid'], + ['imprintUrl', '0082C9', 'The given legal notice address is not a valid URL'], + ['imprintUrl', '0082C9', 'The given legal notice address is not a valid URL'], + ['imprintUrl', 'javascript:foo', 'The given legal notice address is not a valid URL'], + ['privacyUrl', '#0082Z9', 'The given privacy policy address is not a valid URL'], ]; } @@ -196,7 +205,7 @@ class ThemingControllerTest extends TestCase { ->method('set') ->with($setting, $value); $this->l10n - ->expects($this->once()) + ->expects($this->any()) ->method('t') ->will($this->returnCallback(function($str) { return $str; @@ -209,7 +218,8 @@ class ThemingControllerTest extends TestCase { 'message' => $message, ], 'status' => 'error', - ] + ], + Http::STATUS_BAD_REQUEST ); $this->assertEquals($expected, $this->themingController->updateStylesheet($setting, $value)); } |