merge master into webdav-injection

author: Robin Appelman <icewind@owncloud.com> 2014-04-25 11:47:06 +0200
committer: Robin Appelman <icewind@owncloud.com> 2014-04-25 11:47:06 +0200
commit: 6c20a014eaecd19c3f68143485c6f74891ee9643 (patch)
tree: 84bd8e37536e7f28a25afd7586c209d38a25d610 /tests/lib
parent: cd0c5990f895bcdce47acf2dbf11ebadd920a404 (diff)
parent: 3fc809dfd80a296d7da922a06f9e13d446b3d3f0 (diff)
download: nextcloud-server-6c20a014eaecd19c3f68143485c6f74891ee9643.tar.gz
nextcloud-server-6c20a014eaecd19c3f68143485c6f74891ee9643.zip
3 files changed, 89 insertions, 8 deletions
diff --git a/tests/lib/share/helper.php b/tests/lib/share/helper.php
new file mode 100644
index 00000000000..367507417a0
--- /dev/null
+++ b/tests/lib/share/helper.php
@@ -0,0 +1,54 @@
+<?php
+/**
+* ownCloud
+*
+* @author Bjoern Schiessle
+* @copyright 2014 Bjoern Schiessle <schiessle@owncloud.com>
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+class Test_Share_Helper extends PHPUnit_Framework_TestCase {
+
+	public function expireDateProvider() {
+		return array(
+			// no default expire date, we take the users expire date
+			array(array('defaultExpireDateSet' => false), 2000000000, 2000010000, 2000010000),
+			// no default expire date and no user defined expire date, return false
+			array(array('defaultExpireDateSet' => false), 2000000000, null, false),
+			// unenforced expire data and no user defined expire date, take default expire date
+			array(array('defaultExpireDateSet' => true, 'expireAfterDays' => 1, 'enforceExpireDate' => false), 2000000000, null, 2000086400),
+			// enforced expire date and no user defined expire date, take default expire date
+			array(array('defaultExpireDateSet' => true, 'expireAfterDays' => 1, 'enforceExpireDate' => true), 2000000000, null, 2000086400),
+			// unenforced expire date and user defined date > default expire date, take users expire date
+			array(array('defaultExpireDateSet' => true, 'expireAfterDays' => 1, 'enforceExpireDate' => false), 2000000000, 2000100000, 2000100000),
+			// unenforced expire date and user expire date < default expire date, take users expire date
+			array(array('defaultExpireDateSet' => true, 'expireAfterDays' => 1, 'enforceExpireDate' => false), 2000000000, 2000010000, 2000010000),
+			// enforced expire date and user expire date < default expire date, take users expire date
+			array(array('defaultExpireDateSet' => true, 'expireAfterDays' => 1, 'enforceExpireDate' => true), 2000000000, 2000010000, 2000010000),
+			// enforced expire date and users expire date > default expire date, take default expire date
+			array(array('defaultExpireDateSet' => true, 'expireAfterDays' => 1, 'enforceExpireDate' => true), 2000000000, 2000100000, 2000086400),
+		);
+	}
+
+	/**
+	 * @dataProvider expireDateProvider
+	 */
+	public function testCalculateExpireDate($defaultExpireSettings, $creationTime, $userExpireDate, $expected) {
+		$result = \OC\Share\Helper::calculateExpireDate($defaultExpireSettings, $creationTime, $userExpireDate);
+		$this->assertSame($expected, $result);
+	}
+
+
+}
diff --git a/tests/lib/template.php b/tests/lib/template.php
index b4f1a4c4053..b3d0975b793 100644
--- a/tests/lib/template.php
+++ b/tests/lib/template.php
@@ -28,13 +28,23 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase {
 	}
 
 	public function testP() {
-		// FIXME: do we need more testcases?
-		$htmlString = "<script>alert('xss');</script>";
+		$badString = '<img onload="alert(1)" />';
+		ob_start();
+		p($badString);
+		$result = ob_get_clean();
+		$this->assertEquals('&lt;img onload=&quot;alert(1)&quot; /&gt;', $result);
+
+		$badString = "<script>alert('Hacked!');</script>";
 		ob_start();
-		p($htmlString);
+		p($badString);
 		$result = ob_get_clean();
+		$this->assertEquals('&lt;script&gt;alert(&#039;Hacked!&#039;);&lt;/script&gt;', $result);
 
-		$this->assertEquals("&lt;script&gt;alert(&#039;xss&#039;);&lt;/script&gt;", $result);
+		$goodString = 'This is a good string without HTML.';
+		ob_start();
+		p($goodString);
+		$result = ob_get_clean();
+		$this->assertEquals('This is a good string without HTML.', $result);
 	}
 
 	public function testPNormalString() {
diff --git a/tests/lib/util.php b/tests/lib/util.php
index ee336aa1118..c4780cc5f48 100644
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@@ -43,15 +43,32 @@ class Test_Util extends PHPUnit_Framework_TestCase {
 	}
 
 	function testSanitizeHTML() {
+		$badArray = array(
+			'While it is unusual to pass an array',
+			'this function actually <blink>supports</blink> it.',
+			'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!'
+		);
+		$goodArray = array(
+			'While it is unusual to pass an array',
+			'this function actually &lt;blink&gt;supports&lt;/blink&gt; it.',
+			'And therefore there needs to be a &lt;script&gt;alert(&quot;Unit&quot;+&#039;test&#039;)&lt;/script&gt; for it!'
+		);
+		$result = OC_Util::sanitizeHTML($badArray);
+		$this->assertEquals($goodArray, $result);
+
+		$badString = '<img onload="alert(1)" />';
+		$result = OC_Util::sanitizeHTML($badString);
+		$this->assertEquals('&lt;img onload=&quot;alert(1)&quot; /&gt;', $result);
+
 		$badString = "<script>alert('Hacked!');</script>";
 		$result = OC_Util::sanitizeHTML($badString);
-		$this->assertEquals("&lt;script&gt;alert(&#039;Hacked!&#039;);&lt;/script&gt;", $result);
+		$this->assertEquals('&lt;script&gt;alert(&#039;Hacked!&#039;);&lt;/script&gt;', $result);
 
-		$goodString = "This is an harmless string.";
+		$goodString = 'This is a good string without HTML.';
 		$result = OC_Util::sanitizeHTML($goodString);
-		$this->assertEquals("This is an harmless string.", $result);
+		$this->assertEquals('This is a good string without HTML.', $result);
 	}
-	
+
 	function testEncodePath(){
 		$component = '/§#@test%&^ä/-child';
 		$result = OC_Util::encodePath($component);
author	Robin Appelman <icewind@owncloud.com>	2014-04-25 11:47:06 +0200
committer	Robin Appelman <icewind@owncloud.com>	2014-04-25 11:47:06 +0200
commit	6c20a014eaecd19c3f68143485c6f74891ee9643 (patch)
tree	84bd8e37536e7f28a25afd7586c209d38a25d610 /tests/lib
parent	cd0c5990f895bcdce47acf2dbf11ebadd920a404 (diff)
parent	3fc809dfd80a296d7da922a06f9e13d446b3d3f0 (diff)
download	nextcloud-server-6c20a014eaecd19c3f68143485c6f74891ee9643.tar.gz nextcloud-server-6c20a014eaecd19c3f68143485c6f74891ee9643.zip