SanitizeTest.php 15.8 KB
Newer Older
Carsten  Rose's avatar
Carsten Rose committed
1
2
3
4
5
6
7
8
9
10
<?php
/**
 * Created by PhpStorm.
 * User: crose
 * Date: 1/2/16
 * Time: 11:10 PM
 */

namespace qfq;

11
require_once(__DIR__ . '/../../qfq/helper/Sanitize.php');
Carsten  Rose's avatar
Carsten Rose committed
12
13
14
15
16
require_once(__DIR__ . '/../../qfq/exceptions/CodeException.php');


class SanitizeTest extends \PHPUnit_Framework_TestCase {

17
18
19
20
    /**
     * @throws CodeException
     * @throws UserFormException
     */
Carsten  Rose's avatar
Carsten Rose committed
21
22
23
24
25
    public function testSanitize() {

        # Violates SANITIZE class: SANITIZE string is always an empty string.
        # Access are cached: use new variables for every test.

26
27
28
        # Check ''
        $this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
        $this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
29
        $this->assertEquals('!!email!!', Sanitize::sanitize('', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
30
31
        $this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
        $this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
32
        $this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
33

Carsten  Rose's avatar
Carsten Rose committed
34
35
        # Check '1'
        $this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
36
        $this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
37
        $this->assertEquals('!!email!!', Sanitize::sanitize('1', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
38
        $this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
Carsten  Rose's avatar
Carsten Rose committed
39
        $this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
40
        $this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
Carsten  Rose's avatar
Carsten Rose committed
41
42
43

        # Check '-3'
        $this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
44
45
        $this->assertEquals('!!digit!!', Sanitize::sanitize('-3', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
        $this->assertEquals('!!email!!', Sanitize::sanitize('-3', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
46
        $this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
Carsten  Rose's avatar
Carsten Rose committed
47
        $this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
48
        $this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
Carsten  Rose's avatar
Carsten Rose committed
49
50
51

        # Check 'a'
        $this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
52
53
        $this->assertEquals('!!digit!!', Sanitize::sanitize('a', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
        $this->assertEquals('!!email!!', Sanitize::sanitize('a', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
54
        $this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
Carsten  Rose's avatar
Carsten Rose committed
55
        $this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
56
        $this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
Carsten  Rose's avatar
Carsten Rose committed
57
58
59


        # Check 'a@-_.,;Z09'
60
61
        $val = 'a@-_.,;Z09';
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
62
63
        $this->assertEquals('!!digit!!', Sanitize::sanitize($val, SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
64
65
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
66
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
Carsten  Rose's avatar
Carsten Rose committed
67
68

        # Check 'a+Z09'
69
        $val = 'a+Z09';
70
71
72
        $this->assertEquals('!!alnumx!!', Sanitize::sanitize($val, SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
        $this->assertEquals('!!digit!!', Sanitize::sanitize($val, SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
73
74
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
75
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
76
77
78
79

        # Check 'ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿ'
        $val = 'ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿ';
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
80
81
        $this->assertEquals('!!digit!!', Sanitize::sanitize($val, SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
82
83
84
85
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");

86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
        # Check Decimal Format
        $val = '123.45';
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '5,2'));
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '10,3'));
        $this->assertEquals('', Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '4,2'));
        $this->assertEquals('', Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '5,1'));
        $val = '-123.45';
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '5,2'));
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '10,3'));
        $this->assertEquals('', Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '4,2'));
        $this->assertEquals('', Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '5,1'));
        $val = 'a.00';
        $this->assertEquals('', Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '5,2'));
        $val = '-0.1e9';
        $this->assertEquals('', Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '5,2'));
        $val = '-4';
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '5,2'));
        $val = '.42';
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL, '', '5,2'));
105
106
    }

107
108
109
110
    /**
     * @throws CodeException
     * @throws UserFormException
     */
111
    public function testSanitizeMinMax() {
112
113
114
        $msg = "SANITIZE_MIN_MAX fails";

        # Check numerical min/max
115
        $val = 56;
116
117
118
        $this->assertEquals('', Sanitize::checkMinMax($val, "0", "2"), $msg);
        $this->assertEquals($val, Sanitize::checkMinMax($val, "0", ""), $msg);
        $this->assertEquals($val, Sanitize::checkMinMax($val, "", "56"), $msg);
119

120
121
122
123
        $this->assertEquals('', Sanitize::checkMinMax($val, "57", ""), $msg);
        $this->assertEquals('', Sanitize::checkMinMax($val, "", "2" ), $msg);
        $this->assertEquals($val, Sanitize::checkMinMax($val, "0", "200"), $msg);
        $this->assertEquals($val, Sanitize::checkMinMax($val, "-100", "200"), $msg);
124

125
        $val = -56;
126
127
128
        $this->assertEquals('', Sanitize::checkMinMax($val, "0", "2"), $msg);
        $this->assertEquals('', Sanitize::checkMinMax($val, "0", "200"), $msg);
        $this->assertEquals($val, Sanitize::checkMinMax($val, "-100", "200"), $msg);
129
130

        # Check min/max dates
131
        $msg = "SANITIZE_MIN_MAX Date fails";
132
        $val = "2010-05-01";
133
134
135
136
137
        $this->assertEquals($val, Sanitize::checkMinMax($val, "2010-01-01", "2010-12-31"), $msg);
        $this->assertEquals('', Sanitize::checkMinMax($val, "2010-01-01", "2010-04-30"), $msg);
        $this->assertEquals('', Sanitize::checkMinMax($val, "2010-01-01", "2009-12-31"), $msg);
        $this->assertEquals('', Sanitize::checkMinMax($val, "2011-01-01", "2009-12-31"), $msg);
        $this->assertEquals($val, Sanitize::checkMinMax($val, "2010-05-01", "2010-05-01"), $msg);
138
139
    }

140
141
142
143
    /**
     * @throws CodeException
     * @throws UserFormException
     */
144
145
146
147
    public function testSanitizeEmail() {

        # Check
        $val = 'john';
148
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
149
150

        $val = 'john@';
151
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
152
153

        $val = 'john@doe';
154
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
155
156
157
158
159

        $val = 'john@doe.com';
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");

        $val = 'john@ doe.com';
160
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
161
162

        $val = '<john@doe.com>';
163
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
164
165

        $val = 'John Doe <john@doe.com>';
166
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
167
168
169
170
171

        $val = '_john@doe.com';
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");

        $val = 'jo*hn@doe.com';
172
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
173
174

        $val = 'jo[hn@doe.com';
175
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
176
177

        $val = 'jo\hn@doe.com';
178
        $this->assertEquals('!!email!!', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
179
180

        $val = 'jo%hn@doe.com';
Carsten  Rose's avatar
Carsten Rose committed
181
        $this->assertEquals('jo%hn@doe.com', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_ALLOW_EMAIL fails");
182
183
    }

184
185
186
187
    /**
     * @throws CodeException
     * @throws UserFormException
     */
188
189
190
191
    public function testSanitizePattern() {

        # Check
        $val = 'john';
192
193
        $this->assertEquals('!!pattern!!', Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '\d'), "SANITIZE_ALLOW_PATTERN fails");
        $this->assertEquals('!!pattern!!', Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '\s'), "SANITIZE_ALLOW_PATTERN fails");
194
195
196
197
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, 'john'), "SANITIZE_ALLOW_PATTERN fails");
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '(john)?'), "SANITIZE_ALLOW_PATTERN fails");
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '(john)*'), "SANITIZE_ALLOW_PATTERN fails");
        $this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '(John)*'), "SANITIZE_ALLOW_PATTERN fails");
Carsten  Rose's avatar
Carsten Rose committed
198
199
    }

200
201
202
203
204
205
206
207
    //[ ]  { } % & \ #
    /**
     */
    public function testSanitizeExceptionAllBut() {
        $bad = "[]{}%&\\#";
        $good = 'abCD01`~!@$^*()_+=-|":;.,<>/?\'';

        // Single
208
        $this->assertEquals('!!allbut!!', Sanitize::sanitize('[', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLOW_ALLBUT fails");
209
210
211
212
213
        $this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLOW_ALLBUT fails");


        for ($i = 0; $i < strlen($bad); $i++) {
            $str = '-' . substr($bad, $i, 1) . '-';
214
            $this->assertEquals('!!allbut!!', Sanitize::sanitize($str, SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLOW_ALLBUT fails");
215
216
217
218
219
220
221
222
        }

        for ($i = 0; $i < strlen($good); $i++) {
            $str = '-' . substr($good, $i, 1) . '-';
            $this->assertEquals($str, Sanitize::sanitize($str, SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLOW_ALLBUT fails");
        }
    }

Carsten  Rose's avatar
Carsten Rose committed
223
224
225
226
    /**
     * @expectedException \qfq\CodeException
     */
    public function testSanitizeException() {
227
        Sanitize::sanitize('Hello World', 'invalid sanitize class');
Carsten  Rose's avatar
Carsten Rose committed
228
229
    }

230
    /**
231
     * @expectedException \qfq\UserFormException
232
233
     */
    public function testSanitizeExceptionCheckFailed() {
234
        Sanitize::sanitize('string', SANITIZE_ALLOW_DIGIT, '', '', SANITIZE_EXCEPTION);
235
    }
236
237
238
239
240
241

    /**
     * Test string, numeric, array, subarray
     *
     * @throws CodeException
     */
242
    public function testNormalize() {
243

244
245
246
        // Nothing changed
        $char_A_ring = "\xC3\x85"; // 'LATIN CAPITAL LETTER 'A' WITH RING ABOVE' (U+00C5)
        $this->assertEquals($char_A_ring, Sanitize::normalize($char_A_ring), "'A' with ring above");
247

248
249
250
        // Convert "\xCC\x8A" to  "\xC3\x85"
        $char_combining_ring_above = 'A' . "\xCC\x8A";  // 'COMBINING RING ABOVE' (U+030A)
        $this->assertEquals($char_A_ring, Sanitize::normalize($char_combining_ring_above), "Combined 'A' with ring above");
251

252
253
254
        $in = [$char_A_ring, $char_combining_ring_above, $char_A_ring];
        $out = [$char_A_ring, $char_A_ring, $char_A_ring];
        $this->assertEquals($out, Sanitize::normalize($in), "Combined 'A' with ring above");
255

256
257
        $value = 0;
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');
258

259
260
        $value = '';
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');
261

262
263
        $value = 'string';
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');
264

265
266
        $value = 123.45;
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');
267

268
269
270
271
272
        $value = ['string', 'second'];
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');

        $value = ['string', 'second', 123.45];
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');
273

274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
        $value = ['string', 0, ''];
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');

        $value = ['a' => 'string', 'b' => 'second'];
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');

        $value = ['a' => 'string', 'b' => 'second', 'c' => 123.45];
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');

        $value = ['a' => 'string', 'b' => 0, 'c' => ''];
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');

        // subarray
        $value = [$value, 'a' => 'string', 'b' => 0, 'c' => ''];
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');

        // sub sub array
        $value = [$value, 'a' => 'string', 'b' => 0, 'c' => ''];
        $this->assertEquals($value, Sanitize::normalize($value), 'Check simple string');
    }
294

295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317

    /**
     * Test string, numeric, array, subarray
     *
     * @throws CodeException
     */
    public function testSafeFilename() {

        $value = '';
        $this->assertEquals($value, Sanitize::safeFilename($value), 'Empty string');

        $value = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
        $this->assertEquals($value, Sanitize::safeFilename($value), 'Alnum string');

        $value = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.pdf';
        $this->assertEquals($value, Sanitize::safeFilename($value), 'Alnum string with .');

        $value = '1ü2ö3ä4Ü5Ö6Ä7';
        $this->assertEquals('1ue2oe3ae4Ue5Oe6Ae7', Sanitize::safeFilename($value), 'Alnum string with umlaut');

        $value = '`~!@#$%^&*()_+=-[]{}\|;:\'"/?.> ,<`';
        $this->assertEquals('____________________________._____', Sanitize::safeFilename($value), 'Alnum string with umlaut');
    }
Carsten  Rose's avatar
Carsten Rose committed
318
}