Commit 6d75b28b authored by Carsten  Rose's avatar Carsten Rose
Browse files

Sanitize.php: ALLBUT failed to detect '\'.

parent b331c952
......@@ -143,7 +143,7 @@ class Sanitize {
SANITIZE_ALLOW_MIN_MAX => '',
SANITIZE_ALLOW_MIN_MAX_DATE => '',
SANITIZE_ALLOW_PATTERN => '',
SANITIZE_ALLOW_ALLBUT => '^[^\[\]{}%&\\#]*$',
SANITIZE_ALLOW_ALLBUT => '^[^\[\]{}%&\\\\#]*$',
SANITIZE_ALLOW_ALL => '.*'
];
}
......
......@@ -30,6 +30,7 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
$this->assertEquals('', Sanitize::sanitize('', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
# Check '1'
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
......@@ -38,6 +39,7 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals('', Sanitize::sanitize('1', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
# Check '-3'
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
......@@ -46,6 +48,7 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals('', Sanitize::sanitize('-3', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
# Check 'a'
$this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
......@@ -54,6 +57,7 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals('', Sanitize::sanitize('a', SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
$this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
$this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
$this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
# Check 'a@-_.,;Z09'
......@@ -64,6 +68,7 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals('', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
$this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
$this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
$this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
# Check 'a+Z09'
$val = 'a+Z09';
......@@ -73,6 +78,7 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals('', Sanitize::sanitize($val, SANITIZE_ALLOW_EMAIL), "SANITIZE_EMAIL fails");
$this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '.*'), "SANITIZE_PATTERN fails");
$this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
$this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLBUT fails");
}
/**
......@@ -184,6 +190,29 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals($val, Sanitize::sanitize($val, SANITIZE_ALLOW_PATTERN, '(John)*'), "SANITIZE_ALLOW_PATTERN fails");
}
//[ ] { } % & \ #
/**
*/
public function testSanitizeExceptionAllBut() {
$bad = "[]{}%&\\#";
$good = 'abCD01`~!@$^*()_+=-|":;.,<>/?\'';
// Single
$this->assertEquals('', Sanitize::sanitize('[', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLOW_ALLBUT fails");
$this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLOW_ALLBUT fails");
for ($i = 0; $i < strlen($bad); $i++) {
$str = '-' . substr($bad, $i, 1) . '-';
$this->assertEquals('', Sanitize::sanitize($str, SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLOW_ALLBUT fails");
}
for ($i = 0; $i < strlen($good); $i++) {
$str = '-' . substr($good, $i, 1) . '-';
$this->assertEquals($str, Sanitize::sanitize($str, SANITIZE_ALLOW_ALLBUT), "SANITIZE_ALLOW_ALLBUT fails");
}
}
/**
* @expectedException \qfq\CodeException
*/
......@@ -225,5 +254,4 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
public function testSanitizeExceptionCheckFailed() {
Sanitize::sanitize('string', SANITIZE_ALLOW_DIGIT, '', SANATIZE_EXCEPTION);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment