-$db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
-
-print __METHOD__."\n";
-}
-
-/**
- * tearDownAfterClass
- *
- * @return void
- */
-public static function tearDownAfterClass()
-{
-global $conf,$user,$langs,$db;
-$db->rollback();
-
-print __METHOD__."\n";
-}
-
-/**
- * Init phpunit tests
- *
- * @return void
- */
-protected function setUp()
-{
-global $conf,$user,$langs,$db;
-$conf=$this->savconf;
-$user=$this->savuser;
-$langs=$this->savlangs;
-$db=$this->savdb;
-
-$conf->global->MAIN_DISABLE_ALL_MAILS=1; // If I comment/remove this lien, unit test still works alone but failed when ran from AllTest. Don't know why.
+$db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
+
+print __METHOD__."\n";
+}
+
+/**
+ * tearDownAfterClass
+ *
+ * @return void
+ */
+public static function tearDownAfterClass()
+{
+global $conf,$user,$langs,$db;
+$db->rollback();
+
+print __METHOD__."\n";
+}
+
+/**
+ * Init phpunit tests
+ *
+ * @return void
+ */
+protected function setUp()
+{
+global $conf,$user,$langs,$db;
+$conf=$this->savconf;
+$user=$this->savuser;
+$langs=$this->savlangs;
+$db=$this->savdb;
+
+$conf->global->MAIN_DISABLE_ALL_MAILS=1; // If I comment/remove this lien, unit test still works alone but failed when ran from AllTest. Don't know why.
- $this->assertTrue($ok, 'Found a $_SERVER[\'QUERY_STRING\'] without dol_escape_htmltag neither dol_string_nohtmltag around it, in file '.$file['relativename'].' ('.$val[1].'$_SERVER[\'QUERY_STRING\']). Bad.');
-
-
- // Test that first param of print_liste_field_titre is a translation key and not the translated value
- $ok=true;
- $matches=array();
- // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
- $this->assertTrue($ok, 'Found a use of print_liste_field_titre with first parameter that is a translated value instead of just the translation key in file '.$file['relativename'].'. Bad.');
-
-
- // Test we don't have <br />
- $ok=true;
- $matches=array();
- // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
- $this->assertTrue($ok, 'Found a forbidden string sequence into '.$file['relativename'].' : name="token" value="\'.$_SESSION[..., you must use a newToken() instead of $_SESSION[\'newtoken\'].');
-
-
- // Test we don't have @var array(
- $ok=true;
- $matches=array();
- // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
+ $this->assertTrue($ok, 'Found a $_SERVER[\'QUERY_STRING\'] without dol_escape_htmltag neither dol_string_nohtmltag around it, in file '.$file['relativename'].' ('.$val[1].'$_SERVER[\'QUERY_STRING\']). Bad.');
+
+
+ // Test that first param of print_liste_field_titre is a translation key and not the translated value
+ $ok=true;
+ $matches=array();
+ // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
+ $this->assertTrue($ok, 'Found a use of print_liste_field_titre with first parameter that is a translated value instead of just the translation key in file '.$file['relativename'].'. Bad.');
+
+
+ // Test we don't have <br />
+ $ok=true;
+ $matches=array();
+ // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
+ $this->assertTrue($ok, 'Found a forbidden string sequence into '.$file['relativename'].' : name="token" value="\'.$_SESSION[..., you must use a newToken() instead of $_SESSION[\'newtoken\'].');
+
+
+ // Test we don't have @var array(
+ $ok=true;
+ $matches=array();
+ // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
- $db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
-
- print __METHOD__."\n";
- }
-
- /**
- * tearDownAfterClass
- *
- * @return void
- */
- public static function tearDownAfterClass()
- {
- global $conf,$user,$langs,$db;
- $db->rollback();
-
- print __METHOD__."\n";
- }
-
- /**
- * Init phpunit tests
- *
- * @return void
- */
- protected function setUp()
- {
- global $conf,$user,$langs,$db;
- $conf=$this->savconf;
- $user=$this->savuser;
- $langs=$this->savlangs;
- $db=$this->savdb;
-
- print __METHOD__."\n";
- //print $db->getVersion()."\n";
- }
- /**
- * End phpunit tests
- *
- * @return void
- */
- protected function tearDown()
- {
- print __METHOD__."\n";
- }
-
- /**
- * testCommandeFournisseurCreate
- *
- * @return int ID of purchase order
- */
- public function testCommandeFournisseurCreate()
- {
- global $conf,$user,$langs,$db;
- $conf=$this->savconf;
- $user=$this->savuser;
- $langs=$this->savlangs;
- $db=$this->savdb;
-
- // Set supplier and product to use
- $socid=1;
- $societe=new Societe($db);
- $societe->fetch($socid);
- $product=new ProductFournisseur($db);
- $product->fetch(0, 'PIDRESS');
- if ($product->id <= 0) { print "\n".__METHOD__." A product with ref PIDRESS must exists into database"; die(); }
-
- $quantity=10;
- $ref_fourn='SUPPLIER_REF_PHPUNIT';
- $tva_tx=19.6;
-
- // Delete existing supplier prices
- // TODO
-
- // Create 1 supplier price with min qty = 10;
- $result=$product->add_fournisseur($user, $societe->id, $ref_fourn, $quantity); // This insert record with no value for price. Values are update later with update_buyprice
- $localobject3->lines=array(); // Overwrite lines of order
- $line=new CommandeFournisseurLigne($db);
- $line->desc=$langs->trans("Description")." specimen line with qty too low";
- $line->qty=1; // So lower than $quantity
- $line->subprice=100;
- $line->fk_product=$product->id;
- $line->ref_fourn=$ref_fourn;
- $localobject3->lines[]=$line;
-
- $result=$localobject3->create($user);
- print __METHOD__." result=".$result."\n";
- $this->assertGreaterThan(0, $result, 'Creation of too low quantity should be ok'); // must be id of line because there is no test on minimum quantity
-
- $sql="DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur where ref=''";
- $db->query($sql);
-
- // Create purchase order
- $localobject4=new CommandeFournisseur($db);
- $localobject4->initAsSpecimen(); // This create 5 lines of first product found for socid 1
- $localobject4->lines=array(); // Overwrite lines of order
- $line=new CommandeFournisseurLigne($db);
- $line->desc=$langs->trans("Description")." specimen line ok";
- $line->qty=10; // So enough quantity
- $line->subprice=100;
- $line->fk_product=$product->id;
- $line->ref_fourn=$ref_fourn;
- $localobject4->lines[]=$line;
-
- $result=$localobject4->create($user);
- print __METHOD__." id for purchase order created by testCommandeFournisseurCreate = ".$result."\n";
- $this->assertGreaterThan(0, $result, 'Test to create a purchase order by testCommandeFournisseurCreate');
-
- return $result;
- }
-
-
- /**
- * testCommandeFournisseurFetch
- *
- * @param int $id Id of purchase order
- * @return CommandeFournisseur Purchase order
- *
- * @depends testCommandeFournisseurCreate
- * The depends says test is run only if previous is ok
- */
- public function testCommandeFournisseurFetch($id)
+ $db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
+
+ print __METHOD__."\n";
+ }
+
+ /**
+ * tearDownAfterClass
+ *
+ * @return void
+ */
+ public static function tearDownAfterClass()
+ {
+ global $conf,$user,$langs,$db;
+ $db->rollback();
+
+ print __METHOD__."\n";
+ }
+
+ /**
+ * Init phpunit tests
+ *
+ * @return void
+ */
+ protected function setUp()
+ {
+ global $conf,$user,$langs,$db;
+ $conf=$this->savconf;
+ $user=$this->savuser;
+ $langs=$this->savlangs;
+ $db=$this->savdb;
+
+ print __METHOD__."\n";
+ //print $db->getVersion()."\n";
+ }
+ /**
+ * End phpunit tests
+ *
+ * @return void
+ */
+ protected function tearDown()
+ {
+ print __METHOD__."\n";
+ }
+
+ /**
+ * testCommandeFournisseurCreate
+ *
+ * @return int ID of purchase order
+ */
+ public function testCommandeFournisseurCreate()
+ {
+ global $conf,$user,$langs,$db;
+ $conf=$this->savconf;
+ $user=$this->savuser;
+ $langs=$this->savlangs;
+ $db=$this->savdb;
+
+ // Set supplier and product to use
+ $socid=1;
+ $societe=new Societe($db);
+ $societe->fetch($socid);
+ $product=new ProductFournisseur($db);
+ $product->fetch(0, 'PIDRESS');
+ if ($product->id <= 0) {
+ print "\n".__METHOD__." A product with ref PIDRESS must exists into database"; die();
+ }
+
+ $quantity=10;
+ $ref_fourn='SUPPLIER_REF_PHPUNIT';
+ $tva_tx=19.6;
+
+ // Delete existing supplier prices
+ // TODO
+
+ // Create 1 supplier price with min qty = 10;
+ $result=$product->add_fournisseur($user, $societe->id, $ref_fourn, $quantity); // This insert record with no value for price. Values are update later with update_buyprice
+ $localobject3->lines=array(); // Overwrite lines of order
+ $line=new CommandeFournisseurLigne($db);
+ $line->desc=$langs->trans("Description")." specimen line with qty too low";
+ $line->qty=1; // So lower than $quantity
+ $line->subprice=100;
+ $line->fk_product=$product->id;
+ $line->ref_fourn=$ref_fourn;
+ $localobject3->lines[]=$line;
+
+ $result=$localobject3->create($user);
+ print __METHOD__." result=".$result."\n";
+ $this->assertGreaterThan(0, $result, 'Creation of too low quantity should be ok'); // must be id of line because there is no test on minimum quantity
+
+ $sql="DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur where ref=''";
+ $db->query($sql);
+
+ // Create purchase order
+ $localobject4=new CommandeFournisseur($db);
+ $localobject4->initAsSpecimen(); // This create 5 lines of first product found for socid 1
+ $localobject4->lines=array(); // Overwrite lines of order
+ $line=new CommandeFournisseurLigne($db);
+ $line->desc=$langs->trans("Description")." specimen line ok";
+ $line->qty=10; // So enough quantity
+ $line->subprice=100;
+ $line->fk_product=$product->id;
+ $line->ref_fourn=$ref_fourn;
+ $localobject4->lines[]=$line;
+
+ $result=$localobject4->create($user);
+ print __METHOD__." id for purchase order created by testCommandeFournisseurCreate = ".$result."\n";
+ $this->assertGreaterThan(0, $result, 'Test to create a purchase order by testCommandeFournisseurCreate');
+
+ return $result;
+ }
+
+
+ /**
+ * testCommandeFournisseurFetch
+ *
+ * @param int $id Id of purchase order
+ * @return CommandeFournisseur Purchase order
+ *
+ * @depends testCommandeFournisseurCreate
+ * The depends says test is run only if previous is ok
+ */
+ public function testCommandeFournisseurFetch($id)
@@ -74,139 +73,139 @@ class DateLibTzFranceTest extends PHPUnit\Framework\TestCase
print "\n";
print "\n";
}
}
-/**
- * setUpBeforeClass
- *
- * @return void
- */
-public static function setUpBeforeClass()
-{
- global $conf,$user,$langs,$db;
-
- if (getServerTimeZoneString() != 'Europe/Paris') {
- print "\n".__METHOD__." This PHPUnit test can be launched manually only onto a server with PHP timezone set to TZ+1 Europe/Paris, not a TZ=".getServerTimeZoneString().".\n"; die();
- }
-
- $db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
-
- print __METHOD__."\n";
-}
-
-/**
- * tearDownAfterClass
- *
- * @return void
- */
-public static function tearDownAfterClass()
-{
- global $conf,$user,$langs,$db;
+/**
+ * setUpBeforeClass
+ *
+ * @return void
+ */
+public static function setUpBeforeClass()
+{
+ global $conf,$user,$langs,$db;
+
+ if (getServerTimeZoneString() != 'Europe/Paris') {
+ print "\n".__METHOD__." This PHPUnit test can be launched manually only onto a server with PHP timezone set to TZ+1 Europe/Paris, not a TZ=".getServerTimeZoneString().".\n"; die();
+ }
+
+ $db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
+
+ print __METHOD__."\n";
+}
+
+/**
+ * tearDownAfterClass
+ *
+ * @return void
+ */
+public static function tearDownAfterClass()
+{
+ global $conf,$user,$langs,$db;
$db->rollback();
$db->rollback();
print __METHOD__."\n";
print __METHOD__."\n";
-}
+}
/**
/**
* Init phpunit tests
* Init phpunit tests
*
*
* @return void
* @return void
*/
*/
-protected function setUp()
-{
- global $conf,$user,$langs,$db;
+protected function setUp()
+{
+ global $conf,$user,$langs,$db;
$conf=$this->savconf;
$conf=$this->savconf;
$user=$this->savuser;
$user=$this->savuser;
$langs=$this->savlangs;
$langs=$this->savlangs;
$db=$this->savdb;
$db=$this->savdb;
print __METHOD__."\n";
print __METHOD__."\n";
-}
+}
/**
/**
* End phpunit tests
* End phpunit tests
*
*
* @return void
* @return void
*/
*/
-protected function tearDown()
-{
- print __METHOD__."\n";
-}
-
-/**
- * testDolPrintDateTzFrance
- * Same than official testDolPrintDate but with parameter tzoutput that is false='tzserver'.
- * This test works only onto a server using TZ+1 Europe/Paris.
- *
- * You can use http://www.epochconverter.com/ to generate more tests.
- $result=dol_delete_dir_recursive($dirout, $count); // If it has no permission to delete, it will fails as if dir does not exists, so we can't test it
- print __METHOD__." result=".$result."\n";
- $this->assertGreaterThanOrEqual(0, $result);
-
- $count=0;
- $countdeleted=0;
- $result=dol_delete_dir_recursive($dirout, $count, 1, 0, $countdeleted); // If it has no permission to delete, it will fails as if dir does not exists, so we can't test it
- $result=dol_delete_dir_recursive($dirout2, $count, 1, 0, $countdeleted); // If it has no permission to delete, it will fails as if dir does not exists, so we can't test it
-$this->assertEquals(0, count($result), "Pb with dol_uncompress_file of file ".$fileout);
-}
-
-/**
- * testDolDirList
- *
- * @return void
- *
- * @depends testDolCompressUnCompress
- * The depends says test is run only if previous is ok
- */
-public function testDolDirList()
-{
-global $conf,$user,$langs,$db;
-
-// Scan dir to guaruante we on't have library jquery twice (we accept exception of duplicte into ckeditor because all dir is removed for debian package, so there is no duplicate).
+ $result=dol_delete_dir_recursive($dirout, $count); // If it has no permission to delete, it will fails as if dir does not exists, so we can't test it
+ print __METHOD__." result=".$result."\n";
+ $this->assertGreaterThanOrEqual(0, $result);
+
+ $count=0;
+ $countdeleted=0;
+ $result=dol_delete_dir_recursive($dirout, $count, 1, 0, $countdeleted); // If it has no permission to delete, it will fails as if dir does not exists, so we can't test it
+ $result=dol_delete_dir_recursive($dirout2, $count, 1, 0, $countdeleted); // If it has no permission to delete, it will fails as if dir does not exists, so we can't test it
+$this->assertEquals(0, count($result), "Pb with dol_uncompress_file of file ".$fileout);
+}
+
+/**
+ * testDolDirList
+ *
+ * @return void
+ *
+ * @depends testDolCompressUnCompress
+ * The depends says test is run only if previous is ok
+ */
+public function testDolDirList()
+{
+global $conf,$user,$langs,$db;
+
+// Scan dir to guaruante we on't have library jquery twice (we accept exception of duplicte into ckeditor because all dir is removed for debian package, so there is no duplicate).
- $result=dol_mktime(2, 1, 1, 1, 1, 1970, 1); // 1970-01-01 02:01:01 in GMT area -> 7261
- print __METHOD__." result=".$result."\n";
- $this->assertEquals(7261, $result);
-
- $result=dol_mktime(2, 0, 0, 1, 1, 1970, 0); // 1970-01-01 02:00:00 = 7200 in local area Europe/Paris = 3600 GMT
- print __METHOD__." result=".$result."\n";
- $tz=getServerTimeZoneInt('winter'); // +1 in Europe/Paris at this time (this time is winter)
- $this->assertEquals(7200-($tz*3600), $result); // 7200 if we are at greenwich winter, 7200-($tz*3600) at local winter
-
- // Some test for local TZ Europe/Paris
- date_default_timezone_set('Europe/Paris');
-
- // Check that tz for paris in winter is used
- $result=dol_mktime(2, 0, 0, 1, 1, 1970, 'server'); // 1970-01-01 02:00:00 = 7200 in local area Europe/Paris = 3600 GMT
- print __METHOD__." result=".$result."\n";
- $this->assertEquals(3600, $result); // 7200 if we are at greenwich winter, 3600 at Europe/Paris
-
- // Check that daylight saving time is used
- $result=dol_mktime(2, 0, 0, 6, 1, 2014, 0); // 2014-06-01 02:00:00 = 1401588000-3600(location)-3600(daylight) in local area Europe/Paris = 1401588000 GMT
- print __METHOD__." result=".$result."\n";
- $this->assertEquals(1401588000-3600-3600, $result); // 1401588000 are at greenwich summer, 1401588000-3600(location)-3600(daylight) at Europe/Paris summer
-
- date_default_timezone_set($savtz);
- }
-
-
- /**
- * testDolEscapeJs
- *
- * @return void
- */
- public function testDolEscapeJs()
- {
- $input="x&<b>#</b>,\"'"; // " will be converted into '
+ $result=dol_mktime(2, 1, 1, 1, 1, 1970, 1); // 1970-01-01 02:01:01 in GMT area -> 7261
+ print __METHOD__." result=".$result."\n";
+ $this->assertEquals(7261, $result);
+
+ $result=dol_mktime(2, 0, 0, 1, 1, 1970, 0); // 1970-01-01 02:00:00 = 7200 in local area Europe/Paris = 3600 GMT
+ print __METHOD__." result=".$result."\n";
+ $tz=getServerTimeZoneInt('winter'); // +1 in Europe/Paris at this time (this time is winter)
+ $this->assertEquals(7200-($tz*3600), $result); // 7200 if we are at greenwich winter, 7200-($tz*3600) at local winter
+
+ // Some test for local TZ Europe/Paris
+ date_default_timezone_set('Europe/Paris');
+
+ // Check that tz for paris in winter is used
+ $result=dol_mktime(2, 0, 0, 1, 1, 1970, 'server'); // 1970-01-01 02:00:00 = 7200 in local area Europe/Paris = 3600 GMT
+ print __METHOD__." result=".$result."\n";
+ $this->assertEquals(3600, $result); // 7200 if we are at greenwich winter, 3600 at Europe/Paris
+
+ // Check that daylight saving time is used
+ $result=dol_mktime(2, 0, 0, 6, 1, 2014, 0); // 2014-06-01 02:00:00 = 1401588000-3600(location)-3600(daylight) in local area Europe/Paris = 1401588000 GMT
+ print __METHOD__." result=".$result."\n";
+ $this->assertEquals(1401588000-3600-3600, $result); // 1401588000 are at greenwich summer, 1401588000-3600(location)-3600(daylight) at Europe/Paris summer
+
+ date_default_timezone_set($savtz);
+ }
+
+
+ /**
+ * testDolEscapeJs
+ *
+ * @return void
+ */
+ public function testDolEscapeJs()
+ {
+ $input="x&<b>#</b>,\"'"; // " will be converted into '
- print __METHOD__." result trans FilterOnInto = ".$result."\n";
- $this->assertEquals($result, "Search criteria '<b><input autofocus onfocus='alert(1337)' <--!</b>' into fields ", 'Result of lang->trans must have original translation string with its original HTML tag, but inserted values must be fully encoded.');
+ print __METHOD__." result trans FilterOnInto = ".$result."\n";
+ $this->assertEquals($result, "Search criteria '<b><input autofocus onfocus='alert(1337)' <--!</b>' into fields ", 'Result of lang->trans must have original translation string with its original HTML tag, but inserted values must be fully encoded.');
+$this->assertEquals($result, "-- ALTER TABLE llx_table CHANGE COLUMN oldname newname varchar(60); replaced by --\nALTER TABLE llx_table RENAME COLUMN oldname TO newname");
-$sql="ALTER TABLE llx_table DROP COLUMN oldname;";
-$result=DoliDBPgsql::convertSQLFromMysql($sql);
-print __METHOD__." result=".$result."\n";
-$this->assertEquals($result, $sql);
+$sql="ALTER TABLE llx_table DROP COLUMN oldname;";
+$result=DoliDBPgsql::convertSQLFromMysql($sql);
+print __METHOD__." result=".$result."\n";
+$this->assertEquals($result, $sql);
-$sql="ALTER TABLE llx_table MODIFY name varchar(60);";
-$result=DoliDBPgsql::convertSQLFromMysql($sql);
-print __METHOD__." result=".$result."\n";
-$this->assertEquals($result, "-- ALTER TABLE llx_table MODIFY name varchar(60); replaced by --\nALTER TABLE llx_table ALTER COLUMN name TYPE varchar(60);");
+$sql="ALTER TABLE llx_table MODIFY name varchar(60);";
+$result=DoliDBPgsql::convertSQLFromMysql($sql);
+print __METHOD__." result=".$result."\n";
+$this->assertEquals($result, "-- ALTER TABLE llx_table MODIFY name varchar(60); replaced by --\nALTER TABLE llx_table ALTER COLUMN name TYPE varchar(60);");
-// 10 * 10 HT - 0% discount with 10% vat and 0% localtax1 type 3, 19% localtax2 type 5 (method we provide value), we provide a service and not a product
-// 10 * 10 HT - 0% discount with 10% vat and 0% localtax1 type 3, 21% localtax2 type 5 (other method autodetect), we provide a service and not a product
-// 10 * 10 HT - 0% discount with 10% vat and 0% localtax1 type 3, 21% localtax2 type 5 (other method autodetect), we provide a product and not a service
-// Credit Note: 10 * -10 HT - 0% discount with 10% vat and 0% localtax1 type 3, 19% localtax2 type 5 (method we provide value), we provide a product and not a service
-// Credit Note: 10 * -10 HT - 0% discount with 10% vat and 1.4% localtax1 type 3, 0% localtax2 type 5 (other method autodetect), we provide a service and not a product
+// 10 * 10 HT - 0% discount with 10% vat and 0% localtax1 type 3, 19% localtax2 type 5 (method we provide value), we provide a service and not a product
+// 10 * 10 HT - 0% discount with 10% vat and 0% localtax1 type 3, 21% localtax2 type 5 (other method autodetect), we provide a service and not a product
+// 10 * 10 HT - 0% discount with 10% vat and 0% localtax1 type 3, 21% localtax2 type 5 (other method autodetect), we provide a product and not a service
+// Credit Note: 10 * -10 HT - 0% discount with 10% vat and 0% localtax1 type 3, 19% localtax2 type 5 (method we provide value), we provide a product and not a service
+// Credit Note: 10 * -10 HT - 0% discount with 10% vat and 1.4% localtax1 type 3, 0% localtax2 type 5 (other method autodetect), we provide a service and not a product
@@ -231,262 +246,262 @@ class SecurityTest extends PHPUnit\Framework\TestCase
ga(\'send\', \'pageview\');
ga(\'send\', \'pageview\');
</script>';
</script>';
- $result=testSqlAndScriptInject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
-
- $test="<IMG SRC=\"jav\tascript:alert('XSS');\">"; // Is locked by some browser like chrome because the default directive no-referrer-when-downgrade is sent when requesting the SRC and then refused because of browser protection on img src load without referrer.
- $test="<IMG SRC=\"jav
ascript:alert('XSS');\">"; // Same
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject hhh');
-
- $test='Set.constructor`alert\x281\x29```';
- $result=testSqlAndScriptInject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject iii');
-
- $test="on<!-- ab\nc -->error=alert(1)";
- $result=testSqlAndScriptInject($test, 0);
- $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject jjj');
-}
-
-/**
- * testGETPOST
- *
- * @return string
- */
-public function testGETPOST()
-{
- global $conf,$user,$langs,$db;
+ $result=testSqlAndScriptInject($test, 0);
+ $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
+
+ $test="<IMG SRC=\"jav\tascript:alert('XSS');\">"; // Is locked by some browser like chrome because the default directive no-referrer-when-downgrade is sent when requesting the SRC and then refused because of browser protection on img src load without referrer.
+ $test="<IMG SRC=\"jav
ascript:alert('XSS');\">"; // Same
-$_GET["param7"]='"c:\this is a path~1\aaan" abc<bad>def</bad>';
-$_POST["param8"]="Hacker<svg onload='console.log("123")'"; // html tag is not closed so it is not detected as html tag but is still harmfull
+$_GET["param3"]='"na/b#e(pr)qq-rr\cc'; // Same than param2 + " and n
+$_GET["param7"]='"c:\this is a path~1\aaan" abc<bad>def</bad>';
+$_POST["param8"]="Hacker<svg onload='console.log("123")'"; // html tag is not closed so it is not detected as html tag but is still harmfull
- $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that resolves to a local URL'); // Test we receive an error because localtest.me is not an external URL
- $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because localtest.me is not an external URL
- $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because localtest.me is not an external URL
- $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because localtest.me is not an external URL
- $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that resolves to a local URL'); // Test we receive an error because localtest.me is not an external URL
+ $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that resolves to a local URL'); // Test we receive an error because localtest.me is not an external URL
+ $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because localtest.me is not an external URL
+ $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because localtest.me is not an external URL
+ $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because localtest.me is not an external URL
+ $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that resolves to a local URL'); // Test we receive an error because localtest.me is not an external URL
- if ($conf->global->SOCIETE_CODECLIENT_ADDON != 'mod_codeclient_monkey') { print "\n".__METHOD__." third party ref checker must be setup to 'mod_codeclient_monkey' not to '".$conf->global->SOCIETE_CODECLIENT_ADDON."'.\n"; die(); }
-
- if (! empty($conf->global->MAIN_DISABLEPROFIDRULES)) { print "\n".__METHOD__." constant MAIN_DISABLEPROFIDRULES must be empty (if a module set it, disable module).\n"; die(); }
-
- $db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
-
- print __METHOD__."\n";
- }
-
- /**
- * tearDownAfterClass
- *
- * @return void
- */
- public static function tearDownAfterClass()
- {
- global $conf,$user,$langs,$db;
- $db->rollback();
-
- print __METHOD__."\n";
- }
-
- /**
- * Init phpunit tests
- *
- * @return void
- */
- protected function setUp()
- {
- global $conf,$user,$langs,$db;
- $conf=$this->savconf;
- $user=$this->savuser;
- $langs=$this->savlangs;
- $db=$this->savdb;
-
- print __METHOD__."\n";
- }
-
- /**
- * End phpunit tests
- *
- * @return void
- */
- protected function tearDown()
- {
- print __METHOD__."\n";
- }
-
- /**
- * testSocieteCreate
- *
- * @return int
- */
- public function testSocieteCreate()
- {
- global $conf,$user,$langs,$db;
- $conf=$this->savconf;
- $user=$this->savuser;
- $langs=$this->savlangs;
- $db=$this->savdb;
-
- $localobject=new Societe($this->savdb);
- $localobject->initAsSpecimen();
- $result=$localobject->create($user);
-
- print __METHOD__." result=".$result."\n";
- $this->assertLessThanOrEqual($result, 0);
-
- return $result;
- }
-
- /**
- * testSocieteFetch
- *
- * @param int $id Company id
- * @return Societe $localobject Company
- *
- * @depends testSocieteCreate
- * The depends says test is run only if previous is ok
+ if ($conf->global->SOCIETE_CODECLIENT_ADDON != 'mod_codeclient_monkey') {
+ print "\n".__METHOD__." third party ref checker must be setup to 'mod_codeclient_monkey' not to '".$conf->global->SOCIETE_CODECLIENT_ADDON."'.\n"; die();
+ }
+
+ if (! empty($conf->global->MAIN_DISABLEPROFIDRULES)) {
+ print "\n".__METHOD__." constant MAIN_DISABLEPROFIDRULES must be empty (if a module set it, disable module).\n"; die();
+ }
+
+ $db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
+
+ print __METHOD__."\n";
+ }
+
+ /**
+ * tearDownAfterClass
+ *
+ * @return void
+ */
+ public static function tearDownAfterClass()
+ {
+ global $conf,$user,$langs,$db;
+ $db->rollback();
+
+ print __METHOD__."\n";
+ }
+
+ /**
+ * Init phpunit tests
+ *
+ * @return void
+ */
+ protected function setUp()
+ {
+ global $conf,$user,$langs,$db;
+ $conf=$this->savconf;
+ $user=$this->savuser;
+ $langs=$this->savlangs;
+ $db=$this->savdb;
+
+ print __METHOD__."\n";
+ }
+
+ /**
+ * End phpunit tests
+ *
+ * @return void
+ */
+ protected function tearDown()
+ {
+ print __METHOD__."\n";
+ }
+
+ /**
+ * testSocieteCreate
+ *
+ * @return int
+ */
+ public function testSocieteCreate()
+ {
+ global $conf,$user,$langs,$db;
+ $conf=$this->savconf;
+ $user=$this->savuser;
+ $langs=$this->savlangs;
+ $db=$this->savdb;
+
+ $localobject=new Societe($this->savdb);
+ $localobject->initAsSpecimen();
+ $result=$localobject->create($user);
+
+ print __METHOD__." result=".$result."\n";
+ $this->assertLessThanOrEqual($result, 0);
+
+ return $result;
+ }
+
+ /**
+ * testSocieteFetch
+ *
+ * @param int $id Company id
+ * @return Societe $localobject Company
+ *
+ * @depends testSocieteCreate
+ * The depends says test is run only if previous is ok