/** * Tests adding a new comment, testing HTML cleaning. */ public function testHTMLCleaningAddComment() { global $THEUSER; $THEUSER = new THEUSER(); $THEUSER->init(1); $comment = new COMMENT(); $data = array('epobject_id' => 1, 'body' => "This is a test comment, including http://theyworkforyou.com <a href=\"http://theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped.\n\nIt also includes <script>alert('malicious!');</script> script tags, to ensure they are stripped correctly.\n\nIt also spans multiple lines.", 'gid' => ''); $commentId = $comment->create($data); // A correctly inserted comment returns an integer $this->assertInternalType('integer', $commentId); $comment = new COMMENT($commentId); $this->assertEquals("This is a test comment, including http://theyworkforyou.com <a href=\"http://theyworkforyou.com\">links</a>, <b>bold</b>, <i>italics</i>, and stray < brackets to ensure they're not stripped.\n\nIt also includes alert('malicious!'); script tags, to ensure they are stripped correctly.\n\nIt also spans multiple lines.", $comment->body()); }
<?php include_once "../../includes/easyparliament/init.php"; $this_page = "addcomment"; // For previewing and adding a comment. // We should have post args of 'body' and 'epobject_id'. if (get_http_var("submitcomment") != '') { // We're submitting a comment. $data = array('epobject_id' => get_http_var('epobject_id'), 'body' => get_http_var('body')); $COMMENT = new COMMENT(); $success = $COMMENT->create($data); if ($success) { // $success will be the last_insert_id(). // Redirect user to the location of their new comment. // 'return_page' will be something like 'debate', so we know what page // to return to. $URL = new URL(get_http_var('return_page')); // That c=blah we're putting on the URL does nothing on the page, // BUT it makes picky browsers like Opera think it's a whole new page // so it reloads it, rather than being clever and thinking no refresh // is required. $URL->insert(array('id' => get_http_var('gid'), 'c' => $success)); header("Location: http://" . DOMAIN . $URL->generate('none') . "#c" . $success); exit; } else { // Else, $COMMENT will have printed an error message. $PAGE->page_end(); } } else { // We're previewing a comment. $PAGE->page_start();