public function testIfWillFailSanitization()
{
$code = file_get_contents(__DIR__ . '/layout.php');
// For dev help
$t = new Tokenizer($code);
$tokens = $t->getTokens();
$funcs = $t->getFunctions();
// Actual test
$r = Whitelist::fly()->check($code);
$this->assertFalse($r);
}
public function check($code)
{
$list = ['ucfirst' => true, 'lcfirst' => true];
$t = new Tokenizer($code);
foreach ($t->getFunctions() as $token) {
if (isset($list[$token->value])) {
continue;
}
return false;
}
return true;
}
public function testIfWillProperlyGetVariableNameFunctionCalls()
{
$code = <<<'CODE'
<?php
$var();
$_GET['ssss']['wsss']();
$_GET['ssss'][$var]();
CODE;
$funcs = ['$var', "\$_GET['ssss']['wsss']", "\$_GET['ssss'][\$var]"];
$result = [];
$t = new Tokenizer($code);
$tokens = $t->getTokens();
foreach ($t->getFunctions() as $token) {
$result[] = $token->val();
}
sort($funcs);
sort($result);
$this->assertSame($funcs, $result);
}
