public function testIfWillFailSanitization() { $code = file_get_contents(__DIR__ . '/layout.php'); // For dev help $t = new Tokenizer($code); $tokens = $t->getTokens(); $funcs = $t->getFunctions(); // Actual test $r = Whitelist::fly()->check($code); $this->assertFalse($r); }
public function check($code) { $list = ['ucfirst' => true, 'lcfirst' => true]; $t = new Tokenizer($code); foreach ($t->getFunctions() as $token) { if (isset($list[$token->value])) { continue; } return false; } return true; }
public function testIfWillProperlyGetVariableNameFunctionCalls() { $code = <<<'CODE' <?php $var(); $_GET['ssss']['wsss'](); $_GET['ssss'][$var](); CODE; $funcs = ['$var', "\$_GET['ssss']['wsss']", "\$_GET['ssss'][\$var]"]; $result = []; $t = new Tokenizer($code); $tokens = $t->getTokens(); foreach ($t->getFunctions() as $token) { $result[] = $token->val(); } sort($funcs); sort($result); $this->assertSame($funcs, $result); }