<?php /** * This file is part of the OpenPNE package. * (c) OpenPNE Project (http://www.openpne.jp/) * * For the full copyright and license information, please view the LICENSE * file and the NOTICE file that were distributed with this source code. */ include dirname(__FILE__) . '/../../bootstrap/functional.php'; include dirname(__FILE__) . '/../../bootstrap/database.php'; $browser = new opTestFunctional(new opBrowser(), new lime_test(null, new lime_output_color())); $browser->setMobile(); $browser->info('Login')->login('*****@*****.**', 'password')->isStatusCode(302)->info('/message/receiveList - CSRF')->post('/message/receiveList')->checkCSRF()->info('/message/sendList - CSRF')->post('/message/sendList')->checkCSRF()->info('/message/draftList - CSRF')->post('/message/draftList')->checkCSRF()->info('/message/dustList - CSRF')->post('/message/dustList')->checkCSRF()->info('/message/sendToFriend/id/1 - CSRF')->post('/message/sendToFriend/id/1')->checkCSRF()->info('/message/reply/id/2 - CSRF')->post('/message/reply/id/2')->checkCSRF()->info('/message/receiveList - XSS')->get('/message/receiveList')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'SendMessageData', 'subject', array('width' => 28))->end()->info('/message/sendList - XSS')->get('/message/sendList')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'SendMessageData', 'subject', array('width' => 28))->end()->info('/message/draftList - XSS')->get('/message/draftList')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'SendMessageData', 'subject', array('width' => 28))->end()->info('/message/dustList - XSS')->get('/message/dustList')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'SendMessageData', 'subject', array('width' => 28))->end()->info('/message/read/2 - XSS')->get('/message/read/2')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('SendMessageData', 'subject')->isAllEscapedData('SendMessageData', 'body')->end()->info('/message/check/1 - XSS')->get('/message/check/1')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('SendMessageData', 'subject')->isAllEscapedData('SendMessageData', 'body')->end()->info('/message/checkDelete/3 - XSS')->get('/message/checkDelete/3')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('SendMessageData', 'subject')->isAllEscapedData('SendMessageData', 'body')->end()->info('/message/sendToFriend/id/2 - XSS')->get('/message/sendToFriend/id/2')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/message/reply/id/2 - XSS')->get('/message/reply/id/2')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end();
<?php include dirname(__FILE__) . '/../../bootstrap/functional.php'; $test = new opTestFunctional(new sfBrowser()); $test->setMobile(); include dirname(__FILE__) . '/../../bootstrap/database.php'; $test->login('*****@*****.**', 'password'); $test->setCulture('en'); $test->get('/diary/1')->with('request')->begin()->isParameter('module', 'diary')->isParameter('action', 'show')->isParameter('id', 1)->end()->with('response')->begin()->isStatusCode(200)->end();
<?php $app = 'mobile_frontend'; include dirname(__FILE__) . '/../../bootstrap/functional.php'; $member1 = Doctrine::getTable('Member')->findOneByName('A'); $xssMember = Doctrine::getTable('Member')->findOneByName("<&\"'>Member.name ESCAPING HTML TEST DATA"); $xssApp = Doctrine::getTable('Application')->findOneByUrl('http://example.com/dummy4.xml'); $xssMemberApp = Doctrine::getTable('MemberApplication')->findOneByMemberIdAndApplicationId($xssMember->id, $xssApp->id); $connection = Doctrine::getTable('Application')->getConnection(); $connection->beginTransaction(); $browser = new opBrowser(); $user = new opTestFunctional($browser, new lime_test(14, new lime_output_color())); $user->setMobile(); $user->info('application/add')->login('*****@*****.**', 'password')->get('application/add/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end()->post('application/add/' . $xssApp->id, array())->checkCSRF(); $user->info('application/gallery')->get('application/gallery')->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end(); $user->info('application/info')->get('application/info/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->isAllEscapedData('ApplicationTranslation', 'description')->isAllEscapedData('ApplicationTranslation', 'thumbnail')->isAllEscapedData('ApplicationTranslation', 'author')->end(); $mid = $xssApp->addToMember($member1); $user->info('application/invite')->get('application/invite/' . $mid)->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->post('application/invite/' . $mid, array())->checkCSRF(); $user->info('application/list')->login('*****@*****.**', 'password')->get('application/list')->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end(); $user->info('application/remove')->get('application/remove/' . $xssMemberApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end()->post('application/remove/' . $xssMemberApp->id, array())->checkCSRF(); $user->info('application')->get('application/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end(); $user->info('application/location')->get('application/' . $xssApp->id . '?type=cell')->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end(); $connection->rollback();