<?php
/**
* This file is part of the OpenPNE package.
* (c) OpenPNE Project (http://www.openpne.jp/)
*
* For the full copyright and license information, please view the LICENSE
* file and the NOTICE file that were distributed with this source code.
*/
include dirname(__FILE__) . '/../../bootstrap/functional.php';
include dirname(__FILE__) . '/../../bootstrap/database.php';
$browser = new opTestFunctional(new opBrowser(), new lime_test(null, new lime_output_color()));
$browser->setMobile();
$browser->info('Login')->login('*****@*****.**', 'password')->isStatusCode(302)->info('/message/receiveList - CSRF')->post('/message/receiveList')->checkCSRF()->info('/message/sendList - CSRF')->post('/message/sendList')->checkCSRF()->info('/message/draftList - CSRF')->post('/message/draftList')->checkCSRF()->info('/message/dustList - CSRF')->post('/message/dustList')->checkCSRF()->info('/message/sendToFriend/id/1 - CSRF')->post('/message/sendToFriend/id/1')->checkCSRF()->info('/message/reply/id/2 - CSRF')->post('/message/reply/id/2')->checkCSRF()->info('/message/receiveList - XSS')->get('/message/receiveList')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'SendMessageData', 'subject', array('width' => 28))->end()->info('/message/sendList - XSS')->get('/message/sendList')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'SendMessageData', 'subject', array('width' => 28))->end()->info('/message/draftList - XSS')->get('/message/draftList')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'SendMessageData', 'subject', array('width' => 28))->end()->info('/message/dustList - XSS')->get('/message/dustList')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'SendMessageData', 'subject', array('width' => 28))->end()->info('/message/read/2 - XSS')->get('/message/read/2')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('SendMessageData', 'subject')->isAllEscapedData('SendMessageData', 'body')->end()->info('/message/check/1 - XSS')->get('/message/check/1')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('SendMessageData', 'subject')->isAllEscapedData('SendMessageData', 'body')->end()->info('/message/checkDelete/3 - XSS')->get('/message/checkDelete/3')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('SendMessageData', 'subject')->isAllEscapedData('SendMessageData', 'body')->end()->info('/message/sendToFriend/id/2 - XSS')->get('/message/sendToFriend/id/2')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/message/reply/id/2 - XSS')->get('/message/reply/id/2')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end();
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$test = new opTestFunctional(new sfBrowser());
$test->setMobile();
include dirname(__FILE__) . '/../../bootstrap/database.php';
$test->login('*****@*****.**', 'password');
$test->setCulture('en');
$test->get('/diary/1')->with('request')->begin()->isParameter('module', 'diary')->isParameter('action', 'show')->isParameter('id', 1)->end()->with('response')->begin()->isStatusCode(200)->end();
<?php
$app = 'mobile_frontend';
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$member1 = Doctrine::getTable('Member')->findOneByName('A');
$xssMember = Doctrine::getTable('Member')->findOneByName("<&\"'>Member.name ESCAPING HTML TEST DATA");
$xssApp = Doctrine::getTable('Application')->findOneByUrl('http://example.com/dummy4.xml');
$xssMemberApp = Doctrine::getTable('MemberApplication')->findOneByMemberIdAndApplicationId($xssMember->id, $xssApp->id);
$connection = Doctrine::getTable('Application')->getConnection();
$connection->beginTransaction();
$browser = new opBrowser();
$user = new opTestFunctional($browser, new lime_test(14, new lime_output_color()));
$user->setMobile();
$user->info('application/add')->login('*****@*****.**', 'password')->get('application/add/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end()->post('application/add/' . $xssApp->id, array())->checkCSRF();
$user->info('application/gallery')->get('application/gallery')->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end();
$user->info('application/info')->get('application/info/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->isAllEscapedData('ApplicationTranslation', 'description')->isAllEscapedData('ApplicationTranslation', 'thumbnail')->isAllEscapedData('ApplicationTranslation', 'author')->end();
$mid = $xssApp->addToMember($member1);
$user->info('application/invite')->get('application/invite/' . $mid)->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->post('application/invite/' . $mid, array())->checkCSRF();
$user->info('application/list')->login('*****@*****.**', 'password')->get('application/list')->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end();
$user->info('application/remove')->get('application/remove/' . $xssMemberApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end()->post('application/remove/' . $xssMemberApp->id, array())->checkCSRF();
$user->info('application')->get('application/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end();
$user->info('application/location')->get('application/' . $xssApp->id . '?type=cell')->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end();
$connection->rollback();
