<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
include dirname(__FILE__) . '/../../bootstrap/database.php';
$browser = new opTestFunctional(new sfBrowser());
$browser->login('*****@*****.**', 'password');
// CSRF
$browser->info('/album/create - CSRF')->post('/album/create')->checkCSRF()->info('/album/update/1055 - CSRF')->post('/album/update/1055')->checkCSRF()->info('/album/delete/1055 - CSRF')->post('/album/delete/1055')->checkCSRF()->info('/member/home - XSS')->get('/member/home')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Album', 'title')->end()->info('/album - XSS')->get('/album')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(2, 'Album', 'title', array('width' => 36))->countEscapedData(2, 'Album', 'body', array('width' => 36))->end()->info('/album/listFriend - XSS')->get('/album/listFriend')->with('html_escape')->begin()->isAllEscapedData('Album', 'title')->countEscapedData(1, 'Album', 'body', array('width' => 36))->end()->info('/album/listMember - XSS')->get('/album/listMember')->with('html_escape')->begin()->isAllEscapedData('Album', 'title')->countEscapedData(1, 'Album', 'body', array('width' => 36))->end()->info('/album/1055 - XSS')->get('/album/1055')->with('html_escape')->begin()->isAllEscapedData('Album', 'title')->countEscapedData(1, 'Album', 'body', array('width' => 36))->end()->login('*****@*****.**', 'password')->info('/member/1055 - XSS')->get('/member/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Album', 'title')->end();
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$test = new opTestFunctional(new sfBrowser());
$test->setMobile();
include dirname(__FILE__) . '/../../bootstrap/database.php';
$test->login('*****@*****.**', 'password');
$test->setCulture('en');
$test->get('/diary/1')->with('request')->begin()->isParameter('module', 'diary')->isParameter('action', 'show')->isParameter('id', 1)->end()->with('response')->begin()->isStatusCode(200)->end();
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$t = new opTestFunctional(new sfBrowser());
include dirname(__FILE__) . '/../../bootstrap/database.php';
$mailAddress = '*****@*****.**';
$myFriendMailAddress = '*****@*****.**';
$notMyFriendMailAddress = 'sns5@example';
$t->login($mailAddress, 'password');
$t->setCulture('en');
$t->info('should be able to post a new diary entry');
$title = 'テストタイトル';
$body = 'テスト本文';
$publicFlag = PluginDiaryTable::PUBLIC_FLAG_SNS;
//全員に公開
$json = $t->post('/diary/post.json', array('apiKey' => 'dummyApiKey', 'title' => $title, 'body' => $body, 'public_flag' => $publicFlag))->getResponse()->getContent();
$data = json_decode($json, true);
$t->test()->is($data['status'], 'success', 'should return status code "success"');
$t->test()->ok($data['data']['id'], 'should have id');
$t->test()->ok($data['data']['member'], 'should have member info');
$t->test()->is($data['data']['title'], $title, 'should have the same title posted');
$t->test()->is($data['data']['body'], $body, 'should have the same body posted');
$t->test()->is($data['data']['public_flag'], $publicFlag, 'should have the same publid flag posted');
$t->test()->ok($data['data']['created_at'], 'should have the date posted');
$t->info('should return error when the title is empty');
$json = $t->post('/diary/post.json', array('apiKey' => 'dummyApiKey', 'title' => '', 'body' => $body, 'public_flag' => $publicFlag))->with('response')->begin()->isStatusCode('400')->end();
$json = $t->post('/diary/post.json', array('apiKey' => 'dummyApiKey', 'body' => $body, 'public_flag' => $publicFlag))->with('response')->begin()->isStatusCode('400')->end();
$t->info('should return error when the body is empty');
$json = $t->post('/diary/post.json', array('apiKey' => 'dummyApiKey', 'title' => $title, 'body' => '', 'public_flag' => $publicFlag))->with('response')->begin()->isStatusCode('400')->end();
$json = $t->post('/diary/post.json', array('apiKey' => 'dummyApiKey', 'title' => $title, 'public_flag' => $publicFlag))->with('response')->begin()->isStatusCode('400')->end();
$t->info('should return error when the public flag is empty');
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$browser = new opTestFunctional(new sfBrowser(), new lime_test(null, new lime_output_color()));
include dirname(__FILE__) . '/../../bootstrap/database.php';
$browser->login('*****@*****.**', 'password');
$browser->setCulture('en');
$browser->get('/')->with('user')->isAuthenticated();
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
include dirname(__FILE__) . '/../../bootstrap/database.php';
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$browser = new opTestFunctional(new opBrowser(), new lime_test(50, new lime_output_color()));
$browser->login('*****@*****.**', 'password')->info('/communityEvent/create - CSRF')->post('/communityEvent/create/1055')->checkCSRF()->info('/communityEvent/delete - CSRF')->post('/communityEvent/delete/1055')->checkCSRF()->info('/communityEvent/update - CSRF')->post('/communityEvent/update/1055')->checkCSRF()->info('/communityEventComment/create - CSRF')->post('/communityEvent/1055/comment/create')->checkCSRF()->info('/communityEventComment/delete - CSRF')->post('/communityEvent/comment/delete/1055')->checkCSRF()->info('/communityTopic/create - CSRF')->post('/communityTopic/create/1055')->checkCSRF()->info('/communityTopic/delete - CSRF')->post('/communityTopic/delete/1055')->checkCSRF()->info('/communityTopic/update - CSRF')->post('/communityTopic/update/1055')->checkCSRF()->info('/communityTopicComment/create - CSRF')->post('/communityTopic/1055/comment/create')->checkCSRF()->info('/communityTopicComment/delete - CSRF')->post('/communityTopic/comment/delete/1055')->checkCSRF()->info('/communityTopic/configNotificationMail - CSRF')->post('/config/communityTopicNotificationMail/1055', array('topic_notify' => array()))->followRedirect()->checkCSRF()->info('/communityEvent/edit - XSS')->get('/communityEvent/edit/1055')->with('html_escape')->begin()->isAllEscapedData('CommunityEvent', 'name')->isAllEscapedData('CommunityEvent', 'body')->isAllEscapedData('CommunityEvent', 'open_date_comment')->isAllEscapedData('CommunityEvent', 'area')->end()->info('/communityEvent/listCommunity - XSS')->get('/communityEvent/listCommunity/1055')->with('html_escape')->begin()->isAllEscapedData('CommunityEvent', 'name')->end()->info('/communityEvent/memberList - XSS')->get('/communityEvent/1055/memberList')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/communityEvent/recentlyEventList - XSS')->get('/communityEvent/recentlyEventList')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->isAllEscapedData('CommunityEvent', 'name')->end()->info('/communityEvent/show - XSS')->get('/communityEvent/1055')->with('html_escape')->begin()->isAllEscapedData('CommunityEvent', 'name')->isAllEscapedData('CommunityEvent', 'body')->isAllEscapedData('CommunityEvent', 'open_date_comment')->isAllEscapedData('CommunityEvent', 'area')->isAllEscapedData('CommunityEventComment', 'body')->isAllEscapedData('Member', 'name')->end()->info('/communityTopic/edit - XSS')->get('/communityTopic/edit/1055')->with('html_escape')->begin()->isAllEscapedData('CommunityTopic', 'name')->isAllEscapedData('CommunityTopic', 'body')->end()->info('/communityTopic/listCommunity - XSS')->get('/communityTopic/listCommunity/1055')->with('html_escape')->begin()->isAllEscapedData('CommunityTopic', 'name')->end()->info('/communityTopic/recentlyTopicList - XSS')->get('/communityTopic/recentlyTopicList')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->isAllEscapedData('CommunityTopic', 'name')->end()->info('/communityTopic/show - XSS')->get('/communityTopic/1055')->with('html_escape')->begin()->isAllEscapedData('CommunityTopic', 'name')->isAllEscapedData('CommunityTopic', 'body')->isAllEscapedData('Member', 'name')->end()->info('/communityTopic/search - XSS')->get('/communityTopic/search', array('type' => 'topic', 'keyword' => opTesterHtmlEscape::getRawTestData('CommunityTopic', 'name')))->with('html_escape')->begin()->isAllEscapedData('CommunityTopic', 'name')->countEscapedData(1, 'Community', 'name', array('width' => 36, 'etc' => '', 'rows' => 3))->countEscapedData(1, 'CommunityTopic', 'body', array('width' => 36, 'etc' => '', 'rows' => 3))->end()->get('/communityTopic/search', array('type' => 'event', 'keyword' => opTesterHtmlEscape::getRawTestData('CommunityEvent', 'name')))->with('html_escape')->begin()->isAllEscapedData('CommunityEvent', 'name')->countEscapedData(1, 'Community', 'name', array('width' => 36, 'etc' => '', 'rows' => 3))->countEscapedData(1, 'CommunityEvent', 'body', array('width' => 36, 'etc' => '', 'rows' => 3))->end()->get('/communityTopic/search/1055', array('type' => 'topic', 'keyword' => opTesterHtmlEscape::getRawTestData('CommunityTopic', 'name')))->with('html_escape')->begin()->isAllEscapedData('CommunityTopic', 'name')->countEscapedData(1, 'Community', 'name', array('width' => 36, 'etc' => '', 'rows' => 3))->countEscapedData(1, 'CommunityTopic', 'body', array('width' => 36, 'etc' => '', 'rows' => 3))->end()->get('/communityTopic/search/1055', array('type' => 'event', 'keyword' => opTesterHtmlEscape::getRawTestData('CommunityEvent', 'name')))->with('html_escape')->begin()->isAllEscapedData('CommunityEvent', 'name')->countEscapedData(1, 'Community', 'name', array('width' => 36, 'etc' => '', 'rows' => 3))->countEscapedData(1, 'CommunityEvent', 'body', array('width' => 36, 'etc' => '', 'rows' => 3))->end()->info('/communityEvent/_communityEventList, /communityTopic/_communityTopicList - XSS')->get('/community/1055')->with('html_escape')->begin()->countEscapedData(1, 'CommunityEvent', 'name', array('width' => 36))->countEscapedData(1, 'CommunityTopic', 'name', array('width' => 36))->end()->info('/communityEvent/_eventCommentListBox, /communityTopic/_topicCommentListBox - XSS')->get('/')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->countEscapedData(1, 'CommunityEvent', 'name', array('width' => 36))->countEscapedData(1, 'CommunityTopic', 'name', array('width' => 36))->end();
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$user = new opTestFunctional(new opBrowser(), new lime_test(null));
$user->info('1. Testing alien')->info('public_flag: public')->get('/community/2')->info('1-1. Alien cannot access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->begin()->isStatusCode(404)->end()->info('public_flag: open')->get('/community/3')->info('1-2. Alien can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200);
opCommunityAclBuilder::clearCache();
if (class_exists('opCommunityTopicAclBuilder')) {
opCommunityTopicAclBuilder::clearCache();
}
$user->login('*****@*****.**', 'password');
$user->info('2. Testing Community Member')->info('public_flag: public')->get('/community/2')->info('2-1. Community Member can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200)->info('public_flag: open')->get('/community/3')->info('2-2. Community Member can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200);
opCommunityAclBuilder::clearCache();
if (class_exists('opCommunityTopicAclBuilder')) {
opCommunityTopicAclBuilder::clearCache();
}
$user->login('*****@*****.**', 'password');
$user->info('3. Testing SNS Member')->info('public_flag: public')->get('/community/2')->info('3-1. SNS Member can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200)->info('public_flag: open')->get('/community/3')->info('3-2. SNS Member can access the community home')->with('request')->begin()->isParameter('module', 'community')->isParameter('action', 'home')->end()->with('response')->isStatusCode(200);
$user->login('*****@*****.**', 'password');
$user->info('community/search')->get('/community/search')->with('html_escape')->begin()->isAllEscapedData('CommunityCategory', 'name')->isAllEscapedData('Community', 'name')->countEscapedData(1, 'CommunityConfig', 'value', array('width' => 36, 'rows' => 3))->end()->info('/community/edit - CSRF')->post('/community/edit')->checkCSRF()->info('/config/communityTopicNotificationMail/1 - CSRF')->post('/config/communityTopicNotificationMail/1', array('topic_notify' => array()))->followRedirect()->checkCSRF()->info('/community/dropMember/id/1/member_id/2 - CSRF')->post('/community/dropMember/id/1/member_id/2')->checkCSRF()->info('/community/subAdminRequest/id/1/member_id/2 - CSRF')->post('/community/subAdminRequest/id/1/member_id/2', array('admin_request' => array()))->checkCSRF()->info('/community/removeSubAdmin/id/5/member_id/2 - CSRF')->post('/community/removeSubAdmin/id/5/member_id/2')->checkCSRF()->info('/community/changeAdminRequest/id/1/member_id/2 - CSRF')->post('/community/changeAdminRequest/id/1/member_id/2', array('admin_request' => array()))->checkCSRF()->info('community/delete/1 - CSRF')->post('community/delete/1', array('is_delete' => 1))->checkCSRF()->login('*****@*****.**', 'password')->info('/community/quit?id=1 - CSRF')->post('/community/quit?id=1')->checkCSRF()->login('*****@*****.**', 'password')->info('/community/join?id=1 - CSRF')->post('/community/join?id=1', array('community_join' => array()))->checkCSRF()->login('*****@*****.**', 'password')->info('/member/home - XSS')->get('/member/home')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->end()->info('/community/changeAdminRequest/id/1055/member_id/1056 - XSS')->get('/community/changeAdminRequest/id/1055/member_id/1056')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Community', 'name')->end()->info('/community/changeAdminRequest/id/1055/member_id/1056 - XSS')->get('/community/changeAdminRequest/id/1055/member_id/1056')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Community', 'name')->end()->info('/community/dropMember/id/1055/member_id/1056 - XSS')->get('/community/dropMember/id/1055/member_id/1056')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/community/joinlist - XSS')->get('/community/joinlist')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->end()->info('/community/memberList/id/1055 - XSS')->get('/community/memberList/id/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/community/memberManage/id/1055 - XSS')->get('/community/memberManage/id/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/community/search - XSS')->get('/community/search', array('community' => array('name' => 'Community.name')))->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->countEscapedData(1, 'CommunityConfig', 'value', array('width' => 36))->end()->info('/community/removeSubAdmin/id/1056/member_id/1056 - XSS')->get('/community/removeSubAdmin/id/1056/member_id/1056')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/community/1055 - XSS')->get('/community/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Community', 'name')->countEscapedData(1, 'CommunityConfig', 'value', array('width' => 36))->end()->login('*****@*****.**', 'password')->info('/community/quit/id/1055 - XSS')->get('/community/quit/id/1055')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->end()->login('*****@*****.**', 'password')->info('/community/join?id=1055 - XSS')->get('/community/join?id=1055')->with('html_escape')->begin()->isAllEscapedData('Community', 'name')->end();
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$t = new opTestFunctional(new sfBrowser());
include dirname(__FILE__) . '/../../bootstrap/database.php';
$mailAddress = '*****@*****.**';
$t->login($mailAddress, 'password');
$t->setCulture('en');
$apiKey = '?apiKey=dummyApiKey';
$t->info('for the first thing, post a entry to delete afterwords');
$title = 'テストタイトル';
$body = 'テスト本文';
$publicFlag = 1;
//全員に公開
$json = $t->post('/diary/post.json', array('apiKey' => 'dummyApiKey', 'title' => $title, 'body' => $body, 'public_flag' => $publicFlag))->getResponse()->getContent();
$data = json_decode($json, true);
$t->test()->is($data['status'], 'success', 'should return status code "success"');
$t->test()->ok($data['data']['id'], 'should have id');
$t->test()->ok($data['data']['member'], 'should have member info');
$t->test()->is($data['data']['title'], $title, 'should have the same title posted');
$t->test()->is($data['data']['body'], $body, 'should have the same body posted');
$t->test()->is($data['data']['public_flag'], $publicFlag, 'should have the same publid flag posted');
$t->test()->ok($data['data']['created_at'], 'should have the date posted');
$deleteId = $data['data']['id'];
$json = '';
$data = array();
$t->info('should be able to delete the entry');
$json = $t->post('/diary/delete.json', array('apiKey' => 'dummyApiKey', 'id' => $deleteId))->getResponse()->getContent();
$data = json_decode($json, true);
var_dump($data, $json);
$t->test()->is($data['status'], 'success', 'should return status code "success"');
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$member1 = Doctrine::getTable('Member')->findOneByName('A');
$xssMember = Doctrine::getTable('Member')->findOneByName("<&\"'>Member.name ESCAPING HTML TEST DATA");
$xssApp = Doctrine::getTable('Application')->findOneByUrl('http://example.com/dummy4.xml');
$xssMemberApp = Doctrine::getTable('MemberApplication')->findOneByMemberIdAndApplicationId($xssMember->id, $xssApp->id);
$connection = Doctrine::getTable('Application')->getConnection();
$connection->beginTransaction();
$browser = new opBrowser();
$user = new opTestFunctional($browser, new lime_test(43, new lime_output_color()));
$user->info('application/add')->login('*****@*****.**', 'password')->get('application/add/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end()->post('application/add/' . $xssApp->id, array())->checkCSRF();
$user->info('application/canvas')->login('*****@*****.**', 'password')->get('application/canvas/' . $xssMemberApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end();
$user->info('application/delete')->get('application/delete/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end()->post('application/delete/' . $xssApp->id, array())->checkCSRF();
$user->info('application/deleteConsumerSecret')->get('application/deleteConsumerSecret/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end()->post('application/deleteConsumerSecret/' . $xssApp->id, array())->checkCSRF();
$user->info('application/gallery')->get('application/gallery')->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->isAllEscapedData('ApplicationTranslation', 'description')->isAllEscapedData('ApplicationTranslation', 'thumbnail')->isAllEscapedData('ApplicationTranslation', 'author')->end();
$user->info('application/info')->get('application/info/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->isAllEscapedData('ApplicationTranslation', 'description')->isAllEscapedData('ApplicationTranslation', 'screenshot')->isAllEscapedData('ApplicationTranslation', 'thumbnail')->isAllEscapedData('ApplicationTranslation', 'author')->isAllEscapedData('ApplicationTranslation', 'author_aboutme')->isAllEscapedData('ApplicationTranslation', 'author_affiliation')->isAllEscapedData('ApplicationTranslation', 'author_photo')->isAllEscapedData('ApplicationTranslation', 'author_quote')->isAllEscapedData('Member', 'name')->end();
$user->info('application/install')->post('application/install', array())->checkCSRF();
$user->info('application/installedList')->get('application/installedList')->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->isAllEscapedData('ApplicationTranslation', 'description')->isAllEscapedData('ApplicationTranslation', 'thumbnail')->isAllEscapedData('ApplicationTranslation', 'author')->end();
$mid = $xssApp->addToMember($member1);
$user->login('*****@*****.**', 'password')->info('application/invite')->get('application/invite/' . $mid)->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end();
$user->info('application/inviteList')->setHttpHeader('X_REQUESTED_WITH', 'XMLHttpRequest')->get('application/inviteList/' . $mid)->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end();
$user->info('application/invitePost')->setHttpHeader('X_REQUESTED_WITH', 'XMLHttpRequest')->post('application/invitePost/' . $mid, array())->checkCSRF();
$user->info('application/list')->login('*****@*****.**', 'password')->get('application/list')->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->isAllEscapedData('ApplicationTranslation', 'description')->isAllEscapedData('ApplicationTranslation', 'thumbnail')->isAllEscapedData('ApplicationTranslation', 'author')->end();
$user->info('application/member')->get('application/list')->get('application/member/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end();
$user->info('application/remove')->get('application/remove/' . $xssMemberApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end()->post('application/remove/' . $xssMemberApp->id, array())->checkCSRF();
$user->info('application/setting')->get('application/setting/' . $xssMemberApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->isAllEscapedData('ApplicationTranslation', 'settings')->end()->post('application/setting/' . $xssMemberApp->id)->checkCSRF();
$user->info('application/sort')->setHttpHeader('X_REQUESTED_WITH', 'XMLHttpRequest')->post('application/sort', array())->checkCSRF();
$user->info('application/update')->post('application/update/' . $xssApp->id)->checkCSRF();
$user->info('application/updateConsumerSecret')->get('application/updateConsumerSecret/' . $xssApp->id)->with('html_escape')->begin()->isAllEscapedData('ApplicationTranslation', 'title')->end()->post('application/updateConsumerSecret/' . $xssApp->id, array())->checkCSRF();
$connection->rollback();
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$filePath = sfConfig::get('sf_web_dir') . '/images/dummy.gif';
$browser = new opTestFunctional(new opBrowser(), new lime_test(null, new lime_output_color()));
$browser->login('*****@*****.**', 'password')->info('member/configImage')->info('1. When an user tries to post more than 4 photos, he gets an error message. (ref. #3544)')->info('1st Post')->get('member/configImage')->click('アップロードする', array('member_image' => array('file' => array('name' => $filePath, 'type' => 'image/gif'))))->with('response')->begin()->isStatusCode(302)->end()->followRedirect()->info('2nd Post')->click('アップロードする', array('member_image' => array('file' => array('name' => $filePath, 'type' => 'image/gif'))))->with('response')->begin()->isStatusCode(302)->end()->followRedirect()->info('3rd Post')->click('アップロードする', array('member_image' => array('file' => array('name' => $filePath, 'type' => 'image/gif'))))->with('response')->begin()->isStatusCode(302)->end()->followRedirect()->info('4th Post')->click('アップロードする', array('member_image' => array('file' => array('name' => $filePath, 'type' => 'image/gif'))))->with('response')->begin()->isStatusCode(302)->end()->followRedirect()->with('response')->begin()->isStatusCode(200)->checkElement('#flashError td:contains("これ以上画像を追加できません。")', true)->end()->info('member/profile')->get('member/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Profile', 'caption')->isAllEscapedData('MemberProfile', 'value')->end()->info('/member/image/config - CSRF')->post('/member/image/config', $fileParams)->followRedirect()->with('response')->begin()->checkElement('#flashError td:contains("これ以上画像を追加できません。")', false)->end()->info('/member/deleteImage/member_image_id/1 - CSRF')->post('/member/deleteImage/member_image_id/1')->checkCSRF()->info('/member/edit/profile - CSRF')->post('/member/edit/profile')->checkCSRF()->info('/invite - CSRF')->post('/invite')->checkCSRF()->info('/leave - CSRF')->post('/leave')->checkCSRF()->info('/member/config?category=secretQuestion - CSRF')->post('/member/config?category=secretQuestion')->checkCSRF()->info('/member/config?category=publicFlag - CSRF')->post('/member/config?category=publicFlag')->checkCSRF()->info('/member/config?category=pcAddress - CSRF')->post('/member/config?category=pcAddress')->checkCSRF()->info('/member/config?category=mobileAddress - CSRF')->post('/member/config?category=mobileAddress')->checkCSRF()->info('/member/config?category=password - CSRF')->post('/member/config?category=password')->checkCSRF()->info('/member/config?category=accessBlock - CSRF')->post('/member/config?category=accessBlock', array('member_config' => array('ids' => array(), 'access_block' => array())))->checkCSRF()->info('/member/config?category=mail - CSRF')->post('/member/config?category=mail')->checkCSRF()->info('/member/config?category=language - CSRF')->post('/member/config?category=language')->checkCSRF()->info('/member/updateActivity - CSRF')->setHttpHeader('X_REQUESTED_WITH', 'XMLHttpRequest')->post('/member/updateActivity')->isStatusCode(500)->info('/member/changeMainImage/member_image_id/2/ - CSRF')->post('/member/changeMainImage/member_image_id/2/')->checkCSRF()->info('/member/deleteActivity/id/1 - CSRF')->post('/member/deleteActivity/id/1')->checkCSRF()->info('/member/editProfile - CSRF')->post('/member/editProfile')->checkCSRF()->info('/member/registerMobileToRegisterEnd - CSRF')->post('/member/registerMobileToRegisterEnd', array('member_config' => array()))->checkCSRF()->login('*****@*****.**', 'password')->info('/ components - XSS')->get('/')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('ActivityData', 'body')->end()->info('/member/showActivity - XSS')->get('/member/showActivity')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('ActivityData', 'body')->end()->info('/member/showAllMemberActivity - XSS')->get('/member/showAllMemberActivity')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('ActivityData', 'body')->end()->info('/member/search - XSS')->get('/member/search', array('member' => array('name' => 'Member.name')))->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/member/deleteActivity/id/1055 - CSRF')->get('/member/deleteActivity/id/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('ActivityData', 'body')->end()->info('/member/profile - XSS')->get('/member/profile')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('MemberProfile', 'value')->isAllEscapedData('ProfileOption', 'value')->end()->info('/member/home - XSS')->get('/member/home')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/ rss gadget - XSS')->get('/')->with('html_escape')->begin()->isAllEscapedData('Rss', 'title')->end();
<?php
include dirname(__FILE__) . '/../../bootstrap/functional.php';
$test = new opTestFunctional(new sfBrowser());
include dirname(__FILE__) . '/../../bootstrap/database.php';
$test->login('*****@*****.**', 'password');
// CSRF
$test->info('/diary/create - CSRF')->post('/diary/create')->checkCSRF()->info('/diary/delete - CSRF')->post('/diary/delete/1055')->checkCSRF()->info('/diary/update - CSRF')->post('/diary/update/1055')->checkCSRF()->info('/diaryComment/create - CSRF')->post('/diary/1055/comment/create')->checkCSRF()->info('/diaryComment/delete - CSRF')->post('/diary/comment/delete/1055')->checkCSRF()->info('/diary/edit - XSS')->get('/diary/edit/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Diary', 'title')->isAllEscapedData('Diary', 'body')->end()->info('/diary/list - XSS')->get('/diary/list')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(2, 'Diary', 'title', array('width' => 36))->countEscapedData(2, 'Diary', 'body', array('width' => 36, 'rows' => 3))->end()->info('/diary/search - XSS')->get('/diary/search', array('keyword' => opTesterHtmlEscape::getRawTestData('Diary', 'title')))->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Diary', 'title')->countEscapedData(3, 'Diary', 'title', array('width' => 36))->countEscapedData(2, 'Diary', 'body', array('width' => 36, 'rows' => 3))->end()->get('/diary/search', array('keyword' => opTesterHtmlEscape::getRawTestData('DUMMY', 'KEYWORD')))->with('html_escape')->begin()->isAllEscapedData('DUMMY', 'KEYWORD')->end()->info('/diary/_sidemenu - XSS')->get('/diary/edit/1055')->with('html_escape')->begin()->countEscapedData(2, 'Diary', 'title', array('width' => 36))->end()->info('/diary/listFriend - XSS')->get('/diary/listFriend')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'Diary', 'title', array('width' => 36))->end()->info('/diary/listMember - XSS')->get('/diary/listMember')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(2, 'Diary', 'title', array('width' => 36))->end()->get('/diary/listMember', array('year' => date('Y', strtotime('tomorrow')), 'month' => date('m', strtotime('tomorrow'))))->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(2, 'Diary', 'title', array('width' => 36))->end()->get('/diary/listMember', array('year' => date('Y', strtotime('tomorrow')), 'month' => date('m', strtotime('tomorrow')), 'day' => date('d', strtotime('tomorrow'))))->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(2, 'Diary', 'title', array('width' => 36))->end()->info('/diary/new - XSS')->get('/diary/new')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->end()->info('/diary/show - XSS')->get('/diary/1055')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->isAllEscapedData('Diary', 'title')->isAllEscapedData('Diary', 'body')->isAllEscapedData('DiaryComment', 'body')->end()->info('/diary/comment/history - XSS')->get('/diary/comment/history')->with('html_escape')->begin()->isAllEscapedData('Member', 'name')->countEscapedData(1, 'Diary', 'title', array('width' => 36))->end()->info('_memberDiaryList - XSS')->get('/member/1055')->with('html_escape')->begin()->countEscapedData(1, 'Diary', 'title', array('width' => 36))->end();
<?php
// OAuth library uses split() that is deprecated function.
// The deprecated error generates invalid array key ...
$debug = false;
include dirname(__FILE__) . '/../../bootstrap/functional.php';
function _oauth_get_request_token_params(OAuthConsumer $consumer, $callbackUrl)
{
$request = OAuthRequest::from_consumer_and_token($consumer, null, 'GET', 'http://localhost/index.php/oauth/request_token', array('oauth_callback' => $callbackUrl));
$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, null);
return $request->to_postdata();
}
$info = Doctrine::getTable('OAuthConsumerInformation')->find(1055);
$consumer = new OAuthConsumer($info->getKeyString(), $info->getSecret());
$params = _oauth_get_request_token_params($consumer, 'oob');
$browser = new opTestFunctional(new opBrowser());
$browser->login('*****@*****.**', 'password')->get('/oauth/request_token?' . $params);
parse_str(sfContext::getInstance()->getResponse()->getContent(), $params);
// XSS
$browser->info('/oauth/authorize - XSS')->get('/oauth/authorize?oauth_token=' . $params['oauth_token'])->with('html_escape')->begin()->isAllEscapedData('OAuthConsumerInformation', 'name')->end();
