/** ** takes a page test, and runs it and tests it for problems in the output. ** Returns: False on finding a problem, or True on no problems being found. */ function runWikiTest(pageTest $test, &$testname, $can_overwrite = false) { // by default don't overwrite a previous test of the same name. while (!$can_overwrite && file_exists(DIRECTORY . "/" . $testname . DATA_FILE)) { $testname .= "-" . mt_rand(0, 9); } $filename = DIRECTORY . "/" . $testname . DATA_FILE; // Store the time before and after, to find slow pages. $before = microtime(true); // Get MediaWiki to give us the output of this test. $wiki_preview = wikiTestOutput($test); $after = microtime(true); // if we received no response, then that's interesting. if ($wiki_preview == "") { print "\nNo response received for: {$filename}"; return false; } // save output HTML to file. $html_file = DIRECTORY . "/" . $testname . HTML_FILE; saveFile($wiki_preview, $html_file); // if there were PHP errors in the output, then that's interesting too. if (strpos($wiki_preview, "<b>Warning</b>: ") !== false || strpos($wiki_preview, "<b>Fatal error</b>: ") !== false || strpos($wiki_preview, "<b>Notice</b>: ") !== false || strpos($wiki_preview, "<b>Error</b>: ") !== false || strpos($wiki_preview, "<b>Strict Standards:</b>") !== false) { $error = substr($wiki_preview, strpos($wiki_preview, "</b>:") + 7, 50); // Avoid probable PHP bug with bad session ids; http://bugs.php.net/bug.php?id=38224 if ($error != "Unknown: The session id contains illegal character") { print "\nPHP error/warning/notice in HTML output: {$html_file} ; {$error}"; return false; } } // if there was a MediaWiki Backtrace message in the output, then that's also interesting. if (strpos($wiki_preview, "Backtrace:") !== false) { print "\nInternal MediaWiki error in HTML output: {$html_file}"; return false; } // if there was a Parser error comment in the output, then that's potentially interesting. if (strpos($wiki_preview, "!-- ERR") !== false) { print "\nParser Error comment in HTML output: {$html_file}"; return false; } // if a database error was logged, then that's definitely interesting. if (dbErrorLogged()) { print "\nDatabase Error logged for: {$filename}"; return false; } // validate result $valid = true; if (VALIDATE_ON_WEB) { list($valid, $validator_output) = validateHTML($wiki_preview); if (!$valid) { print "\nW3C web validation failed - view details with: html2text " . DIRECTORY . "/" . $testname . ".validator_output.html"; } } // Get tidy to check the page, unless we already know it produces non-XHTML output. if ($test->tidyValidate()) { $valid = tidyCheckFile($testname . HTML_FILE) && $valid; } // if it took more than 2 seconds to render, then it may be interesting too. (Possible DoS attack?) if ($after - $before >= 2) { print "\nParticularly slow to render (" . round($after - $before, 2) . " seconds): {$filename}"; return false; } if ($valid) { // Remove temp HTML file if test was valid: unlink($html_file); } elseif (VALIDATE_ON_WEB) { saveFile($validator_output, DIRECTORY . "/" . $testname . ".validator_output.html"); } return $valid; }
/** ** @desc: takes a wiki markup string, and tests it for security or validation problems. */ function testWikiMarkup($raw_markup, $testname) { // don't overwrite a previous test of the same name. while (file_exists(DIRECTORY . "/" . $testname . ".raw_markup.txt")) { $testname .= "-" . mt_rand(0, 9); } // upload to MediaWiki install. $wiki_preview = wikiPreview($raw_markup); // save output files saveFile($raw_markup, $testname . ".raw_markup.txt"); saveFile($wiki_preview, $testname . ".wiki_preview.html"); // validate result $valid = true; if (VALIDATE_ON_WEB) { list($valid, $validator_output) = validateHTML($wiki_preview); } $valid = $valid && checkOpenCloseTags($wiki_preview, $testname . ".wiki_preview.html"); $valid = $valid && tidyCheckFile($testname . ".wiki_preview.html"); if ($valid) { // Remove valid tests: unlink(DIRECTORY . "/" . $testname . ".raw_markup.txt"); unlink(DIRECTORY . "/" . $testname . ".wiki_preview.html"); } elseif (VALIDATE_ON_WEB) { saveFile($validator_output, $testname . ".validator_output.html"); } }