function validator()
{
$this->set('title', 'User Input');
$this->expect(is_null($this->get('ERROR')), 'No errors expected at this point', 'ERROR variable is set: ' . $this->get('ERROR.text'));
$this->route('POST /form', function () {
F3::input('field1', 'nonexistent');
});
$this->set('QUIET', TRUE);
$this->mock('POST /form');
$this->run();
$this->expect(!is_null($this->get('ERROR')) && $this->get('ERROR.code') === 500, 'HTTP 500 expected - form field handler is invalid', 'No HTTP 500 triggered');
$this->set('QUIET', FALSE);
$this->clear('ERROR');
$this->route('POST /form', function () {
F3::input('field', function ($value) {
F3::expect($value == 'alert(\'hello\');', 'HTML tags removed (attempt to insert Javascript)', 'HTML tags were not removed: ' . $value);
});
});
$this->mock('POST /form', array('field' => '<script>alert(\'hello\');</script>'));
$this->run();
$this->clear('ROUTES');
$this->expect($_POST['field'] == 'alert(\'hello\');' && $_POST['field'] == 'alert(\'hello\');', 'Framework sanitizes underlying $_POST and $_POST variables', 'Framework didn\'t sanitize $_POST/$_POST: ' . $_POST['field']);
$this->set('POST', array('field' => '<p><b>hello</b> world</p>'));
$this->input('field', function ($value) {
F3::expect($value == '<p>hello world</p>', 'HTML tags allowed but not converted to HTML entities' . '<br/>Note: application is responsible for ' . 'HTML decoding', 'HTML tags not converted/blocked by framework: ' . $value);
}, 'p');
$this->set('POST', array('field' => 'Adam & Eve'));
$this->input('field', function ($value) {
F3::expect($value == 'Adam & Eve', 'Ampersand preserved', 'Ampersand converted to HTML entity!');
});
$this->set('POST', array('field' => '©'));
$this->input('field', function ($value) {
F3::expect($value == '©', 'No duplicate encoding of HTML entity: ' . $value, 'Double-encoding of HTML entity: ' . $value);
});
$this->set('POST', array('field' => 'hello "world"'));
$this->input('field', function ($value) {
F3::expect($value == 'hello "world"', 'Double-quotes preserved: ' . $value, 'Double-quotes not handled properly: ' . $value);
});
$this->expect(Data::validEmail('!def!xyz%abc@example.com'), 'Valid e-mail address: !def!xyz%abc@example.com', 'Framework flagged !def!xyz%abc@example.com invalid!');
$this->expect(Data::validEmail('"Abc@def"@example.com'), 'Valid e-mail address: "Abc@def"@example.com', 'Framework flagged "Abc@def"@example.com invalid!');
$this->expect(!Data::validEmail('"Abc@def"@example.com', TRUE), 'Invalid e-mail address: "Abc@def"@example.com (MX record verified)', 'Framework flagged "Abc@def"@example.com valid!');
$this->expect(!Data::validEmail('Abc@def@example.com'), 'Invalid e-mail address: Abc@def@example.com', 'Framework flagged Abc@def@example.com valid!');
$this->expect(Data::validEmail('*****@*****.**'), 'Valid e-mail address: a@b.com (MX record not verified)', 'Framework flagged a@b.com invalid!');
$this->expect(!Data::validEmail('*****@*****.**', TRUE), 'Invalid e-mail address: a@b.com (MX record verified)', 'Framework flagged a@b.com valid!');
$this->expect(Data::validURL('http://www.google.com'), 'Valid URL: http://www.google.com', 'Framework flagged http://www.google.com invalid!');
$this->expect(Data::validURL('http://www.yahoo.com/'), 'Valid URL: http://www.yahoo.com/', 'Framework flagged http://www.yahoo.com/ invalid!');
$this->expect(Data::validURL('http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient'), 'Valid URL: ' . 'http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient', 'Framework flagged ' . 'http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient ' . 'invalid!');
$this->expect(Data::validURL('http://www.yahoo.com?http%3A%2F%2Fwww.yahoo.com'), 'Valid URL: http://www.yahoo.com?http%3A%2F%2Fwww.yahoo.com', 'Framework flagged ' . 'http://www.yahoo.com?http%3A%2F%2Fwww.yahoo.com invalid!');
echo $this->render('basic/results.htm');
}
