Exemplo n.º 1
0
/**
 ** takes a page test, and runs it and tests it for problems in the output.
 **        Returns: False on finding a problem, or True on no problems being found.
 */
function runWikiTest(pageTest $test, &$testname, $can_overwrite = false)
{
    // by default don't overwrite a previous test of the same name.
    while (!$can_overwrite && file_exists(DIRECTORY . "/" . $testname . DATA_FILE)) {
        $testname .= "-" . mt_rand(0, 9);
    }
    $filename = DIRECTORY . "/" . $testname . DATA_FILE;
    // Store the time before and after, to find slow pages.
    $before = microtime(true);
    // Get MediaWiki to give us the output of this test.
    $wiki_preview = wikiTestOutput($test);
    $after = microtime(true);
    // if we received no response, then that's interesting.
    if ($wiki_preview == "") {
        print "\nNo response received for: {$filename}";
        return false;
    }
    // save output HTML to file.
    $html_file = DIRECTORY . "/" . $testname . HTML_FILE;
    saveFile($wiki_preview, $html_file);
    // if there were PHP errors in the output, then that's interesting too.
    if (strpos($wiki_preview, "<b>Warning</b>: ") !== false || strpos($wiki_preview, "<b>Fatal error</b>: ") !== false || strpos($wiki_preview, "<b>Notice</b>: ") !== false || strpos($wiki_preview, "<b>Error</b>: ") !== false || strpos($wiki_preview, "<b>Strict Standards:</b>") !== false) {
        $error = substr($wiki_preview, strpos($wiki_preview, "</b>:") + 7, 50);
        // Avoid probable PHP bug with bad session ids; http://bugs.php.net/bug.php?id=38224
        if ($error != "Unknown: The session id contains illegal character") {
            print "\nPHP error/warning/notice in HTML output: {$html_file} ; {$error}";
            return false;
        }
    }
    // if there was a MediaWiki Backtrace message in the output, then that's also interesting.
    if (strpos($wiki_preview, "Backtrace:") !== false) {
        print "\nInternal MediaWiki error in HTML output: {$html_file}";
        return false;
    }
    // if there was a Parser error comment in the output, then that's potentially interesting.
    if (strpos($wiki_preview, "!-- ERR") !== false) {
        print "\nParser Error comment in HTML output: {$html_file}";
        return false;
    }
    // if a database error was logged, then that's definitely interesting.
    if (dbErrorLogged()) {
        print "\nDatabase Error logged for: {$filename}";
        return false;
    }
    // validate result
    $valid = true;
    if (VALIDATE_ON_WEB) {
        list($valid, $validator_output) = validateHTML($wiki_preview);
        if (!$valid) {
            print "\nW3C web validation failed - view details with: html2text " . DIRECTORY . "/" . $testname . ".validator_output.html";
        }
    }
    // Get tidy to check the page, unless we already know it produces non-XHTML output.
    if ($test->tidyValidate()) {
        $valid = tidyCheckFile($testname . HTML_FILE) && $valid;
    }
    // if it took more than 2 seconds to render, then it may be interesting too. (Possible DoS attack?)
    if ($after - $before >= 2) {
        print "\nParticularly slow to render (" . round($after - $before, 2) . " seconds): {$filename}";
        return false;
    }
    if ($valid) {
        // Remove temp HTML file if test was valid:
        unlink($html_file);
    } elseif (VALIDATE_ON_WEB) {
        saveFile($validator_output, DIRECTORY . "/" . $testname . ".validator_output.html");
    }
    return $valid;
}
Exemplo n.º 2
0
/**
** @desc: takes a wiki markup string, and tests it for security or validation problems.
*/
function testWikiMarkup($raw_markup, $testname)
{
    // don't overwrite a previous test of the same name.
    while (file_exists(DIRECTORY . "/" . $testname . ".raw_markup.txt")) {
        $testname .= "-" . mt_rand(0, 9);
    }
    // upload to MediaWiki install.
    $wiki_preview = wikiPreview($raw_markup);
    // save output files
    saveFile($raw_markup, $testname . ".raw_markup.txt");
    saveFile($wiki_preview, $testname . ".wiki_preview.html");
    // validate result
    $valid = true;
    if (VALIDATE_ON_WEB) {
        list($valid, $validator_output) = validateHTML($wiki_preview);
    }
    $valid = $valid && checkOpenCloseTags($wiki_preview, $testname . ".wiki_preview.html");
    $valid = $valid && tidyCheckFile($testname . ".wiki_preview.html");
    if ($valid) {
        // Remove valid tests:
        unlink(DIRECTORY . "/" . $testname . ".raw_markup.txt");
        unlink(DIRECTORY . "/" . $testname . ".wiki_preview.html");
    } elseif (VALIDATE_ON_WEB) {
        saveFile($validator_output, $testname . ".validator_output.html");
    }
}