function validator() { $this->set('title', 'User Input'); $this->expect(is_null($this->get('ERROR')), 'No errors expected at this point', 'ERROR variable is set: ' . $this->get('ERROR.text')); $this->route('POST /form', function () { F3::input('field1', 'nonexistent'); }); $this->set('QUIET', TRUE); $this->mock('POST /form'); $this->run(); $this->expect(!is_null($this->get('ERROR')) && $this->get('ERROR.code') === 500, 'HTTP 500 expected - form field handler is invalid', 'No HTTP 500 triggered'); $this->set('QUIET', FALSE); $this->clear('ERROR'); $this->route('POST /form', function () { F3::input('field', function ($value) { F3::expect($value == 'alert(\'hello\');', 'HTML tags removed (attempt to insert Javascript)', 'HTML tags were not removed: ' . $value); }); }); $this->mock('POST /form', array('field' => '<script>alert(\'hello\');</script>')); $this->run(); $this->clear('ROUTES'); $this->expect($_POST['field'] == 'alert(\'hello\');' && $_POST['field'] == 'alert(\'hello\');', 'Framework sanitizes underlying $_POST and $_POST variables', 'Framework didn\'t sanitize $_POST/$_POST: ' . $_POST['field']); $this->set('POST', array('field' => '<p><b>hello</b> world</p>')); $this->input('field', function ($value) { F3::expect($value == '<p>hello world</p>', 'HTML tags allowed but not converted to HTML entities' . '<br/>Note: application is responsible for ' . 'HTML decoding', 'HTML tags not converted/blocked by framework: ' . $value); }, 'p'); $this->set('POST', array('field' => 'Adam & Eve')); $this->input('field', function ($value) { F3::expect($value == 'Adam & Eve', 'Ampersand preserved', 'Ampersand converted to HTML entity!'); }); $this->set('POST', array('field' => '©')); $this->input('field', function ($value) { F3::expect($value == '©', 'No duplicate encoding of HTML entity: ' . $value, 'Double-encoding of HTML entity: ' . $value); }); $this->set('POST', array('field' => 'hello "world"')); $this->input('field', function ($value) { F3::expect($value == 'hello "world"', 'Double-quotes preserved: ' . $value, 'Double-quotes not handled properly: ' . $value); }); $this->expect(Data::validEmail('!def!xyz%abc@example.com'), 'Valid e-mail address: !def!xyz%abc@example.com', 'Framework flagged !def!xyz%abc@example.com invalid!'); $this->expect(Data::validEmail('"Abc@def"@example.com'), 'Valid e-mail address: "Abc@def"@example.com', 'Framework flagged "Abc@def"@example.com invalid!'); $this->expect(!Data::validEmail('"Abc@def"@example.com', TRUE), 'Invalid e-mail address: "Abc@def"@example.com (MX record verified)', 'Framework flagged "Abc@def"@example.com valid!'); $this->expect(!Data::validEmail('Abc@def@example.com'), 'Invalid e-mail address: Abc@def@example.com', 'Framework flagged Abc@def@example.com valid!'); $this->expect(Data::validEmail('*****@*****.**'), 'Valid e-mail address: a@b.com (MX record not verified)', 'Framework flagged a@b.com invalid!'); $this->expect(!Data::validEmail('*****@*****.**', TRUE), 'Invalid e-mail address: a@b.com (MX record verified)', 'Framework flagged a@b.com valid!'); $this->expect(Data::validURL('http://www.google.com'), 'Valid URL: http://www.google.com', 'Framework flagged http://www.google.com invalid!'); $this->expect(Data::validURL('http://www.yahoo.com/'), 'Valid URL: http://www.yahoo.com/', 'Framework flagged http://www.yahoo.com/ invalid!'); $this->expect(Data::validURL('http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient'), 'Valid URL: ' . 'http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient', 'Framework flagged ' . 'http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient ' . 'invalid!'); $this->expect(Data::validURL('http://www.yahoo.com?http%3A%2F%2Fwww.yahoo.com'), 'Valid URL: http://www.yahoo.com?http%3A%2F%2Fwww.yahoo.com', 'Framework flagged ' . 'http://www.yahoo.com?http%3A%2F%2Fwww.yahoo.com invalid!'); echo $this->render('basic/results.htm'); }