/**
* Test for JForm::filterField method.
*
* @return void
*/
public function testFilterField()
{
$form = new JFormInspector('form1');
// Check the test data loads ok.
$this->assertThat($form->load(JFormDataHelper::$filterDocument), $this->isTrue(), 'Line:' . __LINE__ . ' XML string should load successfully.');
$input = '<script>alert();</script> <p>Some text.</p>';
$this->assertThat($form->filterField($form->findField('function'), $input), $this->equalTo('function'), 'Line:' . __LINE__ . ' The function filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('int'), 'A1B2C3'), $this->equalTo(1), 'Line:' . __LINE__ . ' The "int" filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('method'), $input), $this->equalTo('method'), 'Line:' . __LINE__ . ' The class method filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('raw'), $input), $this->equalTo($input), 'Line:' . __LINE__ . ' "The safehtml" filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('safehtml'), $input), $this->equalTo('alert(); <p>Some text.</p>'), 'Line:' . __LINE__ . ' "The safehtml" filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('unset'), $input), $this->equalTo(null), 'Line:' . __LINE__ . ' The value should be unset.');
$this->assertThat($form->filterField($form->findField('word'), $input), $this->equalTo('scriptalertscriptpSometextp'), 'Line:' . __LINE__ . ' The "word" filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('url'), 'http://example.com'), $this->equalTo('http://example.com'), 'Line:' . __LINE__ . ' A field with a valid protocol should return as is.');
$this->assertThat($form->filterField($form->findField('url'), 'http://<script>alert();</script> <p>Some text.</p>'), $this->equalTo('http://alert(); Some text.'), 'Line:' . __LINE__ . ' A "url" with scripts should be should be filtered.');
$this->assertThat($form->filterField($form->findField('url'), 'https://example.com'), $this->equalTo('https://example.com'), 'Line:' . __LINE__ . ' A field with a valid protocol that is not http should return as is.');
$this->assertThat($form->filterField($form->findField('url'), 'example.com'), $this->equalTo('http://example.com'), 'Line:' . __LINE__ . ' A field without a protocol should return with a http:// protocol.');
$this->assertThat($form->filterField($form->findField('url'), 'hptarr.com'), $this->equalTo('http://hptarr.com'), 'Line:' . __LINE__ . ' A field without a protocol and starts with t should return with a http:// protocol.');
$this->assertThat($form->filterField($form->findField('url'), ''), $this->equalTo(''), 'Line:' . __LINE__ . ' An empty "url" filter return nothing.');
$this->assertThat($form->filterField($form->findField('url'), 'http://"onmouseover=alert(2);<>"'), $this->equalTo('http://onmouseover=alert(2);'), 'Line:' . __LINE__ . ' <>" are always illegal in host names.');
$this->assertThat($form->filterField($form->findField('default'), $input), $this->equalTo('alert(); Some text.'), 'Line:' . __LINE__ . ' The default strict filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('tel'), '222.3333333333'), $this->equalTo('222.3333333333'), 'Line:' . __LINE__ . ' The tel filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('tel'), '+222.3333333333'), $this->equalTo('222.3333333333'), 'Line:' . __LINE__ . ' The tel filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('tel'), '+2,2,2.3,3,3,3,3,3,3,3,3,3,3,3'), $this->equalTo('222.333333333333'), 'Line:' . __LINE__ . ' The tel filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('tel'), '33333333333'), $this->equalTo('.33333333333'), 'Line:' . __LINE__ . ' The tel filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('tel'), '222333333333333'), $this->equalTo('222.333333333333'), 'Line:' . __LINE__ . ' The tel filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('tel'), '1 (202) 555-5555'), $this->equalTo('1.2025555555'), 'Line:' . __LINE__ . ' The tel filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('tel'), '+222.33333333333x444'), $this->equalTo('222.33333333333'), 'Line:' . __LINE__ . ' The tel filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('tel'), 'ABCabc/?.!*x'), $this->equalTo(''), 'Line:' . __LINE__ . ' The tel filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('server_utc'), 'foo'), $this->equalTo(''), 'Line:' . __LINE__ . ' A non-date for a server_utc filter should return nothing.');
$this->assertThat($form->filterField($form->findField('server_utc'), ''), $this->equalTo(''), 'Line:' . __LINE__ . ' An empty date for a server_utc filter should return nothing.');
$this->assertThat($form->filterField($form->findField('user_utc'), 'foo'), $this->equalTo(''), 'Line:' . __LINE__ . ' A non-date for a user_utc filter should return nothing.');
$this->assertThat($form->filterField($form->findField('user_utc'), ''), $this->equalTo(''), 'Line:' . __LINE__ . ' An empty date for a user_utc filter should return nothing.');
/**
include_once JPATH_BASE . '/libraries/joomla/user/user.php';
$user = new JUser;
$mockSession = $this->getMock('JSession', array('_start', 'get'));
$mockSession->expects($this->once())->method('get')->will(
$this->returnValue($user)
);
JFactory::$session = $mockSession;
// Adjust the timezone offset to a known value.
$config = JFactory::getConfig();
$config->setValue('config.offset', 10);
// TODO: Mock JFactory and JUser
$user = JFactory::getUser();
$user->setParam('timezone', 5);
$form = new JForm;
$form->load('example');
$text = '<script>alert();</script> <p>Some text</p>';
$data = array(
'f_svr_date' => '2009-01-01 00:00:00',
'f_usr_date' => '2009-01-01 00:00:00',
);
// Check the date filters.
$this->assertThat(
$result['f_svr_date'],
$this->equalTo('2008-12-31 14:00:00')
);
$this->assertThat(
$result['f_usr_date'],
$this->equalTo('2009-01-01 05:00:00')
);
*/
}
/**
* Test for JForm::filterField method.
*/
public function testFilterField()
{
$form = new JFormInspector('form1');
// Check the test data loads ok.
$this->assertThat($form->load(JFormDataHelper::$filterDocument), $this->isTrue(), 'Line:' . __LINE__ . ' XML string should load successfully.');
$input = '<script>alert();</script> <p>Some text.</p>';
$this->assertThat($form->filterField($form->findField('function'), $input), $this->equalTo('function'), 'Line:' . __LINE__ . ' The function filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('int'), 'A1B2C3'), $this->equalTo(1), 'Line:' . __LINE__ . ' The "int" filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('method'), $input), $this->equalTo('method'), 'Line:' . __LINE__ . ' The class method filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('raw'), $input), $this->equalTo($input), 'Line:' . __LINE__ . ' "The safehtml" filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('safehtml'), $input), $this->equalTo('alert(); <p>Some text.</p>'), 'Line:' . __LINE__ . ' "The safehtml" filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('unset'), $input), $this->equalTo(null), 'Line:' . __LINE__ . ' The value should be unset.');
$this->assertThat($form->filterField($form->findField('word'), $input), $this->equalTo('scriptalertscriptpSometextp'), 'Line:' . __LINE__ . ' The "word" filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('default'), $input), $this->equalTo('alert(); Some text.'), 'Line:' . __LINE__ . ' The default strict filter should be correctly applied.');
$this->assertThat($form->filterField($form->findField('server_utc'), 'foo'), $this->equalTo(''), 'Line:' . __LINE__ . ' A non-date for a server_utc filter should return nothing.');
$this->assertThat($form->filterField($form->findField('server_utc'), ''), $this->equalTo(''), 'Line:' . __LINE__ . ' An empty date for a server_utc filter should return nothing.');
$this->assertThat($form->filterField($form->findField('user_utc'), 'foo'), $this->equalTo(''), 'Line:' . __LINE__ . ' A non-date for a user_utc filter should return nothing.');
$this->assertThat($form->filterField($form->findField('user_utc'), ''), $this->equalTo(''), 'Line:' . __LINE__ . ' An empty date for a user_utc filter should return nothing.');
$this->markTestIncomplete('Need to deal with SERVER_UTC and USER_UTC filters');
/*
include_once JPATH_BASE . '/libraries/joomla/user/user.php';
$user = new JUser;
$mockSession = $this->getMock('JSession', array('_start', 'get'));
$mockSession->expects($this->once())->method('get')->will(
$this->returnValue($user)
);
JFactory::$session = $mockSession;
// Adjust the timezone offset to a known value.
$config = JFactory::getConfig();
$config->setValue('config.offset', 10);
// TODO: Mock JFactory and JUser
//$user = JFactory::getUser();
//$user->setParam('timezone', 5);
$form = new JForm;
$form->load('example');
$text = '<script>alert();</script> <p>Some text</p>';
$data = array(
'f_svr_date' => '2009-01-01 00:00:00',
'f_usr_date' => '2009-01-01 00:00:00',
);
// Check the date filters.
$this->assertThat(
$result['f_svr_date'],
$this->equalTo('2008-12-31 14:00:00')
);
//$this->assertThat(
// $result['f_usr_date'],
// $this->equalTo('2009-01-01 05:00:00')
//);
*/
}
