Commit | Line | Data |
---|---|---|
f942c321 DL |
1 | <?php |
2 | ||
aba1cd8b EM |
3 | /** |
4 | * Class CRM_Utils_TypeTest | |
7cec4a9a CB |
5 | * @package CiviCRM |
6 | * @subpackage CRM_Utils_Type | |
acb109b7 | 7 | * @group headless |
aba1cd8b | 8 | */ |
f942c321 DL |
9 | class CRM_Utils_TypeTest extends CiviUnitTestCase { |
10 | ||
00be9182 | 11 | public function setUp() { |
f942c321 DL |
12 | parent::setUp(); |
13 | } | |
14 | ||
15 | /** | |
16 | * @dataProvider validateDataProvider | |
1e1fdcf6 EM |
17 | * @param $inputData |
18 | * @param $inputType | |
19 | * @param $expectedResult | |
f942c321 | 20 | */ |
00be9182 | 21 | public function testValidate($inputData, $inputType, $expectedResult) { |
258570f7 | 22 | $this->assertTrue($expectedResult === CRM_Utils_Type::validate($inputData, $inputType, FALSE)); |
f942c321 DL |
23 | } |
24 | ||
e9479dcf EM |
25 | /** |
26 | * @return array | |
27 | */ | |
00be9182 | 28 | public function validateDataProvider() { |
9099cab3 CW |
29 | return [ |
30 | [10, 'Int', 10], | |
31 | ['145E+3', 'Int', NULL], | |
32 | ['10', 'Integer', 10], | |
33 | [-10, 'Int', -10], | |
34 | ['-10', 'Integer', -10], | |
35 | ['-10foo', 'Int', NULL], | |
36 | [10, 'Positive', 10], | |
37 | ['145.0E+3', 'Positive', NULL], | |
38 | ['10', 'Positive', 10], | |
39 | [-10, 'Positive', NULL], | |
40 | ['-10', 'Positive', NULL], | |
41 | ['-10foo', 'Positive', NULL], | |
42 | ['civicrm_column_name', 'MysqlColumnNameOrAlias', 'civicrm_column_name'], | |
43 | ['table.civicrm_column_name', 'MysqlColumnNameOrAlias', 'table.civicrm_column_name'], | |
44 | ['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL], | |
45 | ['Home-street_address', 'MysqlColumnNameOrAlias', 'Home-street_address'], | |
46 | ['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'], | |
47 | ['`Home-street_address', 'MysqlColumnNameOrAlias', NULL], | |
48 | ['table.`Home-street_address`', 'MysqlColumnNameOrAlias', 'table.`Home-street_address`'], | |
49 | ['`table-alias`.`Home-street_address`', 'MysqlColumnNameOrAlias', '`table-alias`.`Home-street_address`'], | |
50 | ['`table-alias`.column', 'MysqlColumnNameOrAlias', '`table-alias`.column'], | |
7cec4a9a | 51 | // Spaces also permitted, only when enclosed in backticks. |
9099cab3 CW |
52 | ['`column alias`', 'MysqlColumnNameOrAlias', '`column alias`'], |
53 | ['`table alias`.column', 'MysqlColumnNameOrAlias', '`table alias`.column'], | |
54 | ['`table alias`.`column alias`', 'MysqlColumnNameOrAlias', '`table alias`.`column alias`'], | |
55 | ['table alias.column alias', 'MysqlColumnNameOrAlias', NULL], | |
56 | ['table alias.column_alias', 'MysqlColumnNameOrAlias', NULL], | |
57 | ['table_alias.column alias', 'MysqlColumnNameOrAlias', NULL], | |
7cec4a9a | 58 | // Functions are not permitted. |
9099cab3 | 59 | ['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL], |
7cec4a9a | 60 | // Length checking permits only 64 chars. |
9099cab3 CW |
61 | [str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64)], |
62 | [str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL], | |
63 | [str_repeat('a', 64) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64) . '.' . str_repeat('a', 64)], | |
64 | ['`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`', 'MysqlColumnNameOrAlias', '`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`'], | |
65 | [str_repeat('a', 64) . '.' . str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL], | |
66 | [str_repeat('a', 65) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', NULL], | |
7cec4a9a | 67 | // ORDER BY can be ASC or DESC, case not significant. |
9099cab3 CW |
68 | ['asc', 'MysqlOrderByDirection', 'asc'], |
69 | ['DESC', 'MysqlOrderByDirection', 'desc'], | |
70 | ['DESCc', 'MysqlOrderByDirection', NULL], | |
71 | ['table.civicrm_column_name desc', 'MysqlOrderBy', 'table.civicrm_column_name desc'], | |
72 | ['field(civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(civicrm_column_name,4,5,6)'], | |
73 | ['field(table.civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(table.civicrm_column_name,4,5,6)'], | |
74 | ['table.civicrm_column_name desc,other_column, another_column desc', 'MysqlOrderBy', 'table.civicrm_column_name desc,other_column, another_column desc'], | |
75 | ['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', 'table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column'], | |
6d5cedb3 | 76 | // Lab issue dev/core#93 allow for 3 column orderby |
9099cab3 CW |
77 | ['contact_id.gender_id.label', 'MysqlOrderBy', 'contact_id.gender_id.label'], |
78 | ['a string', 'String', 'a string'], | |
79 | ['{"contact":{"contact_id":205}}', 'Json', '{"contact":{"contact_id":205}}'], | |
80 | ['{"contact":{"contact_id":!n†rude®}}', 'Json', NULL], | |
81 | ]; | |
f942c321 | 82 | } |
96025800 | 83 | |
258570f7 CW |
84 | /** |
85 | * @dataProvider escapeDataProvider | |
86 | * @param $inputData | |
87 | * @param $inputType | |
88 | * @param $expectedResult | |
89 | */ | |
90 | public function testEscape($inputData, $inputType, $expectedResult) { | |
91 | $this->assertTrue($expectedResult === CRM_Utils_Type::escape($inputData, $inputType, FALSE)); | |
92 | } | |
93 | ||
94 | /** | |
95 | * @return array | |
96 | */ | |
97 | public function escapeDataProvider() { | |
9099cab3 CW |
98 | return [ |
99 | [10, 'Int', 10], | |
100 | ['145E+3', 'Int', NULL], | |
101 | ['10', 'Integer', 10], | |
102 | [-10, 'Int', -10], | |
103 | [[], 'Integer', NULL], | |
104 | ['-10foo', 'Int', NULL], | |
105 | [10, 'Positive', 10], | |
106 | ['145.0E+3', 'Positive', NULL], | |
107 | ['10', 'Positive', 10], | |
108 | [-10, 'Positive', NULL], | |
109 | ['-10', 'Positive', NULL], | |
110 | ['-10foo', 'Positive', NULL], | |
111 | [['10', 20], 'Country', ['10', 20]], | |
112 | [['10', '-10foo'], 'Country', NULL], | |
113 | ['', 'Timestamp', ''], | |
114 | ['', 'ContactReference', ''], | |
115 | ['3', 'ContactReference', 3], | |
116 | ['-3', 'ContactReference', NULL], | |
258570f7 | 117 | // Escape function is meant for sql, not xss |
9099cab3 CW |
118 | ['<p onclick="alert(\'xss\');">Hello</p>', 'Memo', '<p onclick=\\"alert(\\\'xss\\\');\\">Hello</p>'], |
119 | ['civicrm_column_name', 'MysqlColumnNameOrAlias', '`civicrm_column_name`'], | |
120 | ['table.civicrm_column_name', 'MysqlColumnNameOrAlias', '`table`.`civicrm_column_name`'], | |
121 | ['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL], | |
122 | ['Home-street_address', 'MysqlColumnNameOrAlias', '`Home-street_address`'], | |
123 | ['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'], | |
124 | ['`Home-street_address', 'MysqlColumnNameOrAlias', NULL], | |
125 | ['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL], | |
126 | ['asc', 'MysqlOrderByDirection', 'asc'], | |
127 | ['DESC', 'MysqlOrderByDirection', 'desc'], | |
128 | ['DESCc', 'MysqlOrderByDirection', NULL], | |
129 | ['table.civicrm_column_name desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc'], | |
130 | ['field(contribution_status_id,4,5,6) asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc'], | |
131 | ['field(contribution_status_id,4,5,6) asc, contact_id asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc, `contact_id` asc'], | |
132 | ['table.civicrm_column_name desc,other_column,another_column desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc, `other_column`, `another_column` desc'], | |
133 | ['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', '`table`.`Home-street_address` asc, `table-alias`.`Home-street_address` desc, `table-alias`.`column`'], | |
134 | ]; | |
258570f7 CW |
135 | } |
136 | ||
f942c321 | 137 | } |