[civicrm-core.git] / tests / phpunit / CRM / Utils / TypeTest.php

<?php

/**
 * Class CRM_Utils_TypeTest
 * @package CiviCRM
 * @subpackage CRM_Utils_Type
 * @group headless
 */
class CRM_Utils_TypeTest extends CiviUnitTestCase {

  public function setUp() {
    parent::setUp();
  }

  /**
   * @dataProvider validateDataProvider
   * @param $inputData
   * @param $inputType
   * @param $expectedResult
   */
  public function testValidate($inputData, $inputType, $expectedResult) {
    $this->assertTrue($expectedResult === CRM_Utils_Type::validate($inputData, $inputType, FALSE));
  }

  /**
   * @return array
   */
  public function validateDataProvider() {
    return [
      [10, 'Int', 10],
      ['145E+3', 'Int', NULL],
      ['10', 'Integer', 10],
      [-10, 'Int', -10],
      ['-10', 'Integer', -10],
      ['-10foo', 'Int', NULL],
      [10, 'Positive', 10],
      ['145.0E+3', 'Positive', NULL],
      ['10', 'Positive', 10],
      [-10, 'Positive', NULL],
      ['-10', 'Positive', NULL],
      ['-10foo', 'Positive', NULL],
      ['civicrm_column_name', 'MysqlColumnNameOrAlias', 'civicrm_column_name'],
      ['table.civicrm_column_name', 'MysqlColumnNameOrAlias', 'table.civicrm_column_name'],
      ['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL],
      ['Home-street_address', 'MysqlColumnNameOrAlias', 'Home-street_address'],
      ['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'],
      ['`Home-street_address', 'MysqlColumnNameOrAlias', NULL],
      ['table.`Home-street_address`', 'MysqlColumnNameOrAlias', 'table.`Home-street_address`'],
      ['`table-alias`.`Home-street_address`', 'MysqlColumnNameOrAlias', '`table-alias`.`Home-street_address`'],
      ['`table-alias`.column', 'MysqlColumnNameOrAlias', '`table-alias`.column'],
      // Spaces also permitted, only when enclosed in backticks.
      ['`column alias`', 'MysqlColumnNameOrAlias', '`column alias`'],
      ['`table alias`.column', 'MysqlColumnNameOrAlias', '`table alias`.column'],
      ['`table alias`.`column alias`', 'MysqlColumnNameOrAlias', '`table alias`.`column alias`'],
      ['table alias.column alias', 'MysqlColumnNameOrAlias', NULL],
      ['table alias.column_alias', 'MysqlColumnNameOrAlias', NULL],
      ['table_alias.column alias', 'MysqlColumnNameOrAlias', NULL],
      // Functions are not permitted.
      ['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL],
      // Length checking permits only 64 chars.
      [str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64)],
      [str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL],
      [str_repeat('a', 64) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64) . '.' . str_repeat('a', 64)],
      ['`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`', 'MysqlColumnNameOrAlias', '`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`'],
      [str_repeat('a', 64) . '.' . str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL],
      [str_repeat('a', 65) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', NULL],
      // ORDER BY can be ASC or DESC, case not significant.
      ['asc', 'MysqlOrderByDirection', 'asc'],
      ['DESC', 'MysqlOrderByDirection', 'desc'],
      ['DESCc', 'MysqlOrderByDirection', NULL],
      ['table.civicrm_column_name desc', 'MysqlOrderBy', 'table.civicrm_column_name desc'],
      ['field(civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(civicrm_column_name,4,5,6)'],
      ['field(table.civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(table.civicrm_column_name,4,5,6)'],
      ['table.civicrm_column_name desc,other_column, another_column desc', 'MysqlOrderBy', 'table.civicrm_column_name desc,other_column, another_column desc'],
      ['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', 'table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column'],
      // Lab issue dev/core#93 allow for 3 column orderby
      ['contact_id.gender_id.label', 'MysqlOrderBy', 'contact_id.gender_id.label'],
      ['a string', 'String', 'a string'],
      ['{"contact":{"contact_id":205}}', 'Json', '{"contact":{"contact_id":205}}'],
      ['{"contact":{"contact_id":!n†rude®}}', 'Json', NULL],
    ];
  }

  /**
   * @dataProvider escapeDataProvider
   * @param $inputData
   * @param $inputType
   * @param $expectedResult
   */
  public function testEscape($inputData, $inputType, $expectedResult) {
    $this->assertTrue($expectedResult === CRM_Utils_Type::escape($inputData, $inputType, FALSE));
  }

  /**
   * @return array
   */
  public function escapeDataProvider() {
    return [
      [10, 'Int', 10],
      ['145E+3', 'Int', NULL],
      ['10', 'Integer', 10],
      [-10, 'Int', -10],
      [[], 'Integer', NULL],
      ['-10foo', 'Int', NULL],
      [10, 'Positive', 10],
      ['145.0E+3', 'Positive', NULL],
      ['10', 'Positive', 10],
      [-10, 'Positive', NULL],
      ['-10', 'Positive', NULL],
      ['-10foo', 'Positive', NULL],
      [['10', 20], 'Country', ['10', 20]],
      [['10', '-10foo'], 'Country', NULL],
      ['', 'Timestamp', ''],
      ['', 'ContactReference', ''],
      ['3', 'ContactReference', 3],
      ['-3', 'ContactReference', NULL],
      // Escape function is meant for sql, not xss
      ['<p onclick="alert(\'xss\');">Hello</p>', 'Memo', '<p onclick=\\"alert(\\\'xss\\\');\\">Hello</p>'],
      ['civicrm_column_name', 'MysqlColumnNameOrAlias', '`civicrm_column_name`'],
      ['table.civicrm_column_name', 'MysqlColumnNameOrAlias', '`table`.`civicrm_column_name`'],
      ['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL],
      ['Home-street_address', 'MysqlColumnNameOrAlias', '`Home-street_address`'],
      ['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'],
      ['`Home-street_address', 'MysqlColumnNameOrAlias', NULL],
      ['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL],
      ['asc', 'MysqlOrderByDirection', 'asc'],
      ['DESC', 'MysqlOrderByDirection', 'desc'],
      ['DESCc', 'MysqlOrderByDirection', NULL],
      ['table.civicrm_column_name desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc'],
      ['field(contribution_status_id,4,5,6) asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc'],
      ['field(contribution_status_id,4,5,6) asc, contact_id asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc, `contact_id` asc'],
      ['table.civicrm_column_name desc,other_column,another_column desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc, `other_column`, `another_column` desc'],
      ['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', '`table`.`Home-street_address` asc, `table-alias`.`Home-street_address` desc, `table-alias`.`column`'],
    ];
  }

}
Commit	Line	Data
f942c321 DL	1	<?php
f942c321 DL	2
aba1cd8b EM	3	/**
aba1cd8b EM	4	* Class CRM_Utils_TypeTest
7cec4a9a CB	5	* @package CiviCRM
7cec4a9a CB	6	* @subpackage CRM_Utils_Type
acb109b7	7	* @group headless
aba1cd8b	8	*/
f942c321 DL	9	class CRM_Utils_TypeTest extends CiviUnitTestCase {
f942c321 DL	10
00be9182	11	public function setUp() {
f942c321 DL	12	parent::setUp();
	13	}
	14
	15	/**
	16	* @dataProvider validateDataProvider
1e1fdcf6 EM	17	* @param $inputData
	18	* @param $inputType
	19	* @param $expectedResult
f942c321	20	*/
00be9182	21	public function testValidate($inputData, $inputType, $expectedResult) {
258570f7	22	$this->assertTrue($expectedResult === CRM_Utils_Type::validate($inputData, $inputType, FALSE));
f942c321 DL	23	}
f942c321 DL	24
e9479dcf EM	25	/**
	26	* @return array
	27	*/
00be9182	28	public function validateDataProvider() {
9099cab3 CW	29	return [
	30	[10, 'Int', 10],
	31	['145E+3', 'Int', NULL],
	32	['10', 'Integer', 10],
	33	[-10, 'Int', -10],
	34	['-10', 'Integer', -10],
	35	['-10foo', 'Int', NULL],
	36	[10, 'Positive', 10],
	37	['145.0E+3', 'Positive', NULL],
	38	['10', 'Positive', 10],
	39	[-10, 'Positive', NULL],
	40	['-10', 'Positive', NULL],
	41	['-10foo', 'Positive', NULL],
	42	['civicrm_column_name', 'MysqlColumnNameOrAlias', 'civicrm_column_name'],
	43	['table.civicrm_column_name', 'MysqlColumnNameOrAlias', 'table.civicrm_column_name'],
	44	['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL],
	45	['Home-street_address', 'MysqlColumnNameOrAlias', 'Home-street_address'],
	46	['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'],
	47	['`Home-street_address', 'MysqlColumnNameOrAlias', NULL],
	48	['table.`Home-street_address`', 'MysqlColumnNameOrAlias', 'table.`Home-street_address`'],
	49	['`table-alias`.`Home-street_address`', 'MysqlColumnNameOrAlias', '`table-alias`.`Home-street_address`'],
	50	['`table-alias`.column', 'MysqlColumnNameOrAlias', '`table-alias`.column'],
7cec4a9a	51	// Spaces also permitted, only when enclosed in backticks.
9099cab3 CW	52	['`column alias`', 'MysqlColumnNameOrAlias', '`column alias`'],
	53	['`table alias`.column', 'MysqlColumnNameOrAlias', '`table alias`.column'],
	54	['`table alias`.`column alias`', 'MysqlColumnNameOrAlias', '`table alias`.`column alias`'],
	55	['table alias.column alias', 'MysqlColumnNameOrAlias', NULL],
	56	['table alias.column_alias', 'MysqlColumnNameOrAlias', NULL],
	57	['table_alias.column alias', 'MysqlColumnNameOrAlias', NULL],
7cec4a9a	58	// Functions are not permitted.
9099cab3	59	['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL],
7cec4a9a	60	// Length checking permits only 64 chars.
9099cab3 CW	61	[str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64)],
	62	[str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL],
	63	[str_repeat('a', 64) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64) . '.' . str_repeat('a', 64)],
	64	['`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`', 'MysqlColumnNameOrAlias', '`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`'],
	65	[str_repeat('a', 64) . '.' . str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL],
	66	[str_repeat('a', 65) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', NULL],
7cec4a9a	67	// ORDER BY can be ASC or DESC, case not significant.
9099cab3 CW	68	['asc', 'MysqlOrderByDirection', 'asc'],
	69	['DESC', 'MysqlOrderByDirection', 'desc'],
	70	['DESCc', 'MysqlOrderByDirection', NULL],
	71	['table.civicrm_column_name desc', 'MysqlOrderBy', 'table.civicrm_column_name desc'],
	72	['field(civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(civicrm_column_name,4,5,6)'],
	73	['field(table.civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(table.civicrm_column_name,4,5,6)'],
	74	['table.civicrm_column_name desc,other_column, another_column desc', 'MysqlOrderBy', 'table.civicrm_column_name desc,other_column, another_column desc'],
	75	['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', 'table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column'],
6d5cedb3	76	// Lab issue dev/core#93 allow for 3 column orderby
9099cab3 CW	77	['contact_id.gender_id.label', 'MysqlOrderBy', 'contact_id.gender_id.label'],
	78	['a string', 'String', 'a string'],
	79	['{"contact":{"contact_id":205}}', 'Json', '{"contact":{"contact_id":205}}'],
	80	['{"contact":{"contact_id":!n†rude®}}', 'Json', NULL],
	81	];
f942c321	82	}
96025800	83
258570f7 CW	84	/**
	85	* @dataProvider escapeDataProvider
	86	* @param $inputData
	87	* @param $inputType
	88	* @param $expectedResult
	89	*/
	90	public function testEscape($inputData, $inputType, $expectedResult) {
	91	$this->assertTrue($expectedResult === CRM_Utils_Type::escape($inputData, $inputType, FALSE));
	92	}
	93
	94	/**
	95	* @return array
	96	*/
	97	public function escapeDataProvider() {
9099cab3 CW	98	return [
	99	[10, 'Int', 10],
	100	['145E+3', 'Int', NULL],
	101	['10', 'Integer', 10],
	102	[-10, 'Int', -10],
	103	[[], 'Integer', NULL],
	104	['-10foo', 'Int', NULL],
	105	[10, 'Positive', 10],
	106	['145.0E+3', 'Positive', NULL],
	107	['10', 'Positive', 10],
	108	[-10, 'Positive', NULL],
	109	['-10', 'Positive', NULL],
	110	['-10foo', 'Positive', NULL],
	111	[['10', 20], 'Country', ['10', 20]],
	112	[['10', '-10foo'], 'Country', NULL],
	113	['', 'Timestamp', ''],
	114	['', 'ContactReference', ''],
	115	['3', 'ContactReference', 3],
	116	['-3', 'ContactReference', NULL],
258570f7	117	// Escape function is meant for sql, not xss
9099cab3 CW	118	['<p onclick="alert(\'xss\');">Hello</p>', 'Memo', '<p onclick=\\"alert(\\\'xss\\\');\\">Hello</p>'],
	119	['civicrm_column_name', 'MysqlColumnNameOrAlias', '`civicrm_column_name`'],
	120	['table.civicrm_column_name', 'MysqlColumnNameOrAlias', '`table`.`civicrm_column_name`'],
	121	['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL],
	122	['Home-street_address', 'MysqlColumnNameOrAlias', '`Home-street_address`'],
	123	['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'],
	124	['`Home-street_address', 'MysqlColumnNameOrAlias', NULL],
	125	['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL],
	126	['asc', 'MysqlOrderByDirection', 'asc'],
	127	['DESC', 'MysqlOrderByDirection', 'desc'],
	128	['DESCc', 'MysqlOrderByDirection', NULL],
	129	['table.civicrm_column_name desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc'],
	130	['field(contribution_status_id,4,5,6) asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc'],
	131	['field(contribution_status_id,4,5,6) asc, contact_id asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc, `contact_id` asc'],
	132	['table.civicrm_column_name desc,other_column,another_column desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc, `other_column`, `another_column` desc'],
	133	['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', '`table`.`Home-street_address` asc, `table-alias`.`Home-street_address` desc, `table-alias`.`column`'],
	134	];
258570f7 CW	135	}
258570f7 CW	136
f942c321	137	}