| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * Class CRM_Utils_TypeTest |
| 5 | * @package CiviCRM |
| 6 | * @subpackage CRM_Utils_Type |
| 7 | * @group headless |
| 8 | */ |
| 9 | class CRM_Utils_TypeTest extends CiviUnitTestCase { |
| 10 | |
| 11 | public function setUp() { |
| 12 | parent::setUp(); |
| 13 | } |
| 14 | |
| 15 | /** |
| 16 | * @dataProvider validateDataProvider |
| 17 | * @param $inputData |
| 18 | * @param $inputType |
| 19 | * @param $expectedResult |
| 20 | */ |
| 21 | public function testValidate($inputData, $inputType, $expectedResult) { |
| 22 | $this->assertTrue($expectedResult === CRM_Utils_Type::validate($inputData, $inputType, FALSE)); |
| 23 | } |
| 24 | |
| 25 | /** |
| 26 | * @return array |
| 27 | */ |
| 28 | public function validateDataProvider() { |
| 29 | return [ |
| 30 | [10, 'Int', 10], |
| 31 | ['145E+3', 'Int', NULL], |
| 32 | ['10', 'Integer', 10], |
| 33 | [-10, 'Int', -10], |
| 34 | ['-10', 'Integer', -10], |
| 35 | ['-10foo', 'Int', NULL], |
| 36 | [10, 'Positive', 10], |
| 37 | ['145.0E+3', 'Positive', NULL], |
| 38 | ['10', 'Positive', 10], |
| 39 | [-10, 'Positive', NULL], |
| 40 | ['-10', 'Positive', NULL], |
| 41 | ['-10foo', 'Positive', NULL], |
| 42 | ['civicrm_column_name', 'MysqlColumnNameOrAlias', 'civicrm_column_name'], |
| 43 | ['table.civicrm_column_name', 'MysqlColumnNameOrAlias', 'table.civicrm_column_name'], |
| 44 | ['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL], |
| 45 | ['Home-street_address', 'MysqlColumnNameOrAlias', 'Home-street_address'], |
| 46 | ['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'], |
| 47 | ['`Home-street_address', 'MysqlColumnNameOrAlias', NULL], |
| 48 | ['table.`Home-street_address`', 'MysqlColumnNameOrAlias', 'table.`Home-street_address`'], |
| 49 | ['`table-alias`.`Home-street_address`', 'MysqlColumnNameOrAlias', '`table-alias`.`Home-street_address`'], |
| 50 | ['`table-alias`.column', 'MysqlColumnNameOrAlias', '`table-alias`.column'], |
| 51 | // Spaces also permitted, only when enclosed in backticks. |
| 52 | ['`column alias`', 'MysqlColumnNameOrAlias', '`column alias`'], |
| 53 | ['`table alias`.column', 'MysqlColumnNameOrAlias', '`table alias`.column'], |
| 54 | ['`table alias`.`column alias`', 'MysqlColumnNameOrAlias', '`table alias`.`column alias`'], |
| 55 | ['table alias.column alias', 'MysqlColumnNameOrAlias', NULL], |
| 56 | ['table alias.column_alias', 'MysqlColumnNameOrAlias', NULL], |
| 57 | ['table_alias.column alias', 'MysqlColumnNameOrAlias', NULL], |
| 58 | // Functions are not permitted. |
| 59 | ['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL], |
| 60 | // Length checking permits only 64 chars. |
| 61 | [str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64)], |
| 62 | [str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL], |
| 63 | [str_repeat('a', 64) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64) . '.' . str_repeat('a', 64)], |
| 64 | ['`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`', 'MysqlColumnNameOrAlias', '`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`'], |
| 65 | [str_repeat('a', 64) . '.' . str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL], |
| 66 | [str_repeat('a', 65) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', NULL], |
| 67 | // ORDER BY can be ASC or DESC, case not significant. |
| 68 | ['asc', 'MysqlOrderByDirection', 'asc'], |
| 69 | ['DESC', 'MysqlOrderByDirection', 'desc'], |
| 70 | ['DESCc', 'MysqlOrderByDirection', NULL], |
| 71 | ['table.civicrm_column_name desc', 'MysqlOrderBy', 'table.civicrm_column_name desc'], |
| 72 | ['field(civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(civicrm_column_name,4,5,6)'], |
| 73 | ['field(table.civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(table.civicrm_column_name,4,5,6)'], |
| 74 | ['table.civicrm_column_name desc,other_column, another_column desc', 'MysqlOrderBy', 'table.civicrm_column_name desc,other_column, another_column desc'], |
| 75 | ['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', 'table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column'], |
| 76 | // Lab issue dev/core#93 allow for 3 column orderby |
| 77 | ['contact_id.gender_id.label', 'MysqlOrderBy', 'contact_id.gender_id.label'], |
| 78 | ['a string', 'String', 'a string'], |
| 79 | ['{"contact":{"contact_id":205}}', 'Json', '{"contact":{"contact_id":205}}'], |
| 80 | ['{"contact":{"contact_id":!n†rude®}}', 'Json', NULL], |
| 81 | ]; |
| 82 | } |
| 83 | |
| 84 | /** |
| 85 | * @dataProvider escapeDataProvider |
| 86 | * @param $inputData |
| 87 | * @param $inputType |
| 88 | * @param $expectedResult |
| 89 | */ |
| 90 | public function testEscape($inputData, $inputType, $expectedResult) { |
| 91 | $this->assertTrue($expectedResult === CRM_Utils_Type::escape($inputData, $inputType, FALSE)); |
| 92 | } |
| 93 | |
| 94 | /** |
| 95 | * @return array |
| 96 | */ |
| 97 | public function escapeDataProvider() { |
| 98 | return [ |
| 99 | [10, 'Int', 10], |
| 100 | ['145E+3', 'Int', NULL], |
| 101 | ['10', 'Integer', 10], |
| 102 | [-10, 'Int', -10], |
| 103 | [[], 'Integer', NULL], |
| 104 | ['-10foo', 'Int', NULL], |
| 105 | [10, 'Positive', 10], |
| 106 | ['145.0E+3', 'Positive', NULL], |
| 107 | ['10', 'Positive', 10], |
| 108 | [-10, 'Positive', NULL], |
| 109 | ['-10', 'Positive', NULL], |
| 110 | ['-10foo', 'Positive', NULL], |
| 111 | [['10', 20], 'Country', ['10', 20]], |
| 112 | [['10', '-10foo'], 'Country', NULL], |
| 113 | ['', 'Timestamp', ''], |
| 114 | ['', 'ContactReference', ''], |
| 115 | ['3', 'ContactReference', 3], |
| 116 | ['-3', 'ContactReference', NULL], |
| 117 | // Escape function is meant for sql, not xss |
| 118 | ['<p onclick="alert(\'xss\');">Hello</p>', 'Memo', '<p onclick=\\"alert(\\\'xss\\\');\\">Hello</p>'], |
| 119 | ['civicrm_column_name', 'MysqlColumnNameOrAlias', '`civicrm_column_name`'], |
| 120 | ['table.civicrm_column_name', 'MysqlColumnNameOrAlias', '`table`.`civicrm_column_name`'], |
| 121 | ['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL], |
| 122 | ['Home-street_address', 'MysqlColumnNameOrAlias', '`Home-street_address`'], |
| 123 | ['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'], |
| 124 | ['`Home-street_address', 'MysqlColumnNameOrAlias', NULL], |
| 125 | ['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL], |
| 126 | ['asc', 'MysqlOrderByDirection', 'asc'], |
| 127 | ['DESC', 'MysqlOrderByDirection', 'desc'], |
| 128 | ['DESCc', 'MysqlOrderByDirection', NULL], |
| 129 | ['table.civicrm_column_name desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc'], |
| 130 | ['field(contribution_status_id,4,5,6) asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc'], |
| 131 | ['field(contribution_status_id,4,5,6) asc, contact_id asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc, `contact_id` asc'], |
| 132 | ['table.civicrm_column_name desc,other_column,another_column desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc, `other_column`, `another_column` desc'], |
| 133 | ['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', '`table`.`Home-street_address` asc, `table-alias`.`Home-street_address` desc, `table-alias`.`column`'], |
| 134 | ]; |
| 135 | } |
| 136 | |
| 137 | } |