tests/phpunit/CRM/Utils/TypeTest.php

   1 <?php
   2
   3 /**
   4  * Class CRM_Utils_TypeTest
   5  * @package CiviCRM
   6  * @subpackage CRM_Utils_Type
   7  * @group headless
   8  */
   9 class CRM_Utils_TypeTest extends CiviUnitTestCase {
  10
  11   public function setUp() {
  12     parent::setUp();
  13   }
  14
  15   /**
  16    * @dataProvider validateDataProvider
  17    * @param $inputData
  18    * @param $inputType
  19    * @param $expectedResult
  20    */
  21   public function testValidate($inputData, $inputType, $expectedResult) {
  22     $this->assertTrue($expectedResult === CRM_Utils_Type::validate($inputData, $inputType, FALSE));
  23   }
  24
  25   /**
  26    * @return array
  27    */
  28   public function validateDataProvider() {
  29     return [
  30       [10, 'Int', 10],
  31       ['145E+3', 'Int', NULL],
  32       ['10', 'Integer', 10],
  33       [-10, 'Int', -10],
  34       ['-10', 'Integer', -10],
  35       ['-10foo', 'Int', NULL],
  36       [10, 'Positive', 10],
  37       ['145.0E+3', 'Positive', NULL],
  38       ['10', 'Positive', 10],
  39       [-10, 'Positive', NULL],
  40       ['-10', 'Positive', NULL],
  41       ['-10foo', 'Positive', NULL],
  42       ['civicrm_column_name', 'MysqlColumnNameOrAlias', 'civicrm_column_name'],
  43       ['table.civicrm_column_name', 'MysqlColumnNameOrAlias', 'table.civicrm_column_name'],
  44       ['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL],
  45       ['Home-street_address', 'MysqlColumnNameOrAlias', 'Home-street_address'],
  46       ['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'],
  47       ['`Home-street_address', 'MysqlColumnNameOrAlias', NULL],
  48       ['table.`Home-street_address`', 'MysqlColumnNameOrAlias', 'table.`Home-street_address`'],
  49       ['`table-alias`.`Home-street_address`', 'MysqlColumnNameOrAlias', '`table-alias`.`Home-street_address`'],
  50       ['`table-alias`.column', 'MysqlColumnNameOrAlias', '`table-alias`.column'],
  51       // Spaces also permitted, only when enclosed in backticks.
  52       ['`column alias`', 'MysqlColumnNameOrAlias', '`column alias`'],
  53       ['`table alias`.column', 'MysqlColumnNameOrAlias', '`table alias`.column'],
  54       ['`table alias`.`column alias`', 'MysqlColumnNameOrAlias', '`table alias`.`column alias`'],
  55       ['table alias.column alias', 'MysqlColumnNameOrAlias', NULL],
  56       ['table alias.column_alias', 'MysqlColumnNameOrAlias', NULL],
  57       ['table_alias.column alias', 'MysqlColumnNameOrAlias', NULL],
  58       // Functions are not permitted.
  59       ['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL],
  60       // Length checking permits only 64 chars.
  61       [str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64)],
  62       [str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL],
  63       [str_repeat('a', 64) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64) . '.' . str_repeat('a', 64)],
  64       ['`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`', 'MysqlColumnNameOrAlias', '`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`'],
  65       [str_repeat('a', 64) . '.' . str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL],
  66       [str_repeat('a', 65) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', NULL],
  67       // ORDER BY can be ASC or DESC, case not significant.
  68       ['asc', 'MysqlOrderByDirection', 'asc'],
  69       ['DESC', 'MysqlOrderByDirection', 'desc'],
  70       ['DESCc', 'MysqlOrderByDirection', NULL],
  71       ['table.civicrm_column_name desc', 'MysqlOrderBy', 'table.civicrm_column_name desc'],
  72       ['field(civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(civicrm_column_name,4,5,6)'],
  73       ['field(table.civicrm_column_name,4,5,6)', 'MysqlOrderBy', 'field(table.civicrm_column_name,4,5,6)'],
  74       ['table.civicrm_column_name desc,other_column, another_column desc', 'MysqlOrderBy', 'table.civicrm_column_name desc,other_column, another_column desc'],
  75       ['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', 'table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column'],
  76       // Lab issue dev/core#93 allow for 3 column orderby
  77       ['contact_id.gender_id.label', 'MysqlOrderBy', 'contact_id.gender_id.label'],
  78       ['a string', 'String', 'a string'],
  79       ['{"contact":{"contact_id":205}}', 'Json', '{"contact":{"contact_id":205}}'],
  80       ['{"contact":{"contact_id":!n†rude®}}', 'Json', NULL],
  81     ];
  82   }
  83
  84   /**
  85    * @dataProvider escapeDataProvider
  86    * @param $inputData
  87    * @param $inputType
  88    * @param $expectedResult
  89    */
  90   public function testEscape($inputData, $inputType, $expectedResult) {
  91     $this->assertTrue($expectedResult === CRM_Utils_Type::escape($inputData, $inputType, FALSE));
  92   }
  93
  94   /**
  95    * @return array
  96    */
  97   public function escapeDataProvider() {
  98     return [
  99       [10, 'Int', 10],
 100       ['145E+3', 'Int', NULL],
 101       ['10', 'Integer', 10],
 102       [-10, 'Int', -10],
 103       [[], 'Integer', NULL],
 104       ['-10foo', 'Int', NULL],
 105       [10, 'Positive', 10],
 106       ['145.0E+3', 'Positive', NULL],
 107       ['10', 'Positive', 10],
 108       [-10, 'Positive', NULL],
 109       ['-10', 'Positive', NULL],
 110       ['-10foo', 'Positive', NULL],
 111       [['10', 20], 'Country', ['10', 20]],
 112       [['10', '-10foo'], 'Country', NULL],
 113       ['', 'Timestamp', ''],
 114       ['', 'ContactReference', ''],
 115       ['3', 'ContactReference', 3],
 116       ['-3', 'ContactReference', NULL],
 117       // Escape function is meant for sql, not xss
 118       ['<p onclick="alert(\'xss\');">Hello</p>', 'Memo', '<p onclick=\\"alert(\\\'xss\\\');\\">Hello</p>'],
 119       ['civicrm_column_name', 'MysqlColumnNameOrAlias', '`civicrm_column_name`'],
 120       ['table.civicrm_column_name', 'MysqlColumnNameOrAlias', '`table`.`civicrm_column_name`'],
 121       ['table.civicrm_column_name.toomanydots', 'MysqlColumnNameOrAlias', NULL],
 122       ['Home-street_address', 'MysqlColumnNameOrAlias', '`Home-street_address`'],
 123       ['`Home-street_address`', 'MysqlColumnNameOrAlias', '`Home-street_address`'],
 124       ['`Home-street_address', 'MysqlColumnNameOrAlias', NULL],
 125       ['column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL],
 126       ['asc', 'MysqlOrderByDirection', 'asc'],
 127       ['DESC', 'MysqlOrderByDirection', 'desc'],
 128       ['DESCc', 'MysqlOrderByDirection', NULL],
 129       ['table.civicrm_column_name desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc'],
 130       ['field(contribution_status_id,4,5,6) asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc'],
 131       ['field(contribution_status_id,4,5,6) asc, contact_id asc', 'MysqlOrderBy', 'field(`contribution_status_id`,4,5,6) asc, `contact_id` asc'],
 132       ['table.civicrm_column_name desc,other_column,another_column desc', 'MysqlOrderBy', '`table`.`civicrm_column_name` desc, `other_column`, `another_column` desc'],
 133       ['table.`Home-street_address` asc, `table-alias`.`Home-street_address` desc,`table-alias`.column', 'MysqlOrderBy', '`table`.`Home-street_address` asc, `table-alias`.`Home-street_address` desc, `table-alias`.`column`'],
 134     ];
 135   }
 136
 137 }