← Back to branch summary

~ubuntu-branches/ubuntu/maverick/gallery2/maverick

« back to all changes in this revision

Viewing changes to modules/comment/test/phpunit/EditCommentControllerTest.class

  • Committer: Bazaar Package Importer
  • Author(s): Michael C. Schultheiss
  • Date: 2007-09-10 20:22:19 UTC
  • mfrom: (1.1.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20070910202219-0jsuntvqge4ade6b
Tags: 2.2.3-2
http://bugs.debian.org/441671
Add Slovak translation of Debconf templates.  (Thanks to 
Ivan Masá.  Closes: #441671)

Show diffs side-by-side

added added

removed removed

Lines of Context:
modules/comment/test/phpunit/EditCommentControllerTest.class
1
 
<?php
2
 
/*
3
 
 * Gallery - a web based photo album viewer and editor
4
 
 * Copyright (C) 2000-2007 Bharat Mediratta
5
 
 *
6
 
 * This program is free software; you can redistribute it and/or modify
7
 
 * it under the terms of the GNU General Public License as published by
8
 
 * the Free Software Foundation; either version 2 of the License, or (at
9
 
 * your option) any later version.
10
 
 *
11
 
 * This program is distributed in the hope that it will be useful, but
12
 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
13
 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14
 
 * General Public License for more details.
15
 
 *
16
 
 * You should have received a copy of the GNU General Public License
17
 
 * along with this program; if not, write to the Free Software
18
 
 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
19
 
 */
20
 
 
21
 
/**
22
 
 * EditComment controller tests
23
 
 * @package Comment
24
 
 * @subpackage PHPUnit
25
 
 * @author Bharat Mediratta <bharat@menalto.com>
26
 
 * @version $Revision: 15538 $
27
 
 */
28
 
class EditCommentControllerTest extends GalleryControllerTestCase {
29
 
 
30
 
    function EditCommentControllerTest($methodName) {
31
 
        $this->GalleryControllerTestCase($methodName, 'comment.EditComment');
32
 
    }
33
 
 
34
 
    function setUp() {
35
 
        global $gallery;
36
 
        parent::setUp();
37
 
 
38
 
        /* Create two random items */
39
 
        for ($i = 0; $i < 2; $i++) {
40
 
            list ($ret, $this->_item[$i]) = $this->_createRandomDataItem($this->_getRootId());
41
 
            if ($ret) {
42
 
                return $this->failWithStatus($ret);
43
 
            }
44
 
 
45
 
            $this->_markForCleanup($this->_item[$i]);
46
 
 
47
 
            /* Create a comment in it that we can delete */
48
 
            list ($ret, $this->_comment[$i]) =
49
 
                GalleryCoreApi::newFactoryInstance('GalleryEntity', 'GalleryComment');
50
 
            if ($ret) {
51
 
                print $ret->getAsHtml();
52
 
                return $this->failWithStatus($ret);
53
 
            }
54
 
 
55
 
            $this->assert(isset($this->_comment[$i]), 'Missing comment instance');
56
 
            $this->_comment[$i]->create($this->_item[$i]->getId());
57
 
            $this->_comment[$i]->setCommenterId($gallery->getActiveUserId());
58
 
            $this->_comment[$i]->setHost('127.0.0.1');
59
 
            $this->_comment[$i]->setSubject('this is a test subject');
60
 
            $this->_comment[$i]->setComment('this is a test comment');
61
 
            $this->_comment[$i]->setDate(time());
62
 
            $ret = $this->_comment[$i]->save();
63
 
            if ($ret) {
64
 
                print $ret->getAsHtml();
65
 
                return $this->failWithStatus($ret);
66
 
            }
67
 
        }
68
 
 
69
 
        list ($ret, $this->_anonymousUserId) =
70
 
            GalleryCoreApi::getPluginParameter('module', 'core', 'id.anonymousUser');
71
 
        if ($ret) {
72
 
            print $ret->getAsHtml();
73
 
            return $this->failWithStatus($ret);
74
 
        }
75
 
 
76
 
        list ($ret, $this->_anonymousUser) =
77
 
            GalleryCoreApi::loadEntitiesById($this->_anonymousUserId);
78
 
        if ($ret) {
79
 
            print $ret->getAsHtml();
80
 
            return $this->failWithStatus($ret);
81
 
        }
82
 
 
83
 
        list ($ret, $this->_saveMarkup) =
84
 
            GalleryCoreApi::getPluginParameter('module', 'core', 'misc.markup');
85
 
        if ($ret) {
86
 
            print $ret->getAsHtml();
87
 
            return $this->failWithStatus($ret);
88
 
        }
89
 
    }
90
 
 
91
 
    function tearDown() {
92
 
        $ret = GalleryCoreApi::setPluginParameter('module', 'core',
93
 
                                                  'misc.markup', $this->_saveMarkup);
94
 
        if ($ret) {
95
 
            $this->failWithStatus($ret);
96
 
        }
97
 
 
98
 
        parent::tearDown();
99
 
    }
100
 
 
101
 
    function testEditComment() {
102
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
103
 
        GalleryUtilities::putRequestVariable('commentId', $this->_comment[0]->getId());
104
 
        GalleryUtilities::putRequestVariable('form[action][save]', 1);
105
 
        GalleryUtilities::putRequestVariable('form[host]', 'hosty.host.host');
106
 
        GalleryUtilities::putRequestVariable('form[subject]', 'This is a new subject');
107
 
        GalleryUtilities::putRequestVariable('form[author]', 'This is a new author');
108
 
        GalleryUtilities::putRequestVariable('form[comment]', 'This is a new comment');
109
 
        GalleryUtilities::putRequestVariable('form[commenterName]',
110
 
                                             $this->_anonymousUser->getUserName());
111
 
 
112
 
        $results = $this->handleRequest();
113
 
        $this->assertEquals(array('redirect' => array('view' => 'comment.CommentChangeConfirmation',
114
 
                                                      'itemId' => $this->_item[0]->getId()),
115
 
                                  'status' => array('changed' => 1),
116
 
                                  'error' => array()),
117
 
                            $results);
118
 
 
119
 
        /* Grab the comment and verify it */
120
 
        list ($ret, $comment) = $this->_comment[0]->refresh();
121
 
        if ($ret) {
122
 
            return $this->failWithStatus($ret);
123
 
        }
124
 
 
125
 
        $this->assertEquals('hosty.host.host', $comment->getHost());
126
 
        $this->assertEquals((int)$this->_anonymousUserId, $comment->getCommenterId());
127
 
        $this->assertEquals('This is a new comment', $comment->getComment());
128
 
        $this->assertEquals('This is a new subject', $comment->getSubject());
129
 
    }
130
 
 
131
 
    function testPreviewComment() {
132
 
        global $gallery;
133
 
 
134
 
        /* Use valid inputs */
135
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
136
 
        GalleryUtilities::putRequestVariable('form[action][preview]', 1);
137
 
        GalleryUtilities::putRequestVariable('form[host]', 'hosty.host.host');
138
 
        GalleryUtilities::putRequestVariable('form[subject]', 'This is a new subject');
139
 
        GalleryUtilities::putRequestVariable('form[author]', 'This is a new author');
140
 
        GalleryUtilities::putRequestVariable('form[comment]', 'This is a new comment');
141
 
        GalleryUtilities::putRequestVariable('form[commenterName]',
142
 
                                             $this->_anonymousUser->getUserName());
143
 
 
144
 
        /* Perform the request and verify that we succeeded */
145
 
        $results = $this->handleRequest();
146
 
        $this->assertEquals(array('delegate' => array('view' => 'comment.EditComment'),
147
 
                                  'status' => array(),
148
 
                                  'error' => array()),
149
 
                            $results);
150
 
    }
151
 
 
152
 
    function testMissingFields() {
153
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
154
 
        GalleryUtilities::putRequestVariable('commentId', $this->_comment[0]->getId());
155
 
        GalleryUtilities::putRequestVariable('form[action][save]', 1);
156
 
        GalleryUtilities::putRequestVariable('form[host]', '');
157
 
        GalleryUtilities::putRequestVariable('form[subject]', '');
158
 
        GalleryUtilities::putRequestVariable('form[author]', '');
159
 
        GalleryUtilities::putRequestVariable('form[comment]', '');
160
 
        GalleryUtilities::putRequestVariable('form[commenterName]', '');
161
 
 
162
 
        $results = $this->handleRequest();
163
 
        $this->assertEquals(array('delegate' => array('view' => 'comment.EditComment'),
164
 
                                  'status' => array(),
165
 
                                  'error' => array('form[error][commenterName][missing]',
166
 
                                                   'form[error][comment][missing]')),
167
 
                            $results);
168
 
    }
169
 
 
170
 
    function testInvalidCommenterName() {
171
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
172
 
        GalleryUtilities::putRequestVariable('commentId', $this->_comment[0]->getId());
173
 
        GalleryUtilities::putRequestVariable('form[action][save]', 1);
174
 
        GalleryUtilities::putRequestVariable('form[host]', 'hosty.host.host');
175
 
        GalleryUtilities::putRequestVariable('form[subject]', 'This is a new subject');
176
 
        GalleryUtilities::putRequestVariable('form[comment]', 'This is a new comment');
177
 
        GalleryUtilities::putRequestVariable('form[commenterName]', 'some-illegal-user-name');
178
 
 
179
 
        $results = $this->handleRequest();
180
 
        $this->assertEquals(array('delegate' => array('view' => 'comment.EditComment'),
181
 
                                  'status' => array(),
182
 
                                  'error' => array('form[error][commenterName][invalid]')),
183
 
                            $results);
184
 
    }
185
 
 
186
 
    function testPreviewInvalidCommenterName() {
187
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
188
 
        GalleryUtilities::putRequestVariable('commentId', $this->_comment[0]->getId());
189
 
        GalleryUtilities::putRequestVariable('form[action][preview]', 1);
190
 
        GalleryUtilities::putRequestVariable('form[host]', 'hosty.host.host');
191
 
        GalleryUtilities::putRequestVariable('form[subject]', 'This is a new subject');
192
 
        GalleryUtilities::putRequestVariable('form[comment]', 'This is a new comment');
193
 
        GalleryUtilities::putRequestVariable('form[commenterName]', 'some-illegal-user-name');
194
 
 
195
 
        $results = $this->handleRequest();
196
 
        $this->assertEquals(array('delegate' => array('view' => 'comment.EditComment'),
197
 
                                  'status' => array(),
198
 
                                  'error' => array('form[error][commenterName][invalid]')),
199
 
                            $results);
200
 
    }
201
 
 
202
 
    function testPreviewEmptyComment() {
203
 
        global $gallery;
204
 
 
205
 
        /* Use valid inputs */
206
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
207
 
        GalleryUtilities::putRequestVariable('form[action][preview]', 1);
208
 
        GalleryUtilities::putRequestVariable('form[host]', '');
209
 
        GalleryUtilities::putRequestVariable('form[subject]', '');
210
 
        GalleryUtilities::putRequestVariable('form[comment]', '');
211
 
        GalleryUtilities::putRequestVariable('form[commenterName]', '');
212
 
 
213
 
        /* Perform the request and verify that we failed */
214
 
        $results = $this->handleRequest();
215
 
        $this->assertEquals(array('delegate' => array('view' => 'comment.EditComment'),
216
 
                                  'status' => array(),
217
 
                                  'error' => array('form[error][commenterName][missing]',
218
 
                                                   'form[error][comment][missing]')),
219
 
                            $results);
220
 
    }
221
 
 
222
 
    /**
223
 
     * Use a bogus comment id
224
 
     */
225
 
    function testMaliciousEditComment1() {
226
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
227
 
        GalleryUtilities::putRequestVariable('commentId', 123123123);
228
 
        GalleryUtilities::putRequestVariable('form[action][save]', 1);
229
 
 
230
 
        $results = $this->handleRequest(ERROR_MISSING_OBJECT);
231
 
    }
232
 
 
233
 
    /**
234
 
     * Use mismatched item id and comment id
235
 
     */
236
 
    function testMaliciousEditComment2() {
237
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
238
 
        GalleryUtilities::putRequestVariable('commentId', $this->_comment[1]->getId());
239
 
        GalleryUtilities::putRequestVariable('form[action][save]', 1);
240
 
 
241
 
        $results = $this->handleRequest(ERROR_BAD_PARAMETER);
242
 
    }
243
 
 
244
 
    /**
245
 
     * Use malicious content
246
 
     */
247
 
    function testMaliciousEditComment3() {
248
 
        $ret = GalleryCoreApi::setPluginParameter('module', 'core', 'misc.markup', 'html');
249
 
        if ($ret) {
250
 
            $this->failWithStatus($ret);
251
 
        }
252
 
//      GalleryDataCache::reset();
253
 
 
254
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
255
 
        GalleryUtilities::putRequestVariable('commentId', $this->_comment[0]->getId());
256
 
        GalleryUtilities::putRequestVariable('form[action][save]', 1);
257
 
        GalleryUtilities::putRequestVariable('form[host]', 'hosty.host.host');
258
 
        GalleryUtilities::putRequestVariable('form[subject]',
259
 
                '<a href="javascript:alert(1)">a</a>');
260
 
        GalleryUtilities::putRequestVariable('form[comment]',
261
 
                'comment <applet code="bad.class"> test');
262
 
        GalleryUtilities::putRequestVariable('form[author]',
263
 
                'this is a author with <script>evilness</script> in it.');
264
 
        GalleryUtilities::putRequestVariable('form[commenterName]',
265
 
                                             $this->_anonymousUser->getUserName());
266
 
 
267
 
        $results = $this->handleRequest();
268
 
        $this->assertEquals(array('redirect' => array('view' => 'comment.CommentChangeConfirmation',
269
 
                                                      'itemId' => $this->_item[0]->getId()),
270
 
                                  'status' => array('changed' => 1),
271
 
                                  'error' => array()),
272
 
                            $results);
273
 
 
274
 
        /* Grab the comment and verify it */
275
 
        list ($ret, $comment) = $this->_comment[0]->refresh();
276
 
        if ($ret) {
277
 
            return $this->failWithStatus($ret);
278
 
        }
279
 
 
280
 
        $this->assertEquals('&lt;a&gt;a&lt;/a&gt;', $comment->getSubject());
281
 
        $this->assertEquals('comment  test', $comment->getComment());
282
 
        $this->assertEquals('this is a author with &lt;script&gt;evilness&lt;/script&gt; in it.',
283
 
                            $comment->getAuthor());
284
 
        $this->assertEquals('hosty.host.host', $comment->getHost());
285
 
        $this->assertEquals((int)$this->_anonymousUserId, $comment->getCommenterId());
286
 
    }
287
 
 
288
 
    function testCancelEdit() {
289
 
        GalleryUtilities::putRequestVariable('itemId', $this->_item[0]->getId());
290
 
        GalleryUtilities::putRequestVariable('commentId', $this->_comment[0]->getId());
291
 
        GalleryUtilities::putRequestVariable('form[action][cancel]', 1);
292
 
        GalleryUtilities::putRequestVariable('form[host]', 'hosty.host.host');
293
 
        GalleryUtilities::putRequestVariable('form[subject]', 'This is a new subject');
294
 
        GalleryUtilities::putRequestVariable('form[comment]', 'This is a new comment');
295
 
        GalleryUtilities::putRequestVariable('form[commenterName]',
296
 
                                             $this->_anonymousUser->getUserName());
297
 
 
298
 
        $results = $this->handleRequest();
299
 
        $this->assertEquals(array('redirect' => array('view' => 'core.ShowItem',
300
 
                                                      'itemId' => $this->_item[0]->getId()),
301
 
                                  'status' => array(),
302
 
                                  'error' => array()),
303
 
                            $results);
304
 
    }
305
 
}
306
 
?>