Skip to content

Commit 9dde9b8

Browse files
bigfoot90bigfoot90
committed
Testing escaping cli and escaping html
1 parent ac5d4b1 commit 9dde9b8

1 file changed

Lines changed: 36 additions & 4 deletions

File tree

tests/Utils/FormatterTest.php

Lines changed: 36 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -235,13 +235,13 @@ public function mergeFormats()
235235
public function testFormat_new($query, $text, $cli, $html, array $options = array())
236236
{
237237
// Test TEXT format
238-
$this->assertEquals($text, Formatter::format($query, array('type' => 'text') + $options));
238+
$this->assertEquals($text, Formatter::format($query, array('type' => 'text') + $options), 'Text formatting failed.');
239239

240240
// Test CLI format
241-
$this->assertEquals($cli, Formatter::format($query, array('type' => 'cli') + $options));
241+
$this->assertEquals($cli, Formatter::format($query, array('type' => 'cli') + $options), 'CLI formatting failed.');
242242

243243
// Test HTML format
244-
$this->assertEquals($html, Formatter::format($query, array('type' => 'html') + $options));
244+
$this->assertEquals($html, Formatter::format($query, array('type' => 'html') + $options), 'HTML formatting failed.');
245245
}
246246

247247
public function formatQueries_new()
@@ -400,6 +400,38 @@ public function formatQueries_new()
400400
'<span class="sql-reserved">SELECT</span>' . '<br/>' .
401401
'&nbsp;&nbsp;&nbsp;&nbsp;<span class="sql-string">"Text"</span> <span class="sql-reserved">AS</span> bar',
402402
),
403+
'escape cli' => array(
404+
'query' => "select 'text\x1b[33mcolor-inj'",
405+
'text' =>
406+
'SELECT' . "\n" .
407+
" 'text\x1B[33mcolor-inj'",
408+
'cli' =>
409+
"\x1b[35mSELECT" . "\n" .
410+
" \x1b[91m'text\\x1B[33mcolor-inj'" . "\x1b[0m",
411+
'html' =>
412+
'<span class="sql-reserved">SELECT</span>' . '<br/>' .
413+
'&nbsp;&nbsp;&nbsp;&nbsp;<span class="sql-string">\'text'."\x1b[33m".'color-inj\'</span>',
414+
),
415+
'escape html' => array(
416+
'query' => "select '<s>xss' from `<s>xss` , <s>nxss /*s<s>xss*/",
417+
'text' =>
418+
'SELECT' . "\n" .
419+
' \'<s>xss\'' . "\n" .
420+
'FROM' . "\n" .
421+
' `<s>xss`,' . "\n" .
422+
' < s > nxss /*s<s>xss*/',
423+
'cli' =>
424+
"\x1b[35mSELECT" . "\n" .
425+
" \x1b[91m'<s>xss'" . "\n" .
426+
"\x1b[35mFROM" . "\n" .
427+
" \x1b[36m`<s>xss`\x1b[39m," . "\n" .
428+
" \x1b[39m< \x1b[39ms \x1b[39m> \x1b[39mnxss \x1b[37m/*s<s>xss*/" . "\x1b[0m",
429+
'html' =>
430+
'<span class="sql-reserved">SELECT</span>' . '<br/>' .
431+
'&nbsp;&nbsp;&nbsp;&nbsp;<span class="sql-string">\'&lt;s&gt;xss\'</span>' . '<br/>' .
432+
'<span class="sql-reserved">FROM</span>' . '<br/>' .
433+
'&nbsp;&nbsp;&nbsp;&nbsp;<span class="sql-variable">`&lt;s&gt;xss`</span>,<br/>&nbsp;&nbsp;&nbsp;&nbsp;&lt; s &gt; nxss <span class="sql-comment">/*s&lt;s&gt;xss*/</span>',
434+
),
403435
);
404436
}
405437

@@ -531,7 +563,7 @@ public function formatQueries()
531563
'&nbsp;&nbsp;&nbsp;&nbsp;<span class="sql-reserved">PRIMARY KEY</span>(<span class="sql-variable">`id`</span>)',
532564
array('type' => 'html'),
533565
),
534-
array(
566+
array( # Covered by 'escape html'
535567
"select '<s>xss' from `<s>xss` , <s>nxss /*s<s>xss*/",
536568
'<span class="sql-reserved">SELECT</span>' . '<br/>' .
537569
'&nbsp;&nbsp;&nbsp;&nbsp;<span class="sql-string">\'&lt;s&gt;xss\'</span>' . '<br/>' .

0 commit comments

Comments
 (0)