diff options
| author | Damian Dlugosz <bigfootdd@gmail.com> | 2017-01-26 22:43:47 +0100 |
|---|---|---|
| committer | Damian Dlugosz <bigfootdd@gmail.com> | 2017-02-01 23:33:23 +0100 |
| commit | 9dde9b870b737b62d48250d8935e3c577b008556 (patch) | |
| tree | a0e36e042ac8343a63f538317f25870fbbbc4f11 /tests/Utils/FormatterTest.php | |
| parent | ac5d4b119b4372673f5192f05a94109b7112edab (diff) | |
| download | sql-parser-9dde9b870b737b62d48250d8935e3c577b008556.zip sql-parser-9dde9b870b737b62d48250d8935e3c577b008556.tar.gz sql-parser-9dde9b870b737b62d48250d8935e3c577b008556.tar.bz2 | |
Testing escaping cli and escaping html
Diffstat (limited to 'tests/Utils/FormatterTest.php')
| -rw-r--r-- | tests/Utils/FormatterTest.php | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/tests/Utils/FormatterTest.php b/tests/Utils/FormatterTest.php index ca867af..b2429d2 100644 --- a/tests/Utils/FormatterTest.php +++ b/tests/Utils/FormatterTest.php @@ -235,13 +235,13 @@ class FormatTest extends TestCase public function testFormat_new($query, $text, $cli, $html, array $options = array()) { // Test TEXT format - $this->assertEquals($text, Formatter::format($query, array('type' => 'text') + $options)); + $this->assertEquals($text, Formatter::format($query, array('type' => 'text') + $options), 'Text formatting failed.'); // Test CLI format - $this->assertEquals($cli, Formatter::format($query, array('type' => 'cli') + $options)); + $this->assertEquals($cli, Formatter::format($query, array('type' => 'cli') + $options), 'CLI formatting failed.'); // Test HTML format - $this->assertEquals($html, Formatter::format($query, array('type' => 'html') + $options)); + $this->assertEquals($html, Formatter::format($query, array('type' => 'html') + $options), 'HTML formatting failed.'); } public function formatQueries_new() @@ -400,6 +400,38 @@ class FormatTest extends TestCase '<span class="sql-reserved">SELECT</span>' . '<br/>' . ' <span class="sql-string">"Text"</span> <span class="sql-reserved">AS</span> bar', ), + 'escape cli' => array( + 'query' => "select 'text\x1b[33mcolor-inj'", + 'text' => + 'SELECT' . "\n" . + " 'text\x1B[33mcolor-inj'", + 'cli' => + "\x1b[35mSELECT" . "\n" . + " \x1b[91m'text\\x1B[33mcolor-inj'" . "\x1b[0m", + 'html' => + '<span class="sql-reserved">SELECT</span>' . '<br/>' . + ' <span class="sql-string">\'text'."\x1b[33m".'color-inj\'</span>', + ), + 'escape html' => array( + 'query' => "select '<s>xss' from `<s>xss` , <s>nxss /*s<s>xss*/", + 'text' => + 'SELECT' . "\n" . + ' \'<s>xss\'' . "\n" . + 'FROM' . "\n" . + ' `<s>xss`,' . "\n" . + ' < s > nxss /*s<s>xss*/', + 'cli' => + "\x1b[35mSELECT" . "\n" . + " \x1b[91m'<s>xss'" . "\n" . + "\x1b[35mFROM" . "\n" . + " \x1b[36m`<s>xss`\x1b[39m," . "\n" . + " \x1b[39m< \x1b[39ms \x1b[39m> \x1b[39mnxss \x1b[37m/*s<s>xss*/" . "\x1b[0m", + 'html' => + '<span class="sql-reserved">SELECT</span>' . '<br/>' . + ' <span class="sql-string">\'<s>xss\'</span>' . '<br/>' . + '<span class="sql-reserved">FROM</span>' . '<br/>' . + ' <span class="sql-variable">`<s>xss`</span>,<br/> < s > nxss <span class="sql-comment">/*s<s>xss*/</span>', + ), ); } @@ -531,7 +563,7 @@ class FormatTest extends TestCase ' <span class="sql-reserved">PRIMARY KEY</span>(<span class="sql-variable">`id`</span>)', array('type' => 'html'), ), - array( + array( # Covered by 'escape html' "select '<s>xss' from `<s>xss` , <s>nxss /*s<s>xss*/", '<span class="sql-reserved">SELECT</span>' . '<br/>' . ' <span class="sql-string">\'<s>xss\'</span>' . '<br/>' . |