Spaces:
No application file
No application file
File size: 6,533 Bytes
d2897cd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
<?php
namespace Mautic\FormBundle\Tests\Helper;
use Mautic\CoreBundle\Translation\Translator;
use Mautic\FormBundle\Entity\Field;
use Mautic\FormBundle\Helper\FormFieldHelper;
use Symfony\Component\Validator\Validator\ValidatorInterface;
class FormFieldHelperTest extends \PHPUnit\Framework\TestCase
{
/**
* @var FormFieldHelper
*/
protected $fixture;
protected function setUp(): void
{
$translatorMock = $this->getMockBuilder(Translator::class)
->disableOriginalConstructor()
->getMock();
$validatorMock = $this->getMockBuilder(ValidatorInterface::class)
->disableOriginalConstructor()
->getMock();
$this->fixture = new FormFieldHelper($translatorMock, $validatorMock);
}
/**
* @dataProvider fieldProvider
*/
public function testPopulateField($field, $value, $formHtml, $expectedValue, $message): void
{
$this->fixture->populateField($field, $value, 'mautic', $formHtml);
$this->assertEquals($expectedValue, $formHtml, $message);
}
/**
* @return array
*/
public static function fieldProvider()
{
return [
[
self::getField('First Name', 'text'),
'%22%2F%3E%3Cscript%3Ealert%280%29%3C%2Fscript%3E',
'<input value="" id="mauticform_input_mautic_firstname" />',
'<input id="mauticform_input_mautic_firstname" value=""/>alert(0)" />',
'Tags should be stripped from textet field values submitted via GET to prevent XSS.',
],
[
self::getField('First Name', 'text'),
'%22%20onfocus=%22alert(123)',
'<input value="" id="mauticform_input_mautic_firstname" />',
'<input id="mauticform_input_mautic_firstname" value="" onfocus="alert(123)" />',
'Inline JS values should not be allowed via GET to prevent XSS.',
],
[
self::getField('Phone', 'tel'),
'+41 123 456 7890',
'<input value="" id="mauticform_input_mautic_phone" />',
'<input id="mauticform_input_mautic_phone" value="+41 123 456 7890" />',
'Phone number are populated properly',
],
[
self::getField('Description', 'textarea'),
'%22%2F%3E%3Cscript%3Ealert%280%29%3C%2Fscript%3E',
'<textarea id="mauticform_input_mautic_description"></textarea>',
'<textarea id="mauticform_input_mautic_description">"/>alert(0)</textarea>',
'Tags should be stripped from textarea field values submitted via GET to prevent XSS.',
],
[
self::getField('Description', 'textarea'),
'%22%20onfocus=%22alert(123)',
'<textarea id="mauticform_input_mautic_description"></textarea>',
'<textarea id="mauticform_input_mautic_description">" onfocus="alert(123)</textarea>',
'Tags should be stripped from textarea field values submitted via GET to prevent XSS.',
],
[
self::getField('Checkbox Single', 'checkboxgrp'),
'myvalue',
'<input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Single').'1" value="myvalue"/><input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Single').'2" value="notmyvalue"/>',
'<input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Single').'1" value="myvalue" checked /><input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Single').'2" value="notmyvalue"/>',
'Single value checkbox groups should have their values set appropriately via GET.',
],
[
self::getField('Checkbox Multi', 'checkboxgrp'),
'myvalue%7Calsomyvalue',
'<input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Multi').'1" value="myvalue"/><input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Multi').'2" value="alsomyvalue"/><input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Multi').'3" value="notmyvalue"/>',
'<input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Multi').'1" value="myvalue" checked /><input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Multi').'2" value="alsomyvalue" checked /><input id="mauticform_checkboxgrp_checkbox_'.self::getAliasFromName('Checkbox Multi').'3" value="notmyvalue"/>',
'Multi-value checkbox groups should have their values set appropriately via GET.',
],
[
self::getField('Radio Single', 'radiogrp'),
'myvalue',
'<input id="mauticform_radiogrp_radio_'.self::getAliasFromName('Radio Single').'1" value="myvalue"/><input id="mauticform_radiogrp_radio_'.self::getAliasFromName('Radio Single').'1" value="notmyvalue"/>',
'<input id="mauticform_radiogrp_radio_'.self::getAliasFromName('Radio Single').'1" value="myvalue" checked /><input id="mauticform_radiogrp_radio_'.self::getAliasFromName('Radio Single').'1" value="notmyvalue"/>',
'Single value radio groups should have their values set appropriately via GET.',
],
[
self::getField('Select', 'select'),
'myvalue',
'<select id="mauticform_input_mautic_select"><option value="myvalue">My Value</option></select>',
'<select id="mauticform_input_mautic_select"><option value="myvalue" selected="selected">My Value</option></select>',
'Select lists should have their values set appropriately via GET.',
],
];
}
/**
* @param string $name
* @param string $type
*
* @return Field
*/
protected static function getField($name, $type)
{
$field = new Field();
$field->setLabel($name);
$field->setAlias(self::getAliasFromName($name));
$field->setType($type);
return $field;
}
/**
* @param string $name
*
* @return string
*/
private static function getAliasFromName($name)
{
return strtolower(str_replace(' ', '', $name));
}
}
|