FilterSecurityTest.php 3.74 KB
Newer Older
1 2 3 4 5 6 7 8 9
<?php

/**
 * @file
 * Definition of Drupal\filter\Tests\FilterSecurityTest.
 */

namespace Drupal\filter\Tests;

10
use Drupal\Core\Language\Language;
11 12 13 14 15 16
use Drupal\simpletest\WebTestBase;

/**
 * Security tests for missing/vanished text formats or filters.
 */
class FilterSecurityTest extends WebTestBase {
17 18 19 20 21 22

  /**
   * Modules to enable.
   *
   * @var array
   */
23
  public static $modules = array('node', 'filter_test');
24

25 26 27 28 29 30 31
  /**
   * A user with administrative permissions.
   *
   * @var object
   */
  protected $admin_user;

32 33 34
  public static function getInfo() {
    return array(
      'name' => 'Security',
35
      'description' => 'Test the behavior of check_markup() when a filter or text format vanishes, or when check_markup() is called in such a way that it is instructed to skip all filters of the "FILTER_TYPE_HTML_RESTRICTOR" type.',
36 37 38 39 40
      'group' => 'Filter',
    );
  }

  function setUp() {
41
    parent::setUp();
42 43 44 45 46

    // Create Basic page node type.
    $this->drupalCreateContentType(array('type' => 'page', 'name' => 'Basic page'));

    // Create Filtered HTML format.
47
    $filtered_html_format = entity_create('filter_format', array(
48 49
      'format' => 'filtered_html',
      'name' => 'Filtered HTML',
50 51 52 53 54 55
      'filters' => array(
        // Note that the filter_html filter is of the type FILTER_TYPE_HTML_RESTRICTOR.
        'filter_html' => array(
          'status' => 1,
        ),
      )
56 57
    ));
    $filtered_html_format->save();
58

59
    $filtered_html_permission = $filtered_html_format->getPermissionName();
60 61 62 63 64 65 66
    user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array($filtered_html_permission));

    $this->admin_user = $this->drupalCreateUser(array('administer modules', 'administer filters', 'administer site configuration'));
    $this->drupalLogin($this->admin_user);
  }

  /**
67 68 69 70
   * Tests removal of filtered content when an active filter is disabled.
   *
   * Tests that filtered content is emptied when an actively used filter module
   * is disabled.
71 72 73 74
   */
  function testDisableFilterModule() {
    // Create a new node.
    $node = $this->drupalCreateNode(array('promote' => 1));
75 76
    $body_raw = $node->body->value;
    $format_id = $node->body->format;
77
    $this->drupalGet('node/' . $node->id());
78
    $this->assertText($body_raw, 'Node body found.');
79 80 81 82 83

    // Enable the filter_test_replace filter.
    $edit = array(
      'filters[filter_test_replace][status]' => 1,
    );
84
    $this->drupalPostForm('admin/config/content/formats/manage/' . $format_id, $edit, t('Save configuration'));
85 86

    // Verify that filter_test_replace filter replaced the content.
87
    $this->drupalGet('node/' . $node->id());
88 89
    $this->assertNoText($body_raw, 'Node body not found.');
    $this->assertText('Filter: Testing filter', 'Testing filter output found.');
90 91

    // Disable the text format entirely.
92
    $this->drupalPostForm('admin/config/content/formats/manage/' . $format_id . '/disable', array(), t('Disable'));
93 94

    // Verify that the content is empty, because the text format does not exist.
95
    $this->drupalGet('node/' . $node->id());
96
    $this->assertNoText($body_raw, 'Node body not found.');
97
  }
98 99 100 101 102 103 104 105 106 107

  /**
   * Tests that security filters are enforced even when marked to be skipped.
   */
  function testSkipSecurityFilters() {
    $text = "Text with some disallowed tags: <script />, <em><object>unicorn</object></em>, <i><table></i>.";
    $expected_filtered_text = "Text with some disallowed tags: , <em>unicorn</em>, .";
    $this->assertEqual(check_markup($text, 'filtered_html', '', FALSE, array()), $expected_filtered_text, 'Expected filter result.');
    $this->assertEqual(check_markup($text, 'filtered_html', '', FALSE, array(FILTER_TYPE_HTML_RESTRICTOR)), $expected_filtered_text, 'Expected filter result, even when trying to disable filters of the FILTER_TYPE_HTML_RESTRICTOR type.');
  }
108
}