diff --git a/application/utils.inc.php b/application/utils.inc.php index 4a8c0e5b5..fe1405a37 100644 --- a/application/utils.inc.php +++ b/application/utils.inc.php @@ -359,6 +359,7 @@ class utils break; // For URL + /* @since 2.7.7, 3.0.2, 3.1.0 N°4899 */ case 'url': $retValue = filter_var($value, FILTER_SANITIZE_URL); break; diff --git a/test/application/UtilsTest.php b/test/application/UtilsTest.php index f2d671fad..1c800d57f 100644 --- a/test/application/UtilsTest.php +++ b/test/application/UtilsTest.php @@ -22,7 +22,7 @@ /** * @covers utils */ -class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase +class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopDataTestCase { public function testEndsWith() { @@ -441,4 +441,50 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase '2G' => ['2G', 2 * 1024 * 1024 * 1024], ]; } + + /** + * Test sanitizer. + * + * @param $type string type of sanitizer + * @param $valueToSanitize ? value to sanitize + * @param $expectedResult ? expected result + * + * @return void + * + * @dataProvider sanitizerDataProvider + */ + public function testSanitizer($type, $valueToSanitize, $expectedResult) + { + $this->assertEquals($expectedResult, utils::Sanitize($valueToSanitize, null, $type), 'url sanitize failed'); + } + + /** + * DataProvider for testSanitizer + * + * @return array + */ + public function sanitizerDataProvider() + { + return [ + 'good integer' => ['integer', '2565', '2565'], + 'bad integer' => ['integer', 'a2656', '2656'], + 'good class' => ['class', 'UserRequest', 'UserRequest'], + 'bad class' => ['class', 'MyUserRequest',null], + 'good string' => ['string', 'Is Peter smart and funny?', 'Is Peter smart and funny?'], + 'bad string' => ['string', 'Is Peter & funny?', 'Is Peter <smart> & funny?'], + 'good transaction_id' => ['transaction_id', '8965.-dd', '8965.-dd'], + 'bad transaction_id' => ['transaction_id', '8965.-dd+', null], + 'good parameter' => ['parameter', 'JU8965-dd=_', 'JU8965-dd=_'], + 'bad parameter' => ['parameter', '8965.-dd+', null], + 'good field_name' => ['field_name', 'Name->bUzz38', 'Name->bUzz38'], + 'bad field_name' => ['field_name', 'name-buzz', null], + 'good context_param' => ['context_param', '%dssD25_=%:+-', '%dssD25_=%:+-'], + 'bad context_param' => ['context_param', '%dssD,25_=%:+-', null], + 'good element_identifier' => ['element_identifier', 'AD05nb', 'AD05nb'], + 'bad element_identifier' => ['element_identifier', 'AD05nb+', 'AD05nb'], + 'good url' => ['url', 'https://www.w3schools.com', 'https://www.w3schools.com'], + 'bad url' => ['url', 'https://www.w3schoo��ls.co�m', 'https://www.w3schools.com'], + 'raw_data' => ['raw_data', '\s😃😃😃', '\s😃😃😃'], + ]; + } }