alert(50);'), 'alert(50);'),
array(htmlentities('This is some help text'), 'This is some help text'),
array(htmlentities('???'), '???'),
array(htmlentities('Foo FooPoo Poo'), 'Foo Fooalert(50);Poo Poo'),
array(htmlentities('I am trying to Bold this!'), 'I am trying to <b>Bold</b> this!'),
array(htmlentities(''), ''),
);
}
/**
* testPopulateFromPostWithXSSHelpField
* @dataProvider xssFields
* @param string $badXSS The bad XSS script
* @param string $expectedValue The expected output
*/
public function testPopulateFromPostWithXSSHelpField($badXSS, $expectedValue)
{
$tf = new Bug49939TemplateFieldMock();
$_REQUEST['help'] = $badXSS;
$tf->vardef_map = array('help'=>'help');
$tf->populateFromPost();
$this->assertEquals($expectedValue, $tf->help, 'Unable to remove XSS from help field');
}
}
require_once('modules/DynamicFields/templates/Fields/TemplateField.php');
class Bug49939TemplateFieldMock extends TemplateField {
public function applyVardefRules()
{
//no-opt function called at the end of populateFromPost method in TemplateField
}
}
?>