2 /*********************************************************************************
3 * SugarCRM Community Edition is a customer relationship management program developed by
4 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6 * This program is free software; you can redistribute it and/or modify it under
7 * the terms of the GNU Affero General Public License version 3 as published by the
8 * Free Software Foundation with the addition of the following permission added
9 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
11 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
13 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
18 * You should have received a copy of the GNU Affero General Public License along with
19 * this program; if not, see http://www.gnu.org/licenses or write to the Free
20 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
24 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
26 * The interactive user interfaces in modified source and object code versions
27 * of this program must display Appropriate Legal Notices, as required under
28 * Section 5 of the GNU Affero General Public License version 3.
30 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31 * these Appropriate Legal Notices must retain the display of the "Powered by
32 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
33 * technical reasons, the Appropriate Legal Notices must display the words
34 * "Powered by SugarCRM".
35 ********************************************************************************/
39 require_once 'include/utils.php';
42 This unit test simulates cleaning the key values in a POST/REQUEST when mbstring.encoding_translation is on.
43 When you turn on mbstring.encoding_translation in php.ini, it's supposed to translate the characters in the POST array during an http request.
44 It's not supposed to touch the key names though. This test is for the code that cleans those key names
46 class Bug47522Test extends Sugar_PHPUnit_Framework_TestCase
49 var $orig_ini_encoding_val;
50 public function setUp()
52 $this->orig_ini_encoding_val = ini_get('mbstring.encoding_translation');
54 //set http translation on
55 ini_set('mbstring.encoding_translation',1);
59 public function tearDown()
61 //set back value of ini setting
62 ini_set('mbstring.encoding_translation',$this->orig_ini_encoding_val);
64 unset($this->orig_ini_encoding_val);
67 public function testEncodedKeyCleaning()
71 //continue this test only if encoding_translation is turned on.
72 if(ini_get('mbstring.encoding_translation')==='1'){
73 //inject bad string into request
74 $key = "'you'shall'not'pass!";
75 $val = ' must.. not.. die..';
76 $_REQUEST[$key] = $val;
78 //assert the key is in the request object
79 $this->assertsame($_REQUEST[$key], $val, 'request key was not set, rest of test is invalid');
81 //clean the string, it should fail but since encoding translation is on, it should only remove the
82 //key from request object
83 securexsskey($key,false);
85 //assert the key is no longer in request
86 $this->assertNotContains($key,$_REQUEST,'Key should not hav passed xss security check, but still exists in request, this is wrong.');
89 //encoding_translation is turned off, this test will not work, so let's skip it
90 $this->markTestSkipped('mbstring.encoding_translation is turned off, mark as skipped for now.');
projects / Github / sugarcrm.git / blob