''], '/^
getContent()); if (!empty($regexp)) { $this->assertMatchesRegularExpression($regexp, $response->getContent()); } } /** * callMediaupload must normalize the namespace with cleanID() before it is used. * * regression test for XSS reflection and passing unclened data to the ACL check */ public function test_mediaupload_reflects_cleaned_namespace() { $request = new TestRequest(); $response = $request->post( ['call' => 'mediaupload', 'ns' => 'Foo">'], '/lib/exe/ajax.php' ); $result = json_decode($response->getContent(), true); $this->assertIsArray($result); $this->assertSame( 'foo_script_x_script', $result['ns'], 'the raw namespace must be cleaned before it is used' ); } public function test_CallNotProvided() { $request = new TestRequest(); $response = $request->post([], '/lib/exe/ajax.php'); $this->assertEquals('', $response->getContent()); } public function test_UnknownCall() { $call = 'unknownCALL'; $request = new TestRequest(); $response = $request->post(['call'=> $call], '/lib/exe/ajax.php'); $this->assertEquals("AJAX call '$call' unknown!\n", $response->getContent()); } public function test_EventOnUnknownCall() { global $EVENT_HANDLER; $call = 'unknownCALL'; $request = new TestRequest(); // referenced data from event hook $hookTriggered = false; $eventDataTriggered = ''; $dataTriggered = ''; $postTriggered = ''; $hookTriggered_AFTER = false; $eventDataTriggered_AFTER = ''; $dataTriggered_AFTER = ''; $postTriggered_AFTER = ''; $EVENT_HANDLER->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', null, function($event, $data) use (&$hookTriggered, &$dataTriggered, &$eventDataTriggered, &$postTriggered) { /** @var Doku_Event $event */ $hookTriggered = true; $dataTriggered = $data; $eventDataTriggered = $event->data; $postTriggered = $GLOBALS['INPUT']->post->str('q'); $event->preventDefault(); $event->stopPropagation(); echo "captured event BEFORE\n"; }, 'some passed data' ); $EVENT_HANDLER->register_hook('AJAX_CALL_UNKNOWN', 'AFTER', null, function($event, $data) use (&$hookTriggered_AFTER , &$dataTriggered_AFTER , &$eventDataTriggered_AFTER , &$postTriggered_AFTER ) { /** @var Doku_Event $event */ $hookTriggered_AFTER = true; $dataTriggered_AFTER = $data; $eventDataTriggered_AFTER = $event->data; $postTriggered_AFTER = $GLOBALS['INPUT']->post->str('q'); $event->preventDefault(); $event->stopPropagation(); echo "captured event AFTER"; }, 'some passed data AFTER' ); $response = $request->post(['call'=> $call, 'q' => 'some-post-param'], '/lib/exe/ajax.php'); // BEFORE $this->assertEquals(true, $hookTriggered, 'Testing plugin did not trigger!'); $this->assertEquals('some passed data', $dataTriggered); $this->assertEquals($call, $eventDataTriggered, 'Must pass call name as event data'); $this->assertEquals('some-post-param', $postTriggered); // AFTER $this->assertEquals(true, $hookTriggered_AFTER, 'Testing plugin did not trigger!'); $this->assertEquals('some passed data AFTER', $dataTriggered_AFTER); $this->assertEquals($call, $eventDataTriggered_AFTER, 'Must pass call name as event data'); $this->assertEquals('some-post-param', $postTriggered_AFTER); //output $this->assertEquals("captured event BEFORE\ncaptured event AFTER", $response->getContent()); } }