diff --git a/tests/UnitTests/SecurityTests/FunctionTest.php b/tests/UnitTests/SecurityTests/FunctionTest.php index b5257981..6c74e398 100644 --- a/tests/UnitTests/SecurityTests/FunctionTest.php +++ b/tests/UnitTests/SecurityTests/FunctionTest.php @@ -31,14 +31,8 @@ class FunctionTest extends PHPUnit_Smarty public function testUnknownFunction() { $this->smarty->enableSecurity(); - try { - $this->smarty->fetch('eval:{unknown()}'); - } - catch (Exception $e) { - $this->assertStringContainsString("PHP function 'unknown' not allowed by security setting", $e->getMessage()); - - return; - } - $this->fail('Exception for unknown function has not been raised.'); + $this->expectException(\Smarty\CompilerException::class); + $this->expectExceptionMessage('Cannot compile unknown function unknown'); + $this->smarty->fetch('eval:{unknown()}'); } } diff --git a/tests/UnitTests/SecurityTests/SecurityTest.php b/tests/UnitTests/SecurityTests/SecurityTest.php index ab560c4c..d70f7e5e 100644 --- a/tests/UnitTests/SecurityTests/SecurityTest.php +++ b/tests/UnitTests/SecurityTests/SecurityTest.php @@ -62,9 +62,10 @@ class SecurityTest extends PHPUnit_Smarty */ public function testNotTrustedModifier() { + $this->smarty->security_policy->disabled_modifiers[] = 'escape'; $this->expectException(\Smarty\Exception::class); - $this->expectExceptionMessage('modifier \'sizeof\' not allowed by security setting'); - @$this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{$foo|@sizeof}'); + $this->expectExceptionMessage('modifier \'escape\' disabled by security setting'); + @$this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{$foo|escape}'); } /** @@ -215,40 +216,40 @@ class SecurityTest extends PHPUnit_Smarty $this->assertEquals('25', $this->smarty->fetch($tpl)); } - /** - * test not trusted PHP function - * - * - */ - public function testNotTrustedStaticClass() - { + /** + * test not trusted PHP function + * + * + */ + public function testNotTrustedStaticClass() + { $this->expectException(\Smarty\Exception::class); $this->expectExceptionMessage('access to static class \'mysecuritystaticclass\' not allowed by security setting'); $this->smarty->security_policy->static_classes = array('null'); $this->smarty->fetch('string:{mysecuritystaticclass::square(5)}'); } - /** - * test not trusted PHP function - */ - public function testNotTrustedStaticClassEval() - { - $this->expectException(\Smarty\Exception::class); - $this->expectExceptionMessage('dynamic static class not allowed by security setting'); - $this->smarty->security_policy->static_classes = array('null'); - $this->smarty->fetch('string:{$test = "mysecuritystaticclass"}{$test::square(5)}'); - } + /** + * test not trusted PHP function + */ + public function testNotTrustedStaticClassEval() + { + $this->expectException(\Smarty\Exception::class); + $this->expectExceptionMessage('dynamic static class not allowed by security setting'); + $this->smarty->security_policy->static_classes = array('null'); + $this->smarty->fetch('string:{$test = "mysecuritystaticclass"}{$test::square(5)}'); + } - /** - * test not trusted PHP function - */ - public function testNotTrustedStaticClassSmartyVar() - { - $this->expectException(\Smarty\Exception::class); - $this->expectExceptionMessage('dynamic static class not allowed by security setting'); - $this->smarty->security_policy->static_classes = array('null'); - $this->smarty->fetch('string:{$smarty.template_object::square(5)}'); - } + /** + * test not trusted PHP function + */ + public function testNotTrustedStaticClassSmartyVar() + { + $this->expectException(\Smarty\Exception::class); + $this->expectExceptionMessage('dynamic static class not allowed by security setting'); + $this->smarty->security_policy->static_classes = array('null'); + $this->smarty->fetch('string:{$smarty.template_object::square(5)}'); + } public function testChangedTrustedDirectory() {