smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

2 small fixes for unit tests

Browse Source
This commit is contained in:
Simon Wisselink
2023-01-07 23:45:59 +01:00
parent e1d395e140
commit 861aafa92c
2 changed files with 33 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/UnitTests/SecurityTests/FunctionTest.php
View File

@@ -31,14 +31,8 @@ class FunctionTest extends PHPUnit_Smarty
public function testUnknownFunction()
{
$this->smarty->enableSecurity();
try {
$this->smarty->fetch('eval:{unknown()}');
}
catch (Exception $e) {
$this->assertStringContainsString("PHP function 'unknown' not allowed by security setting", $e->getMessage());
return;
}
$this->fail('Exception for unknown function has not been raised.');
$this->expectException(\Smarty\CompilerException::class);
$this->expectExceptionMessage('Cannot compile unknown function unknown');
$this->smarty->fetch('eval:{unknown()}');
}
}

59
tests/UnitTests/SecurityTests/SecurityTest.php
View File

@@ -62,9 +62,10 @@ class SecurityTest extends PHPUnit_Smarty
*/
public function testNotTrustedModifier()
{
$this->smarty->security_policy->disabled_modifiers[] = 'escape';
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('modifier \'sizeof\' not allowed by security setting');
@$this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{$foo|@sizeof}');
$this->expectExceptionMessage('modifier \'escape\' disabled by security setting');
@$this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{$foo|escape}');
}
/**
@@ -215,40 +216,40 @@ class SecurityTest extends PHPUnit_Smarty
$this->assertEquals('25', $this->smarty->fetch($tpl));
}
/**
* test not trusted PHP function
*
*
*/
public function testNotTrustedStaticClass()
{
/**
* test not trusted PHP function
*
*
*/
public function testNotTrustedStaticClass()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('access to static class \'mysecuritystaticclass\' not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{mysecuritystaticclass::square(5)}');
}
/**
* test not trusted PHP function
*/
public function testNotTrustedStaticClassEval()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('dynamic static class not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{$test = "mysecuritystaticclass"}{$test::square(5)}');
}
/**
* test not trusted PHP function
*/
public function testNotTrustedStaticClassEval()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('dynamic static class not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{$test = "mysecuritystaticclass"}{$test::square(5)}');
}
/**
* test not trusted PHP function
*/
public function testNotTrustedStaticClassSmartyVar()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('dynamic static class not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{$smarty.template_object::square(5)}');
}
/**
* test not trusted PHP function
*/
public function testNotTrustedStaticClassSmartyVar()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('dynamic static class not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{$smarty.template_object::square(5)}');
}
public function testChangedTrustedDirectory()
{