diff options
Diffstat (limited to 'tests')
31 files changed, 1226 insertions, 455 deletions
diff --git a/tests/Framework/BaseReplacer.php b/tests/Framework/BaseReplacer.php new file mode 100644 index 000000000..e00b9e5eb --- /dev/null +++ b/tests/Framework/BaseReplacer.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_base_replacer class + * + * @package Tests + */ +class Framework_BaseReplacer extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_base_replacer('test'); + + $this->assertInstanceOf('rcube_base_replacer', $object, "Class constructor"); + } +} diff --git a/tests/Framework/Browser.php b/tests/Framework/Browser.php new file mode 100644 index 000000000..c3860d8a3 --- /dev/null +++ b/tests/Framework/Browser.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_browser class + * + * @package Tests + */ +class Framework_Browser extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_browser(); + + $this->assertInstanceOf('rcube_browser', $object, "Class constructor"); + } +} diff --git a/tests/Framework/Cache.php b/tests/Framework/Cache.php new file mode 100644 index 000000000..dc026a634 --- /dev/null +++ b/tests/Framework/Cache.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_cache class + * + * @package Tests + */ +class Framework_Cache extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_cache('db', 1); + + $this->assertInstanceOf('rcube_cache', $object, "Class constructor"); + } +} diff --git a/tests/Framework/Charset.php b/tests/Framework/Charset.php new file mode 100644 index 000000000..9e3fad4d3 --- /dev/null +++ b/tests/Framework/Charset.php @@ -0,0 +1,28 @@ +<?php + +/** + * Test class to test rcube_charset class + * + * @package Tests + */ +class Framework_Charset extends PHPUnit_Framework_TestCase +{ + + /** + * Data for test_clean() + */ + function data_clean() + { + return array( + array('', '', 'Empty string'), + ); + } + + /** + * @dataProvider data_clean + */ + function test_clean($input, $output, $title) + { + $this->assertEquals(rcube_charset::clean($input), $output, $title); + } +} diff --git a/tests/Framework/ContentFilter.php b/tests/Framework/ContentFilter.php new file mode 100644 index 000000000..9bee9368b --- /dev/null +++ b/tests/Framework/ContentFilter.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_content_filter class + * + * @package Tests + */ +class Framework_ContentFilter extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_content_filter(); + + $this->assertInstanceOf('rcube_content_filter', $object, "Class constructor"); + } +} diff --git a/tests/Framework/Html.php b/tests/Framework/Html.php new file mode 100644 index 000000000..8a27baca8 --- /dev/null +++ b/tests/Framework/Html.php @@ -0,0 +1,46 @@ +<?php + +/** + * Test class to test rcube_html class + * + * @package Tests + */ +class Framework_Html extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new html; + + $this->assertInstanceOf('html', $object, "Class constructor"); + } + + /** + * Data for test_quote() + */ + function data_quote() + { + return array( + array('abc', 'abc'), + array('?', '?'), + array('"', '"'), + array('<', '<'), + array('>', '>'), + array('&', '&'), + array('&', '&amp;'), + array('&', '&', true), + ); + } + + /** + * Test for quote() + * @dataProvider data_quote + */ + function test_quote($str, $result, $validate = false) + { + $this->assertEquals(html::quote($str, $validate), $result); + } +} diff --git a/tests/Framework/Image.php b/tests/Framework/Image.php new file mode 100644 index 000000000..31e852042 --- /dev/null +++ b/tests/Framework/Image.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_image class + * + * @package Tests + */ +class Framework_Image extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_image('test'); + + $this->assertInstanceOf('rcube_image', $object, "Class constructor"); + } +} diff --git a/tests/Framework/Imap.php b/tests/Framework/Imap.php new file mode 100644 index 000000000..3f52e07be --- /dev/null +++ b/tests/Framework/Imap.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_imap class + * + * @package Tests + */ +class Framework_Imap extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_imap; + + $this->assertInstanceOf('rcube_imap', $object, "Class constructor"); + } +} diff --git a/tests/Framework/ImapGeneric.php b/tests/Framework/ImapGeneric.php new file mode 100644 index 000000000..0b2cc3d53 --- /dev/null +++ b/tests/Framework/ImapGeneric.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_imap_generic class + * + * @package Tests + */ +class Framework_ImapGeneric extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_imap_generic; + + $this->assertInstanceOf('rcube_imap_generic', $object, "Class constructor"); + } +} diff --git a/tests/Framework/MessageHeader.php b/tests/Framework/MessageHeader.php new file mode 100644 index 000000000..e5bc1752f --- /dev/null +++ b/tests/Framework/MessageHeader.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_message_header class + * + * @package Tests + */ +class Framework_MessageHeader extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_message_header; + + $this->assertInstanceOf('rcube_message_header', $object, "Class constructor"); + } +} diff --git a/tests/Framework/MessagePart.php b/tests/Framework/MessagePart.php new file mode 100644 index 000000000..deb426024 --- /dev/null +++ b/tests/Framework/MessagePart.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_message_part class + * + * @package Tests + */ +class Framework_MessagePart extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_message_part; + + $this->assertInstanceOf('rcube_message_part', $object, "Class constructor"); + } +} diff --git a/tests/Framework/Mime.php b/tests/Framework/Mime.php new file mode 100644 index 000000000..dcd55992a --- /dev/null +++ b/tests/Framework/Mime.php @@ -0,0 +1,123 @@ +<?php + +/** + * Test class to test rcube_mime class + * + * @package Tests + */ +class Framework_Mime extends PHPUnit_Framework_TestCase +{ + + /** + * Test decoding of single e-mail address strings + * Uses rcube_mime::decode_address_list() + */ + function test_decode_single_address() + { + $headers = array( + 0 => 'test@domain.tld', + 1 => '<test@domain.tld>', + 2 => 'Test <test@domain.tld>', + 3 => 'Test Test <test@domain.tld>', + 4 => 'Test Test<test@domain.tld>', + 5 => '"Test Test" <test@domain.tld>', + 6 => '"Test Test"<test@domain.tld>', + 7 => '"Test \\" Test" <test@domain.tld>', + 8 => '"Test<Test" <test@domain.tld>', + 9 => '=?ISO-8859-1?B?VGVzdAo=?= <test@domain.tld>', + 10 => '=?ISO-8859-1?B?VGVzdAo=?=<test@domain.tld>', // #1487068 + // comments in address (#1487673) + 11 => 'Test (comment) <test@domain.tld>', + 12 => '"Test" (comment) <test@domain.tld>', + 13 => '"Test (comment)" (comment) <test@domain.tld>', + 14 => '(comment) <test@domain.tld>', + 15 => 'Test <test@(comment)domain.tld>', + 16 => 'Test Test ((comment)) <test@domain.tld>', + 17 => 'test@domain.tld (comment)', + 18 => '"Test,Test" <test@domain.tld>', + // 1487939 + 19 => 'Test <"test test"@domain.tld>', + 20 => '<"test test"@domain.tld>', + 21 => '"test test"@domain.tld', + ); + + $results = array( + 0 => array(1, '', 'test@domain.tld'), + 1 => array(1, '', 'test@domain.tld'), + 2 => array(1, 'Test', 'test@domain.tld'), + 3 => array(1, 'Test Test', 'test@domain.tld'), + 4 => array(1, 'Test Test', 'test@domain.tld'), + 5 => array(1, 'Test Test', 'test@domain.tld'), + 6 => array(1, 'Test Test', 'test@domain.tld'), + 7 => array(1, 'Test " Test', 'test@domain.tld'), + 8 => array(1, 'Test<Test', 'test@domain.tld'), + 9 => array(1, 'Test', 'test@domain.tld'), + 10 => array(1, 'Test', 'test@domain.tld'), + 11 => array(1, 'Test', 'test@domain.tld'), + 12 => array(1, 'Test', 'test@domain.tld'), + 13 => array(1, 'Test (comment)', 'test@domain.tld'), + 14 => array(1, '', 'test@domain.tld'), + 15 => array(1, 'Test', 'test@domain.tld'), + 16 => array(1, 'Test Test', 'test@domain.tld'), + 17 => array(1, '', 'test@domain.tld'), + 18 => array(1, 'Test,Test', 'test@domain.tld'), + 19 => array(1, 'Test', '"test test"@domain.tld'), + 20 => array(1, '', '"test test"@domain.tld'), + 21 => array(1, '', '"test test"@domain.tld'), + ); + + foreach ($headers as $idx => $header) { + $res = rcube_mime::decode_address_list($header); + + $this->assertEquals($results[$idx][0], count($res), "Rows number in result for header: " . $header); + $this->assertEquals($results[$idx][1], $res[1]['name'], "Name part decoding for header: " . $header); + $this->assertEquals($results[$idx][2], $res[1]['mailto'], "Email part decoding for header: " . $header); + } + } + + /** + * Test decoding of header values + * Uses rcube_mime::decode_mime_string() + */ + function test_header_decode_qp() + { + $test = array( + // #1488232: invalid character "?" + 'quoted-printable (1)' => array( + 'in' => '=?utf-8?Q?Certifica=C3=A7=C3=A3??=', + 'out' => 'Certifica=C3=A7=C3=A3?', + ), + 'quoted-printable (2)' => array( + 'in' => '=?utf-8?Q?Certifica=?= =?utf-8?Q?C3=A7=C3=A3?=', + 'out' => 'Certifica=C3=A7=C3=A3', + ), + 'quoted-printable (3)' => array( + 'in' => '=?utf-8?Q??= =?utf-8?Q??=', + 'out' => '', + ), + 'quoted-printable (4)' => array( + 'in' => '=?utf-8?Q??= a =?utf-8?Q??=', + 'out' => ' a ', + ), + 'quoted-printable (5)' => array( + 'in' => '=?utf-8?Q?a?= =?utf-8?Q?b?=', + 'out' => 'ab', + ), + 'quoted-printable (6)' => array( + 'in' => '=?utf-8?Q? ?= =?utf-8?Q?a?=', + 'out' => ' a', + ), + 'quoted-printable (7)' => array( + 'in' => '=?utf-8?Q?___?= =?utf-8?Q?a?=', + 'out' => ' a', + ), + ); + + foreach ($test as $idx => $item) { + $res = rcube_mime::decode_mime_string($item['in'], 'UTF-8'); + $res = quoted_printable_encode($res); + + $this->assertEquals($item['out'], $res, "Header decoding for: " . $idx); + } + } +} diff --git a/tests/Framework/Rcube.php b/tests/Framework/Rcube.php new file mode 100644 index 000000000..637558dc9 --- /dev/null +++ b/tests/Framework/Rcube.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube class + * + * @package Tests + */ +class Framework_Rcube extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = rcube::get_instance(); + + $this->assertInstanceOf('rcube', $object, "Class singleton"); + } +} diff --git a/tests/Framework/ResultIndex.php b/tests/Framework/ResultIndex.php new file mode 100644 index 000000000..efbba6da7 --- /dev/null +++ b/tests/Framework/ResultIndex.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_result_index class + * + * @package Tests + */ +class Framework_ResultIndex extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_result_index; + + $this->assertInstanceOf('rcube_result_index', $object, "Class constructor"); + } +} diff --git a/tests/Framework/ResultSet.php b/tests/Framework/ResultSet.php new file mode 100644 index 000000000..2d04e53c0 --- /dev/null +++ b/tests/Framework/ResultSet.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_result_set class + * + * @package Tests + */ +class Framework_ResultSet extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_result_set; + + $this->assertInstanceOf('rcube_result_set', $object, "Class constructor"); + } +} diff --git a/tests/Framework/ResultThread.php b/tests/Framework/ResultThread.php new file mode 100644 index 000000000..f980845cc --- /dev/null +++ b/tests/Framework/ResultThread.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_result_thread class + * + * @package Tests + */ +class Framework_ResultThread extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_result_thread; + + $this->assertInstanceOf('rcube_result_thread', $object, "Class constructor"); + } +} diff --git a/tests/Framework/Shared.php b/tests/Framework/Shared.php new file mode 100644 index 000000000..99ef829da --- /dev/null +++ b/tests/Framework/Shared.php @@ -0,0 +1,204 @@ +<?php + +/** + * Test class to test rcube_shared functions + * + * @package Tests + */ +class Framework_Shared extends PHPUnit_Framework_TestCase +{ + + /** + * rcube_shared.inc: in_array_nocase() + */ + function test_in_array_nocase() + { + $haystack = array('Test'); + $needle = 'test'; + $result = in_array_nocase($needle, $haystack); + + $this->assertTrue($result, $title); + + $result = in_array_nocase($needle, null); + + $this->assertFalse($result, $title); + } + + /** + * rcube_shared.inc: get_boolean() + */ + function test_get_boolean() + { + $input = array( + false, 'false', '0', 'no', 'off', 'nein', 'FALSE', '', null, + ); + + foreach ($input as $idx => $value) { + $this->assertFalse(get_boolean($value), "Invalid result for $idx test item"); + } + + $input = array( + true, 'true', '1', 1, 'yes', 'anything', 1000, + ); + + foreach ($input as $idx => $value) { + $this->assertTrue(get_boolean($value), "Invalid result for $idx test item"); + } + } + + /** + * rcube_shared.inc: parse_bytes() + */ + function test_parse_bytes() + { + $data = array( + '1' => 1, + '1024' => 1024, + '2k' => 2 * 1024, + '2 k' => 2 * 1024, + '2kb' => 2 * 1024, + '2kB' => 2 * 1024, + '2m' => 2 * 1048576, + '2 m' => 2 * 1048576, + '2mb' => 2 * 1048576, + '2mB' => 2 * 1048576, + '2g' => 2 * 1024 * 1048576, + '2 g' => 2 * 1024 * 1048576, + '2gb' => 2 * 1024 * 1048576, + '2gB' => 2 * 1024 * 1048576, + ); + + foreach ($data as $value => $expected) { + $result = parse_bytes($value); + $this->assertEquals($expected, $result, "Invalid parse_bytes() result for $value"); + } + } + + /** + * rcube_shared.inc: slashify() + */ + function test_slashify() + { + $data = array( + 'test' => 'test/', + 'test/' => 'test/', + '' => '/', + "\\" => "\\/", + ); + + foreach ($data as $value => $expected) { + $result = slashify($value); + $this->assertEquals($expected, $result, "Invalid slashify() result for $value"); + } + + } + + /** + * rcube_shared.inc: unslashify() + */ + function test_unslashify() + { + $data = array( + 'test' => 'test', + 'test/' => 'test', + '/' => '', + "\\/" => "\\", + 'test/test' => 'test/test', + 'test//' => 'test', + ); + + foreach ($data as $value => $expected) { + $result = unslashify($value); + $this->assertEquals($expected, $result, "Invalid unslashify() result for $value"); + } + + } + + /** + * rcube_shared.inc: get_offset_sec() + */ + function test_get_offset_sec() + { + $data = array( + '1s' => 1, + '1m' => 1 * 60, + '1h' => 1 * 60 * 60, + '1d' => 1 * 60 * 60 * 24, + '1w' => 1 * 60 * 60 * 24 * 7, + '1y' => (int) '1y', + 100 => 100, + '100' => 100, + ); + + foreach ($data as $value => $expected) { + $result = get_offset_sec($value); + $this->assertEquals($expected, $result, "Invalid get_offset_sec() result for $value"); + } + + } + + /** + * rcube_shared.inc: array_keys_recursive() + */ + function test_array_keys_recursive() + { + $input = array( + 'one' => array( + 'two' => array( + 'three' => array(), + 'four' => 'something', + ), + ), + 'five' => 'test', + ); + + $result = array_keys_recursive($input); + $input_str = 'one,two,three,four,five'; + $result_str = implode(',', $result); + + $this->assertEquals($input_str, $result_str, "Invalid array_keys_recursive() result"); + } + + /** + * rcube_shared.inc: format_email() + */ + function test_format_email() + { + $data = array( + '' => '', + 'test' => 'test', + 'test@test.tld' => 'test@test.tld', + 'test@[127.0.0.1]' => 'test@[127.0.0.1]', + 'TEST@TEST.TLD' => 'TEST@test.tld', + ); + + foreach ($data as $value => $expected) { + $result = format_email($value); + $this->assertEquals($expected, $result, "Invalid format_email() result for $value"); + } + + } + + /** + * rcube_shared.inc: format_email_recipient() + */ + function test_format_email_recipient() + { + $data = array( + '' => array(''), + 'test' => array('test'), + 'test@test.tld' => array('test@test.tld'), + 'test@[127.0.0.1]' => array('test@[127.0.0.1]'), + 'TEST@TEST.TLD' => array('TEST@TEST.TLD'), + 'TEST <test@test.tld>' => array('test@test.tld', 'TEST'), + '"TEST\"" <test@test.tld>' => array('test@test.tld', 'TEST"'), + ); + + foreach ($data as $expected => $value) { + $result = format_email_recipient($value[0], $value[1]); + $this->assertEquals($expected, $result, "Invalid format_email_recipient()"); + } + + } + +} diff --git a/tests/Framework/Smtp.php b/tests/Framework/Smtp.php new file mode 100644 index 000000000..4bd78d097 --- /dev/null +++ b/tests/Framework/Smtp.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_smtp class + * + * @package Tests + */ +class Framework_Smtp extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_smtp; + + $this->assertInstanceOf('rcube_smtp', $object, "Class constructor"); + } +} diff --git a/tests/Framework/Spellchecker.php b/tests/Framework/Spellchecker.php new file mode 100644 index 000000000..9c3e92ffd --- /dev/null +++ b/tests/Framework/Spellchecker.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_spellchecker class + * + * @package Tests + */ +class Framework_Spellchecker extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $object = new rcube_spellchecker; + + $this->assertInstanceOf('rcube_spellchecker', $object, "Class constructor"); + } +} diff --git a/tests/Framework/StringReplacer.php b/tests/Framework/StringReplacer.php new file mode 100644 index 000000000..11210c0da --- /dev/null +++ b/tests/Framework/StringReplacer.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_string_replacer class + * + * @package Tests + */ +class Framework_StringReplacer extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $sr = new rcube_string_replacer; + + $this->assertInstanceOf('rcube_string_replacer', $sr, "Class constructor"); + } +} diff --git a/tests/Framework/User.php b/tests/Framework/User.php new file mode 100644 index 000000000..3b1983c58 --- /dev/null +++ b/tests/Framework/User.php @@ -0,0 +1,20 @@ +<?php + +/** + * Test class to test rcube_user class + * + * @package Tests + */ +class Framework_User extends PHPUnit_Framework_TestCase +{ + + /** + * Class constructor + */ + function test_class() + { + $user = new rcube_user; + + $this->assertInstanceOf('rcube_user', $user, "Class constructor"); + } +} diff --git a/tests/Framework/Utils.php b/tests/Framework/Utils.php new file mode 100644 index 000000000..e58835956 --- /dev/null +++ b/tests/Framework/Utils.php @@ -0,0 +1,196 @@ +<?php + +/** + * Test class to test rcube_utils class + * + * @package Tests + */ +class Framework_Utils extends PHPUnit_Framework_TestCase +{ + + /** + * Valid email addresses for test_valid_email() + */ + function data_valid_email() + { + return array( + array('email@domain.com', 'Valid email'), + array('firstname.lastname@domain.com', 'Email contains dot in the address field'), + array('email@subdomain.domain.com', 'Email contains dot with subdomain'), + array('firstname+lastname@domain.com', 'Plus sign is considered valid character'), + array('email@[123.123.123.123]', 'Square bracket around IP address'), + array('email@[IPv6:::1]', 'Square bracket around IPv6 address (1)'), + array('email@[IPv6:::1.2.3.4]', 'Square bracket around IPv6 address (2)'), + array('email@[IPv6:2001:2d12:c4fe:5afe::1]', 'Square bracket around IPv6 address (3)'), + array('"email"@domain.com', 'Quotes around email is considered valid'), + array('1234567890@domain.com', 'Digits in address are valid'), + array('email@domain-one.com', 'Dash in domain name is valid'), + array('_______@domain.com', 'Underscore in the address field is valid'), + array('email@domain.name', '.name is valid Top Level Domain name'), + array('email@domain.co.jp', 'Dot in Top Level Domain name also considered valid (use co.jp as example here)'), + array('firstname-lastname@domain.com', 'Dash in address field is valid'), + ); + } + + /** + * Invalid email addresses for test_invalid_email() + */ + function data_invalid_email() + { + return array( + array('plainaddress', 'Missing @ sign and domain'), + array('#@%^%#$@#$@#.com', 'Garbage'), + array('@domain.com', 'Missing username'), + array('Joe Smith <email@domain.com>', 'Encoded html within email is invalid'), + array('email.domain.com', 'Missing @'), + array('email@domain@domain.com', 'Two @ sign'), + array('.email@domain.com', 'Leading dot in address is not allowed'), + array('email.@domain.com', 'Trailing dot in address is not allowed'), + array('email..email@domain.com', 'Multiple dots'), + array('あいうえお@domain.com', 'Unicode char as address'), + array('email@domain.com (Joe Smith)', 'Text followed email is not allowed'), + array('email@domain', 'Missing top level domain (.com/.net/.org/etc)'), + array('email@-domain.com', 'Leading dash in front of domain is invalid'), +// array('email@domain.web', '.web is not a valid top level domain'), + array('email@123.123.123.123', 'IP address without brackets'), + array('email@2001:2d12:c4fe:5afe::1', 'IPv6 address without brackets'), + array('email@IPv6:2001:2d12:c4fe:5afe::1', 'IPv6 address without brackets (2)'), + array('email@[111.222.333.44444]', 'Invalid IP format'), + array('email@[111.222.255.257]', 'Invalid IP format (2)'), + array('email@[.222.255.257]', 'Invalid IP format (3)'), + array('email@[::1]', 'Invalid IPv6 format (1)'), + array('email@[IPv6:2001:23x2:1]', 'Invalid IPv6 format (2)'), + array('email@[IPv6:1111:2222:33333::4444:5555]', 'Invalid IPv6 format (3)'), + array('email@[IPv6:1111::3333::4444:5555]', 'Invalid IPv6 format (4)'), + array('email@domain..com', 'Multiple dot in the domain portion is invalid'), + ); + } + + /** + * @dataProvider data_valid_email + */ + function test_valid_email($email, $title) + { + $this->assertTrue(rcube_utils::check_email($email, false), $title); + } + + /** + * @dataProvider data_invalid_email + */ + function test_invalid_email($email, $title) + { + $this->assertFalse(rcube_utils::check_email($email, false), $title); + } + + /** + * Valid IP addresses for test_valid_ip() + */ + function data_valid_ip() + { + return array( + array('0.0.0.0'), + array('123.123.123.123'), + array('::'), + array('::1'), + array('::1.2.3.4'), + array('2001:2d12:c4fe:5afe::1'), + ); + } + + /** + * Valid IP addresses for test_invalid_ip() + */ + function data_invalid_ip() + { + return array( + array(''), + array(0), + array('123.123.123.1234'), + array('1.1.1.1.1'), + array('::1.2.3.260'), + array('::1.0'), + array('2001::c4fe:5afe::1'), + ); + } + + /** + * @dataProvider data_valid_ip + */ + function test_valid_ip($ip) + { + $this->assertTrue(rcube_utils::check_ip($ip)); + } + + /** + * @dataProvider data_invalid_ip + */ + function test_invalid_ip($ip) + { + $this->assertFalse(rcube_utils::check_ip($ip)); + } + + /** + * Data for test_rep_specialchars_output() + */ + function data_rep_specialchars_output() + { + return array( + array('', '', 'abc', 'abc'), + array('', '', '?', '?'), + array('', '', '"', '"'), + array('', '', '<', '<'), + array('', '', '>', '>'), + array('', '', '&', '&'), + array('', '', '&', '&amp;'), + array('', '', '<a>', '<a>'), + array('', 'remove', '<a>', ''), + ); + } + + /** + * Test for rep_specialchars_output + * @dataProvider data_rep_specialchars_output + */ + function test_rep_specialchars_output($type, $mode, $str, $res) + { + $result = rcube_utils::rep_specialchars_output( + $str, $type ? $type : 'html', $mode ? $mode : 'strict'); + + $this->assertEquals($result, $res); + } + + /** + * rcube_utils::mod_css_styles() + */ + function test_mod_css_styles() + { + $css = file_get_contents(TESTS_DIR . 'src/valid.css'); + $mod = rcube_utils::mod_css_styles($css, 'rcmbody'); + + $this->assertRegExp('/#rcmbody\s+\{/', $mod, "Replace body style definition"); + $this->assertRegExp('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)"); + $this->assertRegExp('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)"); + $this->assertRegExp('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles"); + } + + /** + * rcube_utils::mod_css_styles() + */ + function test_mod_css_styles_xss() + { + $mod = rcube_utils::mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "No url() values allowed"); + + $mod = rcube_utils::mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "No import statements"); + + $mod = rcube_utils::mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "No expression properties"); + + $mod = rcube_utils::mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks"); + + $mod = rcube_utils::mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)"); + } +} diff --git a/tests/Framework/VCard.php b/tests/Framework/VCard.php new file mode 100644 index 000000000..a830c2cbc --- /dev/null +++ b/tests/Framework/VCard.php @@ -0,0 +1,59 @@ +<?php + +/** + * Unit tests for class rcube_vcard + * + * @package Tests + */ +class Framework_VCard extends PHPUnit_Framework_TestCase +{ + + function _srcpath($fn) + { + return realpath(dirname(__FILE__) . '/../src/' . $fn); + } + + function test_parse_one() + { + $vcard = new rcube_vcard(file_get_contents($this->_srcpath('apple.vcf'))); + + $this->assertTrue($vcard->business, "Identify as business record"); + $this->assertEquals("Apple Computer AG", $vcard->displayname, "FN => displayname"); + $this->assertEquals("", $vcard->firstname, "No person name set"); + } + + function test_parse_two() + { + $vcard = new rcube_vcard(file_get_contents($this->_srcpath('johndoe.vcf')), null); + + $this->assertFalse($vcard->business, "Identify as private record"); + $this->assertEquals("John Doë", $vcard->displayname, "Decode according to charset attribute"); + $this->assertEquals("roundcube.net", $vcard->organization, "Test organization field"); + $this->assertCount(2, $vcard->email, "List two e-mail addresses"); + $this->assertEquals("roundcube@gmail.com", $vcard->email[0], "Use PREF e-mail as primary"); + } + + function test_import() + { + $input = file_get_contents($this->_srcpath('apple.vcf')); + $input .= file_get_contents($this->_srcpath('johndoe.vcf')); + + $vcards = rcube_vcard::import($input); + + $this->assertCount(2, $vcards, "Detected 2 vcards"); + $this->assertEquals("Apple Computer AG", $vcards[0]->displayname, "FN => displayname"); + $this->assertEquals("John Doë", $vcards[1]->displayname, "Displayname with correct charset"); + + // http://trac.roundcube.net/ticket/1485542 + $vcards2 = rcube_vcard::import(file_get_contents($this->_srcpath('thebat.vcf'))); + $this->assertEquals("Iksiñski", $vcards2[0]->surname, "Detect charset in encoded values"); + } + + function test_encodings() + { + $input = file_get_contents($this->_srcpath('utf-16_sample.vcf')); + + $vcards = rcube_vcard::import($input); + $this->assertEquals("Ǽgean ĽdaMonté", $vcards[0]->displayname, "Decoded from UTF-16"); + } +} diff --git a/tests/html_to_text.php b/tests/HtmlToText.php index aabc1a800..b90c61adf 100644 --- a/tests/html_to_text.php +++ b/tests/HtmlToText.php @@ -5,18 +5,12 @@ * * @package Tests */ -class rcube_test_html2text extends UnitTestCase +class HtmlToText extends PHPUnit_Framework_TestCase { - function __construct() + function data_html2text() { - $this->UnitTestCase("HTML-to-Text conversion tests"); - - } - - function test_html2text() - { - $data = array( + return array( 0 => array( 'title' => 'Test entry', 'in' => '', @@ -48,14 +42,18 @@ class rcube_test_html2text extends UnitTestCase 'out' => 'Ś', ), ); + } + /** + * @dataProvider data_html2text + */ + function test_html2text($title, $in, $out) + { $ht = new html2text(null, false, false); - foreach ($data as $idx => $item) { - $ht->set_html($item['in']); - $res = $ht->get_text(); - $this->assertEqual($item['out'], $res, $item['title'] . "($idx)"); - } - } + $ht->set_html($in); + $res = $ht->get_text(); + $this->assertEquals($out, $res, $title); + } } diff --git a/tests/MailFunc.php b/tests/MailFunc.php new file mode 100644 index 000000000..967277c2a --- /dev/null +++ b/tests/MailFunc.php @@ -0,0 +1,172 @@ +<?php + +/** + * Test class to test steps/mail/func.inc functions + * + * @package Tests + */ +class MailFunc extends PHPUnit_Framework_TestCase +{ + + function setUp() + { + // simulate environment to successfully include func.inc + $GLOBALS['RCMAIL'] = $RCMAIL = rcmail::get_instance(); + $GLOBALS['OUTPUT'] = $OUTPUT = $RCMAIL->load_gui(); + $RCMAIL->action = 'autocomplete'; + $RCMAIL->storage_init(false); + + require_once INSTALL_PATH . 'program/steps/mail/func.inc'; + + $GLOBALS['EMAIL_ADDRESS_PATTERN'] = $EMAIL_ADDRESS_PATTERN; + } + + /** + * Helper method to create a HTML message part object + */ + function get_html_part($body) + { + $part = new rcube_message_part; + $part->ctype_primary = 'text'; + $part->ctype_secondary = 'html'; + $part->body = file_get_contents(TESTS_DIR . $body); + $part->replaces = array(); + return $part; + } + + + /** + * Test sanitization of a "normal" html message + */ + function test_html() + { + $part = $this->get_html_part('src/htmlbody.txt'); + $part->replaces = array('ex1.jpg' => 'part_1.2.jpg', 'ex2.jpg' => 'part_1.2.jpg'); + + // render HTML in normal mode + $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo'); + + $this->assertRegExp('/src="'.$part->replaces['ex1.jpg'].'"/', $html, "Replace reference to inline image"); + $this->assertRegExp('#background="./program/resources/blocked.gif"#', $html, "Replace external background image"); + $this->assertNotRegExp('/ex3.jpg/', $html, "No references to external images"); + $this->assertNotRegExp('/<meta [^>]+>/', $html, "No meta tags allowed"); + //$this->assertNoPattern('/<style [^>]+>/', $html, "No style tags allowed"); + $this->assertNotRegExp('/<form [^>]+>/', $html, "No form tags allowed"); + $this->assertRegExp('/Subscription form/', $html, "Include <form> contents"); + $this->assertRegExp('/<!-- link ignored -->/', $html, "No external links allowed"); + $this->assertRegExp('/<a[^>]+ target="_blank">/', $html, "Set target to _blank"); + $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected"); + + // render HTML in safe mode + $html2 = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'foo'); + + $this->assertRegExp('/<style [^>]+>/', $html2, "Allow styles in safe mode"); + $this->assertRegExp('#src="http://evilsite.net/mailings/ex3.jpg"#', $html2, "Allow external images in HTML (safe mode)"); + $this->assertRegExp("#url\('?http://evilsite.net/newsletter/image/bg/bg-64.jpg'?\)#", $html2, "Allow external images in CSS (safe mode)"); + $css = '<link rel="stylesheet" .+_u=tmp-[a-z0-9]+\.css.+_action=modcss'; + $this->assertRegExp('#'.$css.'#Ui', $html2, "Filter (anonymized) external styleseehts with utils/modcss.inc"); + } + + /** + * Test the elimination of some trivial XSS vulnerabilities + */ + function test_html_xss() + { + $part = $this->get_html_part('src/htmlxss.txt'); + $washed = rcmail_print_body($part, array('safe' => true)); + + $this->assertNotRegExp('/src="skins/', $washed, "Remove local references"); + $this->assertNotRegExp('/\son[a-z]+/', $washed, "Remove on* attributes"); + + $html = rcmail_html4inline($washed, 'foo'); + $this->assertNotRegExp('/onclick="return rcmail.command(\'compose\',\'xss@somehost.net\',this)"/', $html, "Clean mailto links"); + $this->assertNotRegExp('/alert/', $html, "Remove alerts"); + } + + /** + * Test HTML sanitization to fix the CSS Expression Input Validation Vulnerability + * reported at http://www.securityfocus.com/bid/26800/ + */ + function test_html_xss2() + { + $part = $this->get_html_part('src/BID-26800.txt'); + $washed = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'dabody', '', $attr, true); + + $this->assertNotRegExp('/alert|expression|javascript|xss/', $washed, "Remove evil style blocks"); + $this->assertNotRegExp('/font-style:italic/', $washed, "Allow valid styles"); + } + + /** + * Test washtml class on non-unicode characters (#1487813) + */ + function test_washtml_utf8() + { + $part = $this->get_html_part('src/invalidchars.html'); + $washed = rcmail_print_body($part); + + $this->assertRegExp('/<p>символ<\/p>/', $washed, "Remove non-unicode characters from HTML message body"); + } + + /** + * Test links pattern replacements in plaintext messages + */ + function test_plaintext() + { + $part = new rcube_message_part; + $part->ctype_primary = 'text'; + $part->ctype_secondary = 'plain'; + $part->body = quoted_printable_decode(file_get_contents(TESTS_DIR . 'src/plainbody.txt')); + $html = rcmail_print_body($part, array('safe' => true)); + + $this->assertRegExp('/<a href="mailto:nobody@roundcube.net" onclick="return rcmail.command\(\'compose\',\'nobody@roundcube.net\',this\)">nobody@roundcube.net<\/a>/', $html, "Mailto links with onclick"); + $this->assertRegExp('#<a href="http://www.apple.com/legal/privacy" target="_blank">http://www.apple.com/legal/privacy</a>#', $html, "Links with target=_blank"); + $this->assertRegExp('#\\[<a href="http://example.com/\\?tx\\[a\\]=5" target="_blank">http://example.com/\\?tx\\[a\\]=5</a>\\]#', $html, "Links with square brackets"); + } + + /** + * Test mailto links in html messages + */ + function test_mailto() + { + $part = $this->get_html_part('src/mailto.txt'); + + // render HTML in normal mode + $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo'); + + $mailto = '<a href="mailto:me@me.com?subject=this is the subject&body=this is the body"' + .' onclick="return rcmail.command(\'compose\',\'me@me.com?subject=this is the subject&body=this is the body\',this)">e-mail</a>'; + + $this->assertRegExp('|'.preg_quote($mailto, '|').'|', $html, "Extended mailto links"); + } + + /** + * Test the elimination of HTML comments + */ + function test_html_comments() + { + $part = $this->get_html_part('src/htmlcom.txt'); + $washed = rcmail_print_body($part, array('safe' => true)); + + // #1487759 + $this->assertRegExp('|<p>test1</p>|', $washed, "Buggy HTML comments"); + // but conditional comments (<!--[if ...) should be removed + $this->assertNotRegExp('|<p>test2</p>|', $washed, "Conditional HTML comments"); + } + + /** + * Test URI base resolving in HTML messages + */ + function test_resolve_base() + { + $html = file_get_contents(TESTS_DIR . 'src/htmlbase.txt'); + $html = rcmail_resolve_base($html); + + $this->assertRegExp('|src="http://alec\.pl/dir/img1\.gif"|', $html, "URI base resolving [1]"); + $this->assertRegExp('|src="http://alec\.pl/dir/img2\.gif"|', $html, "URI base resolving [2]"); + $this->assertRegExp('|src="http://alec\.pl/img3\.gif"|', $html, "URI base resolving [3]"); + + // base resolving exceptions + $this->assertRegExp('|src="cid:theCID"|', $html, "URI base resolving exception [1]"); + $this->assertRegExp('|src="http://other\.domain\.tld/img3\.gif"|', $html, "URI base resolving exception [2]"); + } +} diff --git a/tests/runtests.sh b/tests/bootstrap.php index 9cfeb0a25..a9e25610c 100755..100644 --- a/tests/runtests.sh +++ b/tests/bootstrap.php @@ -1,54 +1,35 @@ -#!/usr/bin/env php <?php /* +-----------------------------------------------------------------------+ - | tests/runtests.sh | + | tests/bootstrap.php | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2009, The Roundcube Dev Team | + | Copyright (C) 2009-2012, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | | See the README file for a full license statement. | | | | PURPOSE: | - | Run-script for unit tests based on http://simpletest.org | - | All .php files in this folder will be treated as tests | + | Environment initialization script for unit tests | +-----------------------------------------------------------------------+ | Author: Thomas Bruederli <roundcube@gmail.com> | + | Author: Aleksander Machniak <alec@alec.pl> | +-----------------------------------------------------------------------+ */ if (php_sapi_name() != 'cli') die("Not in shell mode (php-cli)"); -if (!defined('SIMPLETEST')) define('SIMPLETEST', '/www/simpletest/'); if (!defined('INSTALL_PATH')) define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/' ); define('TESTS_DIR', dirname(__FILE__) . '/'); -define('RCMAIL_CONFIG_DIR', TESTS_DIR . 'config'); -require_once(SIMPLETEST . 'unit_tester.php'); -require_once(SIMPLETEST . 'reporter.php'); -require_once(INSTALL_PATH . 'program/include/iniset.php'); - -if (count($_SERVER['argv']) > 1) { - $testfiles = array(); - for ($i=1; $i < count($_SERVER['argv']); $i++) - $testfiles[] = realpath('./' . $_SERVER['argv'][$i]); +if (@is_dir(TESTS_DIR . 'config')) { + define('RCMAIL_CONFIG_DIR', TESTS_DIR . 'config'); } -else { - $testfiles = glob(TESTS_DIR . '*.php'); -} - -$test = new TestSuite('Roundcube unit tests'); -$reporter = new TextReporter(); -foreach ($testfiles as $fn) { - $test->addTestFile($fn); -} - -$test->run($reporter); +require_once(INSTALL_PATH . 'program/include/iniset.php'); -?> +rcmail::get_instance()->config->set('devel_mode', false); diff --git a/tests/maildecode.php b/tests/maildecode.php deleted file mode 100644 index 4ac499360..000000000 --- a/tests/maildecode.php +++ /dev/null @@ -1,130 +0,0 @@ -<?php - -/** - * Test class to test messages decoding functions - * - * @package Tests - */ -class rcube_test_maildecode extends UnitTestCase -{ - private $app; - - function __construct() - { - $this->UnitTestCase('Mail headers decoding tests'); - } - - /** - * Test decoding of single e-mail address strings - * Uses rcube_mime::decode_address_list() - */ - function test_decode_single_address() - { - $headers = array( - 0 => 'test@domain.tld', - 1 => '<test@domain.tld>', - 2 => 'Test <test@domain.tld>', - 3 => 'Test Test <test@domain.tld>', - 4 => 'Test Test<test@domain.tld>', - 5 => '"Test Test" <test@domain.tld>', - 6 => '"Test Test"<test@domain.tld>', - 7 => '"Test \\" Test" <test@domain.tld>', - 8 => '"Test<Test" <test@domain.tld>', - 9 => '=?ISO-8859-1?B?VGVzdAo=?= <test@domain.tld>', - 10 => '=?ISO-8859-1?B?VGVzdAo=?=<test@domain.tld>', // #1487068 - // comments in address (#1487673) - 11 => 'Test (comment) <test@domain.tld>', - 12 => '"Test" (comment) <test@domain.tld>', - 13 => '"Test (comment)" (comment) <test@domain.tld>', - 14 => '(comment) <test@domain.tld>', - 15 => 'Test <test@(comment)domain.tld>', - 16 => 'Test Test ((comment)) <test@domain.tld>', - 17 => 'test@domain.tld (comment)', - 18 => '"Test,Test" <test@domain.tld>', - // 1487939 - 19 => 'Test <"test test"@domain.tld>', - 20 => '<"test test"@domain.tld>', - 21 => '"test test"@domain.tld', - ); - - $results = array( - 0 => array(1, '', 'test@domain.tld'), - 1 => array(1, '', 'test@domain.tld'), - 2 => array(1, 'Test', 'test@domain.tld'), - 3 => array(1, 'Test Test', 'test@domain.tld'), - 4 => array(1, 'Test Test', 'test@domain.tld'), - 5 => array(1, 'Test Test', 'test@domain.tld'), - 6 => array(1, 'Test Test', 'test@domain.tld'), - 7 => array(1, 'Test " Test', 'test@domain.tld'), - 8 => array(1, 'Test<Test', 'test@domain.tld'), - 9 => array(1, 'Test', 'test@domain.tld'), - 10 => array(1, 'Test', 'test@domain.tld'), - 11 => array(1, 'Test', 'test@domain.tld'), - 12 => array(1, 'Test', 'test@domain.tld'), - 13 => array(1, 'Test (comment)', 'test@domain.tld'), - 14 => array(1, '', 'test@domain.tld'), - 15 => array(1, 'Test', 'test@domain.tld'), - 16 => array(1, 'Test Test', 'test@domain.tld'), - 17 => array(1, '', 'test@domain.tld'), - 18 => array(1, 'Test,Test', 'test@domain.tld'), - 19 => array(1, 'Test', '"test test"@domain.tld'), - 20 => array(1, '', '"test test"@domain.tld'), - 21 => array(1, '', '"test test"@domain.tld'), - ); - - foreach ($headers as $idx => $header) { - $res = rcube_mime::decode_address_list($header); - - $this->assertEqual($results[$idx][0], count($res), "Rows number in result for header: " . $header); - $this->assertEqual($results[$idx][1], $res[1]['name'], "Name part decoding for header: " . $header); - $this->assertEqual($results[$idx][2], $res[1]['mailto'], "Email part decoding for header: " . $header); - } - } - - /** - * Test decoding of header values - * Uses rcube_mime::decode_mime_string() - */ - function test_header_decode_qp() - { - $test = array( - // #1488232: invalid character "?" - 'quoted-printable (1)' => array( - 'in' => '=?utf-8?Q?Certifica=C3=A7=C3=A3??=', - 'out' => 'Certifica=C3=A7=C3=A3?', - ), - 'quoted-printable (2)' => array( - 'in' => '=?utf-8?Q?Certifica=?= =?utf-8?Q?C3=A7=C3=A3?=', - 'out' => 'Certifica=C3=A7=C3=A3', - ), - 'quoted-printable (3)' => array( - 'in' => '=?utf-8?Q??= =?utf-8?Q??=', - 'out' => '', - ), - 'quoted-printable (4)' => array( - 'in' => '=?utf-8?Q??= a =?utf-8?Q??=', - 'out' => ' a ', - ), - 'quoted-printable (5)' => array( - 'in' => '=?utf-8?Q?a?= =?utf-8?Q?b?=', - 'out' => 'ab', - ), - 'quoted-printable (6)' => array( - 'in' => '=?utf-8?Q? ?= =?utf-8?Q?a?=', - 'out' => ' a', - ), - 'quoted-printable (7)' => array( - 'in' => '=?utf-8?Q?___?= =?utf-8?Q?a?=', - 'out' => ' a', - ), - ); - - foreach ($test as $idx => $item) { - $res = rcube_mime::decode_mime_string($item['in'], 'UTF-8'); - $res = quoted_printable_encode($res); - - $this->assertEqual($item['out'], $res, "Header decoding for: " . $idx); - } - - } -} diff --git a/tests/mailfunc.php b/tests/mailfunc.php deleted file mode 100644 index 493ce946e..000000000 --- a/tests/mailfunc.php +++ /dev/null @@ -1,173 +0,0 @@ -<?php - -/** - * Test class to test steps/mail/func.inc functions - * - * @package Tests - */ -class rcube_test_mailfunc extends UnitTestCase -{ - - function __construct() - { - $this->UnitTestCase('Mail body rendering tests'); - - // simulate environment to successfully include func.inc - $GLOBALS['RCMAIL'] = $RCMAIL = rcmail::get_instance(); - $GLOBALS['OUTPUT'] = $OUTPUT = $RCMAIL->load_gui(); - $RCMAIL->action = 'autocomplete'; - $RCMAIL->storage_init(false); - - require_once INSTALL_PATH . 'program/steps/mail/func.inc'; - - $GLOBALS['EMAIL_ADDRESS_PATTERN'] = $EMAIL_ADDRESS_PATTERN; - } - - /** - * Helper method to create a HTML message part object - */ - function get_html_part($body) - { - $part = new rcube_message_part; - $part->ctype_primary = 'text'; - $part->ctype_secondary = 'html'; - $part->body = file_get_contents(TESTS_DIR . $body); - $part->replaces = array(); - return $part; - } - - /** - * Test sanitization of a "normal" html message - */ - function test_html() - { - $part = $this->get_html_part('src/htmlbody.txt'); - $part->replaces = array('ex1.jpg' => 'part_1.2.jpg', 'ex2.jpg' => 'part_1.2.jpg'); - - // render HTML in normal mode - $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo'); - - $this->assertPattern('/src="'.$part->replaces['ex1.jpg'].'"/', $html, "Replace reference to inline image"); - $this->assertPattern('#background="./program/resources/blocked.gif"#', $html, "Replace external background image"); - $this->assertNoPattern('/ex3.jpg/', $html, "No references to external images"); - $this->assertNoPattern('/<meta [^>]+>/', $html, "No meta tags allowed"); - //$this->assertNoPattern('/<style [^>]+>/', $html, "No style tags allowed"); - $this->assertNoPattern('/<form [^>]+>/', $html, "No form tags allowed"); - $this->assertPattern('/Subscription form/', $html, "Include <form> contents"); - $this->assertPattern('/<!-- link ignored -->/', $html, "No external links allowed"); - $this->assertPattern('/<a[^>]+ target="_blank">/', $html, "Set target to _blank"); - $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected"); - - // render HTML in safe mode - $html2 = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'foo'); - - $this->assertPattern('/<style [^>]+>/', $html2, "Allow styles in safe mode"); - $this->assertPattern('#src="http://evilsite.net/mailings/ex3.jpg"#', $html2, "Allow external images in HTML (safe mode)"); - $this->assertPattern("#url\('?http://evilsite.net/newsletter/image/bg/bg-64.jpg'?\)#", $html2, "Allow external images in CSS (safe mode)"); - $css = '<link rel="stylesheet" .+_u=tmp-[a-z0-9]+\.css.+_action=modcss'; - $this->assertPattern('#'.$css.'#Ui', $html2, "Filter (anonymized) external styleseehts with utils/modcss.inc"); - } - - /** - * Test the elimination of some trivial XSS vulnerabilities - */ - function test_html_xss() - { - $part = $this->get_html_part('src/htmlxss.txt'); - $washed = rcmail_print_body($part, array('safe' => true)); - - $this->assertNoPattern('/src="skins/', $washed, "Remove local references"); - $this->assertNoPattern('/\son[a-z]+/', $washed, "Remove on* attributes"); - - $html = rcmail_html4inline($washed, 'foo'); - $this->assertNoPattern('/onclick="return rcmail.command(\'compose\',\'xss@somehost.net\',this)"/', $html, "Clean mailto links"); - $this->assertNoPattern('/alert/', $html, "Remove alerts"); - } - - /** - * Test HTML sanitization to fix the CSS Expression Input Validation Vulnerability - * reported at http://www.securityfocus.com/bid/26800/ - */ - function test_html_xss2() - { - $part = $this->get_html_part('src/BID-26800.txt'); - $washed = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'dabody', '', $attr, true); - - $this->assertNoPattern('/alert|expression|javascript|xss/', $washed, "Remove evil style blocks"); - $this->assertNoPattern('/font-style:italic/', $washed, "Allow valid styles"); - } - - /** - * Test washtml class on non-unicode characters (#1487813) - */ - function test_washtml_utf8() - { - $part = $this->get_html_part('src/invalidchars.html'); - $washed = rcmail_print_body($part); - - $this->assertPattern('/<p>символ<\/p>/', $washed, "Remove non-unicode characters from HTML message body"); - } - - /** - * Test links pattern replacements in plaintext messages - */ - function test_plaintext() - { - $part = new rcube_message_part; - $part->ctype_primary = 'text'; - $part->ctype_secondary = 'plain'; - $part->body = quoted_printable_decode(file_get_contents(TESTS_DIR . 'src/plainbody.txt')); - $html = rcmail_print_body($part, array('safe' => true)); - - $this->assertPattern('/<a href="mailto:nobody@roundcube.net" onclick="return rcmail.command\(\'compose\',\'nobody@roundcube.net\',this\)">nobody@roundcube.net<\/a>/', $html, "Mailto links with onclick"); - $this->assertPattern('#<a href="http://www.apple.com/legal/privacy" target="_blank">http://www.apple.com/legal/privacy</a>#', $html, "Links with target=_blank"); - $this->assertPattern('#\\[<a href="http://example.com/\\?tx\\[a\\]=5" target="_blank">http://example.com/\\?tx\\[a\\]=5</a>\\]#', $html, "Links with square brackets"); - } - - /** - * Test mailto links in html messages - */ - function test_mailto() - { - $part = $this->get_html_part('src/mailto.txt'); - - // render HTML in normal mode - $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo'); - - $mailto = '<a href="mailto:me@me.com?subject=this is the subject&body=this is the body"' - .' onclick="return rcmail.command(\'compose\',\'me@me.com?subject=this is the subject&body=this is the body\',this)">e-mail</a>'; - - $this->assertPattern('|'.preg_quote($mailto, '|').'|', $html, "Extended mailto links"); - } - - /** - * Test the elimination of HTML comments - */ - function test_html_comments() - { - $part = $this->get_html_part('src/htmlcom.txt'); - $washed = rcmail_print_body($part, array('safe' => true)); - - // #1487759 - $this->assertPattern('|<p>test1</p>|', $washed, "Buggy HTML comments"); - // but conditional comments (<!--[if ...) should be removed - $this->assertNoPattern('|<p>test2</p>|', $washed, "Conditional HTML comments"); - } - - /** - * Test URI base resolving in HTML messages - */ - function test_resolve_base() - { - $html = file_get_contents(TESTS_DIR . 'src/htmlbase.txt'); - $html = rcmail_resolve_base($html); - - $this->assertPattern('|src="http://alec\.pl/dir/img1\.gif"|', $html, "URI base resolving [1]"); - $this->assertPattern('|src="http://alec\.pl/dir/img2\.gif"|', $html, "URI base resolving [2]"); - $this->assertPattern('|src="http://alec\.pl/img3\.gif"|', $html, "URI base resolving [3]"); - - // base resolving exceptions - $this->assertPattern('|src="cid:theCID"|', $html, "URI base resolving exception [1]"); - $this->assertPattern('|src="http://other\.domain\.tld/img3\.gif"|', $html, "URI base resolving exception [2]"); - } -} diff --git a/tests/modcss.php b/tests/modcss.php deleted file mode 100644 index 945cac318..000000000 --- a/tests/modcss.php +++ /dev/null @@ -1,45 +0,0 @@ -<?php - -/** - * Test class to test rcmail_mod_css_styles and XSS vulnerabilites - * - * @package Tests - */ -class rcube_test_modcss extends UnitTestCase -{ - - function __construct() - { - $this->UnitTestCase('CSS modification and vulnerability tests'); - } - - function test_modcss() - { - $css = file_get_contents(TESTS_DIR . 'src/valid.css'); - $mod = rcmail_mod_css_styles($css, 'rcmbody'); - - $this->assertPattern('/#rcmbody\s+\{/', $mod, "Replace body style definition"); - $this->assertPattern('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)"); - $this->assertPattern('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)"); - $this->assertPattern('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles"); - } - - function test_xss() - { - $mod = rcmail_mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "No url() values allowed"); - - $mod = rcmail_mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "No import statements"); - - $mod = rcmail_mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "No expression properties"); - - $mod = rcmail_mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "Don't allow encoding quirks"); - - $mod = rcmail_mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "Don't allow encoding quirks (2)"); - } - -} diff --git a/tests/phpunit.xml b/tests/phpunit.xml new file mode 100644 index 000000000..8b3883223 --- /dev/null +++ b/tests/phpunit.xml @@ -0,0 +1,37 @@ +<phpunit backupGlobals="false" + bootstrap="bootstrap.php" + colors="true"> + <testsuites> + <testsuite name="All Tests"> + <file>Framework/BaseReplacer.php</file> + <file>Framework/Browser.php</file> + <file>Framework/Cache.php</file> + <file>Framework/Charset.php</file> + <file>Framework/ContentFilter.php</file> + <file>Framework/Html.php</file> + <file>Framework/Imap.php</file> + <file>Framework/ImapGeneric.php</file> + <file>Framework/Image.php</file> + <file>Framework/MessageHeader.php</file> + <file>Framework/MessagePart.php</file> + <file>Framework/Mime.php</file> + <file>Framework/Rcube.php</file> + <file>Framework/ResultIndex.php</file> + <file>Framework/ResultSet.php</file> + <file>Framework/ResultThread.php</file> + <file>Framework/Shared.php</file> + <file>Framework/Smtp.php</file> + <file>Framework/Spellchecker.php</file> + <file>Framework/StringReplacer.php</file> + <file>Framework/User.php</file> + <file>Framework/Utils.php</file> + <file>Framework/VCard.php</file> + <file>HtmlToText.php</file> + <file>MailFunc.php</file> + </testsuite> + <testsuite name="managesieve"> + <file>./../plugins/managesieve/tests/Parser.php</file> + <file>./../plugins/managesieve/tests/Tokenizer.php</file> + </testsuite> + </testsuites> +</phpunit> diff --git a/tests/vcards.php b/tests/vcards.php deleted file mode 100644 index 22f7cdd33..000000000 --- a/tests/vcards.php +++ /dev/null @@ -1,65 +0,0 @@ -<?php - -/** - * Unit tests for class rcube_vcard - * - * @package Tests - */ -class rcube_test_vcards extends UnitTestCase -{ - - function __construct() - { - $this->UnitTestCase('Vcard encoding/decoding tests'); - } - - function _srcpath($fn) - { - return realpath(dirname(__FILE__) . '/src/' . $fn); - } - - function test_parse_one() - { - $vcard = new rcube_vcard(file_get_contents($this->_srcpath('apple.vcf'))); - - $this->assertEqual(true, $vcard->business, "Identify as business record"); - $this->assertEqual("Apple Computer AG", $vcard->displayname, "FN => displayname"); - $this->assertEqual("", $vcard->firstname, "No person name set"); - } - - function test_parse_two() - { - $vcard = new rcube_vcard(file_get_contents($this->_srcpath('johndoe.vcf')), null); - - $this->assertEqual(false, $vcard->business, "Identify as private record"); - $this->assertEqual("John Doë", $vcard->displayname, "Decode according to charset attribute"); - $this->assertEqual("roundcube.net", $vcard->organization, "Test organization field"); - $this->assertEqual(2, count($vcard->email), "List two e-mail addresses"); - $this->assertEqual("roundcube@gmail.com", $vcard->email[0], "Use PREF e-mail as primary"); - } - - function test_import() - { - $input = file_get_contents($this->_srcpath('apple.vcf')); - $input .= file_get_contents($this->_srcpath('johndoe.vcf')); - - $vcards = rcube_vcard::import($input); - - $this->assertEqual(2, count($vcards), "Detected 2 vcards"); - $this->assertEqual("Apple Computer AG", $vcards[0]->displayname, "FN => displayname"); - $this->assertEqual("John Doë", $vcards[1]->displayname, "Displayname with correct charset"); - - // http://trac.roundcube.net/ticket/1485542 - $vcards2 = rcube_vcard::import(file_get_contents($this->_srcpath('thebat.vcf'))); - $this->assertEqual("Iksiñski", $vcards2[0]->surname, "Detect charset in encoded values"); - } - - function test_encodings() - { - $input = file_get_contents($this->_srcpath('utf-16_sample.vcf')); - - $vcards = rcube_vcard::import($input); - $this->assertEqual("Ǽgean ĽdaMonté", $vcards[0]->displayname, "Decoded from UTF-16"); - } - -} |