', 'Encoded html within email is invalid'), array('email.domain.com', 'Missing @'), array('email@domain@domain.com', 'Two @ sign'), array('.email@domain.com', 'Leading dot in address is not allowed'), array('email.@domain.com', 'Trailing dot in address is not allowed'), array('email..email@domain.com', 'Multiple dots'), array('あいうえお@domain.com', 'Unicode char as address'), array('email@domain.com (Joe Smith)', 'Text followed email is not allowed'), array('email@domain', 'Missing top level domain (.com/.net/.org/etc)'), array('email@-domain.com', 'Leading dash in front of domain is invalid'), // array('email@domain.web', '.web is not a valid top level domain'), array('email@123.123.123.123', 'IP address without brackets'), array('email@2001:2d12:c4fe:5afe::1', 'IPv6 address without brackets'), array('email@IPv6:2001:2d12:c4fe:5afe::1', 'IPv6 address without brackets (2)'), array('email@[111.222.333.44444]', 'Invalid IP format'), array('email@[111.222.255.257]', 'Invalid IP format (2)'), array('email@[.222.255.257]', 'Invalid IP format (3)'), array('email@[::1]', 'Invalid IPv6 format (1)'), array('email@[IPv6:2001:23x2:1]', 'Invalid IPv6 format (2)'), array('email@[IPv6:1111:2222:33333::4444:5555]', 'Invalid IPv6 format (3)'), array('email@[IPv6:1111::3333::4444:5555]', 'Invalid IPv6 format (4)'), array('email@domain..com', 'Multiple dot in the domain portion is invalid'), ); } /** * @dataProvider data_valid_email */ function test_valid_email($email, $title) { $this->assertTrue(rcube_utils::check_email($email, false), $title); } /** * @dataProvider data_invalid_email */ function test_invalid_email($email, $title) { $this->assertFalse(rcube_utils::check_email($email, false), $title); } /** * Valid IP addresses for test_valid_ip() */ function data_valid_ip() { return array( array('0.0.0.0'), array('123.123.123.123'), array('::'), array('::1'), array('::1.2.3.4'), array('2001:2d12:c4fe:5afe::1'), ); } /** * Valid IP addresses for test_invalid_ip() */ function data_invalid_ip() { return array( array(''), array(0), array('123.123.123.1234'), array('1.1.1.1.1'), array('::1.2.3.260'), array('::1.0'), array('2001::c4fe:5afe::1'), ); } /** * @dataProvider data_valid_ip */ function test_valid_ip($ip) { $this->assertTrue(rcube_utils::check_ip($ip)); } /** * @dataProvider data_invalid_ip */ function test_invalid_ip($ip) { $this->assertFalse(rcube_utils::check_ip($ip)); } /** * Data for test_rep_specialchars_output() */ function data_rep_specialchars_output() { return array( array('', '', 'abc', 'abc'), array('', '', '?', '?'), array('', '', '"', '"'), array('', '', '<', '<'), array('', '', '>', '>'), array('', '', '&', '&'), array('', '', '&', '&amp;'), array('', '', '', '<a>'), array('', 'remove', '', ''), ); } /** * Test for rep_specialchars_output * @dataProvider data_rep_specialchars_output */ function test_rep_specialchars_output($type, $mode, $str, $res) { $result = rcube_utils::rep_specialchars_output( $str, $type ? $type : 'html', $mode ? $mode : 'strict'); $this->assertEquals($result, $res); } /** * rcube_utils::mod_css_styles() */ function test_mod_css_styles() { $css = file_get_contents(TESTS_DIR . 'src/valid.css'); $mod = rcube_utils::mod_css_styles($css, 'rcmbody'); $this->assertRegExp('/#rcmbody\s+\{/', $mod, "Replace body style definition"); $this->assertRegExp('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)"); $this->assertRegExp('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)"); $this->assertRegExp('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles"); } /** * rcube_utils::mod_css_styles() */ function test_mod_css_styles_xss() { $mod = rcube_utils::mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody'); $this->assertEquals("/* evil! */", $mod, "No url() values allowed"); $mod = rcube_utils::mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody'); $this->assertEquals("/* evil! */", $mod, "No import statements"); $mod = rcube_utils::mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody'); $this->assertEquals("/* evil! */", $mod, "No expression properties"); $mod = rcube_utils::mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody'); $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks"); $mod = rcube_utils::mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)"); } }