1<?php
2/**
3 * Unit tests for HTML_QuickForm2 package
4 *
5 * PHP version 5
6 *
7 * LICENSE
8 *
9 * This source file is subject to BSD 3-Clause License that is bundled
10 * with this package in the file LICENSE and available at the URL
11 * https://raw.githubusercontent.com/pear/HTML_QuickForm2/trunk/docs/LICENSE
12 *
13 * @category  HTML
14 * @package   HTML_QuickForm2
15 * @author    Alexey Borzov <avb@php.net>
16 * @author    Bertrand Mansion <golgote@mamasam.com>
17 * @copyright 2006-2021 Alexey Borzov <avb@php.net>, Bertrand Mansion <golgote@mamasam.com>
18 * @license   https://opensource.org/licenses/BSD-3-Clause BSD 3-Clause License
19 * @link      https://pear.php.net/package/HTML_QuickForm2
20 */
21
22/** Sets up includes */
23require_once dirname(dirname(__DIR__)) . '/TestHelper.php';
24
25/**
26 * Unit test for superglobal-based data source
27 */
28class HTML_QuickForm2_DataSource_SuperGlobalTest extends PHPUnit_Framework_TestCase
29{
30    public function setUp()
31    {
32        $_GET = [
33            'foo' => 'some value',
34            'bar' => 'o\\\'really',
35            'baz' => [
36                'key' => 'some other value',
37                'unescape' => 'me\\\\please'
38            ]
39        ];
40
41        $_POST = [
42            'foo' => 'post value',
43            'bar' => 'yes\\\'really',
44            'baz' => [
45                'key' => 'yet another value',
46                'unescape' => 'or\\\\else'
47            ]
48        ];
49
50        $_FILES = [
51            'foo' => [
52                'name'      => 'file.doc',
53                'tmp_name'  => '/tmp/nothing',
54                'type'      => 'text/plain',
55                'size'      => 1234,
56                'error'     => UPLOAD_ERR_OK
57            ],
58            'bar' => [
59                'name'      => ['key' => 'a\\\'thing\\\'.foobar'],
60                'tmp_name'  => ['key' => 'C:\\windows\\temp\\whatever'],
61                'type'      => ['key' => 'application/foobar'],
62                'size'      => ['key' => 4321],
63                'error'     => ['key' => UPLOAD_ERR_OK]
64            ],
65            'baz' => [
66                'name'      => [
67                                'two' => ['three' => 'grimoire.txt'],
68                                'escape' => ['o\'really' => '123.jpeg']
69                ],
70                'tmp_name'  => [
71                                'two' => ['three' => '/mount/tmp/asdzxc'],
72                                'escape' => ['o\'really' => 'C:\\upload\\somefile']
73                ],
74                'type'      => [
75                                'two' => ['three' => 'text/unreadable'],
76                                'escape' => ['o\'really' => 'image/pr0n']
77                ],
78                'size'      => [
79                                'two' => ['three' => 65536],
80                                'escape' => ['o\'really' => 5678]
81                ],
82                'error'     => [
83                                'two' => ['three' => UPLOAD_ERR_OK],
84                                'escape' => ['o\'really' => UPLOAD_ERR_OK]
85                ]
86            ]
87        ];
88    }
89
90    public function testRequestMethodGet()
91    {
92        $ds1 = new HTML_QuickForm2_DataSource_SuperGlobal('GET', false);
93        $this->assertEquals('some value', $ds1->getValue('foo'));
94        $this->assertEquals('o\\\'really', $ds1->getValue('bar'));
95        $this->assertEquals('me\\\\please', $ds1->getValue('baz[unescape]'));
96    }
97
98    public function testRequestMethodPost()
99    {
100        $ds1 = new HTML_QuickForm2_DataSource_SuperGlobal('POST', false);
101        $this->assertEquals('post value', $ds1->getValue('foo'));
102        $this->assertEquals('yes\\\'really', $ds1->getValue('bar'));
103        $this->assertEquals('or\\\\else', $ds1->getValue('baz[unescape]'));
104    }
105
106    public function testGetUploadReturnsNullForAbsentValue()
107    {
108        $ds = new HTML_QuickForm2_DataSource_SuperGlobal('POST');
109        $this->assertNull($ds->getUpload('missing'));
110        $this->assertNull($ds->getUpload('bar[missing]'));
111        $this->assertNull($ds->getUpload('baz[escape][missing]'));
112    }
113
114    public function testGetUpload()
115    {
116        $ds1 = new HTML_QuickForm2_DataSource_SuperGlobal('POST', false);
117        $this->assertEquals([
118            'name'      => 'file.doc',
119            'tmp_name'  => '/tmp/nothing',
120            'type'      => 'text/plain',
121            'size'      => 1234,
122            'error'     => UPLOAD_ERR_OK
123        ], $ds1->getUpload('foo'));
124        $this->assertEquals([
125            'name'      => 'a\\\'thing\\\'.foobar',
126            'tmp_name'  => 'C:\\windows\\temp\\whatever',
127            'type'      => 'application/foobar',
128            'size'      => 4321,
129            'error'     => UPLOAD_ERR_OK
130        ], $ds1->getUpload('bar[key]'));
131        $this->assertEquals([
132            'name'      => 'grimoire.txt',
133            'tmp_name'  => '/mount/tmp/asdzxc',
134            'type'      => 'text/unreadable',
135            'size'      => 65536,
136            'error'     => UPLOAD_ERR_OK
137        ], $ds1->getUpload('baz[two][three]'));
138    }
139
140   /**
141    * See PEAR bugs #8414 and #8123
142    */
143    public function testQuotesAndBackslashesEscaped()
144    {
145        $ds = new HTML_QuickForm2_DataSource_SuperGlobal('POST');
146        $this->assertEquals([
147            'name'      => '123.jpeg',
148            'tmp_name'  => 'C:\\upload\\somefile',
149            'type'      => 'image/pr0n',
150            'size'      => 5678,
151            'error'     => UPLOAD_ERR_OK
152        ], $ds->getUpload('baz[escape][o\'really]'));
153    }
154}
155?>
156