aboutsummaryrefslogtreecommitdiff
path: root/engine/tests/regression/trac_bugs.php
diff options
context:
space:
mode:
Diffstat (limited to 'engine/tests/regression/trac_bugs.php')
-rw-r--r--engine/tests/regression/trac_bugs.php405
1 files changed, 405 insertions, 0 deletions
diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php
new file mode 100644
index 000000000..689275661
--- /dev/null
+++ b/engine/tests/regression/trac_bugs.php
@@ -0,0 +1,405 @@
+<?php
+/**
+ * Elgg Regression Tests -- GitHub Bugfixes
+ * Any bugfixes from GitHub that require testing belong here.
+ *
+ * @package Elgg
+ * @subpackage Test
+ */
+class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
+
+ /**
+ * Called before each test object.
+ */
+ public function __construct() {
+ $this->ia = elgg_set_ignore_access(TRUE);
+ parent::__construct();
+
+ // all __construct() code should come after here
+ }
+
+ /**
+ * Called before each test method.
+ */
+ public function setUp() {
+
+ }
+
+ /**
+ * Called after each test method.
+ */
+ public function tearDown() {
+ // do not allow SimpleTest to interpret Elgg notices as exceptions
+ $this->swallowErrors();
+ }
+
+ /**
+ * Called after each test object.
+ */
+ public function __destruct() {
+ elgg_set_ignore_access($this->ia);
+ // all __destruct() code should go above here
+ parent::__destruct();
+ }
+
+ /**
+ * #1558
+ */
+ public function testElggObjectDeleteAnnotations() {
+ $this->entity = new ElggObject();
+ $guid = $this->entity->save();
+
+ $this->entity->annotate('test', 'hello', ACCESS_PUBLIC);
+
+ $this->entity->deleteAnnotations('does not exist');
+
+ $num = $this->entity->countAnnotations('test');
+
+ //$this->assertIdentical($num, 1);
+ $this->assertEqual($num, 1);
+
+ // clean up
+ $this->entity->delete();
+ }
+
+ /**
+ * #2063 - get_resized_image_from_existing_file() fails asked for image larger than selection and not scaling an image up
+ * Test get_image_resize_parameters().
+ */
+ public function testElggResizeImage() {
+ $orig_width = 100;
+ $orig_height = 150;
+
+ // test against selection > max
+ $options = array(
+ 'maxwidth' => 50,
+ 'maxheight' => 50,
+ 'square' => TRUE,
+ 'upscale' => FALSE,
+
+ 'x1' => 25,
+ 'y1' => 75,
+ 'x2' => 100,
+ 'y2' => 150
+ );
+
+ // should get back the same x/y offset == x1, y1 and an image of 50x50
+ $params = get_image_resize_parameters($orig_width, $orig_height, $options);
+
+ $this->assertEqual($params['newwidth'], $options['maxwidth']);
+ $this->assertEqual($params['newheight'], $options['maxheight']);
+ $this->assertEqual($params['xoffset'], $options['x1']);
+ $this->assertEqual($params['yoffset'], $options['y1']);
+
+ // test against selection < max
+ $options = array(
+ 'maxwidth' => 50,
+ 'maxheight' => 50,
+ 'square' => TRUE,
+ 'upscale' => FALSE,
+
+ 'x1' => 75,
+ 'y1' => 125,
+ 'x2' => 100,
+ 'y2' => 150
+ );
+
+ // should get back the same x/y offset == x1, y1 and an image of 25x25 because no upscale
+ $params = get_image_resize_parameters($orig_width, $orig_height, $options);
+
+ $this->assertEqual($params['newwidth'], 25);
+ $this->assertEqual($params['newheight'], 25);
+ $this->assertEqual($params['xoffset'], $options['x1']);
+ $this->assertEqual($params['yoffset'], $options['y1']);
+ }
+
+ // #3722 Check canEdit() works for contains regardless of groups
+ function test_can_write_to_container() {
+ $user = new ElggUser();
+ $user->username = 'test_user_' . rand();
+ $user->name = 'test_user_name_' . rand();
+ $user->email = 'test@user.net';
+ $user->container_guid = 0;
+ $user->owner_guid = 0;
+ $user->save();
+
+ $object = new ElggObject();
+ $object->save();
+
+ $group = new ElggGroup();
+ $group->save();
+
+ // disable access overrides because we're admin.
+ $ia = elgg_set_ignore_access(false);
+
+ $this->assertFalse(can_write_to_container($user->guid, $object->guid));
+
+ global $elgg_test_user;
+ $elgg_test_user = $user;
+
+ // register hook to allow access
+ function can_write_to_container_test_hook($hook, $type, $value, $params) {
+ global $elgg_test_user;
+
+ if ($params['user']->getGUID() == $elgg_test_user->getGUID()) {
+ return true;
+ }
+ }
+
+ elgg_register_plugin_hook_handler('container_permissions_check', 'all', 'can_write_to_container_test_hook');
+ $this->assertTrue(can_write_to_container($user->guid, $object->guid));
+ elgg_unregister_plugin_hook_handler('container_permissions_check', 'all', 'can_write_to_container_test_hook');
+
+ $this->assertFalse(can_write_to_container($user->guid, $group->guid));
+ $group->join($user);
+ $this->assertTrue(can_write_to_container($user->guid, $group->guid));
+
+ elgg_set_ignore_access($ia);
+
+ $user->delete();
+ $object->delete();
+ $group->delete();
+ }
+
+ function test_db_shutdown_links() {
+ global $DB_DELAYED_QUERIES, $test_results;
+ $DB_DELAYED_QUERIES = array();
+
+ function test_delayed_results($results) {
+ global $test_results;
+ $test_results = $results;
+ }
+
+ $q = 'SELECT 1 as test';
+
+ $links = array('read', 'write', get_db_link('read'), get_db_link('write'));
+
+ foreach ($links as $link) {
+ $DB_DELAYED_QUERIES = array();
+
+ $result = execute_delayed_query($q, $link, 'test_delayed_results');
+
+ $this->assertTrue($result, "Failed with link = $link");
+ $this->assertEqual(count($DB_DELAYED_QUERIES), 1);
+ $this->assertEqual($DB_DELAYED_QUERIES[0]['q'], $q);
+ $this->assertEqual($DB_DELAYED_QUERIES[0]['l'], $link);
+ $this->assertEqual($DB_DELAYED_QUERIES[0]['h'], 'test_delayed_results');
+
+ db_delayedexecution_shutdown_hook();
+
+ $num_rows = mysql_num_rows($test_results);
+ $this->assertEqual($num_rows, 1);
+ $row = mysql_fetch_assoc($test_results);
+ $this->assertEqual($row['test'], 1);
+ }
+
+ // test bad case
+ $DB_DELAYED_QUERIES = array();
+ $result = execute_delayed_query($q, 'not_a_link', 'test_delayed_results');
+ $this->assertFalse($result);
+ $this->assertEqual(array(), $DB_DELAYED_QUERIES);
+ }
+
+ /**
+ * https://github.com/elgg/elgg/issues/3210 - Don't remove -s in friendly titles
+ * https://github.com/elgg/elgg/issues/2276 - improve char encoding
+ */
+ public function test_friendly_title() {
+ $cases = array(
+ // acid test
+ "B&N > Amazon, OK? <bold> 'hey!' $34"
+ => "bn-amazon-ok-bold-hey-34",
+
+ // hyphen, underscore and ASCII whitespace replaced by separator,
+ // other non-alphanumeric ASCII removed
+ "a-a_a a\na\ra\ta\va!a\"a#a\$a%aa'a(a)a*a+a,a.a/a:a;a=a?a@a[a\\a]a^a`a{a|a}a~a"
+ => "a-a-a-a-a-a-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+
+ // separators trimmed
+ "-_ hello _-"
+ => "hello",
+
+ // accents removed, lower case, other multibyte chars are URL encoded
+ "I\xC3\xB1t\xC3\xABrn\xC3\xA2ti\xC3\xB4n\xC3\xA0liz\xC3\xA6ti\xC3\xB8n, AND \xE6\x97\xA5\xE6\x9C\xAC\xE8\xAA\x9E"
+ // Iñtërnâtiônàlizætiøn, AND 日本語
+ => 'internationalizaetion-and-%E6%97%A5%E6%9C%AC%E8%AA%9E',
+ );
+
+ // where available, string is converted to NFC before transliteration
+ if (ElggTranslit::hasNormalizerSupport()) {
+ $form_d = "A\xCC\x8A"; // A followed by 'COMBINING RING ABOVE' (U+030A)
+ $cases[$form_d] = "a";
+ }
+
+ foreach ($cases as $case => $expected) {
+ $friendly_title = elgg_get_friendly_title($case);
+ $this->assertIdentical($expected, $friendly_title);
+ }
+ }
+
+ /**
+ * Test #5369 -- parse_urls()
+ * https://github.com/Elgg/Elgg/issues/5369
+ */
+ public function test_parse_urls() {
+
+ $cases = array(
+ 'no.link.here' =>
+ 'no.link.here',
+ 'simple link http://example.org test' =>
+ 'simple link <a href="http://example.org" rel="nofollow">http:/<wbr />/<wbr />example.org</a> test',
+ 'non-ascii http://ñew.org/ test' =>
+ 'non-ascii <a href="http://ñew.org/" rel="nofollow">http:/<wbr />/<wbr />ñew.org/<wbr /></a> test',
+
+ // section 2.1
+ 'percent encoded http://example.org/a%20b test' =>
+ 'percent encoded <a href="http://example.org/a%20b" rel="nofollow">http:/<wbr />/<wbr />example.org/<wbr />a%20b</a> test',
+ // section 2.2: skipping single quote and parenthese
+ 'reserved characters http://example.org/:/?#[]@!$&*+,;= test' =>
+ 'reserved characters <a href="http://example.org/:/?#[]@!$&*+,;=" rel="nofollow">http:/<wbr />/<wbr />example.org/<wbr />:/<wbr />?#[]@!$&*+,;=</a> test',
+ // section 2.3
+ 'unreserved characters http://example.org/a1-._~ test' =>
+ 'unreserved characters <a href="http://example.org/a1-._~" rel="nofollow">http:/<wbr />/<wbr />example.org/<wbr />a1-._~</a> test',
+
+ 'parameters http://example.org/?val[]=1&val[]=2 test' =>
+ 'parameters <a href="http://example.org/?val[]=1&val[]=2" rel="nofollow">http:/<wbr />/<wbr />example.org/<wbr />?val[]=1&val[]=2</a> test',
+ 'port http://example.org:80/ test' =>
+ 'port <a href="http://example.org:80/" rel="nofollow">http:/<wbr />/<wbr />example.org:80/<wbr /></a> test',
+
+ 'parentheses (http://www.google.com) test' =>
+ 'parentheses (<a href="http://www.google.com" rel="nofollow">http:/<wbr />/<wbr />www.google.com</a>) test',
+ 'comma http://elgg.org, test' =>
+ 'comma <a href="http://elgg.org" rel="nofollow">http:/<wbr />/<wbr />elgg.org</a>, test',
+ 'period http://elgg.org. test' =>
+ 'period <a href="http://elgg.org" rel="nofollow">http:/<wbr />/<wbr />elgg.org</a>. test',
+ 'exclamation http://elgg.org! test' =>
+ 'exclamation <a href="http://elgg.org" rel="nofollow">http:/<wbr />/<wbr />elgg.org</a>! test',
+
+ 'already anchor <a href="http://twitter.com/">twitter</a> test' =>
+ 'already anchor <a href="http://twitter.com/">twitter</a> test',
+
+ 'ssl https://example.org/ test' =>
+ 'ssl <a href="https://example.org/" rel="nofollow">https:/<wbr />/<wbr />example.org/<wbr /></a> test',
+ 'ftp ftp://example.org/ test' =>
+ 'ftp <a href="ftp://example.org/" rel="nofollow">ftp:/<wbr />/<wbr />example.org/<wbr /></a> test',
+
+ 'web archive anchor <a href="http://web.archive.org/web/20000229040250/http://www.google.com/">google</a>' =>
+ 'web archive anchor <a href="http://web.archive.org/web/20000229040250/http://www.google.com/">google</a>',
+
+ 'single quotes already anchor <a href=\'http://www.yahoo.com\'>yahoo</a>' =>
+ 'single quotes already anchor <a href=\'http://www.yahoo.com\'>yahoo</a>',
+
+ 'unquoted already anchor <a href=http://www.yahoo.com>yahoo</a>' =>
+ 'unquoted already anchor <a href=http://www.yahoo.com>yahoo</a>',
+
+ 'parens in uri http://thedailywtf.com/Articles/A-(Long-Overdue)-BuildMaster-Introduction.aspx' =>
+ 'parens in uri <a href="http://thedailywtf.com/Articles/A-(Long-Overdue)-BuildMaster-Introduction.aspx" rel="nofollow">http:/<wbr />/<wbr />thedailywtf.com/<wbr />Articles/<wbr />A-(Long-Overdue)-BuildMaster-Introduction.aspx</a>'
+ );
+ foreach ($cases as $input => $output) {
+ $this->assertEqual($output, parse_urls($input));
+ }
+ }
+
+ /**
+ * Ensure additional select columns do not end up in entity attributes.
+ *
+ * https://github.com/Elgg/Elgg/issues/5538
+ */
+ public function test_extra_columns_dont_appear_in_attributes() {
+ global $ENTITY_CACHE;
+
+ // may not have groups in DB - let's create one
+ $group = new ElggGroup();
+ $group->name = 'test_group';
+ $group->access_id = ACCESS_PUBLIC;
+ $this->assertTrue($group->save() !== false);
+
+ // entity cache interferes with our test
+ $ENTITY_CACHE = array();
+
+ foreach (array('site', 'user', 'group', 'object') as $type) {
+ $entities = elgg_get_entities(array(
+ 'type' => $type,
+ 'selects' => array('1 as _nonexistent_test_column'),
+ 'limit' => 1,
+ ));
+ if (!$this->assertTrue($entities, "Query for '$type' did not return an entity.")) {
+ continue;
+ }
+ $entity = $entities[0];
+ $this->assertNull($entity->_nonexistent_test_column, "Additional select columns are leaking to attributes for '$type'");
+ }
+
+ $group->delete();
+ }
+
+ /**
+ * Ensure that ElggBatch doesn't go into infinite loop when disabling annotations recursively when show hidden is enabled.
+ *
+ * https://github.com/Elgg/Elgg/issues/5952
+ */
+ public function test_disabling_annotations_infinite_loop() {
+
+ //let's have some entity
+ $group = new ElggGroup();
+ $group->name = 'test_group';
+ $group->access_id = ACCESS_PUBLIC;
+ $this->assertTrue($group->save() !== false);
+
+ $total = 51;
+ //add some annotations
+ for ($cnt = 0; $cnt < $total; $cnt++) {
+ $group->annotate('test_annotation', 'value_' . $total);
+ }
+
+ //disable them
+ $show_hidden = access_get_show_hidden_status();
+ access_show_hidden_entities(true);
+ $options = array(
+ 'guid' => $group->guid,
+ 'limit' => $total, //using strict limit to avoid real infinite loop and just see ElggBatch limiting on it before finishing the work
+ );
+ elgg_disable_annotations($options);
+ access_show_hidden_entities($show_hidden);
+
+ //confirm all being disabled
+ $annotations = $group->getAnnotations(array(
+ 'limit' => $total,
+ ));
+ foreach ($annotations as $annotation) {
+ $this->assertTrue($annotation->enabled == 'no');
+ }
+
+ //delete group and annotations
+ $group->delete();
+ }
+
+ public function test_ElggXMLElement_does_not_load_external_entities() {
+ $elLast = libxml_disable_entity_loader(false);
+
+ // build payload that should trigger loading of external entity
+ $payload = file_get_contents(dirname(dirname(__FILE__)) . '/test_files/xxe/request.xml');
+ $path = realpath(dirname(dirname(__FILE__)) . '/test_files/xxe/external_entity.txt');
+ $path = str_replace('\\', '/', $path);
+ if ($path[0] != '/') {
+ $path = '/' . $path;
+ }
+ $path = 'file://' . $path;
+ $payload = sprintf($payload, $path);
+
+ // make sure we can actually this in this environment
+ $element = new SimpleXMLElement($payload);
+ $can_load_entity = preg_match('/secret/', (string)$element->methodName);
+
+ $this->skipUnless($can_load_entity, "XXE vulnerability cannot be tested on this system");
+
+ if ($can_load_entity) {
+ $el = new ElggXMLElement($payload);
+ $chidren = $el->getChildren();
+ $content = $chidren[0]->getContent();
+ $this->assertNoPattern('/secret/', $content);
+ }
+
+ libxml_disable_entity_loader($elLast);
+ }
+}