function CoderReviewSecurityTest::testSecurityDrupalSetMessage in Coder 7.2
Same name and namespace in other branches
- 7 coder_review/tests/coder_review_security.test \CoderReviewSecurityTest::testSecurityDrupalSetMessage()
Tests functionality to detect correct use of drupal_set_message().
File
- coder_review/
tests/ coder_review_security.test, line 85
Class
- CoderReviewSecurityTest
- Tests the Coder_review functionality to detect security-related rules.
Code
function testSecurityDrupalSetMessage() {
$this
->assertCoderReviewPass(' drupal_set_message(t("Here is some safe_data"));');
$this
->assertCoderReviewPass(' drupal_set_message(t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
$this
->assertCoderReviewPass(' drupal_set_message(t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
$this
->assertCoderReviewPass(' drupal_set_message(check_plain($tainted_data));');
$this
->assertCoderReviewPass(' drupal_set_message(filter_xss_admin($tainted_data));');
$this
->assertCoderReviewPass(' drupal_set_message(format_plural($tainted_count, "1 item", "@count items"));');
$this
->assertCoderReviewPass(' drupal_set_message(check_markup($tainted_data));');
$this
->assertCoderReviewPass(" function abc() {\n \$tainted_data = check_plain('mystring');\n drupal_set_message(\$tainted_data);\n}");
$this
->assertCoderReviewFail(" function abc() {\n drupal_set_message(\$tainted_data);\n}");
$this
->assertCoderReviewFail(' drupal_set_message(t($tainted_data));');
$this
->assertCoderReviewFail(' drupal_set_message("Here is some ". $tainted_data);');
$this
->assertCoderReviewFail(' drupal_set_message("Here is some $tainted_data");');
$this
->assertCoderReviewFail(' drupal_set_message(t("Here is some ". $tainted_data));');
$this
->assertCoderReviewFail(' drupal_set_message(t("Here is some !tainted_data", array("!tainted_data" => $tainted_data)));');
}