You are here

function CoderReviewSecurityTest::testSecurityPregReplaceEval in Coder 7

Same name and namespace in other branches
  1. 7.2 coder_review/tests/coder_review_security.test \CoderReviewSecurityTest::testSecurityPregReplaceEval()

File

coder_review/tests/coder_review_security.test, line 203

Class

CoderReviewSecurityTest

Code

function testSecurityPregReplaceEval() {
  $this
    ->assertCoderReviewPass('  $txt = preg_replace("@(<a href=(.\\S+?)[^>]*>(.+?)</a>)@mi", "myfunction("\\2", "\\3")", $txt);');
  $this
    ->assertCoderReviewFail('  $txt = preg_replace("@(<a href=(.\\S+?)[^>]*>(.+?)</a>)@emi", "myfunction("\\2", "\\3")", $txt);');
  $this
    ->assertCoderReviewPass('  $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/mis", "myfunction($foo)", $txt);');
  $this
    ->assertCoderReviewFail('  $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/emis", "myfunction($foo)", $txt);');
  $this
    ->assertCoderReviewPass('  $text=preg_replace("/^((> ?)+)([^>])/m", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
  $this
    ->assertCoderReviewFail('  $text=preg_replace("/^((> ?)+)([^>])/me", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
}