You are here

Home » API reference » Coder 6.2 » coder_security.test » CoderSecurityTest

function CoderSecurityTest::testSecurityPregReplaceEval in Coder 6.2

File

tests/coder_security.test, line 196

Class

CoderSecurityTest

Code

function testSecurityPregReplaceEval() {
  $this
    ->assertCoderPass('  $txt = preg_replace("@(<a href=(.\\S+?)[^>]*>(.+?)</a>)@mi", "myfunction("\\2", "\\3")", $txt);');
  $this
    ->assertCoderFail('  $txt = preg_replace("@(<a href=(.\\S+?)[^>]*>(.+?)</a>)@emi", "myfunction("\\2", "\\3")", $txt);');
  $this
    ->assertCoderPass('  $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/mis", "myfunction($foo)", $txt);');
  $this
    ->assertCoderFail('  $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/emis", "myfunction($foo)", $txt);');
  $this
    ->assertCoderPass('  $text=preg_replace("/^((> ?)+)([^>])/m", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
  $this
    ->assertCoderFail('  $text=preg_replace("/^((> ?)+)([^>])/me", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
}