View source
<?php
namespace Drupal\Tests\filter\Functional;
use Drupal\Component\Utility\Html;
use Drupal\Core\Url;
use Drupal\filter\Entity\FilterFormat;
use Drupal\node\Entity\Node;
use Drupal\node\Entity\NodeType;
use Drupal\Tests\BrowserTestBase;
use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;
class FilterAdminTest extends BrowserTestBase {
protected static $modules = [
'block',
'filter',
'node',
'filter_test_plugin',
'dblog',
];
protected $defaultTheme = 'classy';
protected $adminUser;
protected $webUser;
protected function setUp() : void {
parent::setUp();
$this
->drupalCreateContentType([
'type' => 'page',
'name' => 'Basic page',
]);
$basic_html_format = FilterFormat::create([
'format' => 'basic_html',
'name' => 'Basic HTML',
'filters' => [
'filter_html' => [
'status' => 1,
'settings' => [
'allowed_html' => '<p> <br> <strong> <a> <em>',
],
],
],
]);
$basic_html_format
->save();
$restricted_html_format = FilterFormat::create([
'format' => 'restricted_html',
'name' => 'Restricted HTML',
'filters' => [
'filter_html' => [
'status' => TRUE,
'weight' => -10,
'settings' => [
'allowed_html' => '<p> <br> <strong> <a> <em> <h4>',
],
],
'filter_autop' => [
'status' => TRUE,
'weight' => 0,
],
'filter_url' => [
'status' => TRUE,
'weight' => 0,
],
'filter_htmlcorrector' => [
'status' => TRUE,
'weight' => 10,
],
],
]);
$restricted_html_format
->save();
$full_html_format = FilterFormat::create([
'format' => 'full_html',
'name' => 'Full HTML',
'weight' => 1,
'filters' => [],
]);
$full_html_format
->save();
$this->adminUser = $this
->drupalCreateUser([
'administer filters',
$basic_html_format
->getPermissionName(),
$restricted_html_format
->getPermissionName(),
$full_html_format
->getPermissionName(),
'access site reports',
]);
$this->webUser = $this
->drupalCreateUser([
'create page content',
'edit own page content',
]);
user_role_grant_permissions('authenticated', [
$basic_html_format
->getPermissionName(),
]);
user_role_grant_permissions('anonymous', [
$restricted_html_format
->getPermissionName(),
]);
$this
->drupalLogin($this->adminUser);
$this
->drupalPlaceBlock('local_actions_block');
}
public function testFormatAdmin() {
$this
->drupalGet('admin/config/content/formats');
$this
->clickLink('Add text format');
$format_id = mb_strtolower($this
->randomMachineName());
$name = $this
->randomMachineName();
$edit = [
'format' => $format_id,
'name' => $name,
];
$this
->submitForm($edit, 'Save configuration');
$this
->drupalGet('admin/config/content/formats');
$this
->assertSession()
->fieldValueEquals("formats[{$format_id}][weight]", 0);
$edit = [
"formats[{$format_id}][weight]" => 5,
];
$this
->drupalGet('admin/config/content/formats');
$this
->submitForm($edit, 'Save');
$this
->assertSession()
->fieldValueEquals("formats[{$format_id}][weight]", 5);
$this
->drupalGet('admin/config/content/formats');
$destination = Url::fromRoute('filter.admin_overview')
->toString();
$edit_href = Url::fromRoute('entity.filter_format.edit_form', [
'filter_format' => $format_id,
], [
'query' => [
'destination' => $destination,
],
])
->toString();
$this
->assertSession()
->linkByHrefExists($edit_href);
$this
->drupalGet('admin/config/content/formats/manage/' . $format_id);
$this
->submitForm([], 'Save configuration');
$this
->drupalGet('admin/config/content/formats');
$this
->assertSession()
->fieldValueEquals("formats[{$format_id}][weight]", 5);
$this
->assertSession()
->linkByHrefExists('admin/config/content/formats/manage/' . $format_id . '/disable');
$this
->drupalGet('admin/config/content/formats/manage/' . $format_id . '/disable');
$this
->submitForm([], 'Disable');
$this
->drupalGet('admin/config/content/formats/manage/' . $format_id);
$this
->assertSession()
->statusCodeEquals(404);
$edit = [
'format' => $format_id,
'name' => 'New format',
];
$this
->drupalGet('admin/config/content/formats/add');
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->pageTextContains('The machine-readable name is already in use. It must be unique.');
$edit = [
'format' => 'new_format',
'name' => $name,
];
$this
->drupalGet('admin/config/content/formats/add');
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->pageTextContains("Text format names must be unique. A format named {$name} already exists.");
}
public function testFilterAdmin() {
$first_filter = 'filter_autop';
$second_filter = 'filter_url';
$basic = 'basic_html';
$restricted = 'restricted_html';
$full = 'full_html';
$plain = 'plain_text';
$this
->assertSame($plain, filter_fallback_format(), 'The fallback format is set to plain text.');
$this
->drupalGet('admin/config/content/formats');
$this
->assertSession()
->responseNotContains('admin/config/content/formats/manage/' . $plain . '/disable');
$this
->drupalGet('admin/config/content/formats/manage/' . $plain . '/disable');
$this
->assertSession()
->statusCodeEquals(403);
$full_format = FilterFormat::load($full);
$this
->assertTrue($full_format
->access('use', $this->adminUser), 'Admin user may use Full HTML.');
$this
->assertFalse($full_format
->access('use', $this->webUser), 'Web user may not use Full HTML.');
$edit = [];
$edit['filters[filter_html][settings][allowed_html]'] = "<a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>\r\n<quote>";
$this
->drupalGet('admin/config/content/formats/manage/' . $restricted);
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->addressEquals('admin/config/content/formats/manage/' . $restricted);
$this
->drupalGet('admin/config/content/formats/manage/' . $restricted);
$this
->assertSession()
->fieldValueEquals('filters[filter_html][settings][allowed_html]', "<a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <quote>");
$elements = $this
->xpath('//select[@name=:first]/following::select[@name=:second]', [
':first' => 'filters[' . $first_filter . '][weight]',
':second' => 'filters[' . $second_filter . '][weight]',
]);
$this
->assertNotEmpty($elements, 'Order confirmed in admin interface.');
$edit = [];
$edit['filters[' . $second_filter . '][weight]'] = 1;
$edit['filters[' . $first_filter . '][weight]'] = 2;
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->addressEquals('admin/config/content/formats/manage/' . $restricted);
$this
->drupalGet('admin/config/content/formats/manage/' . $restricted);
$this
->assertSession()
->fieldValueEquals('filters[' . $second_filter . '][weight]', 1);
$this
->assertSession()
->fieldValueEquals('filters[' . $first_filter . '][weight]', 2);
$elements = $this
->xpath('//select[@name=:first]/following::select[@name=:second]', [
':first' => 'filters[' . $second_filter . '][weight]',
':second' => 'filters[' . $first_filter . '][weight]',
]);
$this
->assertNotEmpty($elements, 'Reorder confirmed in admin interface.');
$filter_format = FilterFormat::load($restricted);
foreach ($filter_format
->filters() as $filter_name => $filter) {
if ($filter_name == $second_filter || $filter_name == $first_filter) {
$filters[] = $filter_name;
}
}
$this
->assertEquals($filter_format
->filters($second_filter)->weight + 1, $filter_format
->filters($first_filter)->weight, 'Order confirmed in configuration.');
$edit = [];
$edit['format'] = mb_strtolower($this
->randomMachineName());
$edit['name'] = $this
->randomMachineName();
$edit['roles[' . RoleInterface::AUTHENTICATED_ID . ']'] = 1;
$edit['filters[' . $second_filter . '][status]'] = TRUE;
$edit['filters[' . $first_filter . '][status]'] = TRUE;
$this
->drupalGet('admin/config/content/formats/add');
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->addressEquals('admin/config/content/formats');
$this
->assertSession()
->pageTextContains("Added text format {$edit['name']}.");
filter_formats_reset();
$format = FilterFormat::load($edit['format']);
$this
->assertNotNull($format, 'Format found in database.');
$this
->drupalGet('admin/config/content/formats/manage/' . $format
->id());
$this
->assertSession()
->checkboxChecked('roles[' . RoleInterface::AUTHENTICATED_ID . ']');
$this
->assertSession()
->checkboxChecked('filters[' . $second_filter . '][status]');
$this
->assertSession()
->checkboxChecked('filters[' . $first_filter . '][status]');
\Drupal::entityTypeManager()
->getStorage('user_role')
->resetCache([
RoleInterface::AUTHENTICATED_ID,
]);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
$this
->assertTrue($role
->hasPermission($format
->getPermissionName()), 'The authenticated role has permission to use the filter.');
$this
->drupalGet('admin/config/content/formats/manage/' . $format
->id() . '/disable');
$this
->submitForm([], 'Disable');
$this
->assertSession()
->addressEquals('admin/config/content/formats');
$this
->assertSession()
->pageTextContains("Disabled text format {$edit['name']}.");
\Drupal::entityTypeManager()
->getStorage('user_role')
->resetCache([
RoleInterface::AUTHENTICATED_ID,
]);
$role = Role::load(RoleInterface::AUTHENTICATED_ID);
$this
->assertFalse($role
->hasPermission($format
->getPermissionName()), 'The filter permission has been removed from the authenticated role');
$format = FilterFormat::load($full);
$edit = [];
$edit['roles[' . RoleInterface::ANONYMOUS_ID . ']'] = 0;
$edit['roles[' . RoleInterface::AUTHENTICATED_ID . ']'] = 1;
$this
->drupalGet('admin/config/content/formats/manage/' . $full);
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->addressEquals('admin/config/content/formats/manage/' . $full);
$this
->assertSession()
->pageTextContains("The text format {$format->label()} has been updated.");
$this
->drupalLogin($this->webUser);
$this
->drupalGet('node/add/page');
$this
->assertSession()
->responseContains('<option value="' . $full . '">Full HTML</option>');
$body = '<em>' . $this
->randomMachineName() . '</em>';
$extra_text = 'text';
$text = $body . '<random>' . $extra_text . '</random>';
$edit = [];
$edit['title[0][value]'] = $this
->randomMachineName();
$edit['body[0][value]'] = $text;
$edit['body[0][format]'] = $basic;
$this
->drupalGet('node/add/page');
$this
->submitForm($edit, 'Save');
$this
->assertSession()
->pageTextContains('Basic page ' . $edit['title[0][value]'] . ' has been created.');
$this
->assertSession()
->elementExists('xpath', '//div[contains(@class, "messages")]//a[contains(@href, "node/")]');
$node = $this
->drupalGetNodeByTitle($edit['title[0][value]']);
$this
->assertNotEmpty($node, 'Node found in database.');
$this
->drupalGet('node/' . $node
->id());
$this
->assertSession()
->responseContains($body . $extra_text);
$this
->config('filter.settings')
->set('always_show_fallback_choice', TRUE)
->save();
$edit = [];
$edit['body[0][format]'] = $plain;
$this
->drupalGet('node/' . $node
->id() . '/edit');
$this
->submitForm($edit, 'Save');
$this
->drupalGet('node/' . $node
->id());
$this
->assertSession()
->assertEscaped($text);
$this
->config('filter.settings')
->set('always_show_fallback_choice', FALSE)
->save();
$this
->drupalLogin($this->adminUser);
$edit = [];
$edit['filters[filter_html][settings][allowed_html]'] = '<a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>';
$this
->drupalGet('admin/config/content/formats/manage/' . $basic);
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->addressEquals('admin/config/content/formats/manage/' . $basic);
$this
->drupalGet('admin/config/content/formats/manage/' . $basic);
$this
->assertSession()
->fieldValueEquals('filters[filter_html][settings][allowed_html]', $edit['filters[filter_html][settings][allowed_html]']);
$edit = [];
$edit['roles[' . RoleInterface::AUTHENTICATED_ID . ']'] = FALSE;
$this
->drupalGet('admin/config/content/formats/manage/' . $full);
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->addressEquals('admin/config/content/formats/manage/' . $full);
$this
->assertSession()
->pageTextContains("The text format {$format->label()} has been updated.");
$this
->drupalGet('admin/config/content/formats/manage/' . $full);
$this
->assertSession()
->fieldValueEquals('roles[' . RoleInterface::AUTHENTICATED_ID . ']', $edit['roles[' . RoleInterface::AUTHENTICATED_ID . ']']);
$edit = [];
$edit['filters[' . $second_filter . '][weight]'] = 2;
$edit['filters[' . $first_filter . '][weight]'] = 1;
$this
->drupalGet('admin/config/content/formats/manage/' . $basic);
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->addressEquals('admin/config/content/formats/manage/' . $basic);
$this
->drupalGet('admin/config/content/formats/manage/' . $basic);
$this
->assertSession()
->fieldValueEquals('filters[' . $second_filter . '][weight]', $edit['filters[' . $second_filter . '][weight]']);
$this
->assertSession()
->fieldValueEquals('filters[' . $first_filter . '][weight]', $edit['filters[' . $first_filter . '][weight]']);
}
public function testUrlFilterAdmin() {
$edit = [
'filters[filter_url][settings][filter_url_length]' => $this
->randomMachineName(4),
];
$this
->drupalGet('admin/config/content/formats/manage/basic_html');
$this
->submitForm($edit, 'Save configuration');
$this
->assertSession()
->pageTextNotContains("The text format Basic HTML has been updated.");
}
public function testFilterTipHtmlEscape() {
$this
->drupalLogin($this->adminUser);
global $base_url;
$site_name_with_markup = 'Filter test <script>alert(\'here\');</script> site name';
$this
->config('system.site')
->set('name', $site_name_with_markup)
->save();
$link = '<a href="' . $base_url . '">' . Html::escape($site_name_with_markup) . '</a>';
$ampersand = '&';
$link_as_code = '<code>' . Html::escape($link) . '</code>';
$ampersand_as_code = '<code>' . Html::escape($ampersand) . '</code>';
$this
->drupalGet('filter/tips');
$this
->assertSession()
->responseContains('<td class="type">' . $link_as_code . '</td>');
$this
->assertSession()
->responseContains('<td class="get">' . $link . '</td>');
$this
->assertSession()
->responseContains('<td class="type">' . $ampersand_as_code . '</td>');
$this
->assertSession()
->responseContains('<td class="get">' . $ampersand . '</td>');
}
public function testDisabledFormat() {
$node_type = NodeType::create([
'type' => mb_strtolower($this
->randomMachineName()),
]);
$node_type
->save();
node_add_body_field($node_type, $this
->randomString());
$format = FilterFormat::create([
'name' => $this
->randomString(),
'format' => $format_id = mb_strtolower($this
->randomMachineName()),
]);
$format
->setFilterConfig('filter_static_text', [
'status' => TRUE,
]);
$format
->save();
$node = Node::create([
'type' => $node_type
->id(),
'title' => $this
->randomString(),
]);
$body_value = $this
->randomString();
$node->body->value = $body_value;
$node->body->format = $format_id;
$node
->save();
$this
->drupalGet($node
->toUrl());
$this
->assertSession()
->pageTextContains('filtered text');
$format
->disable()
->save();
$this
->drupalGet($node
->toUrl());
$this
->assertSession()
->pageTextNotContains('filtered text');
$this
->assertSession()
->responseNotContains($body_value);
$this
->assertSession()
->assertNoEscaped($body_value);
$this
->drupalLogin($this->adminUser);
$this
->drupalGet('admin/reports/dblog');
$this
->assertSession()
->pageTextContains(sprintf('Disabled text format: %s.', $format_id));
$format_id = $this
->randomMachineName();
$node->body->format = $format_id;
$node
->save();
$this
->drupalGet($node
->toUrl());
$this
->assertSession()
->responseNotContains($body_value);
$this
->assertSession()
->assertNoEscaped($body_value);
$this
->drupalGet('admin/reports/dblog');
$this
->assertSession()
->pageTextContains(sprintf('Missing text format: %s.', $format_id));
}
}