function LinkValidateTest::test_link_validate_switching_between_validation_status in Link 6.2
Test if a bad url can sneak through un-filtered if we play with the validation...
File
- tests/
link.validate.test, line 207 - Tests that exercise the validation functions in the link module.
Class
Code
function test_link_validate_switching_between_validation_status() {
$this
->acquireContentTypes(1);
$account = $this
->drupalCreateUser(array(
'administer content types',
'administer nodes',
'access administration pages',
'access content',
'create ' . $this->content_types[0]->type . ' content',
'edit any ' . $this->content_types[0]->type . ' content',
));
$this
->drupalLogin($account);
variable_set('node_options_' . $this->content_types[0]->name, array(
'status',
'promote',
));
$field_settings = array(
'type' => 'link',
'widget_type' => 'link',
'type_name' => $this->content_types[0]->name,
'attributes' => array(),
// <-- This is needed or we have an error
'validate_url' => 0,
);
$field = $this
->createField($field_settings, 0);
//$this->fail('<pre>'. print_r($field, TRUE) .'</pre>');
$field_db_info = content_database_info($field);
$this
->acquireNodes(2);
$node = node_load($this->nodes[0]->nid);
$this
->drupalGet('node/' . $this->nodes[0]->nid);
$edit = array();
$title = $this
->randomName();
$url = 'javascript:alert("http://example.com/' . $this
->randomName() . '")';
$edit[$field['field_name'] . '[0][url]'] = $url;
$edit[$field['field_name'] . '[0][title]'] = $title;
$this
->drupalPost('node/' . $this->nodes[0]->nid . '/edit', $edit, t('Save'));
//$this->pass($this->content);
$this
->assertNoText(t('Not a valid URL.'));
// Make sure we get a new version!
$node = node_load($this->nodes[0]->nid, NULL, TRUE);
$this
->assertEqual($url, $node->{$field['field_name']}[0]['url']);
$this
->drupalGet('node/' . $node->nid);
$this
->assertNoRaw($url, 'Make sure Javascript does not display.');
// Turn the array validation back _on_.
$edit = array(
'validate_url' => TRUE,
);
$node_type_link = str_replace('_', '-', $node->type);
//$this->drupalGet('admin/content/node-type/'. $node_type_link .'/fields'); ///'. $field['field_name']);
//$this->fail($this->content);
$this
->drupalPost('admin/content/node-type/' . $node_type_link . '/fields/' . $field['field_name'], $edit, t('Save field settings'));
$this
->drupalGet('node/' . $node->nid);
// This actually works because the display_url goes through the core
// url() function. But we should have a test that makes sure it continues
// to work.
$this
->assertNoRaw($url, 'Make sure Javascript does not display.');
//$this->fail($this->content);
}