class EditorSecurityTest in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/editor/src/Tests/EditorSecurityTest.php \Drupal\editor\Tests\EditorSecurityTest
Tests XSS protection for content creators when using text editors.
@group editor
Hierarchy
- class \Drupal\simpletest\TestBase uses AssertHelperTrait, RandomGeneratorTrait, SessionTestTrait
- class \Drupal\simpletest\WebTestBase uses AssertContentTrait, UserCreationTrait
- class \Drupal\editor\Tests\EditorSecurityTest
- class \Drupal\simpletest\WebTestBase uses AssertContentTrait, UserCreationTrait
Expanded class hierarchy of EditorSecurityTest
File
- core/
modules/ editor/ src/ Tests/ EditorSecurityTest.php, line 18 - Contains \Drupal\editor\Tests\EditorSecurityTest.
Namespace
Drupal\editor\TestsView source
class EditorSecurityTest extends WebTestBase {
/**
* The sample content to use in all tests.
*
* @var string
*/
protected static $sampleContent = '<p style="color: red">Hello, Dumbo Octopus!</p><script>alert(0)</script><embed type="image/svg+xml" src="image.svg" />';
/**
* The secured sample content to use in most tests.
*
* @var string
*/
protected static $sampleContentSecured = '<p>Hello, Dumbo Octopus!</p>alert(0)';
/**
* The secured sample content to use in tests when the <embed> tag is allowed.
*
* @var string
*/
protected static $sampleContentSecuredEmbedAllowed = '<p>Hello, Dumbo Octopus!</p>alert(0)<embed type="image/svg+xml" src="image.svg" />';
/**
* Modules to enable.
*
* @var array
*/
public static $modules = array(
'filter',
'editor',
'editor_test',
'node',
);
/**
* User with access to Restricted HTML text format without text editor.
*
* @var \Drupal\user\UserInterface
*/
protected $untrustedUser;
/**
* User with access to Restricted HTML text format with text editor.
*
* @var \Drupal\user\UserInterface
*/
protected $normalUser;
/**
* User with access to Restricted HTML text format, dangerous tags allowed
* with text editor.
*
* @var \Drupal\user\UserInterface
*/
protected $trustedUser;
/**
* User with access to all text formats and text editors.
*
* @var \Drupal\user\UserInterface
*/
protected $privilegedUser;
protected function setUp() {
parent::setUp();
// Create 5 text formats, to cover all potential use cases:
// 1. restricted_without_editor (untrusted: anonymous)
// 2. restricted_with_editor (normal: authenticated)
// 3. restricted_plus_dangerous_tag_with_editor (privileged: trusted)
// 4. unrestricted_without_editor (privileged: admin)
// 5. unrestricted_with_editor (privileged: admin)
// With text formats 2, 3 and 5, we also associate a text editor that does
// not guarantee XSS safety. "restricted" means the text format has XSS
// filters on output, "unrestricted" means the opposite.
$format = entity_create('filter_format', array(
'format' => 'restricted_without_editor',
'name' => 'Restricted HTML, without text editor',
'weight' => 0,
'filters' => array(
// A filter of the FilterInterface::TYPE_HTML_RESTRICTOR type.
'filter_html' => array(
'status' => 1,
'settings' => array(
'allowed_html' => '<h2> <h3> <h4> <h5> <h6> <p> <br> <strong> <a>',
),
),
),
));
$format
->save();
$format = entity_create('filter_format', array(
'format' => 'restricted_with_editor',
'name' => 'Restricted HTML, with text editor',
'weight' => 1,
'filters' => array(
// A filter of the FilterInterface::TYPE_HTML_RESTRICTOR type.
'filter_html' => array(
'status' => 1,
'settings' => array(
'allowed_html' => '<h2> <h3> <h4> <h5> <h6> <p> <br> <strong> <a>',
),
),
),
));
$format
->save();
$editor = entity_create('editor', array(
'format' => 'restricted_with_editor',
'editor' => 'unicorn',
));
$editor
->save();
$format = entity_create('filter_format', array(
'format' => 'restricted_plus_dangerous_tag_with_editor',
'name' => 'Restricted HTML, dangerous tag allowed, with text editor',
'weight' => 1,
'filters' => array(
// A filter of the FilterInterface::TYPE_HTML_RESTRICTOR type.
'filter_html' => array(
'status' => 1,
'settings' => array(
'allowed_html' => '<h2> <h3> <h4> <h5> <h6> <p> <br> <strong> <a> <embed>',
),
),
),
));
$format
->save();
$editor = entity_create('editor', array(
'format' => 'restricted_plus_dangerous_tag_with_editor',
'editor' => 'unicorn',
));
$editor
->save();
$format = entity_create('filter_format', array(
'format' => 'unrestricted_without_editor',
'name' => 'Unrestricted HTML, without text editor',
'weight' => 0,
'filters' => array(),
));
$format
->save();
$format = entity_create('filter_format', array(
'format' => 'unrestricted_with_editor',
'name' => 'Unrestricted HTML, with text editor',
'weight' => 1,
'filters' => array(),
));
$format
->save();
$editor = entity_create('editor', array(
'format' => 'unrestricted_with_editor',
'editor' => 'unicorn',
));
$editor
->save();
// Create node type.
$this
->drupalCreateContentType(array(
'type' => 'article',
'name' => 'Article',
));
// Create 4 users, each with access to different text formats/editors:
// - "untrusted": restricted_without_editor
// - "normal": restricted_with_editor,
// - "trusted": restricted_plus_dangerous_tag_with_editor
// - "privileged": restricted_without_editor, restricted_with_editor,
// restricted_plus_dangerous_tag_with_editor,
// unrestricted_without_editor and unrestricted_with_editor
$this->untrustedUser = $this
->drupalCreateUser(array(
'create article content',
'edit any article content',
'use text format restricted_without_editor',
));
$this->normalUser = $this
->drupalCreateUser(array(
'create article content',
'edit any article content',
'use text format restricted_with_editor',
));
$this->trustedUser = $this
->drupalCreateUser(array(
'create article content',
'edit any article content',
'use text format restricted_plus_dangerous_tag_with_editor',
));
$this->privilegedUser = $this
->drupalCreateUser(array(
'create article content',
'edit any article content',
'use text format restricted_without_editor',
'use text format restricted_with_editor',
'use text format restricted_plus_dangerous_tag_with_editor',
'use text format unrestricted_without_editor',
'use text format unrestricted_with_editor',
));
// Create an "article" node for each possible text format, with the same
// sample content, to do our tests on.
$samples = array(
array(
'author' => $this->untrustedUser
->id(),
'format' => 'restricted_without_editor',
),
array(
'author' => $this->normalUser
->id(),
'format' => 'restricted_with_editor',
),
array(
'author' => $this->trustedUser
->id(),
'format' => 'restricted_plus_dangerous_tag_with_editor',
),
array(
'author' => $this->privilegedUser
->id(),
'format' => 'unrestricted_without_editor',
),
array(
'author' => $this->privilegedUser
->id(),
'format' => 'unrestricted_with_editor',
),
);
foreach ($samples as $sample) {
$this
->drupalCreateNode(array(
'type' => 'article',
'body' => array(
array(
'value' => self::$sampleContent,
'format' => $sample['format'],
),
),
'uid' => $sample['author'],
));
}
}
/**
* Tests initial security: is the user safe without switching text formats?
*
* Tests 8 scenarios. Tests only with a text editor that is not XSS-safe.
*/
function testInitialSecurity() {
$expected = array(
array(
'node_id' => 1,
'format' => 'restricted_without_editor',
// No text editor => no XSS filtering.
'value' => self::$sampleContent,
'users' => array(
$this->untrustedUser,
$this->privilegedUser,
),
),
array(
'node_id' => 2,
'format' => 'restricted_with_editor',
// Text editor => XSS filtering.
'value' => self::$sampleContentSecured,
'users' => array(
$this->normalUser,
$this->privilegedUser,
),
),
array(
'node_id' => 3,
'format' => 'restricted_plus_dangerous_tag_with_editor',
// Text editor => XSS filtering.
'value' => self::$sampleContentSecuredEmbedAllowed,
'users' => array(
$this->trustedUser,
$this->privilegedUser,
),
),
array(
'node_id' => 4,
'format' => 'unrestricted_without_editor',
// No text editor => no XSS filtering.
'value' => self::$sampleContent,
'users' => array(
$this->privilegedUser,
),
),
array(
'node_id' => 5,
'format' => 'unrestricted_with_editor',
// Text editor, no security filter => no XSS filtering.
'value' => self::$sampleContent,
'users' => array(
$this->privilegedUser,
),
),
);
// Log in as each user that may edit the content, and assert the value.
foreach ($expected as $case) {
foreach ($case['users'] as $account) {
$this
->pass(format_string('Scenario: sample %sample_id, %format.', array(
'%sample_id' => $case['node_id'],
'%format' => $case['format'],
)));
$this
->drupalLogin($account);
$this
->drupalGet('node/' . $case['node_id'] . '/edit');
$dom_node = $this
->xpath('//textarea[@id="edit-body-0-value"]');
$this
->assertIdentical($case['value'], (string) $dom_node[0], 'The value was correctly filtered for XSS attack vectors.');
}
}
}
/**
* Tests administrator security: is the user safe when switching text formats?
*
* Tests 24 scenarios. Tests only with a text editor that is not XSS-safe.
*
* When changing from a more restrictive text format with a text editor (or a
* text format without a text editor) to a less restrictive text format, it is
* possible that a malicious user could trigger an XSS.
*
* E.g. when switching a piece of text that uses the Restricted HTML text
* format and contains a <script> tag to the Full HTML text format, the
* <script> tag would be executed. Unless we apply appropriate filtering.
*/
function testSwitchingSecurity() {
$expected = array(
array(
'node_id' => 1,
'value' => self::$sampleContent,
// No text editor => no XSS filtering.
'format' => 'restricted_without_editor',
'switch_to' => array(
'restricted_with_editor' => self::$sampleContentSecured,
// Intersection of restrictions => most strict XSS filtering.
'restricted_plus_dangerous_tag_with_editor' => self::$sampleContentSecured,
// No text editor => no XSS filtering.
'unrestricted_without_editor' => FALSE,
'unrestricted_with_editor' => self::$sampleContentSecured,
),
),
array(
'node_id' => 2,
'value' => self::$sampleContentSecured,
// Text editor => XSS filtering.
'format' => 'restricted_with_editor',
'switch_to' => array(
// No text editor => no XSS filtering.
'restricted_without_editor' => FALSE,
// Intersection of restrictions => most strict XSS filtering.
'restricted_plus_dangerous_tag_with_editor' => self::$sampleContentSecured,
// No text editor => no XSS filtering.
'unrestricted_without_editor' => FALSE,
'unrestricted_with_editor' => self::$sampleContentSecured,
),
),
array(
'node_id' => 3,
'value' => self::$sampleContentSecuredEmbedAllowed,
// Text editor => XSS filtering.
'format' => 'restricted_plus_dangerous_tag_with_editor',
'switch_to' => array(
// No text editor => no XSS filtering.
'restricted_without_editor' => FALSE,
// Intersection of restrictions => most strict XSS filtering.
'restricted_with_editor' => self::$sampleContentSecured,
// No text editor => no XSS filtering.
'unrestricted_without_editor' => FALSE,
// Intersection of restrictions => most strict XSS filtering.
'unrestricted_with_editor' => self::$sampleContentSecured,
),
),
array(
'node_id' => 4,
'value' => self::$sampleContent,
// No text editor => no XSS filtering.
'format' => 'unrestricted_without_editor',
'switch_to' => array(
// No text editor => no XSS filtering.
'restricted_without_editor' => FALSE,
'restricted_with_editor' => self::$sampleContentSecured,
// Intersection of restrictions => most strict XSS filtering.
'restricted_plus_dangerous_tag_with_editor' => self::$sampleContentSecured,
// From no editor, no security filters, to editor, still no security
// filters: resulting content when viewed was already vulnerable, so
// it must be intentional.
'unrestricted_with_editor' => FALSE,
),
),
array(
'node_id' => 5,
'value' => self::$sampleContentSecured,
// Text editor => XSS filtering.
'format' => 'unrestricted_with_editor',
'switch_to' => array(
// From editor, no security filters to security filters, no editor: no
// risk.
'restricted_without_editor' => FALSE,
'restricted_with_editor' => self::$sampleContentSecured,
// Intersection of restrictions => most strict XSS filtering.
'restricted_plus_dangerous_tag_with_editor' => self::$sampleContentSecured,
// From no editor, no security filters, to editor, still no security
// filters: resulting content when viewed was already vulnerable, so
// it must be intentional.
'unrestricted_without_editor' => FALSE,
),
),
);
// Log in as the privileged user, and for every sample, do the following:
// - switch to every other text format/editor
// - assert the XSS-filtered values that we get from the server
$this
->drupalLogin($this->privilegedUser);
foreach ($expected as $case) {
$this
->drupalGet('node/' . $case['node_id'] . '/edit');
// Verify data- attributes.
$dom_node = $this
->xpath('//textarea[@id="edit-body-0-value"]');
$this
->assertIdentical(self::$sampleContent, (string) $dom_node[0]['data-editor-value-original'], 'The data-editor-value-original attribute is correctly set.');
$this
->assertIdentical('false', (string) $dom_node[0]['data-editor-value-is-changed'], 'The data-editor-value-is-changed attribute is correctly set.');
// Switch to every other text format/editor and verify the results.
foreach ($case['switch_to'] as $format => $expected_filtered_value) {
$this
->pass(format_string('Scenario: sample %sample_id, switch from %original_format to %format.', array(
'%sample_id' => $case['node_id'],
'%original_format' => $case['format'],
'%format' => $format,
)));
$post = array(
'value' => self::$sampleContent,
'original_format_id' => $case['format'],
);
$response = $this
->drupalPostWithFormat('editor/filter_xss/' . $format, 'json', $post);
$this
->assertResponse(200);
$json = Json::decode($response);
$this
->assertIdentical($json, $expected_filtered_value, 'The value was correctly filtered for XSS attack vectors.');
}
}
}
/**
* Tests the standard text editor XSS filter being overridden.
*/
function testEditorXssFilterOverride() {
// First: the Standard text editor XSS filter.
$this
->drupalLogin($this->normalUser);
$this
->drupalGet('node/2/edit');
$dom_node = $this
->xpath('//textarea[@id="edit-body-0-value"]');
$this
->assertIdentical(self::$sampleContentSecured, (string) $dom_node[0], 'The value was filtered by the Standard text editor XSS filter.');
// Enable editor_test.module's hook_editor_xss_filter_alter() implementation
// to alter the text editor XSS filter class being used.
\Drupal::state()
->set('editor_test_editor_xss_filter_alter_enabled', TRUE);
// First: the Insecure text editor XSS filter.
$this
->drupalGet('node/2/edit');
$dom_node = $this
->xpath('//textarea[@id="edit-body-0-value"]');
$this
->assertIdentical(self::$sampleContent, (string) $dom_node[0], 'The value was filtered by the Insecure text editor XSS filter.');
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
AssertContentTrait:: |
protected | property | The current raw content. | |
|
AssertContentTrait:: |
protected | property | The drupalSettings value from the current raw $content. | |
|
AssertContentTrait:: |
protected | property | The XML structure parsed from the current raw $content. | 2 |
|
AssertContentTrait:: |
protected | property | The plain-text content of raw $content (text nodes). | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text IS found escaped on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name or ID. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given ID and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page by the given XPath. | |
|
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is checked. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page with a given Xpath result. | |
|
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is found. | |
|
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is found. | |
|
AssertContentTrait:: |
protected | function | Asserts that each HTML ID is used for just a single element. | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text IS NOT found escaped on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name or ID. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given ID and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist or its value does not match, by XPath. | |
|
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is not checked. | |
|
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is not found. | |
|
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is not found. | |
|
AssertContentTrait:: |
protected | function | Passes if a link containing a given href is not found in the main region. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page does not exist. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is not checked. | |
|
AssertContentTrait:: |
protected | function | Triggers a pass if the perl regex pattern is not found in raw content. | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text is NOT found on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) does not contains the text. | |
|
AssertContentTrait:: |
protected | function | Pass if the page title is not the given string. | |
|
AssertContentTrait:: |
protected | function | Passes if the text is found MORE THAN ONCE on the text version of the page. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
|
AssertContentTrait:: |
protected | function | Triggers a pass if the Perl regex pattern is found in the raw content. | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text IS found on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) contains the text. | |
|
AssertContentTrait:: |
protected | function | Helper for assertText and assertNoText. | |
|
AssertContentTrait:: |
protected | function | Asserts that a Perl regex pattern is found in the plain-text content. | |
|
AssertContentTrait:: |
protected | function | Asserts themed output. | |
|
AssertContentTrait:: |
protected | function | Pass if the page title is the given string. | |
|
AssertContentTrait:: |
protected | function | Passes if the text is found ONLY ONCE on the text version of the page. | |
|
AssertContentTrait:: |
protected | function | Helper for assertUniqueText and assertNoUniqueText. | |
|
AssertContentTrait:: |
protected | function | Builds an XPath query. | |
|
AssertContentTrait:: |
protected | function | Helper: Constructs an XPath for the given set of attributes and value. | |
|
AssertContentTrait:: |
protected | function | Searches elements using a CSS selector in the raw content. | |
|
AssertContentTrait:: |
protected | function | Get all option elements, including nested options, in a select. | |
|
AssertContentTrait:: |
protected | function | Gets the value of drupalSettings for the currently-loaded page. | |
|
AssertContentTrait:: |
protected | function | Gets the current raw content. | |
|
AssertContentTrait:: |
protected | function | Get the selected value from a select field. | |
|
AssertContentTrait:: |
protected | function | Retrieves the plain-text content from the current raw content. | |
|
AssertContentTrait:: |
protected | function | Get the current URL from the cURL handler. | 1 |
|
AssertContentTrait:: |
protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |
|
AssertContentTrait:: |
protected | function | Removes all white-space between HTML tags from the raw content. | |
|
AssertContentTrait:: |
protected | function | Sets the value of drupalSettings for the currently-loaded page. | |
|
AssertContentTrait:: |
protected | function | Sets the raw content (e.g. HTML). | |
|
AssertContentTrait:: |
protected | function | Performs an xpath search on the contents of the internal browser. | |
|
AssertHelperTrait:: |
protected | function | Casts MarkupInterface objects into strings. | |
|
EditorSecurityTest:: |
public static | property | Modules to enable. | |
|
EditorSecurityTest:: |
protected | property | User with access to Restricted HTML text format with text editor. | |
|
EditorSecurityTest:: |
protected | property | User with access to all text formats and text editors. | |
|
EditorSecurityTest:: |
protected static | property | The sample content to use in all tests. | |
|
EditorSecurityTest:: |
protected static | property | The secured sample content to use in most tests. | |
|
EditorSecurityTest:: |
protected static | property | The secured sample content to use in tests when the <embed> tag is allowed. | |
|
EditorSecurityTest:: |
protected | property | User with access to Restricted HTML text format, dangerous tags allowed with text editor. | |
|
EditorSecurityTest:: |
protected | property | User with access to Restricted HTML text format without text editor. | |
|
EditorSecurityTest:: |
protected | function |
Sets up a Drupal site for running functional and integration tests. Overrides WebTestBase:: |
|
|
EditorSecurityTest:: |
function | Tests the standard text editor XSS filter being overridden. | ||
|
EditorSecurityTest:: |
function | Tests initial security: is the user safe without switching text formats? | ||
|
EditorSecurityTest:: |
function | Tests administrator security: is the user safe when switching text formats? | ||
|
RandomGeneratorTrait:: |
protected | property | The random generator. | |
|
RandomGeneratorTrait:: |
protected | function | Gets the random generator for the utility methods. | |
|
RandomGeneratorTrait:: |
protected | function | Generates a unique random string containing letters and numbers. | |
|
RandomGeneratorTrait:: |
public | function | Generates a random PHP object. | |
|
RandomGeneratorTrait:: |
public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |
|
RandomGeneratorTrait:: |
public | function | Callback for random string validation. | |
|
SessionTestTrait:: |
protected | property | The name of the session cookie. | |
|
SessionTestTrait:: |
protected | function | Generates a session cookie name. | |
|
SessionTestTrait:: |
protected | function | Returns the session name in use on the child site. | |
|
TestBase:: |
protected | property | Assertions thrown in that test case. | |
|
TestBase:: |
protected | property | The config importer that can used in a test. | 5 |
|
TestBase:: |
protected static | property | An array of config object names that are excluded from schema checking. | |
|
TestBase:: |
protected | property | The dependency injection container used in the test. | |
|
TestBase:: |
protected | property | The database prefix of this test run. | |
|
TestBase:: |
public | property | Whether to die in case any test assertion fails. | |
|
TestBase:: |
protected | property | HTTP authentication credentials (<username>:<password>). | |
|
TestBase:: |
protected | property | HTTP authentication method (specified as a CURLAUTH_* constant). | |
|
TestBase:: |
protected | property | The original configuration (variables), if available. | |
|
TestBase:: |
protected | property | The original configuration (variables). | |
|
TestBase:: |
protected | property | The original configuration directories. | |
|
TestBase:: |
protected | property | The original container. | |
|
TestBase:: |
protected | property | The original file directory, before it was changed for testing purposes. | |
|
TestBase:: |
protected | property | The original language. | |
|
TestBase:: |
protected | property | The original database prefix when running inside Simpletest. | |
|
TestBase:: |
protected | property | The original installation profile. | |
|
TestBase:: |
protected | property | The name of the session cookie of the test-runner. | |
|
TestBase:: |
protected | property | The settings array. | |
|
TestBase:: |
protected | property | The site directory of the original parent site. | |
|
TestBase:: |
protected | property | The private file directory for the test environment. | |
|
TestBase:: |
protected | property | The public file directory for the test environment. | |
|
TestBase:: |
public | property | Current results of this test case. | |
|
TestBase:: |
protected | property | The site directory of this test run. | |
|
TestBase:: |
protected | property | This class is skipped when looking for the source of an assertion. | |
|
TestBase:: |
protected | property | Set to TRUE to strict check all configuration saved. | 4 |
|
TestBase:: |
protected | property | The temporary file directory for the test environment. | |
|
TestBase:: |
protected | property | The test run ID. | |
|
TestBase:: |
protected | property | Time limit for the test. | |
|
TestBase:: |
protected | property | The translation file directory for the test environment. | |
|
TestBase:: |
public | property | TRUE if verbose debugging is enabled. | |
|
TestBase:: |
protected | property | Safe class name for use in verbose output filenames. | |
|
TestBase:: |
protected | property | Directory where verbose output files are put. | |
|
TestBase:: |
protected | property | URL to the verbose output file directory. | |
|
TestBase:: |
protected | property | Incrementing identifier for verbose output filenames. | |
|
TestBase:: |
protected | function | Internal helper: stores the assert. | |
|
TestBase:: |
protected | function | Check to see if two values are equal. | |
|
TestBase:: |
protected | function | Asserts that a specific error has been logged to the PHP error log. | |
|
TestBase:: |
protected | function | Check to see if a value is false. | |
|
TestBase:: |
protected | function | Check to see if two values are identical. | |
|
TestBase:: |
protected | function | Checks to see if two objects are identical. | |
|
TestBase:: |
protected | function | Asserts that no errors have been logged to the PHP error.log thus far. | |
|
TestBase:: |
protected | function | Check to see if two values are not equal. | |
|
TestBase:: |
protected | function | Check to see if two values are not identical. | |
|
TestBase:: |
protected | function | Check to see if a value is not NULL. | |
|
TestBase:: |
protected | function | Check to see if a value is NULL. | |
|
TestBase:: |
protected | function | Check to see if a value is not false. | |
|
TestBase:: |
protected | function | Act on global state information before the environment is altered for a test. | 1 |
|
TestBase:: |
private | function | Changes the database connection to the prefixed one. | |
|
TestBase:: |
protected | function | Checks the matching requirements for Test. | 2 |
|
TestBase:: |
protected | function | Configuration accessor for tests. Returns non-overridden configuration. | |
|
TestBase:: |
public | function | Returns a ConfigImporter object to import test importing of configuration. | 5 |
|
TestBase:: |
public | function | Copies configuration objects from source storage to target storage. | |
|
TestBase:: |
public static | function | Delete an assertion record by message ID. | |
|
TestBase:: |
protected | function | Fire an error assertion. | 3 |
|
TestBase:: |
public | function | Handle errors during test runs. | |
|
TestBase:: |
protected | function | Handle exceptions. | |
|
TestBase:: |
protected | function | Fire an assertion that is always negative. | |
|
TestBase:: |
public static | function | Ensures test files are deletable within file_unmanaged_delete_recursive(). | |
|
TestBase:: |
public static | function | Converts a list of possible parameters into a stack of permutations. | |
|
TestBase:: |
protected | function | Cycles through backtrace until the first non-assertion method is found. | |
|
TestBase:: |
protected | function | Gets the config schema exclusions for this test. | |
|
TestBase:: |
public static | function | Returns the database connection to the site running Simpletest. | |
|
TestBase:: |
public | function | Gets the database prefix. | |
|
TestBase:: |
public | function | Gets the temporary files directory. | |
|
TestBase:: |
public static | function | Store an assertion from outside the testing context. | |
|
TestBase:: |
protected | function | Fire an assertion that is always positive. | |
|
TestBase:: |
private | function | Generates a database prefix for running tests. | |
|
TestBase:: |
private | function | Prepares the current environment for running the test. | |
|
TestBase:: |
private | function | Cleans up the test environment and restores the original environment. | |
|
TestBase:: |
public | function | Run all tests in this class. | 1 |
|
TestBase:: |
protected | function | Changes in memory settings. | |
|
TestBase:: |
protected | function | Helper method to store an assertion record in the configured database. | |
|
TestBase:: |
protected | function | Logs a verbose message in a text file. | |
|
UserCreationTrait:: |
protected | function | Checks whether a given list of permission names is valid. | |
|
UserCreationTrait:: |
protected | function | Creates an administrative role. Aliased as: drupalCreateAdminRole | |
|
UserCreationTrait:: |
protected | function | Creates a role with specified permissions. Aliased as: drupalCreateRole | |
|
UserCreationTrait:: |
protected | function | Create a user with a given set of permissions. Aliased as: drupalCreateUser | |
|
UserCreationTrait:: |
protected | function | Grant permissions to a user role. | |
|
UserCreationTrait:: |
protected | function | Switch the current logged in user. | |
|
WebTestBase:: |
protected | property | Additional cURL options. | |
|
WebTestBase:: |
protected | property | Whether or not to assert the presence of the X-Drupal-Ajax-Token. | |
|
WebTestBase:: |
protected | property | The class loader to use for installation and initialization of setup. | |
|
WebTestBase:: |
protected | property | The config directories used in this test. | |
|
WebTestBase:: |
protected | property | The current cookie file used by cURL. | |
|
WebTestBase:: |
protected | property | The cookies of the page currently loaded in the internal browser. | |
|
WebTestBase:: |
protected | property | Cookies to set on curl requests. | |
|
WebTestBase:: |
protected | property | The handle of the current cURL connection. | |
|
WebTestBase:: |
protected | property | An array of custom translations suitable for drupal_rewrite_settings(). | |
|
WebTestBase:: |
protected | property | Indicates that headers should be dumped if verbose output is enabled. | 12 |
|
WebTestBase:: |
protected | property | Whether the files were copied to the test files directory. | |
|
WebTestBase:: |
protected | property | The headers of the page currently loaded in the internal browser. | |
|
WebTestBase:: |
protected | property |
The kernel used in this test. Overrides TestBase:: |
|
|
WebTestBase:: |
protected | property | The current user logged in using the internal browser. | |
|
WebTestBase:: |
protected | property | The number of meta refresh redirects to follow, or NULL if unlimited. | |
|
WebTestBase:: |
protected | property | The maximum number of redirects to follow when handling responses. | |
|
WebTestBase:: |
protected | property | The number of meta refresh redirects followed during ::drupalGet(). | |
|
WebTestBase:: |
protected | property | The original batch, before it was changed for testing purposes. | |
|
WebTestBase:: |
protected | property |
The original shutdown handlers array, before it was cleaned for testing. Overrides TestBase:: |
|
|
WebTestBase:: |
protected | property |
The original user, before it was changed to a clean uid = 1 for testing. Overrides TestBase:: |
|
|
WebTestBase:: |
protected | property | The profile to install as a basis for testing. | 30 |
|
WebTestBase:: |
protected | property | The number of redirects followed during the handling of a request. | |
|
WebTestBase:: |
protected | property | The "#1" admin user. | |
|
WebTestBase:: |
protected | property | The current session ID, if available. | |
|
WebTestBase:: |
protected | property | The URL currently loaded in the internal browser. | |
|
WebTestBase:: |
protected | function | Queues custom translations to be written to settings.php. | |
|
WebTestBase:: |
protected | function | Checks to see whether a block appears on the page. | |
|
WebTestBase:: |
protected | function | Asserts whether an expected cache context was present in the last response. | |
|
WebTestBase:: |
protected | function | Asserts whether an expected cache tag was present in the last response. | |
|
WebTestBase:: |
protected | function | Check if a HTTP response header exists and has the expected value. | |
|
WebTestBase:: |
protected | function | Asserts that the most recently sent email message has the given value. | |
|
WebTestBase:: |
protected | function | Asserts that the most recently sent email message has the pattern in it. | |
|
WebTestBase:: |
protected | function | Asserts that the most recently sent email message has the string in it. | |
|
WebTestBase:: |
protected | function | Checks to see whether a block does not appears on the page. | |
|
WebTestBase:: |
protected | function | Asserts that a cache context was not present in the last response. | |
|
WebTestBase:: |
protected | function | Asserts whether an expected cache tag was absent in the last response. | |
|
WebTestBase:: |
protected | function | Asserts the page did not return the specified response code. | |
|
WebTestBase:: |
protected | function | Asserts the page responds with the specified response code. | |
|
WebTestBase:: |
protected | function | Passes if the internal browser's URL matches the given path. | |
|
WebTestBase:: |
protected | function | Builds an a absolute URL from a system path or a URL object. | |
|
WebTestBase:: |
protected | function | Checks for meta refresh tag and if found call drupalGet() recursively. | |
|
WebTestBase:: |
protected | function | Follows a link by complete name. | |
|
WebTestBase:: |
protected | function | Provides a helper for ::clickLink() and ::clickLinkPartialName(). | |
|
WebTestBase:: |
protected | function | Follows a link by partial name. | |
|
WebTestBase:: |
protected | function | Runs cron in the Drupal installed by Simpletest. | |
|
WebTestBase:: |
protected | function | Close the cURL handler and unset the handler. | |
|
WebTestBase:: |
protected | function | Initializes and executes a cURL request. | 2 |
|
WebTestBase:: |
protected | function | Reads headers and registers errors received from the tested site. | |
|
WebTestBase:: |
protected | function | Initializes the cURL connection. | |
|
WebTestBase:: |
protected | function | Execute the non-interactive installer. | |
|
WebTestBase:: |
protected | function | Builds the renderable view of an entity. | |
|
WebTestBase:: |
protected | function | Compare two files based on size and file name. | |
|
WebTestBase:: |
protected | function | Creates a custom content type based on default settings. | |
|
WebTestBase:: |
protected | function | Creates a node based on default settings. | |
|
WebTestBase:: |
protected | function | Retrieves a Drupal path or an absolute path. | 1 |
|
WebTestBase:: |
protected | function | Requests a path or URL in drupal_ajax format and JSON-decodes the response. | |
|
WebTestBase:: |
protected | function | Gets the value of an HTTP response header. | |
|
WebTestBase:: |
protected | function | Gets the HTTP response headers of the requested page. | |
|
WebTestBase:: |
protected | function | Retrieves a Drupal path or an absolute path and JSON decodes the result. | |
|
WebTestBase:: |
protected | function | Gets an array containing all emails sent during this test case. | |
|
WebTestBase:: |
function | Get a node from the database based on its title. | ||
|
WebTestBase:: |
protected | function | Gets a list of files that can be used in tests. | |
|
WebTestBase:: |
protected | function | Retrieves a Drupal path or an absolute path for a given format. | |
|
WebTestBase:: |
protected | function | Requests a Drupal path or an absolute path as if it is a XMLHttpRequest. | |
|
WebTestBase:: |
protected | function | Retrieves only the headers for a Drupal path or an absolute path. | |
|
WebTestBase:: |
protected | function | Log in a user with the internal browser. | |
|
WebTestBase:: |
protected | function | Logs a user out of the internal browser and confirms. | |
|
WebTestBase:: |
protected | function | Creates a block instance based on default settings. | |
|
WebTestBase:: |
protected | function | Perform a POST HTTP request. | |
|
WebTestBase:: |
protected | function | Executes an Ajax form submission. | |
|
WebTestBase:: |
protected | function | Executes a form submission. | |
|
WebTestBase:: |
protected | function | Performs a POST HTTP request with a specific format. | |
|
WebTestBase:: |
protected | function | Processes an AJAX response into current content. | |
|
WebTestBase:: |
protected | function | Returns whether a given user account is logged in. | |
|
WebTestBase:: |
protected | function | Find a block instance on the page. | |
|
WebTestBase:: |
protected | function | Takes a path and returns an absolute path. | |
|
WebTestBase:: |
protected | function | Get the Ajax page state from drupalSettings and prepare it for POSTing. | |
|
WebTestBase:: |
protected | function | Returns all supported database driver installer objects. | |
|
WebTestBase:: |
protected | function | Handles form input related to drupalPostForm(). | |
|
WebTestBase:: |
protected | function | Initialize various configurations post-installation. | |
|
WebTestBase:: |
protected | function | Initializes the kernel after installation. | |
|
WebTestBase:: |
protected | function | Initialize settings created during install. | |
|
WebTestBase:: |
protected | function | Initializes user 1 for the site to be installed. | |
|
WebTestBase:: |
protected | function | Install modules defined by `static::$modules`. | |
|
WebTestBase:: |
protected | function | Returns the parameters that will be used when Simpletest installs Drupal. | 2 |
|
WebTestBase:: |
protected | function | Returns whether the test is being executed from within a test site. | |
|
WebTestBase:: |
protected | function | Creates a mock request and sets it on the generator. | |
|
WebTestBase:: |
protected | function | Prepares site settings and services before installation. | 1 |
|
WebTestBase:: |
protected | function | Reset and rebuild the environment after setup. | |
|
WebTestBase:: |
protected | function | Rebuilds \Drupal::getContainer(). | |
|
WebTestBase:: |
protected | function | Refreshes in-memory configuration and state information. | 1 |
|
WebTestBase:: |
protected | function | Resets all data structures after having enabled new modules. | |
|
WebTestBase:: |
protected | function | Restore the original batch. | |
|
WebTestBase:: |
protected | function | Serialize POST HTTP request values. | |
|
WebTestBase:: |
protected | function | Preserve the original batch, and instantiate the test batch. | |
|
WebTestBase:: |
protected | function | Changes parameters in the services.yml file. | |
|
WebTestBase:: |
protected | function | Enables/disables the cacheability headers. | |
|
WebTestBase:: |
protected | function |
Cleans up after testing. Overrides TestBase:: |
2 |
|
WebTestBase:: |
protected | function | Transforms a nested array into a flat array suitable for WebTestBase::drupalPostForm(). | |
|
WebTestBase:: |
protected | function | Outputs to verbose the most recent $count emails sent. | |
|
WebTestBase:: |
protected | function | Writes custom translations to the test site's settings.php. | |
|
WebTestBase:: |
protected | function | Rewrites the settings.php file of the test site. | |
|
WebTestBase:: |
function |
Constructor for \Drupal\simpletest\WebTestBase. Overrides TestBase:: |
1 |