/
home
/
obinna
/
html
/
restaurants
/
var
/
phpmyadmin
/
tests
/
unit
/
Html
/
Upload File
HOME
<?php declare(strict_types=1); namespace PhpMyAdmin\Tests\Html; use PhpMyAdmin\Template; use PhpMyAdmin\Tests\AbstractTestCase; use PhpMyAdmin\Url; use PHPUnit\Framework\Attributes\CoversNothing; #[CoversNothing] class SecurityTest extends AbstractTestCase { protected Template $template; protected function setUp(): void { parent::setUp(); $this->template = new Template(); } protected function tearDown(): void { parent::tearDown(); unset($this->template); } public function testInjectCodeUsingTemplate(): void { self::assertSame( '?db=%3Cscript%3Ealert%28%27%26%3D%21%3A%3B%27%29%3B%3C%2Fscr' . 'ipt%3E&table=%26mytable%3E1%3F&server=12' . "\n" . '?db=%22%27%22%3E%3Ciframe+onload%3Dalert%281%29%3E%D1%88%D0%B5%D0%BB%D0%BB%D1%8B' . '&table=%26mytable%3E1%3F&server=12&%3Cscript%3E%26%3D=%3C%2Fscript%3E' . "\n", $this->template->render('test/add_data', [ 'variable1' => Url::getCommon([ 'db' => '<script>alert(\'&=!:;\');</script>', 'table' => '&mytable>1?', 'server' => 12, ]), 'variable2' => Url::getCommonRaw([ 'db' => '"\'"><iframe onload=alert(1)>шеллы', 'table' => '&mytable>1?', 'server' => 12, '<script>&=' => '</script>', ]), ]), ); $url1 = Url::getCommon([ 'db' => '<script>alert(\'&=!:;\');</script>', 'table' => '&mytable>1?', 'server' => 12, ]); self::assertSame( '?db=%3Cscript%3Ealert%28%27%26%3D%21%3A%3B%27%29%3B%3C%2Fscr' . 'ipt%3E&table=%26mytable%3E1%3F&server=12', $url1, ); self::assertSame( $url1 . "\n" . '?db=%22%27%22%3E%3Ciframe+onload%3Dalert%281%29%3E%D1%88%D0%B5%D0%BB%D0%BB%D1%8B' . '&table=%26mytable%3E1%3F&server=12&%3Cscript%3E%26%3D=%3C%2Fscript%3E' . "\n", $this->template->render('test/raw_output', [ 'variable1' => $url1, 'variable2' => Url::getCommonRaw([ 'db' => '"\'"><iframe onload=alert(1)>шеллы', 'table' => '&mytable>1?', 'server' => 12, '<script>&=' => '</script>', ]), ]), ); } }