WPSpecialchars.php 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
  1. <?php
  2. /**
  3. * @group formatting
  4. */
  5. class Tests_Formatting_WPSpecialchars extends WP_UnitTestCase {
  6. function test_wp_specialchars_basics() {
  7. $html = '&amp;&lt;hello world&gt;';
  8. $this->assertSame( $html, _wp_specialchars( $html ) );
  9. $double = '&amp;amp;&amp;lt;hello world&amp;gt;';
  10. $this->assertSame( $double, _wp_specialchars( $html, ENT_NOQUOTES, false, true ) );
  11. }
  12. function test_allowed_entity_names() {
  13. global $allowedentitynames;
  14. // Allowed entities should be unchanged.
  15. foreach ( $allowedentitynames as $ent ) {
  16. if ( 'apos' === $ent ) {
  17. // But for some reason, PHP doesn't allow &apos;
  18. continue;
  19. }
  20. $ent = '&' . $ent . ';';
  21. $this->assertSame( $ent, _wp_specialchars( $ent ) );
  22. }
  23. }
  24. function test_not_allowed_entity_names() {
  25. $ents = array( 'iacut', 'aposs', 'pos', 'apo', 'apo?', 'apo.*', '.*apo.*', 'apos ', ' apos', ' apos ' );
  26. foreach ( $ents as $ent ) {
  27. $escaped = '&amp;' . $ent . ';';
  28. $ent = '&' . $ent . ';';
  29. $this->assertSame( $escaped, _wp_specialchars( $ent ) );
  30. }
  31. }
  32. function test_optionally_escapes_quotes() {
  33. $source = "\"'hello!'\"";
  34. $this->assertSame( '"&#039;hello!&#039;"', _wp_specialchars( $source, 'single' ) );
  35. $this->assertSame( "&quot;'hello!'&quot;", _wp_specialchars( $source, 'double' ) );
  36. $this->assertSame( '&quot;&#039;hello!&#039;&quot;', _wp_specialchars( $source, true ) );
  37. $this->assertSame( $source, _wp_specialchars( $source ) );
  38. }
  39. /**
  40. * Check some of the double-encoding features for entity references.
  41. *
  42. * @ticket 17780
  43. * @dataProvider data_double_encoding
  44. */
  45. function test_double_encoding( $input, $output ) {
  46. return $this->assertSame( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, true ) );
  47. }
  48. function data_double_encoding() {
  49. return array(
  50. array(
  51. 'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',
  52. 'This &amp; that, this &amp;amp; that, &amp;#8212; &amp;quot; &amp;QUOT; &amp;Uacute; &amp;nbsp; &amp;#34; &amp;#034; &amp;#0034; &amp;#x00022; &amp;#x22; &amp;dollar; &amp;times;',
  53. ),
  54. array(
  55. '&& &&amp; &amp;&amp; &amp;;',
  56. '&amp;&amp; &amp;&amp;amp; &amp;amp;&amp;amp; &amp;amp;;',
  57. ),
  58. array(
  59. '&garbage; &***; &aaaa; &0000; &####; &;;',
  60. '&amp;garbage; &amp;***; &amp;aaaa; &amp;0000; &amp;####; &amp;;;',
  61. ),
  62. );
  63. }
  64. /**
  65. * Check some of the double-encoding features for entity references.
  66. *
  67. * @ticket 17780
  68. * @dataProvider data_no_double_encoding
  69. */
  70. function test_no_double_encoding( $input, $output ) {
  71. return $this->assertSame( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, false ) );
  72. }
  73. function data_no_double_encoding() {
  74. return array(
  75. array(
  76. 'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',
  77. 'This &amp; that, this &amp; that, &#8212; &quot; &amp;QUOT; &Uacute; &nbsp; &#034; &#034; &#034; &#x22; &#x22; &amp;dollar; &times;',
  78. ),
  79. array(
  80. '&& &&amp; &amp;&amp; &amp;;',
  81. '&amp;&amp; &amp;&amp; &amp;&amp; &amp;;',
  82. ),
  83. array(
  84. '&garbage; &***; &aaaa; &0000; &####; &;;',
  85. '&amp;garbage; &amp;***; &amp;aaaa; &amp;0000; &amp;####; &amp;;;',
  86. ),
  87. );
  88. }
  89. }