projects / yaffs-website / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security update for Core, with self-updated composer
[yaffs-website] / web / core / modules / comment / tests / src / Functional / CommentTokenReplaceTest.php
diff --git a/web/core/modules/comment/tests/src/Functional/CommentTokenReplaceTest.php b/web/core/modules/comment/tests/src/Functional/CommentTokenReplaceTest.php
new file mode 100644 (file)
index 0000000..72a941f
--- /dev/null
+++ b/web/core/modules/comment/tests/src/Functional/CommentTokenReplaceTest.php
@@ -0,0 +1,182 @@
+<?php
+
+namespace Drupal\Tests\comment\Functional;
+
+use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
+use Drupal\Component\Render\FormattableMarkup;
+use Drupal\Component\Utility\Html;
+use Drupal\Component\Utility\UrlHelper;
+use Drupal\comment\Entity\Comment;
+use Drupal\Core\Render\BubbleableMetadata;
+use Drupal\node\Entity\Node;
+use Drupal\taxonomy\Entity\Term;
+use Drupal\taxonomy\Entity\Vocabulary;
+use Drupal\user\Entity\User;
+
+/**
+ * Generates text using placeholders for dummy content to check comment token
+ * replacement.
+ *
+ * @group comment
+ */
+class CommentTokenReplaceTest extends CommentTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  public static $modules = ['taxonomy'];
+
+  /**
+   * Creates a comment, then tests the tokens generated from it.
+   */
+  public function testCommentTokenReplacement() {
+    $token_service = \Drupal::token();
+    $language_interface = \Drupal::languageManager()->getCurrentLanguage();
+    $url_options = [
+      'absolute' => TRUE,
+      'language' => $language_interface,
+    ];
+
+    // Setup vocabulary.
+    Vocabulary::create([
+      'vid' => 'tags',
+      'name' => 'Tags',
+    ])->save();
+
+    // Change the title of the admin user.
+    $this->adminUser->name->value = 'This is a title with some special & > " stuff.';
+    $this->adminUser->save();
+    $this->drupalLogin($this->adminUser);
+
+    // Set comment variables.
+    $this->setCommentSubject(TRUE);
+
+    // Create a node and a comment.
+    $node = $this->drupalCreateNode(['type' => 'article', 'title' => '<script>alert("123")</script>']);
+    $parent_comment = $this->postComment($node, $this->randomMachineName(), $this->randomMachineName(), TRUE);
+
+    // Post a reply to the comment.
+    $this->drupalGet('comment/reply/node/' . $node->id() . '/comment/' . $parent_comment->id());
+    $child_comment = $this->postComment(NULL, $this->randomMachineName(), $this->randomMachineName());
+    $comment = Comment::load($child_comment->id());
+    $comment->setHomepage('http://example.org/');
+
+    // Add HTML to ensure that sanitation of some fields tested directly.
+    $comment->setSubject('<blink>Blinking Comment</blink>');
+
+    // Generate and test tokens.
+    $tests = [];
+    $tests['[comment:cid]'] = $comment->id();
+    $tests['[comment:hostname]'] = $comment->getHostname();
+    $tests['[comment:author]'] = Html::escape($comment->getAuthorName());
+    $tests['[comment:mail]'] = $this->adminUser->getEmail();
+    $tests['[comment:homepage]'] = UrlHelper::filterBadProtocol($comment->getHomepage());
+    $tests['[comment:title]'] = Html::escape($comment->getSubject());
+    $tests['[comment:body]'] = $comment->comment_body->processed;
+    $tests['[comment:langcode]'] = $comment->language()->getId();
+    $tests['[comment:url]'] = $comment->url('canonical', $url_options + ['fragment' => 'comment-' . $comment->id()]);
+    $tests['[comment:edit-url]'] = $comment->url('edit-form', $url_options);
+    $tests['[comment:created]'] = \Drupal::service('date.formatter')->format($comment->getCreatedTime(), 'medium', ['langcode' => $language_interface->getId()]);
+    $tests['[comment:created:since]'] = \Drupal::service('date.formatter')->formatTimeDiffSince($comment->getCreatedTime(), ['langcode' => $language_interface->getId()]);
+    $tests['[comment:changed:since]'] = \Drupal::service('date.formatter')->formatTimeDiffSince($comment->getChangedTimeAcrossTranslations(), ['langcode' => $language_interface->getId()]);
+    $tests['[comment:parent:cid]'] = $comment->hasParentComment() ? $comment->getParentComment()->id() : NULL;
+    $tests['[comment:parent:title]'] = $parent_comment->getSubject();
+    $tests['[comment:entity]'] = Html::escape($node->getTitle());
+    // Test node specific tokens.
+    $tests['[comment:entity:nid]'] = $comment->getCommentedEntityId();
+    $tests['[comment:entity:title]'] = Html::escape($node->getTitle());
+    $tests['[comment:author:uid]'] = $comment->getOwnerId();
+    $tests['[comment:author:name]'] = Html::escape($this->adminUser->getDisplayName());
+
+    $base_bubbleable_metadata = BubbleableMetadata::createFromObject($comment);
+    $metadata_tests = [];
+    $metadata_tests['[comment:cid]'] = $base_bubbleable_metadata;
+    $metadata_tests['[comment:hostname]'] = $base_bubbleable_metadata;
+    $bubbleable_metadata = clone $base_bubbleable_metadata;
+    $bubbleable_metadata->addCacheableDependency($this->adminUser);
+    $metadata_tests['[comment:author]'] = $bubbleable_metadata;
+    $bubbleable_metadata = clone $base_bubbleable_metadata;
+    $bubbleable_metadata->addCacheableDependency($this->adminUser);
+    $metadata_tests['[comment:mail]'] = $bubbleable_metadata;
+    $metadata_tests['[comment:homepage]'] = $base_bubbleable_metadata;
+    $metadata_tests['[comment:title]'] = $base_bubbleable_metadata;
+    $metadata_tests['[comment:body]'] = $base_bubbleable_metadata;
+    $metadata_tests['[comment:langcode]'] = $base_bubbleable_metadata;
+    $metadata_tests['[comment:url]'] = $base_bubbleable_metadata;
+    $metadata_tests['[comment:edit-url]'] = $base_bubbleable_metadata;
+    $bubbleable_metadata = clone $base_bubbleable_metadata;
+    $metadata_tests['[comment:created]'] = $bubbleable_metadata->addCacheTags(['rendered']);
+    $bubbleable_metadata = clone $base_bubbleable_metadata;
+    $metadata_tests['[comment:created:since]'] = $bubbleable_metadata->setCacheMaxAge(0);
+    $bubbleable_metadata = clone $base_bubbleable_metadata;
+    $metadata_tests['[comment:changed:since]'] = $bubbleable_metadata->setCacheMaxAge(0);
+    $bubbleable_metadata = clone $base_bubbleable_metadata;
+    $metadata_tests['[comment:parent:cid]'] = $bubbleable_metadata->addCacheTags(['comment:1']);
+    $metadata_tests['[comment:parent:title]'] = $bubbleable_metadata;
+    $bubbleable_metadata = clone $base_bubbleable_metadata;
+    $metadata_tests['[comment:entity]'] = $bubbleable_metadata->addCacheTags(['node:2']);
+    // Test node specific tokens.
+    $metadata_tests['[comment:entity:nid]'] = $bubbleable_metadata;
+    $metadata_tests['[comment:entity:title]'] = $bubbleable_metadata;
+    $bubbleable_metadata = clone $base_bubbleable_metadata;
+    $metadata_tests['[comment:author:uid]'] = $bubbleable_metadata->addCacheTags(['user:2']);
+    $metadata_tests['[comment:author:name]'] = $bubbleable_metadata;
+
+    // Test to make sure that we generated something for each token.
+    $this->assertFalse(in_array(0, array_map('strlen', $tests)), 'No empty tokens generated.');
+
+    foreach ($tests as $input => $expected) {
+      $bubbleable_metadata = new BubbleableMetadata();
+      $output = $token_service->replace($input, ['comment' => $comment], ['langcode' => $language_interface->getId()], $bubbleable_metadata);
+      $this->assertEqual($output, $expected, new FormattableMarkup('Comment token %token replaced.', ['%token' => $input]));
+      $this->assertEqual($bubbleable_metadata, $metadata_tests[$input]);
+    }
+
+    // Test anonymous comment author.
+    $author_name = 'This is a random & " > string';
+    $comment->setOwnerId(0)->setAuthorName($author_name);
+    $input = '[comment:author]';
+    $output = $token_service->replace($input, ['comment' => $comment], ['langcode' => $language_interface->getId()]);
+    $this->assertEqual($output, Html::escape($author_name), format_string('Comment author token %token replaced.', ['%token' => $input]));
+    // Add comment field to user and term entities.
+    $this->addDefaultCommentField('user', 'user', 'comment', CommentItemInterface::OPEN, 'comment_user');
+    $this->addDefaultCommentField('taxonomy_term', 'tags', 'comment', CommentItemInterface::OPEN, 'comment_term');
+
+    // Create a user and a comment.
+    $user = User::create(['name' => 'alice']);
+    $user->activate();
+    $user->save();
+    $this->postComment($user, 'user body', 'user subject', TRUE);
+
+    // Create a term and a comment.
+    $term = Term::create([
+      'vid' => 'tags',
+      'name' => 'term',
+    ]);
+    $term->save();
+    $this->postComment($term, 'term body', 'term subject', TRUE);
+
+    // Load node, user and term again so comment_count gets computed.
+    $node = Node::load($node->id());
+    $user = User::load($user->id());
+    $term = Term::load($term->id());
+
+    // Generate comment tokens for node (it has 2 comments, both new),
+    // user and term.
+    $tests = [];
+    $tests['[entity:comment-count]'] = 2;
+    $tests['[entity:comment-count-new]'] = 2;
+    $tests['[node:comment-count]'] = 2;
+    $tests['[node:comment-count-new]'] = 2;
+    $tests['[user:comment-count]'] = 1;
+    $tests['[user:comment-count-new]'] = 1;
+    $tests['[term:comment-count]'] = 1;
+    $tests['[term:comment-count-new]'] = 1;
+
+    foreach ($tests as $input => $expected) {
+      $output = $token_service->replace($input, ['entity' => $node, 'node' => $node, 'user' => $user, 'term' => $term], ['langcode' => $language_interface->getId()]);
+      $this->assertEqual($output, $expected, format_string('Comment token %token replaced.', ['%token' => $input]));
+    }
+  }
+
+}
Unnamed repository; edit this file 'description' to name the repository.