assertEquals('foo<bar>', Rhymix\Framework\Security::sanitize('foo', 'escape')); // Strip $this->assertEquals('foobar', Rhymix\Framework\Security::sanitize('foo

bar

', 'strip')); // HTML (more thorough tests in HTMLFilterTest) $this->assertEquals('

safe

', Rhymix\Framework\Security::sanitize('

safe

', 'html')); // Filename (more thorough tests in FilenameFilterTest) $this->assertEquals('foo(bar).xls', Rhymix\Framework\Security::sanitize('foo.xls', 'filename')); } public function testCheckCSRF() { $_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['HTTP_REFERER'] = ''; $this->assertFalse(Rhymix\Framework\Security::checkCSRF()); $_SERVER['REQUEST_METHOD'] = 'POST'; $this->assertTrue(Rhymix\Framework\Security::checkCSRF()); $_SERVER['HTTP_HOST'] = 'www.rhymix.org'; $_SERVER['HTTP_REFERER'] = 'http://www.foobar.com/'; $this->assertFalse(Rhymix\Framework\Security::checkCSRF()); $_SERVER['HTTP_HOST'] = 'www.rhymix.org'; $this->assertTrue(Rhymix\Framework\Security::checkCSRF('http://www.rhymix.org/')); } public function testCheckXEE() { $xml = ''; $this->assertTrue(Rhymix\Framework\Security::checkXEE($xml)); $xml = ''; $this->assertTrue(Rhymix\Framework\Security::checkXEE($xml)); $xml = ''; $this->assertTrue(Rhymix\Framework\Security::checkXEE($xml)); $xml = ''; $this->assertFalse(Rhymix\Framework\Security::checkXEE($xml)); $xml = ''; $this->assertFalse(Rhymix\Framework\Security::checkXEE($xml)); $xml = ''; $this->assertFalse(Rhymix\Framework\Security::checkXEE($xml)); $xml = ']>'; $this->assertFalse(Rhymix\Framework\Security::checkXEE($xml)); } }