X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/ee24635e06a8c01d751f80caba47c57f76e8989d..refs/pull/5115/head:/tests/Entity/PageContentTest.php diff --git a/tests/Entity/PageContentTest.php b/tests/Entity/PageContentTest.php index d433c8b88..23a38b573 100644 --- a/tests/Entity/PageContentTest.php +++ b/tests/Entity/PageContentTest.php @@ -5,18 +5,15 @@ namespace Tests\Entity; use BookStack\Entities\Models\Page; use BookStack\Entities\Tools\PageContent; use Tests\TestCase; -use Tests\Uploads\UsesImages; class PageContentTest extends TestCase { - use UsesImages; - - protected $base64Jpeg = '/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k='; + protected string $base64Jpeg = '/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k='; public function test_page_includes() { - $page = Page::query()->first(); - $secondPage = Page::query()->where('id', '!=', $page->id)->first(); + $page = $this->entities->page(); + $secondPage = $this->entities->page(); $secondPage->html = "

Hello, This is a test

This is a second block of content

"; $secondPage->save(); @@ -44,8 +41,8 @@ class PageContentTest extends TestCase public function test_saving_page_with_includes() { - $page = Page::query()->first(); - $secondPage = Page::query()->where('id', '!=', $page->id)->first(); + $page = $this->entities->page(); + $secondPage = $this->entities->page(); $this->asEditor(); $includeTag = '{{@' . $secondPage->id . '}}'; @@ -60,65 +57,54 @@ class PageContentTest extends TestCase $this->assertEquals('', $page->text); } - public function test_page_includes_do_not_break_tables() + public function test_page_includes_rendered_on_book_export() { - /** @var Page $page */ - $page = Page::query()->first(); - /** @var Page $secondPage */ - $secondPage = Page::query()->where('id', '!=', $page->id)->first(); + $page = $this->entities->page(); + $secondPage = Page::query() + ->where('book_id', '!=', $page->book_id) + ->first(); - $content = '
test
'; + $content = '

my cat is awesome and scratchy

'; $secondPage->html = $content; $secondPage->save(); - $page->html = "{{@{$secondPage->id}#table}}"; + $page->html = "{{@{$secondPage->id}#bkmrk-meow}}"; $page->save(); - $pageResp = $this->asEditor()->get($page->getUrl()); - $pageResp->assertSee($content, false); + $this->asEditor(); + $htmlContent = $this->get($page->book->getUrl('/export/html')); + $htmlContent->assertSee('my cat is awesome and scratchy'); } - public function test_page_includes_do_not_break_code() + public function test_page_includes_can_be_nested_up_to_three_times() { - /** @var Page $page */ - $page = Page::query()->first(); - /** @var Page $secondPage */ - $secondPage = Page::query()->where('id', '!=', $page->id)->first(); - - $content = '
var cat = null;
'; - $secondPage->html = $content; - $secondPage->save(); - - $page->html = "{{@{$secondPage->id}#bkmrk-code}}"; + $page = $this->entities->page(); + $tag = "{{@{$page->id}#bkmrk-test}}"; + $page->html = '

Hello Barry ' . $tag . '

'; $page->save(); $pageResp = $this->asEditor()->get($page->getUrl()); - $pageResp->assertSee($content, false); + $this->withHtml($pageResp)->assertElementContains('#bkmrk-test', 'Hello Barry Hello Barry Hello Barry Hello Barry ' . $tag); + $this->withHtml($pageResp)->assertElementNotContains('#bkmrk-test', 'Hello Barry Hello Barry Hello Barry Hello Barry Hello Barry ' . $tag); } - public function test_page_includes_rendered_on_book_export() + public function test_page_includes_to_nonexisting_pages_does_not_error() { - $page = Page::query()->first(); - $secondPage = Page::query() - ->where('book_id', '!=', $page->book_id) - ->first(); - - $content = '

my cat is awesome and scratchy

'; - $secondPage->html = $content; - $secondPage->save(); - - $page->html = "{{@{$secondPage->id}#bkmrk-meow}}"; + $page = $this->entities->page(); + $missingId = Page::query()->max('id') + 1; + $tag = "{{@{$missingId}}}"; + $page->html = '

Hello Barry ' . $tag . '

'; $page->save(); - $this->asEditor(); - $htmlContent = $this->get($page->book->getUrl('/export/html')); - $htmlContent->assertSee('my cat is awesome and scratchy'); + $pageResp = $this->asEditor()->get($page->getUrl()); + $pageResp->assertOk(); + $pageResp->assertSee('Hello Barry'); } public function test_page_content_scripts_removed_by_default() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $script = 'abc123abc123'; $page->html = "escape {$script}"; $page->save(); @@ -141,7 +127,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -177,7 +163,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -206,7 +192,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -230,7 +216,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -255,7 +241,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -273,7 +259,7 @@ class PageContentTest extends TestCase public function test_page_inline_on_attributes_removed_by_default() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $script = '

Hello

'; $page->html = "escape {$script}"; $page->save(); @@ -298,7 +284,7 @@ class PageContentTest extends TestCase ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -313,8 +299,8 @@ class PageContentTest extends TestCase public function test_page_content_scripts_show_when_configured() { $this->asEditor(); - $page = Page::query()->first(); - config()->push('app.allow_content_scripts', 'true'); + $page = $this->entities->page(); + config()->set('app.allow_content_scripts', 'true'); $script = 'abc123abc123'; $page->html = "no escape {$script}"; @@ -325,15 +311,21 @@ class PageContentTest extends TestCase $pageView->assertDontSee('abc123abc123'); } - public function test_svg_xlink_hrefs_are_removed() + public function test_svg_script_usage_is_removed() { $checks = [ '', '', + '', + '', + '', + 'XSS', + 'XSS', + '', ]; $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); foreach ($checks as $check) { $page->html = $check; @@ -341,17 +333,19 @@ class PageContentTest extends TestCase $pageView = $this->get($page->getUrl()); $pageView->assertStatus(200); - $this->withHtml($pageView)->assertElementNotContains('.page-content', 'alert'); - $this->withHtml($pageView)->assertElementNotContains('.page-content', 'xlink:href'); - $this->withHtml($pageView)->assertElementNotContains('.page-content', 'application/xml'); + $html = $this->withHtml($pageView); + $html->assertElementNotContains('.page-content', 'alert'); + $html->assertElementNotContains('.page-content', 'xlink:href'); + $html->assertElementNotContains('.page-content', 'application/xml'); + $html->assertElementNotContains('.page-content', 'javascript'); } } public function test_page_inline_on_attributes_show_if_configured() { $this->asEditor(); - $page = Page::query()->first(); - config()->push('app.allow_content_scripts', 'true'); + $page = $this->entities->page(); + config()->set('app.allow_content_scripts', 'true'); $script = '

Hello

'; $page->html = "escape {$script}"; @@ -382,7 +376,7 @@ class PageContentTest extends TestCase public function test_duplicate_ids_fixed_on_page_save() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = ''; $pageSave = $this->put($page->getUrl(), [ @@ -399,7 +393,7 @@ class PageContentTest extends TestCase public function test_anchors_referencing_non_bkmrk_ids_rewritten_after_save() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '

test

link

'; $this->put($page->getUrl(), [ @@ -475,11 +469,25 @@ class PageContentTest extends TestCase ], $navMap[2]); } + public function test_get_page_nav_respects_non_breaking_spaces() + { + $content = '

Hello There

'; + $pageContent = new PageContent(new Page(['html' => $content])); + $navMap = $pageContent->getNavigation($content); + + $this->assertEquals([ + 'nodeName' => 'h1', + 'link' => '#testa', + 'text' => 'Hello There', + 'level' => 1, + ], $navMap[0]); + } + public function test_page_text_decodes_html_entities() { - $page = Page::query()->first(); + $page = $this->entities->page(); - $this->actingAs($this->getAdmin()) + $this->actingAs($this->users->admin()) ->put($page->getUrl(''), [ 'name' => 'Testing', 'html' => '

"Hello & welcome"

', @@ -492,7 +500,7 @@ class PageContentTest extends TestCase public function test_page_markdown_table_rendering() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '| Syntax | Description | | ----------- | ----------- | @@ -513,7 +521,7 @@ class PageContentTest extends TestCase public function test_page_markdown_task_list_rendering() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '- [ ] Item a - [x] Item b'; @@ -534,7 +542,7 @@ class PageContentTest extends TestCase public function test_page_markdown_strikethrough_rendering() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '~~some crossed out text~~'; $this->put($page->getUrl(), [ @@ -552,7 +560,7 @@ class PageContentTest extends TestCase public function test_page_markdown_single_html_comment_saving() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $content = ''; $this->put($page->getUrl(), [ @@ -571,7 +579,7 @@ class PageContentTest extends TestCase public function test_base64_images_get_extracted_from_page_content() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $this->put($page->getUrl(), [ 'name' => $page->name, 'summary' => '', @@ -587,13 +595,13 @@ class PageContentTest extends TestCase $imageFile = public_path($imagePath); $this->assertEquals(base64_decode($this->base64Jpeg), file_get_contents($imageFile)); - $this->deleteImage($imagePath); + $this->files->deleteAtRelativePath($imagePath); } public function test_base64_images_get_extracted_when_containing_whitespace() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $base64PngWithWhitespace = "iVBORw0KGg\noAAAANSUhE\tUgAAAAEAAAA BCA YAAAAfFcSJAAA\n\t ACklEQVR4nGMAAQAABQAB"; $base64PngWithoutWhitespace = 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQAB'; @@ -611,7 +619,7 @@ class PageContentTest extends TestCase $imageFile = public_path($imagePath); $this->assertEquals(base64_decode($base64PngWithoutWhitespace), file_get_contents($imageFile)); - $this->deleteImage($imagePath); + $this->files->deleteAtRelativePath($imagePath); } public function test_base64_images_within_html_blanked_if_not_supported_extension_for_extract() @@ -624,7 +632,7 @@ class PageContentTest extends TestCase foreach ($extensions as $extension) { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $this->put($page->getUrl(), [ 'name' => $page->name, 'summary' => '', @@ -636,10 +644,39 @@ class PageContentTest extends TestCase } } + public function test_base64_images_within_html_blanked_if_no_image_create_permission() + { + $editor = $this->users->editor(); + $page = $this->entities->page(); + $this->permissions->removeUserRolePermissions($editor, ['image-create-all']); + + $this->actingAs($editor)->put($page->getUrl(), [ + 'name' => $page->name, + 'html' => '

test

', + ]); + + $page->refresh(); + $this->assertStringMatchesFormat('%Atest%A

%A', $page->html); + } + + public function test_base64_images_within_html_blanked_if_content_does_not_appear_like_an_image() + { + $page = $this->entities->page(); + + $imgContent = base64_encode('file://test/a/b/c'); + $this->asEditor()->put($page->getUrl(), [ + 'name' => $page->name, + 'html' => '

test

', + ]); + + $page->refresh(); + $this->assertStringMatchesFormat('%Atest%A

%A', $page->html); + } + public function test_base64_images_get_extracted_from_markdown_page_content() { $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); $this->put($page->getUrl(), [ 'name' => $page->name, 'summary' => '', @@ -655,7 +692,7 @@ class PageContentTest extends TestCase $imageFile = public_path($imagePath); $this->assertEquals(base64_decode($this->base64Jpeg), file_get_contents($imageFile)); - $this->deleteImage($imagePath); + $this->files->deleteAtRelativePath($imagePath); } public function test_markdown_base64_extract_not_limited_by_pcre_limits() @@ -664,12 +701,12 @@ class PageContentTest extends TestCase $pcreRecursionLimit = ini_get('pcre.recursion_limit'); $this->asEditor(); - $page = Page::query()->first(); + $page = $this->entities->page(); ini_set('pcre.backtrack_limit', '500'); ini_set('pcre.recursion_limit', '500'); - $content = str_repeat('a', 5000); + $content = str_repeat(base64_decode($this->base64Jpeg), 50); $base64Content = base64_encode($content); $this->put($page->getUrl(), [ @@ -686,14 +723,14 @@ class PageContentTest extends TestCase $imageFile = public_path($imagePath); $this->assertEquals($content, file_get_contents($imageFile)); - $this->deleteImage($imagePath); + $this->files->deleteAtRelativePath($imagePath); ini_set('pcre.backtrack_limit', $pcreBacktrackLimit); ini_set('pcre.recursion_limit', $pcreRecursionLimit); } public function test_base64_images_within_markdown_blanked_if_not_supported_extension_for_extract() { - $page = Page::query()->first(); + $page = $this->entities->page(); $this->asEditor()->put($page->getUrl(), [ 'name' => $page->name, 'summary' => '', @@ -703,9 +740,37 @@ class PageContentTest extends TestCase $this->assertStringContainsString('refresh()->html); } + public function test_base64_images_within_markdown_blanked_if_no_image_create_permission() + { + $editor = $this->users->editor(); + $page = $this->entities->page(); + $this->permissions->removeUserRolePermissions($editor, ['image-create-all']); + + $this->actingAs($editor)->put($page->getUrl(), [ + 'name' => $page->name, + 'markdown' => 'test ![test](data:image/jpeg;base64,' . $this->base64Jpeg . ')', + ]); + + $this->assertStringContainsString('refresh()->html); + } + + public function test_base64_images_within_markdown_blanked_if_content_does_not_appear_like_an_image() + { + $page = $this->entities->page(); + + $imgContent = base64_encode('file://test/a/b/c'); + $this->asEditor()->put($page->getUrl(), [ + 'name' => $page->name, + 'markdown' => 'test ![test](data:image/jpeg;base64,' . $imgContent . ')', + ]); + + $page->refresh(); + $this->assertStringContainsString('refresh()->html); + } + public function test_nested_headers_gets_assigned_an_id() { - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '
Simple Test
'; $this->asEditor()->put($page->getUrl(), [ @@ -721,8 +786,7 @@ class PageContentTest extends TestCase public function test_non_breaking_spaces_are_preserved() { - /** @var Page $page */ - $page = Page::query()->first(); + $page = $this->entities->page(); $content = '

 

'; $this->asEditor()->put($page->getUrl(), [ @@ -732,4 +796,23 @@ class PageContentTest extends TestCase $this->assertStringContainsString('

 

', $page->refresh()->html); } + + public function test_page_save_with_many_headers_and_links_is_reasonable() + { + $page = $this->entities->page(); + + $content = ''; + for ($i = 0; $i < 500; $i++) { + $content .= "
Simple Test
"; + } + + $time = time(); + $this->asEditor()->put($page->getUrl(), [ + 'name' => $page->name, + 'html' => $content, + ])->assertRedirect(); + + $timeElapsed = time() - $time; + $this->assertLessThan(3, $timeElapsed); + } }