Mirrors/yii2
2
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2026-03-05 06:54:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba0ab403b52124c941dbeb46fbd9efdc12252a5d
yii2/tests/framework/validators/EmailValidatorTest.php
Robert Korulczyk ba0ab403b5 Added php-cs-fixer coding standards validation to Travis CI (#14100) 
* php-cs-fixer: PSR2 rule.

* php-cs-fixer: PSR2 rule - fix views.

* Travis setup refactoring.

* Add php-cs-fixer to travis cs tests.

* Fix tests on hhvm-3.12

* improve travis config

* composer update

* revert composer update

* improve travis config

* Fix CS.

* Extract config to separate classes.

* Extract config to separate classes.

* Add file header.

* Force short array syntax.

* binary_operator_spaces fixer

* Fix broken tests

* cast_spaces fixer

* concat_space fixer

* dir_constant fixer

* ereg_to_preg fixer

* function_typehint_space fixer

* hash_to_slash_comment fixer

* is_null fixer

* linebreak_after_opening_tag fixer

* lowercase_cast fixer

* magic_constant_casing fixer

* modernize_types_casting fixer

* native_function_casing fixer

* new_with_braces fixer

* no_alias_functions fixer

* no_blank_lines_after_class_opening fixer

* no_blank_lines_after_phpdoc fixer

* no_empty_comment fixer

* no_empty_phpdoc fixer

* no_empty_statement fixer

* no_extra_consecutive_blank_lines fixer

* no_leading_import_slash fixer

* no_leading_namespace_whitespace fixer

* no_mixed_echo_print fixer

* no_multiline_whitespace_around_double_arrow fixer

* no_multiline_whitespace_before_semicolons fixer

* no_php4_constructor fixer

* no_short_bool_cast fixer

* no_singleline_whitespace_before_semicolons fixer

* no_spaces_around_offset fixer

* no_trailing_comma_in_list_call fixer

* no_trailing_comma_in_singleline_array fixer

* no_unneeded_control_parentheses fixer

* no_unused_imports fixer

* no_useless_return fixer

* no_whitespace_before_comma_in_array fixer

* no_whitespace_in_blank_line fixer

* not_operator_with_successor_space fixer

* object_operator_without_whitespace fixer

* ordered_imports fixer

* php_unit_construct fixer

* php_unit_dedicate_assert fixer

* php_unit_fqcn_annotation fixer

* phpdoc_indent fixer

* phpdoc_no_access fixer

* phpdoc_no_empty_return fixer

* phpdoc_no_package fixer

* phpdoc_no_useless_inheritdoc fixer

* Fix broken tests

* phpdoc_return_self_reference fixer

* phpdoc_single_line_var_spacing fixer

* phpdoc_single_line_var_spacing fixer

* phpdoc_to_comment fixer

* phpdoc_trim fixer

* phpdoc_var_without_name fixer

* psr4 fixer

* self_accessor fixer

* short_scalar_cast fixer

* single_blank_line_before_namespace fixer

* single_quote fixer

* standardize_not_equals fixer

* ternary_operator_spaces fixer

* trailing_comma_in_multiline_array fixer

* trim_array_spaces fixer

* protected_to_private fixer

* unary_operator_spaces fixer

* whitespace_after_comma_in_array fixer

* `parent::setRules()` -> `$this->setRules()`

* blank_line_after_opening_tag fixer

* Update finder config.

* Revert changes for YiiRequirementChecker.

* Fix array formatting.

* Add missing import.

* Fix CS for new code merged from master.

* Fix some indentation issues.
2017-06-12 12:25:45 +03:00

181 lines
9.2 KiB
PHP
Raw Blame History

<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace yiiunit\framework\validators;
use yii\validators\EmailValidator;
use yiiunit\data\validators\models\FakedValidationModel;
use yiiunit\TestCase;
/**
* @group validators
*/
class EmailValidatorTest extends TestCase
{
protected function setUp()
{
parent::setUp();
// destroy application, Validator must work without Yii::$app
$this->destroyApplication();
}
public function testValidateValue()
{
$validator = new EmailValidator();
$this->assertTrue($validator->validate('sam@rmcreative.ru'));
$this->assertTrue($validator->validate('5011@gmail.com'));
$this->assertTrue($validator->validate('Abc.123@example.com'));
$this->assertTrue($validator->validate('user+mailbox/department=shipping@example.com'));
$this->assertTrue($validator->validate('!#$%&\'*+-/=?^_`.{|}~@example.com'));
$this->assertFalse($validator->validate('rmcreative.ru'));
$this->assertFalse($validator->validate('Carsten Brandt <mail@cebe.cc>'));
$this->assertFalse($validator->validate('"Carsten Brandt" <mail@cebe.cc>'));
$this->assertFalse($validator->validate('<mail@cebe.cc>'));
$this->assertFalse($validator->validate('info@örtliches.de'));
$this->assertFalse($validator->validate('sam@рмкреатиф.ru'));
$validator->allowName = true;
$this->assertTrue($validator->validate('sam@rmcreative.ru'));
$this->assertTrue($validator->validate('5011@gmail.com'));
$this->assertFalse($validator->validate('rmcreative.ru'));
$this->assertTrue($validator->validate('Carsten Brandt <mail@cebe.cc>'));
$this->assertTrue($validator->validate('"Carsten Brandt" <mail@cebe.cc>'));
$this->assertTrue($validator->validate('<mail@cebe.cc>'));
$this->assertFalse($validator->validate('info@örtliches.de'));
$this->assertFalse($validator->validate('üñîçøðé@üñîçøðé.com'));
$this->assertFalse($validator->validate('sam@рмкреатиф.ru'));
$this->assertFalse($validator->validate('Informtation info@oertliches.de'));
$this->assertTrue($validator->validate('test@example.com'));
$this->assertTrue($validator->validate('John Smith <john.smith@example.com>'));
$this->assertTrue($validator->validate('"This name is longer than 64 characters. Blah blah blah blah blah" <shortmail@example.com>'));
$this->assertFalse($validator->validate('John Smith <example.com>'));
$this->assertFalse($validator->validate('Short Name <localPartMoreThan64Characters-blah-blah-blah-blah-blah-blah-blah-blah@example.com>'));
$this->assertFalse($validator->validate('Short Name <domainNameIsMoreThan254Characters@example-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah.com>'));
}
public function testValidateValueIdn()
{
if (!function_exists('idn_to_ascii')) {
$this->markTestSkipped('Intl extension required');
return;
}
$validator = new EmailValidator();
$validator->enableIDN = true;
$this->assertTrue($validator->validate('5011@example.com'));
$this->assertTrue($validator->validate('example@äüößìà.de'));
$this->assertTrue($validator->validate('example@xn--zcack7ayc9a.de'));
$this->assertTrue($validator->validate('info@örtliches.de'));
$this->assertTrue($validator->validate('sam@рмкреатиф.ru'));
$this->assertTrue($validator->validate('sam@rmcreative.ru'));
$this->assertTrue($validator->validate('5011@gmail.com'));
$this->assertTrue($validator->validate('üñîçøðé@üñîçøðé.com'));
$this->assertFalse($validator->validate('rmcreative.ru'));
$this->assertFalse($validator->validate('Carsten Brandt <mail@cebe.cc>'));
$this->assertFalse($validator->validate('"Carsten Brandt" <mail@cebe.cc>'));
$this->assertFalse($validator->validate('<mail@cebe.cc>'));
$validator->allowName = true;
$this->assertTrue($validator->validate('info@örtliches.de'));
$this->assertTrue($validator->validate('Informtation <info@örtliches.de>'));
$this->assertFalse($validator->validate('Informtation info@örtliches.de'));
$this->assertTrue($validator->validate('sam@рмкреатиф.ru'));
$this->assertTrue($validator->validate('sam@rmcreative.ru'));
$this->assertTrue($validator->validate('5011@gmail.com'));
$this->assertFalse($validator->validate('rmcreative.ru'));
$this->assertTrue($validator->validate('Carsten Brandt <mail@cebe.cc>'));
$this->assertTrue($validator->validate('"Carsten Brandt" <mail@cebe.cc>'));
$this->assertTrue($validator->validate('üñîçøðé 日本国 <üñîçøðé@üñîçøðé.com>'));
$this->assertTrue($validator->validate('<mail@cebe.cc>'));
$this->assertTrue($validator->validate('test@example.com'));
$this->assertTrue($validator->validate('John Smith <john.smith@example.com>'));
$this->assertTrue($validator->validate('"Такое имя достаточно длинное, но оно все равно может пройти валидацию" <shortmail@example.com>'));
$this->assertFalse($validator->validate('John Smith <example.com>'));
$this->assertFalse($validator->validate('Короткое имя <после-преобразования-в-idn-тут-будет-больше-чем-64-символа@пример.com>'));
$this->assertFalse($validator->validate('Короткое имя <тест@это-доменное-имя.после-преобразования-в-idn.будет-содержать-больше-254-символов.бла-бла-бла-бла-бла-бла-бла-бла.бла-бла-бла-бла-бла-бла.бла-бла-бла-бла-бла-бла.бла-бла-бла-бла-бла-бла.com>'));
}
public function testValidateValueMx()
{
$validator = new EmailValidator();
$validator->checkDNS = true;
$this->assertTrue($validator->validate('5011@gmail.com'));
$validator->checkDNS = false;
$this->assertTrue($validator->validate('test@nonexistingsubdomain.example.com'));
$validator->checkDNS = true;
$this->assertFalse($validator->validate('test@nonexistingsubdomain.example.com'));
$validator->checkDNS = true;
$validator->allowName = true;
$emails = [
'ipetrov@gmail.com',
'Ivan Petrov <ipetrov@gmail.com>',
];
foreach ($emails as $email) {
$this->assertTrue($validator->validate($email), "Email: '$email' failed to validate(checkDNS=true, allowName=true)");
}
}
public function testValidateAttribute()
{
$val = new EmailValidator();
$model = new FakedValidationModel();
$model->attr_email = '5011@gmail.com';
$val->validateAttribute($model, 'attr_email');
$this->assertFalse($model->hasErrors('attr_email'));
}
public function malformedAddressesProvider()
{
return [
// this is the demo email used in the proof of concept of the exploit
['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'],
// trying more adresses
['"Attacker -Param2 -Param3"@test.com'],
['\'Attacker -Param2 -Param3\'@test.com'],
['"Attacker \" -Param2 -Param3"@test.com'],
["'Attacker \\' -Param2 -Param3'@test.com"],
['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'],
// and even more variants
['"attacker\"\ -oQ/tmp/\ -X/var/www/cache/phpcode.php"@email.com'],
["\"attacker\\\"\0-oQ/tmp/\0-X/var/www/cache/phpcode.php\"@email.com"],
['"attacker@cebe.cc\"-Xbeep"@email.com'],
["'attacker\\' -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com"],
["'attacker\\\\' -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com"],
["'attacker\\\\'\\ -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com"],
["'attacker\\';touch /tmp/hackme'@email.com"],
["'attacker\\\\';touch /tmp/hackme'@email.com"],
["'attacker\\';touch/tmp/hackme'@email.com"],
["'attacker\\\\';touch/tmp/hackme'@email.com"],
['"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'],
];
}
/**
* Test malicious email addresses that can be used to exploit SwiftMailer vulnerability CVE-2016-10074
* https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
*
* @dataProvider malformedAddressesProvider
*/
public function testMalformedAddresses($value)
{
$val = new EmailValidator();
$this->assertFalse($val->validate($value));
$val->enableIDN = true;
$this->assertFalse($val->validate($value));
}
}
Reference in New Issue View Git Blame Copy Permalink