diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/browser/README.mediawiki | 64 | ||||
-rw-r--r-- | tests/parser/parserTests.txt | 13 | ||||
-rw-r--r-- | tests/phpunit/includes/api/ApiMainTest.php | 27 | ||||
-rw-r--r-- | tests/phpunit/includes/api/format/ApiFormatJsonTest.php | 4 | ||||
-rw-r--r-- | tests/phpunit/includes/upload/UploadBaseTest.php | 6 | ||||
-rw-r--r-- | tests/qunit/data/testrunner.js | 2 |
6 files changed, 46 insertions, 70 deletions
diff --git a/tests/browser/README.mediawiki b/tests/browser/README.mediawiki deleted file mode 100644 index 22657627..00000000 --- a/tests/browser/README.mediawiki +++ /dev/null @@ -1,64 +0,0 @@ -Purpose: - -The purpose of these tests is to validate that a newly installed (or updated, or hacked, or whatever) mediawiki instance presents to the user a set of expected features, regardless of what language the wiki is in, or where it is installed, or what extensions it might have. - -The tests are based on the basic definition of a wiki, a website where anyone - -* can read a page -* can create a page -* can edit a page -* can link one page to another page - -Install: - -Ruby 1.9.3 or higher is required -Firefox browser is required -:: - cd /tests/browser - gem update --system - gem install bundler - bundle install - -Run the tests: - -Edit the environment_variables file with appropriate values for your wiki -$source environment_variables (example shown in bash shell) - -bundle exec cucumber features/ - -Note that the acceptance tests will create three pages in your wiki entitled "Editing Test Page", "Link Source Test Page", and "Link Target Test Page". These pages may be deleted at any time. If you wish to re-run the tests at any time, these test pages will be re-created or reset to their original contents at the time that the tests run. - -For more information about running Selenium tests please see -https://github.com/wikimedia/mediawiki-selenium - -Details: - -create_account.feature -* Checks three different ways to arrive on page allowing the user to create an account - -create_and_follow_wiki_link.feature: -* uses the mediawiki API to create a link target page -* uses the mediawiki API to create a link source page -* navigates a browser to the link source page -* clicks the link in that page to the link target page -* validates that the browser has in fact followed the link to the target page correctly - -edit_page.feature: -* uses the mediawiki API to create an editable page on the wiki -* navigates a browser to the page -* clicks the Edit button to invoke the basic editor -* edits the page with a particular string containing a static part and also a quasi-unique random part -* saves the edited page -* checks that the saved page contains the particular string with which the page was edited - -main_page.feature: -* navigates a browser to the default landing page of the wiki -* checks for the View History link on the landing page -* checks for the full set of of sidebar links that should exist on every mediawiki wiki - -view_history.feature -* similar to edit_page.feature but checks for an older version of the edited page - -Notes: - -Tested on beta labs hewiki, dewiki, enwiki, and on a local installation of mediawiki
\ No newline at end of file diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index c8c63f39..67da1f0a 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -2263,6 +2263,15 @@ Entities inside <pre> !! end !! test +<nowiki> inside of #tag:pre +!! wikitext +{{#tag:pre|Foo <nowiki>→bar</nowiki>}} +!! html +<pre>Foo →bar</pre> + +!! end + +!! test <nowiki> and <pre> preference (first one wins) !! wikitext <pre> @@ -12863,7 +12872,7 @@ Image with link parameter, wgExternalLinkTarget !! config wgExternalLinkTarget='foobar' !! html -<p><a href="http://example.com/" target="foobar" rel="nofollow"><img alt="Foobar.jpg" src="http://example.com/images/3/3a/Foobar.jpg" width="1941" height="220" /></a> +<p><a href="http://example.com/" target="foobar" rel="nofollow noreferrer noopener"><img alt="Foobar.jpg" src="http://example.com/images/3/3a/Foobar.jpg" width="1941" height="220" /></a> </p> !! end @@ -12896,7 +12905,7 @@ Image with link parameter, wgExternalLinkTarget, unnamed parameter !! config wgExternalLinkTarget='foobar' !! html -<p><a href="http://example.com/" title="Title" target="foobar" rel="nofollow"><img alt="Title" src="http://example.com/images/3/3a/Foobar.jpg" width="1941" height="220" /></a> +<p><a href="http://example.com/" title="Title" target="foobar" rel="nofollow noreferrer noopener"><img alt="Title" src="http://example.com/images/3/3a/Foobar.jpg" width="1941" height="220" /></a> </p> !! end diff --git a/tests/phpunit/includes/api/ApiMainTest.php b/tests/phpunit/includes/api/ApiMainTest.php index 94b741dc..a2bc7aed 100644 --- a/tests/phpunit/includes/api/ApiMainTest.php +++ b/tests/phpunit/includes/api/ApiMainTest.php @@ -248,4 +248,31 @@ class ApiMainTest extends ApiTestCase { ); } + /** + * @covers ApiMain::lacksSameOriginSecurity + */ + public function testLacksSameOriginSecurity() { + // Basic test + $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) ); + $this->assertFalse( $main->lacksSameOriginSecurity(), 'Basic test, should have security' ); + + // JSONp + $main = new ApiMain( + new FauxRequest( array( 'action' => 'query', 'format' => 'xml', 'callback' => 'foo' ) ) + ); + $this->assertTrue( $main->lacksSameOriginSecurity(), 'JSONp, should lack security' ); + + // Header + $request = new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ); + $request->setHeader( 'TrEaT-As-UnTrUsTeD', '' ); // With falsey value! + $main = new ApiMain( $request ); + $this->assertTrue( $main->lacksSameOriginSecurity(), 'Header supplied, should lack security' ); + + // Hook + $this->mergeMwGlobalArrayValue( 'wgHooks', array( + 'RequestHasSameOriginSecurity' => array( function () { return false; } ) + ) ); + $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) ); + $this->assertTrue( $main->lacksSameOriginSecurity(), 'Hook, should lack security' ); + } } diff --git a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php index 3dfcaf0f..8d599b08 100644 --- a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php +++ b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php @@ -61,7 +61,7 @@ class ApiFormatJsonTest extends ApiFormatTestBase { array( array( 1 ), '/**/myCallback([1])', array( 'callback' => 'myCallback' ) ), // Cross-domain mangling - array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy \u003E"]' ), + array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy >"]' ), ) ), self::addFormatVersion( 2, array( // Basic types @@ -102,7 +102,7 @@ class ApiFormatJsonTest extends ApiFormatTestBase { array( array( 1 ), '/**/myCallback([1])', array( 'callback' => 'myCallback' ) ), // Cross-domain mangling - array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy \u003E"]' ), + array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy >"]' ), ) ) ); } diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index 9441b77f..a3f8ae48 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -374,6 +374,12 @@ class UploadBaseTest extends MediaWikiTestCase { false, 'SVG with external entity' ), + array( + "<svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\"> <g> <a xlink:href=\"javascript:alert('1 https://google.com')\"> <rect width=\"300\" height=\"100\" style=\"fill:rgb(0,0,255);stroke-width:1;stroke:rgb(0,0,2)\" /> </a> </g> </svg>", + true, + true, + 'SVG with javascript <a> link with newline (T122653)' + ), // Test good, but strange files that we want to allow array( diff --git a/tests/qunit/data/testrunner.js b/tests/qunit/data/testrunner.js index 01f96252..53bff763 100644 --- a/tests/qunit/data/testrunner.js +++ b/tests/qunit/data/testrunner.js @@ -27,8 +27,6 @@ // and assuming failure. QUnit.config.testTimeout = 30 * 1000; - QUnit.config.requireExpects = true; - // Add a checkbox to QUnit header to toggle MediaWiki ResourceLoader debug mode. QUnit.config.urlConfig.push( { id: 'debug', |