Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ver. 0.308: kolory statusow zamowien + poprawki bezpieczenstwa

Browse Source 
- Kolorowe badge statusow na liscie zamowien (pp_shop_statuses.color)
- Walidacja hex koloru z DB (regex), sanityzacja HTML transport
- Polaczenie 2 zapytan SQL w jedno orderStatusData()
- Path-based form submit w table-list.php (admin URL routing)
- 11 nowych testow (750 total, 2114 assertions)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jacek Pyziak
2026-02-22 20:57:56 +01:00
parent 56c931f7da
commit efcf06969c
10 changed files with 236 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
tests/Unit/Domain/Order/OrderRepositoryTest.php
View File

@@ -29,6 +29,66 @@ class OrderRepositoryTest extends TestCase
$this->assertSame('W realizacji', $statuses[4]);
}
public function testOrderStatusDataReturnsBothNamesAndColors(): void
{
$mockDb = $this->createMock(\medoo::class);
$mockDb->method('select')
->willReturnCallback(function ($table, $columns, $where) {
if ($table === 'pp_shop_statuses') {
return [
['id' => 0, 'status' => 'Nowe', 'color' => '#ff0000'],
['id' => 4, 'status' => 'W realizacji', 'color' => '#00ff00'],
['id' => 5, 'status' => 'Wysłane', 'color' => ''],
];
}
return [];
});
$repository = new OrderRepository($mockDb);
$data = $repository->orderStatusData();
$this->assertArrayHasKey('names', $data);
$this->assertArrayHasKey('colors', $data);
$this->assertSame('Nowe', $data['names'][0]);
$this->assertSame('W realizacji', $data['names'][4]);
$this->assertSame('Wysłane', $data['names'][5]);
$this->assertSame('#ff0000', $data['colors'][0]);
$this->assertSame('#00ff00', $data['colors'][4]);
$this->assertArrayNotHasKey(5, $data['colors']);
}
public function testOrderStatusDataFiltersInvalidHexColors(): void
{
$mockDb = $this->createMock(\medoo::class);
$mockDb->method('select')
->willReturn([
['id' => 1, 'status' => 'OK', 'color' => '#abc'],
['id' => 2, 'status' => 'Bad', 'color' => 'red'],
['id' => 3, 'status' => 'XSS', 'color' => '#000" onclick="alert(1)'],
['id' => 4, 'status' => 'Valid', 'color' => '#AABBCC'],
]);
$repository = new OrderRepository($mockDb);
$data = $repository->orderStatusData();
$this->assertSame('#abc', $data['colors'][1]);
$this->assertArrayNotHasKey(2, $data['colors']);
$this->assertArrayNotHasKey(3, $data['colors']);
$this->assertSame('#AABBCC', $data['colors'][4]);
}
public function testOrderStatusDataReturnsEmptyOnDbFailure(): void
{
$mockDb = $this->createMock(\medoo::class);
$mockDb->method('select')->willReturn(false);
$repository = new OrderRepository($mockDb);
$data = $repository->orderStatusData();
$this->assertSame([], $data['names']);
$this->assertSame([], $data['colors']);
}
public function testNextAndPrevOrderIdReturnNullForInvalidInput(): void
{
$mockDb = $this->createMock(\medoo::class);

68
tests/Unit/admin/Controllers/ShopOrderControllerTest.php
View File

@@ -85,4 +85,72 @@ class ShopOrderControllerTest extends TestCase
$this->assertEquals('Domain\\Product\\ProductRepository', $params[1]->getType()->getName());
$this->assertTrue($params[1]->isOptional());
}
// --- contrastTextColor tests (via reflection) ---
public function testContrastTextColorReturnsBlackForLightColor(): void
{
$result = $this->invokePrivate('contrastTextColor', ['#ffffff']);
$this->assertSame('#000', $result);
}
public function testContrastTextColorReturnsWhiteForDarkColor(): void
{
$result = $this->invokePrivate('contrastTextColor', ['#000000']);
$this->assertSame('#fff', $result);
}
public function testContrastTextColorHandlesShortHex(): void
{
$result = $this->invokePrivate('contrastTextColor', ['#fff']);
$this->assertSame('#000', $result);
$result = $this->invokePrivate('contrastTextColor', ['#000']);
$this->assertSame('#fff', $result);
}
public function testContrastTextColorDefaultsToWhiteForInvalidHex(): void
{
$result = $this->invokePrivate('contrastTextColor', ['invalid']);
$this->assertSame('#fff', $result);
$result = $this->invokePrivate('contrastTextColor', ['#zz']);
$this->assertSame('#fff', $result);
}
// --- sanitizeInlineHtml tests (via reflection) ---
public function testSanitizeInlineHtmlStripsDisallowedTags(): void
{
$result = $this->invokePrivate('sanitizeInlineHtml', ['<b>Bold</b> <script>alert(1)</script> <em>Italic</em>']);
$this->assertSame('<b>Bold</b> alert(1) <em>Italic</em>', $result);
}
public function testSanitizeInlineHtmlStripsAttributesFromAllowedTags(): void
{
$result = $this->invokePrivate('sanitizeInlineHtml', ['<b onclick="alert(1)">Bold</b>']);
$this->assertSame('<b>Bold</b>', $result);
$result = $this->invokePrivate('sanitizeInlineHtml', ['<strong style="color:red" class="x">text</strong>']);
$this->assertSame('<strong>text</strong>', $result);
}
public function testSanitizeInlineHtmlPreservesCleanTags(): void
{
$result = $this->invokePrivate('sanitizeInlineHtml', ['<b>Bold</b> <i>Italic</i> <strong>Strong</strong> <em>Em</em>']);
$this->assertSame('<b>Bold</b> <i>Italic</i> <strong>Strong</strong> <em>Em</em>', $result);
}
public function testSanitizeInlineHtmlHandlesPlainText(): void
{
$result = $this->invokePrivate('sanitizeInlineHtml', ['Kurier DPD']);
$this->assertSame('Kurier DPD', $result);
}
private function invokePrivate(string $method, array $args)
{
$reflection = new \ReflectionMethod($this->controller, $method);
$reflection->setAccessible(true);
return $reflection->invokeArgs($this->controller, $args);
}
}