ver. 0.308: kolory statusow zamowien + poprawki bezpieczenstwa
- Kolorowe badge statusow na liscie zamowien (pp_shop_statuses.color) - Walidacja hex koloru z DB (regex), sanityzacja HTML transport - Polaczenie 2 zapytan SQL w jedno orderStatusData() - Path-based form submit w table-list.php (admin URL routing) - 11 nowych testow (750 total, 2114 assertions) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -85,4 +85,72 @@ class ShopOrderControllerTest extends TestCase
|
||||
$this->assertEquals('Domain\\Product\\ProductRepository', $params[1]->getType()->getName());
|
||||
$this->assertTrue($params[1]->isOptional());
|
||||
}
|
||||
|
||||
// --- contrastTextColor tests (via reflection) ---
|
||||
|
||||
public function testContrastTextColorReturnsBlackForLightColor(): void
|
||||
{
|
||||
$result = $this->invokePrivate('contrastTextColor', ['#ffffff']);
|
||||
$this->assertSame('#000', $result);
|
||||
}
|
||||
|
||||
public function testContrastTextColorReturnsWhiteForDarkColor(): void
|
||||
{
|
||||
$result = $this->invokePrivate('contrastTextColor', ['#000000']);
|
||||
$this->assertSame('#fff', $result);
|
||||
}
|
||||
|
||||
public function testContrastTextColorHandlesShortHex(): void
|
||||
{
|
||||
$result = $this->invokePrivate('contrastTextColor', ['#fff']);
|
||||
$this->assertSame('#000', $result);
|
||||
|
||||
$result = $this->invokePrivate('contrastTextColor', ['#000']);
|
||||
$this->assertSame('#fff', $result);
|
||||
}
|
||||
|
||||
public function testContrastTextColorDefaultsToWhiteForInvalidHex(): void
|
||||
{
|
||||
$result = $this->invokePrivate('contrastTextColor', ['invalid']);
|
||||
$this->assertSame('#fff', $result);
|
||||
|
||||
$result = $this->invokePrivate('contrastTextColor', ['#zz']);
|
||||
$this->assertSame('#fff', $result);
|
||||
}
|
||||
|
||||
// --- sanitizeInlineHtml tests (via reflection) ---
|
||||
|
||||
public function testSanitizeInlineHtmlStripsDisallowedTags(): void
|
||||
{
|
||||
$result = $this->invokePrivate('sanitizeInlineHtml', ['<b>Bold</b> <script>alert(1)</script> <em>Italic</em>']);
|
||||
$this->assertSame('<b>Bold</b> alert(1) <em>Italic</em>', $result);
|
||||
}
|
||||
|
||||
public function testSanitizeInlineHtmlStripsAttributesFromAllowedTags(): void
|
||||
{
|
||||
$result = $this->invokePrivate('sanitizeInlineHtml', ['<b onclick="alert(1)">Bold</b>']);
|
||||
$this->assertSame('<b>Bold</b>', $result);
|
||||
|
||||
$result = $this->invokePrivate('sanitizeInlineHtml', ['<strong style="color:red" class="x">text</strong>']);
|
||||
$this->assertSame('<strong>text</strong>', $result);
|
||||
}
|
||||
|
||||
public function testSanitizeInlineHtmlPreservesCleanTags(): void
|
||||
{
|
||||
$result = $this->invokePrivate('sanitizeInlineHtml', ['<b>Bold</b> <i>Italic</i> <strong>Strong</strong> <em>Em</em>']);
|
||||
$this->assertSame('<b>Bold</b> <i>Italic</i> <strong>Strong</strong> <em>Em</em>', $result);
|
||||
}
|
||||
|
||||
public function testSanitizeInlineHtmlHandlesPlainText(): void
|
||||
{
|
||||
$result = $this->invokePrivate('sanitizeInlineHtml', ['Kurier DPD']);
|
||||
$this->assertSame('Kurier DPD', $result);
|
||||
}
|
||||
|
||||
private function invokePrivate(string $method, array $args)
|
||||
{
|
||||
$reflection = new \ReflectionMethod($this->controller, $method);
|
||||
$reflection->setAccessible(true);
|
||||
return $reflection->invokeArgs($this->controller, $args);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user