diff options
Diffstat (limited to 'rt/t/web')
| -rw-r--r-- | rt/t/web/attachment_encoding.t | 2 | ||||
| -rw-r--r-- | rt/t/web/charting.t | 69 | ||||
| -rw-r--r-- | rt/t/web/command_line.t | 2 | ||||
| -rw-r--r-- | rt/t/web/compilation_errors.t | 2 | ||||
| -rw-r--r-- | rt/t/web/path-traversal.t | 40 | ||||
| -rw-r--r-- | rt/t/web/private-components.t | 40 | ||||
| -rw-r--r-- | rt/t/web/query_builder.t | 29 | ||||
| -rw-r--r-- | rt/t/web/richtext-autohandler.t | 13 |
8 files changed, 193 insertions, 4 deletions
diff --git a/rt/t/web/attachment_encoding.t b/rt/t/web/attachment_encoding.t index 6796c9969..9ba567746 100644 --- a/rt/t/web/attachment_encoding.t +++ b/rt/t/web/attachment_encoding.t @@ -48,7 +48,7 @@ diag 'test with attachemnts' if $ENV{TEST_VERBOSE}; my $file = File::Spec->catfile( File::Spec->tmpdir, 'rt_attachemnt_abcde.txt' ); - open my $fh, '>', $file or die $!; + open( my $fh, '>', $file ) or die $!; binmode $fh, ':utf8'; print $fh '附件'; close $fh; diff --git a/rt/t/web/charting.t b/rt/t/web/charting.t new file mode 100644 index 000000000..7c11f9c92 --- /dev/null +++ b/rt/t/web/charting.t @@ -0,0 +1,69 @@ +use strict; +use warnings; + +use RT::Test no_plan => 1; + +for my $n (1..7) { + my $ticket = RT::Ticket->new( RT->SystemUser ); + my $req = 'root' . ($n % 2) . '@localhost'; + my ( $ret, $msg ) = $ticket->Create( + Subject => "base ticket $_", + Queue => "General", + Owner => "root", + Requestor => $req, + MIMEObj => MIME::Entity->build( + From => $req, + To => 'rt@localhost', + Subject => "base ticket $_", + Data => "Content $_", + ), + ); + ok( $ret, "ticket $n created: $msg" ); +} + +my ($url, $m) = RT::Test->started_ok; +ok( $m->login, "Logged in" ); + +# Test that defaults work +$m->get_ok( "/Search/Chart.html?Query=id>0" ); +$m->content_like(qr{<th[^>]*>\s*Queue\s*</th>\s*<th[^>]*>\s*Tickets\s*</th>}, "Grouped by queue"); +$m->content_like(qr{General</a>\s*</td>\s*<td[^>]*>\s*7}, "Found results in table"); +$m->content_like(qr{<img src="/Search/Chart\?}, "Found image"); + +$m->get_ok( "/Search/Chart?Query=id>0" ); +is( $m->content_type, "image/png" ); +ok( length($m->content), "Has content" ); + + +# Group by Queue +$m->get_ok( "/Search/Chart.html?Query=id>0&PrimaryGroupBy=Queue" ); +$m->content_like(qr{<th[^>]*>\s*Queue\s*</th>\s*<th[^>]*>\s*Tickets\s*</th>}, "Grouped by queue"); +$m->content_like(qr{General</a>\s*</td>\s*<td[^>]*>\s*7}, "Found results in table"); +$m->content_like(qr{<img src="/Search/Chart\?}, "Found image"); + +$m->get_ok( "/Search/Chart?Query=id>0&PrimaryGroupBy=Queue" ); +is( $m->content_type, "image/png" ); +ok( length($m->content), "Has content" ); + + +# Group by Requestor email +$m->get_ok( "/Search/Chart.html?Query=id>0&PrimaryGroupBy=Requestor.EmailAddress" ); +$m->content_like(qr{<th[^>]*>\s*Requestor\.EmailAddress\s*</th>\s*<th[^>]*>\s*Tickets\s*</th>}, + "Grouped by requestor"); +$m->content_like(qr{root0\@localhost</a>\s*</td>\s*<td[^>]*>\s*3}, "Found results in table"); +$m->content_like(qr{<img src="/Search/Chart\?}, "Found image"); + +$m->get_ok( "/Search/Chart?Query=id>0&PrimaryGroupBy=Requestor.Email" ); +is( $m->content_type, "image/png" ); +ok( length($m->content), "Has content" ); + + +# Group by Requestor phone -- which is bogus, and falls back to queue +$m->get_ok( "/Search/Chart.html?Query=id>0&PrimaryGroupBy=Requestor.Phone" ); +$m->content_like(qr{General</a>\s*</td>\s*<td[^>]*>\s*7}, + "Found queue results in table, as a default"); +$m->content_like(qr{<img src="/Search/Chart\?}, "Found image"); + +$m->get_ok( "/Search/Chart?Query=id>0&PrimaryGroupBy=Requestor.Phone" ); +is( $m->content_type, "image/png" ); +ok( length($m->content), "Has content" ); diff --git a/rt/t/web/command_line.t b/rt/t/web/command_line.t index 3fc279bf3..884b064e6 100644 --- a/rt/t/web/command_line.t +++ b/rt/t/web/command_line.t @@ -532,7 +532,7 @@ sub check_attachment { expect_handle->before() =~ $attachment_regex; my $attachment_id = $1; expect_send("show ticket/$ticket_id/attachments/$attachment_id/content","Fetching Attachment"); - open (my $fh, $attachment_path) or die "Can't open $attachment_path: $!"; + open( my $fh, '<', $attachment_path ) or die "Can't open $attachment_path: $!"; my $attachment_content = do { local($/); <$fh> }; close $fh; chomp $attachment_content; diff --git a/rt/t/web/compilation_errors.t b/rt/t/web/compilation_errors.t index 4fd9c40e9..36a006890 100644 --- a/rt/t/web/compilation_errors.t +++ b/rt/t/web/compilation_errors.t @@ -5,7 +5,7 @@ use Test::More; use File::Find; BEGIN { sub wanted { - -f && /\.html$/ && $_ !~ /Logout.html$/; + -f && /\.html$/ && $_ !~ /Logout.html$/ && $File::Find::dir !~ /RichText/; } my $tests = 4; find( sub { wanted() and $tests += 4 }, 'share/html/' ); diff --git a/rt/t/web/path-traversal.t b/rt/t/web/path-traversal.t new file mode 100644 index 000000000..8d2f5cc88 --- /dev/null +++ b/rt/t/web/path-traversal.t @@ -0,0 +1,40 @@ +use strict; +use warnings; + +use RT::Test tests => 20; + +my ($baseurl, $agent) = RT::Test->started_ok; + +$agent->get("$baseurl/NoAuth/../Elements/HeaderJavascript"); +is($agent->status, 400); +$agent->warning_like(qr/Invalid request.*aborting/,); + +$agent->get("$baseurl/NoAuth/../%45lements/HeaderJavascript"); +is($agent->status, 400); +$agent->warning_like(qr/Invalid request.*aborting/,); + +$agent->get("$baseurl/NoAuth/%2E%2E/Elements/HeaderJavascript"); +is($agent->status, 400); +$agent->warning_like(qr/Invalid request.*aborting/,); + +$agent->get("$baseurl/NoAuth/../../../etc/RT_Config.pm"); +is($agent->status, 400); +$agent->warning_like(qr/Invalid request.*aborting/,); + +$agent->get("$baseurl/NoAuth/css/web2/images/../../../../../../etc/RT_Config.pm"); +is($agent->status, 400); +$agent->warning_like(qr/Invalid request.*aborting/,); + +# do not reject these URLs, even though they contain /. outside the path +$agent->get("$baseurl/index.html?ignored=%2F%2E"); +is($agent->status, 200); + +$agent->get("$baseurl/index.html?ignored=/."); +is($agent->status, 200); + +$agent->get("$baseurl/index.html#%2F%2E"); +is($agent->status, 200); + +$agent->get("$baseurl/index.html#/."); +is($agent->status, 200); + diff --git a/rt/t/web/private-components.t b/rt/t/web/private-components.t new file mode 100644 index 000000000..30e145f34 --- /dev/null +++ b/rt/t/web/private-components.t @@ -0,0 +1,40 @@ +use strict; + +use RT::Test tests => 20; +my ($baseurl, $agent) = RT::Test->started_ok; + +ok $agent->login, 'logged in'; + +$agent->get("/Elements/Refresh?Name=private"); +is($agent->status, 403); +$agent->content_lacks("private"); +$agent->content_lacks("Refresh this page every"); + +$agent->get("/Ticket/Elements/ShowTime?minutes=42"); +is($agent->status, 403); +$agent->content_lacks("42 min"); + +$agent->get("/Widgets/TitleBox?title=private"); +is($agent->status, 403); +$agent->content_lacks("private"); + +$agent->get("/autohandler"); +is($agent->status, 403); +$agent->content_lacks("comp called without component"); + +$agent->get("/NoAuth/js/autohandler"); +is($agent->status, 403); +$agent->content_lacks("no next component"); + +$agent->get("/l"); +is($agent->status, 403); +$agent->content_lacks("No handle/phrase"); + +$agent->get("/%61utohandler"); +is($agent->status, 403); +$agent->content_lacks("comp called without component"); + +$agent->get("/%45lements/Refresh?Name=private"); +is($agent->status, 403); +$agent->content_lacks("private"); +$agent->content_lacks("Refresh this page every"); diff --git a/rt/t/web/query_builder.t b/rt/t/web/query_builder.t index fa2c56da8..25d6ec5a3 100644 --- a/rt/t/web/query_builder.t +++ b/rt/t/web/query_builder.t @@ -5,7 +5,7 @@ use HTTP::Request::Common; use HTTP::Cookies; use LWP; use Encode; -use RT::Test tests => 44; +use RT::Test tests => 50; my $cookie_jar = HTTP::Cookies->new; my ($baseurl, $agent) = RT::Test->started_ok; @@ -256,3 +256,30 @@ diag "send query with not quoted negative number"; "query is the same" ); } + +diag "click advanced, enter an invalid SQL IS restriction, apply and check that we corrected it"; +{ + my $response = $agent->get($url."Search/Edit.html"); + ok( $response->is_success, "Fetched /Search/Edit.html" ); + ok($agent->form_number(3), "found the form"); + $agent->field("Query", "Requestor.EmailAddress IS 'FOOBAR'"); + $agent->submit; + is( getQueryFromForm($agent), + "Requestor.EmailAddress IS NULL", + "foobar is replaced by NULL" + ); +} + +diag "click advanced, enter an invalid SQL IS NOT restriction, apply and check that we corrected it"; +{ + my $response = $agent->get($url."Search/Edit.html"); + ok( $response->is_success, "Fetched /Search/Edit.html" ); + ok($agent->form_number(3), "found the form"); + $agent->field("Query", "Requestor.EmailAddress IS NOT 'FOOBAR'"); + $agent->submit; + is( getQueryFromForm($agent), + "Requestor.EmailAddress IS NOT NULL", + "foobar is replaced by NULL" + ); +} + diff --git a/rt/t/web/richtext-autohandler.t b/rt/t/web/richtext-autohandler.t new file mode 100644 index 000000000..56617b2fb --- /dev/null +++ b/rt/t/web/richtext-autohandler.t @@ -0,0 +1,13 @@ +use strict; + +use RT::Test tests => 7; +my ($baseurl, $agent) = RT::Test->started_ok; + +$agent->get("$baseurl/NoAuth/RichText/FCKeditor/license.txt"); +is($agent->status, 403); +$agent->content_lacks("It is not the purpose of this section to induce"); + +$agent->get_ok("/NoAuth/RichText/license.txt"); +$agent->content_contains("It is not the purpose of this section to induce"); + +$agent->warning_like(qr/Invalid request directly to the rich text editor/,); |