Issue #1860594 by penyaskito, damiankloip, xjm, alexpott, sun: Ensure that randomString() always returns a character that needs to be escaped for HTML.

2014-09-22 12:33:26 +01:00 · 2014-09-22 12:33:26 +01:00 · 2f9c1bc304
parent 2c35927494
commit 2f9c1bc304
2 changed files with 34 additions and 4 deletions
--- a/core/modules/simpletest/src/TestBase.php
+++ b/core/modules/simpletest/src/TestBase.php
@ -1283,22 +1283,35 @@ abstract class TestBase {
  }

  /**
-   * Generates a unique random string of ASCII characters of codes 32 to 126.
+   * Generates a pseudo-random string of ASCII characters of codes 32 to 126.
   *
   * Do not use this method when special characters are not possible (e.g., in
   * machine or file names that have already been validated); instead, use
-   * \Drupal\simpletest\TestBase::randomMachineName().
+   * \Drupal\simpletest\TestBase::randomMachineName(). If $length is greater
+   * than 2 the random string will include at least one ampersand ('&')
+   * character to ensure coverage for special characters and avoid the
+   * introduction of random test failures.
   *
   * @param int $length
   *   Length of random string to generate.
   *
   * @return string
-   *   Randomly generated unique string.
+   *   Pseudo-randomly generated unique string including special characters.
   *
   * @see \Drupal\Component\Utility\Random::string()
   */
  public function randomString($length = 8) {
-    return $this->getRandomGenerator()->string($length, TRUE, array($this, 'randomStringValidate'));
+    if ($length < 3) {
+      return $this->getRandomGenerator()->string($length, TRUE, array($this, 'randomStringValidate'));
+    }
+
+    // To prevent the introduction of random test failures, ensure that the
+    // returned string contains a character that needs to be escaped in HTML by
+    // injecting an ampersand into it.
+    $replacement_pos = floor($length / 2);
+    // Remove 1 from the length to account for the ampersand character.
+    $string = $this->getRandomGenerator()->string($length - 1, TRUE, array($this, 'randomStringValidate'));
+    return substr_replace($string, '&', $replacement_pos, 0);
  }

  /**
--- a/core/modules/simpletest/tests/src/Unit/TestBaseTest.php
+++ b/core/modules/simpletest/tests/src/Unit/TestBaseTest.php
@ -63,4 +63,21 @@ class TestBaseTest extends UnitTestCase {
    $this->assertEquals($expected, $actual);
  }

+  /**
+   * Tests that the random string contains a non-alphanumeric character.
+   *
+   * @see \Drupal\simpletest\TestBase::randomString().
+   *
+   * @covers ::randomString
+   */
+  public function testRandomString() {
+    $string = $this->stub->randomString(8);
+    $this->assertEquals(8, strlen($string));
+    $this->assertContains('&', $string);
+
+    // Ensure that we can generate random strings with a length of 1.
+    $string = $this->stub->randomString(1);
+    $this->assertEquals(1, strlen($string));
+  }
+
 }