drupalCreateUser(array('administer filters')); $this->drupalLogin($admin_user); // Verify that the PHP code text format was inserted. $php_format_id = db_query_range('SELECT format FROM {filter_format} WHERE name = :name', 0, 1, array(':name' => 'PHP code'))->fetchField(); $php_format = filter_format_load($php_format_id); $this->assertEqual($php_format->name, 'PHP code', t('PHP code text format was created.')); // Verify that the format has the PHP code filter enabled. $filters = filter_list_format($php_format_id); $this->assertTrue($filters['php_code']->status, t('PHP code filter is enabled.')); // Verify that the format exists on the administration page. $this->drupalGet('admin/config/content/formats'); $this->assertText('PHP code', t('PHP code text format was created.')); // Verify that anonymous and authenticated user roles do not have access. $this->drupalGet('admin/config/content/formats/' . $php_format_id); $this->assertFieldByName('roles[1]', FALSE, t('Anonymous users do not have access to PHP code format.')); $this->assertFieldByName('roles[2]', FALSE, t('Authenticated users do not have access to PHP code format.')); // Store the format ID of the PHP code text format for later use. $this->php_code_format = $php_format_id; } /** * Create a test node with PHP code in the body. * * @return stdObject Node object. */ function createNodeWithCode() { return $this->drupalCreateNode(array('body' => array(LANGUAGE_NONE => array(array('value' => ''))))); } } /** * Tests to make sure the PHP filter actually evaluates PHP code when used. */ class PHPFilterTestCase extends PHPTestCase { public static function getInfo() { return array( 'name' => 'PHP filter functionality', 'description' => 'Make sure that PHP filter properly evaluates PHP code when enabled.', 'group' => 'PHP', ); } /** * Make sure that the PHP filter evaluates PHP code when used. */ function testPHPFilter() { // Log in as a user with permission to use the PHP code text format. $php_code_permission = filter_permission_name(filter_format_load($this->php_code_format)); $web_user = $this->drupalCreateUser(array('access content', 'create page content', 'edit own page content', $php_code_permission)); $this->drupalLogin($web_user); // Create a node with PHP code in it. $node = $this->createNodeWithCode(); // Make sure that the PHP code shows up as text. $this->drupalGet('node/' . $node->nid); $this->assertText('print "SimpleTest PHP was executed!"', t('PHP code is displayed.')); // Change filter to PHP filter and see that PHP code is evaluated. $edit = array(); $langcode = LANGUAGE_NONE; $edit["body[$langcode][0][format]"] = $this->php_code_format; $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save')); $this->assertRaw(t('Basic page %title has been updated.', array('%title' => $node->title)), t('PHP code filter turned on.')); // Make sure that the PHP code shows up as text. $this->assertNoText('print "SimpleTest PHP was executed!"', t("PHP code isn't displayed.")); $this->assertText('SimpleTest PHP was executed!', t('PHP code has been evaluated.')); } } /** * Tests to make sure access to the PHP filter is properly restricted. */ class PHPAccessTestCase extends PHPTestCase { public static function getInfo() { return array( 'name' => 'PHP filter access check', 'description' => 'Make sure that users who don\'t have access to the PHP filter can\'t see it.', 'group' => 'PHP', ); } /** * Make sure that user can't use the PHP filter when not given access. */ function testNoPrivileges() { // Create node with PHP filter enabled. $web_user = $this->drupalCreateUser(array('access content', 'create page content', 'edit own page content')); $this->drupalLogin($web_user); $node = $this->createNodeWithCode(); // Make sure that the PHP code shows up as text. $this->drupalGet('node/' . $node->nid); $this->assertText('print', t('PHP code was not evaluated.')); // Make sure that user doesn't have access to filter. $this->drupalGet('node/' . $node->nid . '/edit'); $this->assertNoRaw('