diff --git a/tests/phpunit/tests/formatting/antispambot.php b/tests/phpunit/tests/formatting/antispambot.php new file mode 100644 index 0000000000000..159d907ada9b0 --- /dev/null +++ b/tests/phpunit/tests/formatting/antispambot.php @@ -0,0 +1,73 @@ +assertTrue( wp_is_valid_utf8( antispambot( $email ) ) ); + } + + /** + * Data provider. + * + * return array[] + */ + public function data_returns_valid_utf8() { + return array( + 'plain' => array( 'bob@example.com' ), + 'plain with ip' => array( 'ace@204.32.222.14' ), + 'deep subdomain' => array( 'kevin@many.subdomains.make.a.happy.man.edu' ), + 'short address' => array( 'a@b.co' ), + 'weird but legal dots' => array( '..@example.com' ), + ); + } + + /** + * This tests that antispambot performs some sort of obfuscation + * and that the obfuscation maps back to the original value. + * + * @ticket 31992 + * + * @dataProvider data_antispambot_obfuscates + * + * @param string $provided The email address to obfuscate. + */ + public function test_antispambot_obfuscates( $provided ) { + // The only token should be the email address, so advance once and treat as a text node. + $obfuscated = antispambot( $provided ); + $p = new WP_HTML_Tag_Processor( $obfuscated ); + $p->next_token(); + $decoded = rawurldecode( $p->get_modifiable_text() ); + + $this->assertNotSame( $provided, $obfuscated, 'Should have produced an obfuscated representation.' ); + $this->assertSame( $provided, $decoded, 'Should have decoded to the original email after restoring.' ); + } + + /** + * Data provider. + * + * @return array[] + */ + public function data_antispambot_obfuscates() { + return array( + array( 'example@example.com' ), + array( '#@example.com' ), + ); + } +} diff --git a/tests/phpunit/tests/formatting/isEmail.php b/tests/phpunit/tests/formatting/isEmail.php index eb5a0379b8515..d79647885ceba 100644 --- a/tests/phpunit/tests/formatting/isEmail.php +++ b/tests/phpunit/tests/formatting/isEmail.php @@ -1,32 +1,44 @@ assertSame( $email, is_email( $email ), "is_email() should return the email address for $email." ); + $this->assertSame( + $email, + is_email( $email ), + 'Should return the given email address unchanged when valid.' + ); } /** - * Data provider for valid email addresses. + * Data provider. * - * @return array + * @return Generator */ - public static function valid_email_provider() { + public static function data_valid_email_provider() { $valid_emails = array( 'bob@example.com', 'phil@example.info', + 'phil@TLA.example', 'ace@204.32.222.14', 'kevin@many.subdomains.make.a.happy.man.edu', 'a@b.co', 'bill+ted@example.com', + '..@example.com', ); foreach ( $valid_emails as $email ) { @@ -35,18 +47,27 @@ public static function valid_email_provider() { } /** - * @dataProvider invalid_email_provider + * Ensures that unrecognized email addresses are rejected. + * + * @ticket 31992 + * + * @dataProvider data_invalid_email_provider + * + * @param string $email Invalid or unrecognized-to-WordPress email address. */ public function test_returns_false_if_given_an_invalid_email_address( $email ) { - $this->assertFalse( is_email( $email ), "is_email() should return false for $email." ); + $this->assertFalse( + is_email( $email ), + 'Should have rejected the email as invalid.' + ); } /** - * Data provider for invalid email addresses. + * Data provider. * - * @return array + * @return Generator */ - public static function invalid_email_provider() { + public static function data_invalid_email_provider() { $invalid_emails = array( 'khaaaaaaaaaaaaaaan!', 'http://bob.example.com/', @@ -54,6 +75,50 @@ public static function invalid_email_provider() { 'com.exampleNOSPAMbob', 'bob@your mom', 'a@b.c', + '" "@b.c', + '"@"@b.c', + 'a@route.org@b.c', + 'h(aj@couc.ou', // bad comment. + 'hi@', + 'hi@hi@couc.ou', // double @. + + /* + * The next address is not deliverable as described, + * SMTP servers should strip the (ab), so it is very + * likely a source of confusion or a typo. + * Best rejected. + */ + '(ab)cd@couc.ou', + + /* + * The next address is not globally deliverable, + * so it may work with PHPMailer and break with + * mail sending services. Best not allow users + * to paint themselves into that corner. This also + * avoids security problems like those that were + * used to probe the WordPress server's local + * network. + */ + 'toto@to', + + /* + * Several addresses are best rejected because + * we don't want to allow sending to fe80::, 192.168 + * and other special addresses; that too might + * be used to probe the WordPress server's local + * network. + */ + 'to@[2001:db8::1]', + 'to@[IPv6:2001:db8::1]', + 'to@[192.168.1.1]', + + /* + * Ill-formed UTF-8 byte sequences must be rejected. + * A lone continuation byte (0x80) is not valid UTF-8 + * whether it appears in the local part or the domain. + */ + "a\x80b@example.com", // invalid UTF-8 in local part. + "abc@\x80.org", // invalid UTF-8 in domain subdomain. ); foreach ( $invalid_emails as $email ) { diff --git a/tests/phpunit/tests/formatting/sanitizeEmail.php b/tests/phpunit/tests/formatting/sanitizeEmail.php new file mode 100644 index 0000000000000..6ca396f42dc26 --- /dev/null +++ b/tests/phpunit/tests/formatting/sanitizeEmail.php @@ -0,0 +1,42 @@ +assertSame( + $expected, + sanitize_email( $address ), + 'Should have produced the known sanitized form of the email.' + ); + } + + /** + * Data provider. + * + * @return array[] + */ + public function data_sanitized_email_pairs() { + return array( + 'shorter than 6 characters' => array( 'a@b', '' ), + 'contains no @' => array( 'ab', '' ), + 'just a TLD' => array( 'abc@com', '' ), + 'plain' => array( 'abc@example.com', 'abc@example.com' ), + 'invalid utf8 subdomain dropped' => array( "abc@sub.\x80.org", 'abc@sub.org' ), + 'all subdomains invalid utf8' => array( "abc@\x80.org", '' ), + ); + } +}