Spaces:
No application file
No application file
File size: 3,890 Bytes
d2897cd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 |
<?php
declare(strict_types=1);
namespace Mautic\LeadBundle\Tests\Controller;
use Doctrine\DBAL\ArrayParameterType;
use Mautic\CoreBundle\Test\MauticMysqlTestCase;
use Mautic\LeadBundle\Entity\Lead;
use Mautic\LeadBundle\Entity\LeadField;
use PHPUnit\Framework\Assert;
class LeadDetailFunctionalTest extends MauticMysqlTestCase
{
public function testCustomFieldOrderIsRespected(): void
{
$lead = new Lead();
$lead->setFirstname('John');
$lead->setLastname('Doe');
$lead->setEmail('[email protected]');
$this->em->persist($lead);
$fieldRepository = $this->em->getRepository(LeadField::class);
/** @var LeadField[] $fields */
$fields = $fieldRepository->findBy(['object' => 'lead', 'group' => 'core'], [
'label' => 'desc',
'id' => 'desc',
]);
$order = 0;
// re-order fields by the label
foreach ($fields as $field) {
$field->setOrder(++$order);
$this->em->persist($field);
}
$this->em->flush();
$this->em->clear();
// initialize lead fields to adjust the expected core labels
$lead->setFields([
'core' => [
'First Name' => [
'value' => 'John',
],
'Last Name' => [
'value' => 'Doe',
],
'Email' => [
'value' => '[email protected]',
],
'Primary company' => [
'value' => null,
],
'Points' => [
'value' => 0,
],
],
]);
$leadFields = array_filter($lead->getFields(true), fn ($value) => isset($value['value']));
$leadFields = array_keys($leadFields);
// get expected core labels
$expectedLabels = $this->connection->createQueryBuilder()
->select('label')
->from(MAUTIC_TABLE_PREFIX.'lead_fields')
->where('object = "lead"')
->andWhere('field_group = "core"')
->andWhere('label IN (:leadFields)')
->orderBy('field_order')
->setParameter(
'leadFields',
$leadFields,
ArrayParameterType::STRING
)
->executeQuery()
->fetchFirstColumn();
$expectedLabels = array_merge(['Created on', 'ID'], $expectedLabels);
$crawler = $this->client->request('GET', sprintf('/s/contacts/view/%d', $lead->getId()));
// get actual core labels
$actualLabels = $crawler->filter('#lead-details table')
->first()
->filter('td:first-child')
->extract(['_text']);
$actualLabels = array_map('trim', $actualLabels);
Assert::assertSame($expectedLabels, $actualLabels);
}
public function testLeadViewPreventsXSS(): void
{
$firstName = 'aaa" onmouseover=alert(1) a="';
$lead = new Lead();
$lead->setFirstname($firstName);
$this->em->persist($lead);
$this->em->flush();
$this->em->clear();
$crawler = $this->client->request('GET', sprintf('/s/contacts/view/%d', $lead->getId()));
$anchorTag = $crawler->filter('#toolbar ul.dropdown-menu-right li')->first()->filter('a');
$mouseOver = $anchorTag->attr('onmouseover');
$dataHeader = $anchorTag->attr('data-header');
Assert::assertNull($mouseOver);
Assert::assertSame(sprintf('Campaigns for %s', $firstName), $dataHeader);
$response = $this->client->getResponse();
// Make sure the data-target-url is not an absolute URL
Assert::assertStringContainsString(sprintf('data-target-url="/s/contacts/view/%s/stats"', $lead->getId()), $response->getContent());
}
}
|