Add test for EscapingCheck, and update the latter a bit

Automattic · Feb 16, 2015 · d4dd690 · d4dd690
1 parent 1e07f2f
commit d4dd690
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 2 deletions.
diff --git a/tests/checks/test-EscapingCheck.php b/tests/checks/test-EscapingCheck.php
@@ -0,0 +1,61 @@
+<?php
+
+require_once( 'CodeCheckTestBase.php' );
+
+class EscapingTest extends CodeCheckTestBase {
+
+	public function testEscaping() {
+		$expected_errors = array(
+			array( 'slug' => 'functions-file',
+				'level' => BaseScanner::LEVEL_BLOCKER,
+				'description' => sprintf(
+					__( 'The function %1$s is being passed as the first parameter of %2$s. This is problematic because %1$s echoes a string which will not be escaped by %2$s.', 'vip-scanner' ),
+					'<code>printf()</code>',
+					'<code>esc_attr()</code>'
+				),
+				'file' => 'EscapingTest.inc',
+				'lines' => 5,
+			),
+			array( 'slug' => 'functions-file',
+					'level' => BaseScanner::LEVEL_BLOCKER,
+					'description' => sprintf(
+							__( '%1$s is being passed as the first parameter of %2$s.', 'vip-scanner' ),
+							'<code>print</code>',
+							'<code>esc_attr()</code>'
+					),
+					'file' => 'EscapingTest.inc',
+					'lines' => 6,
+			),
+			array( 'slug' => 'functions-file',
+					'level' => BaseScanner::LEVEL_BLOCKER,
+					'description' => sprintf(
+							__( '%1$s is being passed as the first parameter of %2$s.', 'vip-scanner' ),
+							'<code>echo</code>',
+							'<code>esc_attr()</code>'
+					),
+					'file' => 'EscapingTest.inc',
+					'lines' => 7,
+			),
+			array( 'slug' => 'functions-file',
+					'level' => BaseScanner::LEVEL_BLOCKER,
+					'description' => sprintf(
+							__( 'Please use %1$s to echo internationalized text in html attributes.', 'vip-scanner' ),
+							'<code>esc_attr_e()</code>'
+					),
+					'file' => 'EscapingTest.inc',
+					'lines' => 10,
+			),
+			array( 'slug' => 'functions-file',
+					'level' => BaseScanner::LEVEL_BLOCKER,
+					'description' => sprintf(
+							__( 'Please use %1$s to echo internationalized text in html attributes.', 'vip-scanner' ),
+							'<code>esc_attr_e()</code>'
+					),
+					'file' => 'EscapingTest.inc',
+					'lines' => 11,
+			),
+		);
+		$actual_errors = $this->checkFile( 'EscapingTest.inc' );
+		$this->assertEqualErrors( $expected_errors, $actual_errors );
+	}
+}
diff --git a/tests/data/EscapingTest.inc b/tests/data/EscapingTest.inc
@@ -0,0 +1,11 @@
+<?php
+
+die(); //Don't actually run the following code.
+
+esc_attr( printf( 'unescaped string' ) );
+esc_attr( print 'unescaped string' );
+esc_attr( echo 'unescaped string' );
+?>
+
+<a title="<?php _e( 'unescaped HTML attribute' ); ?>" />
+<a title='<?php _e( 'unescaped HTML attribute' ); ?>' />
diff --git a/vip-scanner/checks/EscapingCheck.php b/vip-scanner/checks/EscapingCheck.php
@@ -41,6 +41,7 @@ function check( $files ) {
 			),
 		);
 
+		$result = true;
 		foreach ( $checks as $check ) {
 			$this->increment_check_count();
 			foreach ( $this->filter_files( $files, 'php' ) as $path => $code ) {
@@ -51,11 +52,13 @@ function check( $files ) {
 						'functions-file',
 						$check['message'],
 						'blocker',
-						array( $filename, $line_number ),
-						esc_html( $error )
+						$filename,
+						array( $line_number => $error )
 					);
+					$result = false;
 				}
 			}
 		}
+		return $result;
 	}
 }