Ignore:
Timestamp:
01/08/12 02:12:19 (17 months ago)
Author:
GeorgeClark
Message:

Item11410: Implement USERINFOisTooRestrictive fix

USERINFO macro can reveal Wikiname, and also whether or not the user is
a group.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/UnitTestContrib/test/unit/Fn_USERINFO.pm

    r13116 r13561  
    9999} 
    100100 
     101sub test_antispam { 
     102    my $this = shift; 
     103    my $testformat = 
     104'W$wikiusernameU$wikinameN$usernameE$emailsG$groupsA$adminIA$isadminIG$isgroupE$bogustoken nop$nopnop $percent $quot $comma$n$n()ewline $lt $gt $amp $dollar'; 
     105 
     106    $Foswiki::cfg{AntiSpam}{HideUserDetails} = 1; 
     107 
     108# ScumBag should only see his own information 
     109    $this->createNewFoswikiSession( "ScumBag" ); 
     110    my $ui = $this->{test_topicObject}->expandMacros(<<"HERE"); 
     111%USERINFO{"ScumBag" format="$testformat"}% 
     112HERE 
     113    $this->assert_str_equals( <<"HERE", $ui ); 
     114W$Foswiki::cfg{UsersWebName}.ScumBagUScumBagNscumEscumbag\@example.comGFriendsOfFriendsOfGropeGroup, FriendsOfGropeGroup, GropeGroupAfalseIAfalseIGfalseE\$bogustoken nopnop % " , 
     115 
     116ewline < > & \$ 
     117HERE 
     118 
     119    my $guest_ui = $this->{test_topicObject}->expandMacros(<<"HERE"); 
     120%USERINFO{"WikiGuest" format="$testformat"}% 
     121HERE 
     122 
     123#'W$wikiusernameU$wikinameN$usernameE$emailsG$groupsA$adminIA$isadminIG$isgroupE$bogustoken nop$nopnop $percent $quot $comma$n$n()ewline $lt $gt $amp $dollar'; 
     124    $this->assert_str_equals( <<"HERE", $guest_ui ); 
     125W$Foswiki::cfg{UsersWebName}.WikiGuestUWikiGuestNEGAIAIGfalseE\$bogustoken nopnop % " , 
     126 
     127ewline < > & \$ 
     128HERE 
     129 
     130# Admin user should see everything 
     131    $this->createNewFoswikiSession( $Foswiki::cfg{AdminUserLogin} ); 
     132    $ui = $this->{test_topicObject}->expandMacros(<<"HERE"); 
     133%USERINFO{"ScumBag" format="$testformat"}% 
     134HERE 
     135    $this->assert_str_equals( <<"HERE", $ui ); 
     136W$Foswiki::cfg{UsersWebName}.ScumBagUScumBagNscumEscumbag\@example.comGFriendsOfFriendsOfGropeGroup, FriendsOfGropeGroup, GropeGroupAfalseIAfalseIGfalseE\$bogustoken nopnop % " , 
     137 
     138ewline < > & \$ 
     139HERE 
     140 
     141    $guest_ui = $this->{test_topicObject}->expandMacros(<<"HERE"); 
     142%USERINFO{"WikiGuest" format="$testformat"}% 
     143HERE 
     144    $this->assert_str_equals( <<"HERE", $guest_ui ); 
     145W$Foswiki::cfg{UsersWebName}.WikiGuestUWikiGuestNguestEGBaseGroup, FriendsOfFriendsOfGropeGroup, FriendsOfGropeGroup, GropeGroupAfalseIAfalseIGfalseE\$bogustoken nopnop % " , 
     146 
     147ewline < > & \$ 
     148HERE 
     149 
     150    return; 
     151} 
     152 
    101153sub test_isgroup { 
    102154    my $this = shift; 
Note: See TracChangeset for help on using the changeset viewer.