- // The user information should be updated.
- $user2 = $DB->get_record('user', array('username' => 'usernoxssanymore', 'auth' => 'db'));
- // The spaces should be removed, as it's the username.
- $this->assertEquals($user2->username, 'usernoxssanymore');
-
- // Now let's test just the clean_data() method isolated.
- // Testing PARAM_USERNAME, PARAM_NOTAGS, PARAM_RAW_TRIMMED and others.
- $user3 = new stdClass();
- $user3->firstname = 'John <script>alert(1)</script> Doe';
- $user3->username = 'john%#&~%*_doe';
- $user3->email = ' john@testing.com ';
- $user3->deleted = 'no';
- $user3->description = '<b>A description <script>alert(123)</script>about myself.</b>';
- $user3cleaned = $auth->clean_data($user3);
-
- // Expected results.
- $this->assertEquals($user3cleaned->firstname, 'John alert(1) Doe');
- $this->assertEquals($user3cleaned->email, 'john@testing.com');
- $this->assertEquals($user3cleaned->deleted, 0);
- $this->assertEquals($user3->description, '<b>A description about myself.</b>');
- $this->assertEquals($user3->username, 'john_doe');
-
- // Try to clean an invalid property (fullname).
- $user3->fullname = 'John Doe';
- $auth->clean_data($user3);
- $this->assertDebuggingCalled("The property 'fullname' could not be cleaned.");