41 lines
1.2 KiB
PHP
41 lines
1.2 KiB
PHP
<?php
|
|
|
|
use Illuminate\Http\Request;
|
|
use Klevze\ControlPanel\Http\Middleware\InputValidationMiddleware;
|
|
use Klevze\ControlPanel\Services\Validation\InputValidationService;
|
|
use function Pest\Laravel\mock;
|
|
|
|
it('allows block insert html to bypass generic input validation', function () {
|
|
mock(InputValidationService::class, function ($mock) {
|
|
$mock->shouldNotReceive('validateSecurity');
|
|
});
|
|
|
|
$middleware = app(InputValidationMiddleware::class);
|
|
|
|
$request = Request::create('/cp/content/blocks/insert', 'POST', [
|
|
'keycode' => 'hero-block',
|
|
'notes' => 'Intro section',
|
|
'block_group' => 'home',
|
|
'active' => '1',
|
|
'prevod' => [
|
|
'en' => [
|
|
'name' => 'English',
|
|
'content' => '<script>alert(1)</script>',
|
|
],
|
|
],
|
|
'store_id' => 1,
|
|
'token_count' => 12,
|
|
]);
|
|
|
|
$request->setRouteResolver(fn () => new class {
|
|
public function getName(): string
|
|
{
|
|
return 'admin.plugin.block.insert';
|
|
}
|
|
});
|
|
|
|
$response = $middleware->handle($request, fn () => response('ok'));
|
|
|
|
expect($response->getContent())->toBe('ok');
|
|
});
|