diff --git a/core/lib/Drupal/Component/Utility/Random.php b/core/lib/Drupal/Component/Utility/Random.php index 356eefd..ef8c242 100644 --- a/core/lib/Drupal/Component/Utility/Random.php +++ b/core/lib/Drupal/Component/Utility/Random.php @@ -7,6 +7,8 @@ namespace Drupal\Component\Utility; +use Drupal\user\Plugin\Validation\Constraint\UserNameConstraintValidator; + /** * Defines a utility class for creating random data. * @@ -70,7 +72,20 @@ public function string($length = 8, $unique = FALSE, $validator = NULL) { } $str = ''; for ($i = 0; $i < $length; $i++) { - $str .= chr(mt_rand(32, 126)); + $ch_counter = 0; + do { + if ($ch_counter == static::MAXIMUM_TRIES) { + throw new \RuntimeException('Unable to generate a unique character for a random name'); + } + $ch = '' . chr(mt_rand(32, 126)); + $get_next_ch = FALSE; + if (UserNameConstraintValidator::hasIllegalCharacters($ch)) { + $get_next_ch = TRUE; + } + $ch_counter++; + } while ($get_next_ch); + + $str .= $ch; } $counter++; diff --git a/core/modules/comment/src/Tests/CommentPreviewTest.php b/core/modules/comment/src/Tests/CommentPreviewTest.php index 2a9b197..734dbc0 100644 --- a/core/modules/comment/src/Tests/CommentPreviewTest.php +++ b/core/modules/comment/src/Tests/CommentPreviewTest.php @@ -154,7 +154,7 @@ function testCommentEditPreviewSave() { $this->assertTitle(t('Preview comment | Drupal'), 'Page title is "Preview comment".'); $this->assertText($edit['subject[0][value]'], 'Subject displayed.'); $this->assertText($edit['comment_body[0][value]'], 'Comment displayed.'); - $this->assertText($web_user->getUsername(), 'Author displayed.'); + $this->assertEscaped($web_user->getUsername(), 'Author displayed.'); $this->assertText($expected_text_date, 'Date displayed.'); // Check that the subject, comment, author and date fields are displayed with the correct values. diff --git a/core/modules/file/src/Tests/FileTokenReplaceTest.php b/core/modules/file/src/Tests/FileTokenReplaceTest.php index 93a6c67..5154dd9 100644 --- a/core/modules/file/src/Tests/FileTokenReplaceTest.php +++ b/core/modules/file/src/Tests/FileTokenReplaceTest.php @@ -94,7 +94,7 @@ function testFileTokenReplacement() { foreach ($tests as $input => $expected) { $output = $token_service->replace($input, array('file' => $file), array('langcode' => $language_interface->getId(), 'sanitize' => FALSE)); - $this->assertEqual($output, $expected, format_string('Unsanitized file token %token replaced.', array('%token' => $input))); + $this->assertEqual(html_entity_decode($output, ENT_QUOTES, 'UTF-8'), html_entity_decode($expected, ENT_QUOTES, 'UTF-8')); } } } diff --git a/core/modules/language/src/Tests/LanguageUrlRewritingTest.php b/core/modules/language/src/Tests/LanguageUrlRewritingTest.php index f590861..748e338 100644 --- a/core/modules/language/src/Tests/LanguageUrlRewritingTest.php +++ b/core/modules/language/src/Tests/LanguageUrlRewritingTest.php @@ -66,7 +66,7 @@ function testUrlRewritingEdgeCases() { // Check that URL rewriting is not applied to subrequests. $this->drupalGet('language_test/subrequest'); - $this->assertText($this->webUser->getUsername(), 'Page correctly retrieved'); + $this->assertEscaped($this->webUser->getUsername(), 'Page correctly retrieved'); } /** diff --git a/core/modules/node/src/Tests/NodeCreationTest.php b/core/modules/node/src/Tests/NodeCreationTest.php index abe7ba7..525939c 100644 --- a/core/modules/node/src/Tests/NodeCreationTest.php +++ b/core/modules/node/src/Tests/NodeCreationTest.php @@ -70,7 +70,7 @@ function testNodeCreation() { $node_type->save(); $this->drupalGet('node/' . $node->id()); - $this->assertText($node->getOwner()->getUsername()); + $this->assertEscaped($node->getOwner()->getUsername()); $this->assertText(format_date($node->getCreatedTime())); } diff --git a/core/modules/search/src/Tests/SearchConfigSettingsFormTest.php b/core/modules/search/src/Tests/SearchConfigSettingsFormTest.php index 2c17ed6..4a9b22f 100644 --- a/core/modules/search/src/Tests/SearchConfigSettingsFormTest.php +++ b/core/modules/search/src/Tests/SearchConfigSettingsFormTest.php @@ -165,7 +165,7 @@ function testSearchModuleDisabling() { $this->drupalGet('search/' . $entity->getPath(), array('query' => array('keys' => $info['keys']))); $this->assertResponse(200); $this->assertNoText('no results', $entity->label() . ' search found results'); - $this->assertText($info['text'], 'Correct search text found'); + $this->assertEscaped($info['text'], 'Correct search text found'); // Verify that other plugin search tab labels are not visible. foreach ($plugins as $other) { diff --git a/core/modules/search/src/Tests/SearchExactTest.php b/core/modules/search/src/Tests/SearchExactTest.php index e4f3511..d312578 100644 --- a/core/modules/search/src/Tests/SearchExactTest.php +++ b/core/modules/search/src/Tests/SearchExactTest.php @@ -67,7 +67,7 @@ function testExactQuery() { $edit = array('keys' => 'Druplicon'); $this->drupalPostForm('search/node', $edit, t('Search')); - $this->assertText($user->getUsername(), 'Basic page node displays author name when post settings are on.'); + $this->assertEscaped($user->getUsername(), 'Basic page node displays author name when post settings are on.'); $this->assertText(format_date($node->getChangedTime(), 'short'), 'Basic page node displays post date when post settings are on.'); // Check that with post settings turned off the user and changed date diff --git a/core/modules/simpletest/src/Tests/SimpleTestTest.php b/core/modules/simpletest/src/Tests/SimpleTestTest.php index 41d114e..999dcf0 100644 --- a/core/modules/simpletest/src/Tests/SimpleTestTest.php +++ b/core/modules/simpletest/src/Tests/SimpleTestTest.php @@ -252,7 +252,7 @@ function confirmStubTestResults() { $this->assertAssertion(t('Invalid permission %permission.', array('%permission' => $this->invalidPermission)), 'Role', 'Fail', 'SimpleTestTest.php', 'Drupal\simpletest\Tests\SimpleTestTest->stubTest()'); // Check that the user was logged in successfully. - $this->assertAssertion('User SimpleTestTest successfully logged in.', 'User login', 'Pass', 'SimpleTestTest.php', 'Drupal\simpletest\Tests\SimpleTestTest->stubTest()'); + $this->assertAssertion("User SimpleTestTest's successfully logged in.", 'User login', 'Pass', 'SimpleTestTest.php', 'Drupal\simpletest\Tests\SimpleTestTest->stubTest()'); // Check that a warning is caught by simpletest. The exact error message // differs between PHP versions so only the function name is checked. diff --git a/core/modules/simpletest/src/UserCreationTrait.php b/core/modules/simpletest/src/UserCreationTrait.php index 92262cf..b985d87 100644 --- a/core/modules/simpletest/src/UserCreationTrait.php +++ b/core/modules/simpletest/src/UserCreationTrait.php @@ -60,8 +60,15 @@ protected function createUser(array $permissions = array(), $name = NULL, $admin // Create a user assigned to that role. $edit = array(); - $edit['name'] = !empty($name) ? $name : $this->randomMachineName(); + $edit['name'] = !empty($name) ? $name : $this->getRandomGenerator()->string(6, TRUE, array($this, 'randomUsernameValidate')); + $edit['name'] .= "'s"; $edit['mail'] = $edit['name'] . '@example.com'; + // It is possible that name + @example.com is not a valid email address + // since user names can contain whitespace and @ characters and start with a + // dot. + if (!valid_email_address($edit['mail'])) { + $edit['mail'] = $this->getRandomGenerator()->name() . '@example.com'; + } $edit['pass'] = user_password(); $edit['status'] = 1; if ($rid) { diff --git a/core/modules/simpletest/src/WebTestBase.php b/core/modules/simpletest/src/WebTestBase.php index 2fe6f53..814ad92 100644 --- a/core/modules/simpletest/src/WebTestBase.php +++ b/core/modules/simpletest/src/WebTestBase.php @@ -14,6 +14,7 @@ use Drupal\Component\Utility\Html; use Drupal\Component\Utility\NestedArray; use Drupal\Component\Utility\UrlHelper; +use Drupal\Component\Utility\Unicode; use Drupal\Core\Cache\Cache; use Drupal\Component\Utility\SafeMarkup; use Drupal\Core\Database\Database; @@ -30,6 +31,7 @@ use Drupal\Core\StreamWrapper\PublicStream; use Drupal\Core\Url; use Drupal\node\Entity\NodeType; +use Drupal\user\Plugin\Validation\Constraint\UserNameConstraintValidator; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\HttpFoundation\Request; use Zend\Diactoros\Uri; @@ -2780,6 +2782,10 @@ protected function assertNoResponse($code, $message = '', $group = 'Browser') { * TRUE on pass, FALSE on fail. */ protected function assertMail($name, $value = '', $message = '', $group = 'Email') { + // The mail subject is mime encoded. + if ($name == 'subject') { + $value = Unicode::mimeHeaderEncode($value); + } $captured_emails = \Drupal::state()->get('system.test_mail_collector') ?: array(); $email = end($captured_emails); return $this->assertTrue($email && isset($email[$name]) && $email[$name] == $value, $message, $group); @@ -2970,6 +2976,21 @@ protected function assertCacheContext($expected_cache_context) { } /** + * Callback for random username validation. + * + * @see \Drupal\Component\Utility\Random::string() + * + * @param string $string + * The random string to validate. + * + * @return bool + * TRUE if the random string is valid, FALSE if not. + */ + public function randomUsernameValidate($string) { + return $this->randomStringValidate($string) && !UserNameConstraintValidator::hasIllegalCharacters($string); + } + + /** * Asserts that a cache context was not present in the last response. * * @param string $not_expected_cache_context diff --git a/core/modules/system/src/Tests/Path/UrlAlterFunctionalTest.php b/core/modules/system/src/Tests/Path/UrlAlterFunctionalTest.php index d9a8228..e3a7dc5 100644 --- a/core/modules/system/src/Tests/Path/UrlAlterFunctionalTest.php +++ b/core/modules/system/src/Tests/Path/UrlAlterFunctionalTest.php @@ -37,7 +37,7 @@ function testUrlAlter() { // Test a single altered path. $this->drupalGet("user/$name"); $this->assertResponse('200', 'The user/username path gets resolved correctly'); - $this->assertUrlOutboundAlter("/user/$uid", "/user/$name"); + $this->assertUrlOutboundAlter("user/$uid", "user/" . urlencode($name)); // Test that a path always uses its alias. $path = array('source' => "/user/$uid/test1", 'alias' => '/alias/test1'); @@ -62,7 +62,7 @@ function testUrlAlter() { // level and for a specific existing forum. $this->drupalGet('community'); $this->assertText('General discussion', 'The community path gets resolved correctly'); - $this->assertUrlOutboundAlter('/forum', '/community'); + $this->assertUrlOutboundAlter('/forum', '/communitym'); $forum_vid = $this->config('forum.settings')->get('vocabulary'); $term_name = $this->randomMachineName(); $term = entity_create('taxonomy_term', array( @@ -72,7 +72,7 @@ function testUrlAlter() { $term->save(); $this->drupalGet("community/" . $term->id()); $this->assertText($term_name, 'The community/{tid} path gets resolved correctly'); - $this->assertUrlOutboundAlter("/forum/" . $term->id(), "/community/" . $term->id()); + $this->assertUrlOutboundAlter("/forum/" . $term->id(), "/communitym/" . $term->id()); } /** diff --git a/core/modules/system/src/Tests/System/AccessDeniedTest.php b/core/modules/system/src/Tests/System/AccessDeniedTest.php index 0f37320..6bb1ce0 100644 --- a/core/modules/system/src/Tests/System/AccessDeniedTest.php +++ b/core/modules/system/src/Tests/System/AccessDeniedTest.php @@ -63,7 +63,7 @@ function testAccessDenied() { // Log out and check that the user login block is shown on custom 403 pages. $this->drupalLogout(); $this->drupalGet('admin'); - $this->assertText($this->adminUser->getUsername(), 'Found the custom 403 page'); + $this->assertEscaped($this->adminUser->getUsername(), 'Found the custom 403 page'); $this->assertText(t('Username'), 'Blocks are shown on the custom 403 page'); // Log back in and remove the custom 403 page. diff --git a/core/modules/system/src/Tests/System/PageNotFoundTest.php b/core/modules/system/src/Tests/System/PageNotFoundTest.php index b7c0609..623fd31 100644 --- a/core/modules/system/src/Tests/System/PageNotFoundTest.php +++ b/core/modules/system/src/Tests/System/PageNotFoundTest.php @@ -48,6 +48,6 @@ function testPageNotFound() { $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration')); $this->drupalGet($this->randomMachineName(10)); - $this->assertText($this->adminUser->getUsername(), 'Found the custom 404 page'); + $this->assertEscaped($this->adminUser->getUsername(), 'Found the custom 404 page'); } } diff --git a/core/modules/tracker/src/Tests/TrackerTest.php b/core/modules/tracker/src/Tests/TrackerTest.php index 425c4a1..b96d80f 100644 --- a/core/modules/tracker/src/Tests/TrackerTest.php +++ b/core/modules/tracker/src/Tests/TrackerTest.php @@ -202,7 +202,7 @@ function testTrackerUser() { $this->assertNoLink($unpublished->label()); // Verify that title and tab title have been set correctly. $this->assertText('Activity', 'The user activity tab has the name "Activity".'); - $this->assertTitle(t('@name | @site', array('@name' => $this->user->getUsername(), '@site' => $this->config('system.site')->get('name'))), 'The user tracker page has the correct page title.'); + $this->assertTitle(t($this->user->getUsername().' | '. $this->config('system.site')->get('name')), 'The user tracker page has the correct page title. - '.$this->user->getUsername().' | '. $this->config('system.site')->get('name')); // Verify that unpublished comments are removed from the tracker. $admin_user = $this->drupalCreateUser(array('post comments', 'administer comments', 'access user profiles')); diff --git a/core/modules/user/src/Plugin/Validation/Constraint/UserNameConstraintValidator.php b/core/modules/user/src/Plugin/Validation/Constraint/UserNameConstraintValidator.php index 12d4fa3..63503a5 100644 --- a/core/modules/user/src/Plugin/Validation/Constraint/UserNameConstraintValidator.php +++ b/core/modules/user/src/Plugin/Validation/Constraint/UserNameConstraintValidator.php @@ -34,23 +34,36 @@ public function validate($items, Constraint $constraint) { if (strpos($name, ' ') !== FALSE) { $this->context->addViolation($constraint->multipleSpacesMessage); } - if (preg_match('/[^\x{80}-\x{F7} a-z0-9@_.\'-]/i', $name) - || preg_match( - '/[\x{80}-\x{A0}' . // Non-printable ISO-8859-1 + NBSP - '\x{AD}' . // Soft-hyphen - '\x{2000}-\x{200F}' . // Various space characters - '\x{2028}-\x{202F}' . // Bidirectional text overrides - '\x{205F}-\x{206F}' . // Various text hinting characters - '\x{FEFF}' . // Byte order mark - '\x{FF01}-\x{FF60}' . // Full-width latin - '\x{FFF9}-\x{FFFD}' . // Replacement characters - '\x{0}-\x{1F}]/u', // NULL byte and control characters - $name) - ) { + if (static::hasIllegalCharacters($name)) { $this->context->addViolation($constraint->illegalMessage); } if (Unicode::strlen($name) > USERNAME_MAX_LENGTH) { $this->context->addViolation($constraint->tooLongMessage, array('%name' => $name, '%max' => USERNAME_MAX_LENGTH)); } } + + /** + * Checks if the username has illegal characters. + * + * @param string $name + * The username to check. + * + * @return bool + * TRUE if the username has illegal characters, FALSE if not. + */ + public static function hasIllegalCharacters($name) { + return preg_match('/[^\x{80}-\x{F7} a-z0-9@+_.\'-]/i', $name) + || preg_match( + '/[\x{80}-\x{A0}' . // Non-printable ISO-8859-1 + NBSP + '\x{AD}' . // Soft-hyphen + '\x{2000}-\x{200F}' . // Various space characters + '\x{2028}-\x{202F}' . // Bidirectional text overrides + '\x{205F}-\x{206F}' . // Various text hinting characters + '\x{FEFF}' . // Byte order mark + '\x{FF01}-\x{FF60}' . // Full-width latin + '\x{FFF9}-\x{FFFD}' . // Replacement characters + '\x{0}-\x{1F}]/u', // NULL byte and control characters + $name); + } + } diff --git a/core/modules/user/src/Tests/UserBlocksTest.php b/core/modules/user/src/Tests/UserBlocksTest.php index f16e31e..c3f9806 100644 --- a/core/modules/user/src/Tests/UserBlocksTest.php +++ b/core/modules/user/src/Tests/UserBlocksTest.php @@ -7,6 +7,7 @@ namespace Drupal\user\Tests; +use Drupal\Component\Utility\Html; use Drupal\simpletest\WebTestBase; /** @@ -129,10 +130,10 @@ function testWhosOnlineBlock() { $content = entity_view($block, 'block'); $this->setRawContent(\Drupal::service('renderer')->renderRoot($content)); $this->assertRaw(t('2 users'), 'Correct number of online users (2 users).'); - $this->assertText($user1->getUsername(), 'Active user 1 found in online list.'); - $this->assertText($user2->getUsername(), 'Active user 2 found in online list.'); + $this->assertEscaped($user1->getUsername(), 'Active user 1 found in online list.'); + $this->assertEscaped($user2->getUsername(), 'Active user 2 found in online list.'); $this->assertNoText($user3->getUsername(), 'Inactive user not found in online list.'); - $this->assertTrue(strpos($this->getRawContent(), $user1->getUsername()) > strpos($this->getRawContent(), $user2->getUsername()), 'Online users are ordered correctly.'); + $this->assertTrue(strpos($this->getRawContent(), Html::escape($user1->getUsername())) > strpos($this->getRawContent(), Html::escape($user2->getUsername())), 'Online users are ordered correctly.'); } /** diff --git a/core/modules/user/src/Tests/UserCancelTest.php b/core/modules/user/src/Tests/UserCancelTest.php index 6c2034d..0a4f107 100644 --- a/core/modules/user/src/Tests/UserCancelTest.php +++ b/core/modules/user/src/Tests/UserCancelTest.php @@ -535,7 +535,7 @@ function testMassUserCancelByAdmin() { $this->drupalPostForm(NULL, NULL, t('Cancel accounts')); $status = TRUE; foreach ($users as $account) { - $status = $status && (strpos($this->content, $account->getUsername() . ' has been deleted.') !== FALSE); + $status = $status && (strpos(html_entity_decode($this->content, ENT_QUOTES, "UTF-8"), $account->getUsername() . ' has been deleted.') !== FALSE); $user_storage->resetCache(array($account->id())); $status = $status && !$user_storage->load($account->id()); } diff --git a/core/modules/user/src/Tests/UserPasswordResetTest.php b/core/modules/user/src/Tests/UserPasswordResetTest.php index e54dc96..191dfe5 100644 --- a/core/modules/user/src/Tests/UserPasswordResetTest.php +++ b/core/modules/user/src/Tests/UserPasswordResetTest.php @@ -86,9 +86,10 @@ function testUserPasswordReset() { $edit['name'] = $this->account->getUsername(); $this->drupalPostForm(NULL, $edit, t('Submit')); - // Verify that the user was sent an email. + // Verify that the user was sent an email. $this->assertMail('to', $this->account->getEmail(), 'Password email sent to user.'); - $subject = t('Replacement login information for @username at @site', array('@username' => $this->account->getUsername(), '@site' => $this->config('system.site')->get('name'))); + // Email subject is not sanitized - same as in user_mail. + $subject = t('Replacement login information for !username at !site', array('!username' => $this->account->getUsername(), '!site' => $this->config('system.site')->get('name'))); $this->assertMail('subject', $subject, 'Password reset email subject is correct.'); $resetURL = $this->getResetURL(); @@ -100,14 +101,14 @@ function testUserPasswordReset() { $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache')); // Check the one-time login page. - $this->assertText($this->account->getUsername(), 'One-time login page contains the correct username.'); + $this->assertEscaped($this->account->getUsername(), 'One-time login page contains the correct username.'); $this->assertText(t('This login can be used only once.'), 'Found warning about one-time login.'); $this->assertTitle(t('Reset password | Drupal'), 'Page title is "Reset password".'); // Check successful login. $this->drupalPostForm(NULL, NULL, t('Log in')); $this->assertLink(t('Log out')); - $this->assertTitle(t('@name | @site', array('@name' => $this->account->getUsername(), '@site' => $this->config('system.site')->get('name'))), 'Logged in using password reset link.'); + $this->assertTitle(t('!name | @site', array('!name' => $this->account->getUsername(), '@site' => $this->config('system.site')->get('name'))), 'Logged in using password reset link.'); // Make sure the ajax request from uploading a user picture does not // invalidate the reset token. diff --git a/core/modules/user/src/Tests/UserSearchTest.php b/core/modules/user/src/Tests/UserSearchTest.php index f211e17..4c07187 100644 --- a/core/modules/user/src/Tests/UserSearchTest.php +++ b/core/modules/user/src/Tests/UserSearchTest.php @@ -66,28 +66,28 @@ function testUserSearch() { $keys = $user2->getEmail(); $edit = array('keys' => $keys); $this->drupalPostForm('search/user', $edit, t('Search')); - $this->assertText($keys, 'Search by email works for administrative user'); - $this->assertText($user2->getUsername(), 'Search by email resulted in username on page for administrative user'); + $this->assertEscaped($keys, 'Search by email works for administrative user'); + $this->assertEscaped($user2->getUsername(), 'Search by email resulted in username on page for administrative user'); // Verify that a substring works too for email. $subkey = substr($keys, 1, 5); $edit = array('keys' => $subkey); $this->drupalPostForm('search/user', $edit, t('Search')); - $this->assertText($keys, 'Search by email substring works for administrative user'); - $this->assertText($user2->getUsername(), 'Search by email substring resulted in username on page for administrative user'); + $this->assertEscaped($keys, 'Search by email substring works for administrative user'); + $this->assertEscaped($user2->getUsername(), 'Search by email substring resulted in username on page for administrative user'); // Verify that wildcard search works for email $subkey = substr($keys, 0, 2) . '*' . substr($keys, 4, 2); $edit = array('keys' => $subkey); $this->drupalPostForm('search/user', $edit, t('Search')); - $this->assertText($user2->getUsername(), 'Search for email wildcard resulted in username on page for administrative user'); + $this->assertEscaped($user2->getUsername(), 'Search for email wildcard resulted in username on page for administrative user'); // Verify that if they search by user name, they see email address too. $keys = $user1->getUsername(); $edit = array('keys' => $keys); $this->drupalPostForm('search/user', $edit, t('Search')); - $this->assertText($keys, 'Search by username works for admin user'); - $this->assertText($user1->getEmail(), 'Search by username for admin shows email address too'); + $this->assertEscaped($keys, 'Search by username works for admin user'); + $this->assertEscaped($user1->getEmail(), 'Search by username for admin shows email address too'); // Create a blocked user. $blocked_user = $this->drupalCreateUser(); @@ -98,7 +98,7 @@ function testUserSearch() { // accounts in search results. $edit = array('keys' => $blocked_user->getUsername()); $this->drupalPostForm('search/user', $edit, t('Search')); - $this->assertText($blocked_user->getUsername(), 'Blocked users are listed on the user search results for users with the "administer users" permission.'); + $this->assertEscaped($blocked_user->getUsername(), 'Blocked users are listed on the user search results for users with the "administer users" permission.'); // Verify that users without "administer users" permissions do not see // blocked accounts in search results. diff --git a/core/modules/user/src/Tests/UserValidationTest.php b/core/modules/user/src/Tests/UserValidationTest.php index f39e11e..29a0da9 100644 --- a/core/modules/user/src/Tests/UserValidationTest.php +++ b/core/modules/user/src/Tests/UserValidationTest.php @@ -55,6 +55,7 @@ function testUsernames() { 'foo@example.com' => array('Valid username', 'assertNull'), 'foo@-example.com' => array('Valid username', 'assertNull'), // invalid domains are allowed in usernames 'þòøÇߪř€' => array('Valid username', 'assertNull'), + 'foo+bar' => array('Valid username', 'assertNull'), // '+' symbol is allowed 'ᚠᛇᚻ᛫ᛒᛦᚦ' => array('Valid UTF8 username', 'assertNull'), // runes ' foo' => array('Invalid username that starts with a space', 'assertNotNull'), 'foo ' => array('Invalid username that ends with a space', 'assertNotNull'), diff --git a/core/modules/user/src/Tests/Views/BulkFormTest.php b/core/modules/user/src/Tests/Views/BulkFormTest.php index 0cd84b3..0241c7e 100644 --- a/core/modules/user/src/Tests/Views/BulkFormTest.php +++ b/core/modules/user/src/Tests/Views/BulkFormTest.php @@ -82,7 +82,7 @@ public function testBulkForm() { // Block a user using the bulk form. $this->assertTrue($account->isActive(), 'The user is not blocked.'); - $this->assertRaw($account->label(), 'The user is found in the table.'); + $this->assertEscaped($account->label(), 'The user is found in the table.'); $edit = array( 'user_bulk_form[1]' => TRUE, 'action' => 'user_block_user_action', diff --git a/core/modules/user/src/Tests/Views/HandlerArgumentUserUidTest.php b/core/modules/user/src/Tests/Views/HandlerArgumentUserUidTest.php index 01373fb..99f639a 100644 --- a/core/modules/user/src/Tests/Views/HandlerArgumentUserUidTest.php +++ b/core/modules/user/src/Tests/Views/HandlerArgumentUserUidTest.php @@ -37,7 +37,7 @@ public function testArgumentTitle() { // Tests a valid user. $account = $this->drupalCreateUser(); $this->executeView($view, array($account->id())); - $this->assertEqual($view->getTitle(), $account->label()); + $this->assertEqual(html_entity_decode($view->getTitle(), ENT_QUOTES, "UTF-8"), html_entity_decode($account->label(), ENT_QUOTES, "UTF-8")); $view->destroy(); // Tests the anonymous user. @@ -48,12 +48,12 @@ public function testArgumentTitle() { $view->getDisplay()->getHandler('argument', 'uid')->options['break_phrase'] = TRUE; $this->executeView($view, array($account->id() . ',0')); - $this->assertEqual($view->getTitle(), $account->label() . ', ' . $anonymous); + $this->assertEqual(html_entity_decode($view->getTitle(), ENT_QUOTES, "UTF-8"), html_entity_decode($account->label() . ', ' . $anonymous, ENT_QUOTES, "UTF-8")); $view->destroy(); $view->getDisplay()->getHandler('argument', 'uid')->options['break_phrase'] = TRUE; $this->executeView($view, array('0,' . $account->id())); - $this->assertEqual($view->getTitle(), $anonymous . ', ' . $account->label()); + $this->assertEqual(html_entity_decode($view->getTitle(), ENT_QUOTES, "UTF-8"), html_entity_decode($anonymous . ', ' . $account->label(), ENT_QUOTES, "UTF-8")); $view->destroy(); } diff --git a/core/modules/user/src/Tests/Views/HandlerFieldUserNameTest.php b/core/modules/user/src/Tests/Views/HandlerFieldUserNameTest.php index d752157..e837f85 100644 --- a/core/modules/user/src/Tests/Views/HandlerFieldUserNameTest.php +++ b/core/modules/user/src/Tests/Views/HandlerFieldUserNameTest.php @@ -52,7 +52,7 @@ public function testUserName() { $render = $renderer->executeInRenderContext(new RenderContext(), function () use ($view, $new_user) { return $view->field['name']->advancedRender($view->result[$new_user->id()]); }); - $this->assertTrue(strpos($render, $new_user->getDisplayName()) !== FALSE, 'If link to user is checked the username should be part of the output.'); + $this->assertTrue(strpos(html_entity_decode($render, ENT_QUOTES, 'UTF-8'), $new_user->getDisplayName()) !== FALSE, 'If link to user is checked the username should be part of the output.'); $this->assertTrue(strpos($render, 'user/' . $new_user->id()) !== FALSE, 'If link to user is checked the link to the user should appear as well.'); $view->field['name']->options['link_to_user'] = FALSE; @@ -60,7 +60,7 @@ public function testUserName() { $render = $renderer->executeInRenderContext(new RenderContext(), function () use ($view, $new_user) { return $view->field['name']->advancedRender($view->result[$new_user->id()]); }); - $this->assertEqual($render, $new_user->getDisplayName(), 'If the user is not linked the username should be printed out for a normal user.'); + $this->assertEqual(html_entity_decode($render, ENT_QUOTES, 'UTF-8'), $new_user->getDisplayName(), 'If the user is not linked the username should be printed out for a normal user.'); }