Adding tests to show filtering of page param when using Controller::p…

…aginate(). Refs #6134 git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@8054 3807eeeb-6ff5-0310-8944-8be069107fe0
cakephp · Feb 24, 2009 · b1d0522 · b1d0522
1 parent 74bf622
commit b1d0522
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/cake/tests/cases/libs/controller/controller.test.php b/cake/tests/cases/libs/controller/controller.test.php
@@ -496,13 +496,17 @@ function testPaginate() {
 
 		$Controller->passedArgs = array('sort' => 'NotExisting.field', 'direction' => 'desc');
 		$results = Set::extract($Controller->paginate('ControllerPost'), '{n}.ControllerPost.id');
-		$this->assertEqual($Controller->params['paging']['ControllerPost']['page'], 1);
+		$this->assertEqual($Controller->params['paging']['ControllerPost']['page'], 1, 'Invalid field in query %s');
 		$this->assertEqual($results, array(1, 2, 3));
 
 		$Controller->passedArgs = array('sort' => 'ControllerPost.author_id', 'direction' => 'allYourBase');
 		$results = Set::extract($Controller->paginate('ControllerPost'), '{n}.ControllerPost.id');
 		$this->assertEqual($Controller->ControllerPost->lastQuery['order'][0], array('ControllerPost.author_id' => 'asc'));
 		$this->assertEqual($results, array(1, 3, 2));
+
+		$Controller->passedArgs = array('page' => '" onclick="alert(\'xss\');">');
+		$Controller->paginate('ControllerPost');
+		$this->assertEqual($Controller->params['paging']['ControllerPost']['page'], 1, 'XSS exploit opened %s');
 	}
 /**
  * testPaginateExtraParams method