mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
a2cba6d3c0
- Add DuplicateThesisException (typed, carries existing thesis metadata) - Add Database::findDuplicateThesis(): matches on year + author + normalised title (exact, prefix, Levenshtein ≤10% of longer string) - ThesisCreateController::submit() runs duplicate check before any DB write and throws DuplicateThesisException on match - AppLogger::logDuplicate() writes status=duplicate entries to the JSON-lines log for audit purposes - App::flash/consumeFlash extended to support 'warning' flash type - admin/actions/formulaire.php: catches DuplicateThesisException, logs it, flashes an HTML warning toast with a clickable link to the existing thesis, and repopulates the form fields - partage/index.php: same catch block; surfaces a plain-text flash-warning banner on the student form with identifier, title, and year of the match; form is repopulated via session - toast.php: renders toast--warning variant - admin.css: .toast--warning + link colour rules - form.css: .flash-warning style for the partage form
76 lines
2.4 KiB
PHP
76 lines
2.4 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Security Test Suite
|
|
* Tests SQL injection protection and input sanitization
|
|
*/
|
|
|
|
putenv('DB_ENV=test');
|
|
|
|
require_once __DIR__ . '/../../src/Database.php';
|
|
|
|
echo "Security Test Suite\n";
|
|
echo "===================\n\n";
|
|
|
|
try {
|
|
$db = Database::getInstance();
|
|
|
|
// Test 1: SQL Injection in search
|
|
// searchTheses() takes an array of validated params; the 'query' key is the
|
|
// free-text search field that users control. Each malicious string must
|
|
// be passed as ['query' => $string] to exercise the actual parameterised
|
|
// query path rather than triggering a PHP TypeError before any SQL runs.
|
|
echo "Test 1: SQL Injection Protection (Search)\n";
|
|
$maliciousQueries = [
|
|
"' OR '1'='1",
|
|
"'; DROP TABLE theses; --",
|
|
"1' UNION SELECT * FROM authors--",
|
|
"<script>alert('xss')</script>",
|
|
];
|
|
|
|
foreach ($maliciousQueries as $query) {
|
|
try {
|
|
$results = $db->searchTheses(['query' => $query]);
|
|
// Should return a (possibly empty) result set without throwing
|
|
echo ' ✓ Handled safely: ' . substr($query, 0, 40) . "\n";
|
|
} catch (Exception $e) {
|
|
// A thrown exception is also acceptable (query rejected upstream)
|
|
echo ' ✓ Exception (safe): ' . substr($query, 0, 40) . "\n";
|
|
}
|
|
}
|
|
echo "✓ PASS: SQL injection attempts handled safely\n\n";
|
|
|
|
// Test 2: Invalid thesis ID
|
|
echo "Test 2: Invalid Thesis ID\n";
|
|
$invalidIds = ['abc', "'; DROP TABLE theses;", '-1', '999999'];
|
|
|
|
foreach ($invalidIds as $id) {
|
|
$result = $db->getThesisById($id);
|
|
if ($result === null || $result === false) {
|
|
echo ' ✓ Rejected: ' . $id . "\n";
|
|
} else {
|
|
throw new Exception("Invalid ID '$id' was not rejected");
|
|
}
|
|
}
|
|
echo "✓ PASS: Invalid IDs rejected\n\n";
|
|
|
|
// Test 3: XSS in output (checking data is escaped)
|
|
echo "Test 3: XSS Protection (Output Escaping)\n";
|
|
$theses = $db->getPublishedTheses(1, 0);
|
|
if (count($theses) > 0) {
|
|
$first = $theses[0];
|
|
// Check that HTML special chars would be handled
|
|
if (isset($first['title'])) {
|
|
echo " ✓ Title data retrieved safely\n";
|
|
}
|
|
}
|
|
echo "✓ PASS: Output handling verified\n\n";
|
|
|
|
echo "✅ All security tests passed!\n";
|
|
return true;
|
|
|
|
} catch (Exception $e) {
|
|
echo '❌ FAIL: ' . $e->getMessage() . "\n";
|
|
return false;
|
|
}
|