One of my ongoing projects the past few months has been to create an infrastructure for functional testing of ZF projects using PHPUnit. This past weekend, I made the final commits that make this functionality feature complete.

This new functionality allows you to create stub test case classes, use a Zend_Dom_Query object with CSS selectors/XPath for queries and makes available a special PHPUnit test case that handles the interface between some of the custom functionality (boostrapping, dispatching requests, etc) and PHPUnit.

He includes a sample test case that has assertions for calls to a controller with an action, that a page contains a login form and that a page creates a session and redirects to a profile page.

You can get this functionality from the incubator on the subversion repository for the project.

PHPUnit_Extensions_Story_TestCase is a new extension for PHPUnit that has been contributed by Xait, a company that I visited last fall. It adds a story framework with a Domain-Specific Language (DSL) for Behaviour-Driven Development (BDD).

He includes an example of the new extension in action - creating a Story, adding Steps to it and the output that would result from the execution (reading?) of the example.

I thought it might be a good idea to gather a few test cases demonstrating the problem. Why PHP allows these URL's is beyond me and it wouldn't take much work to filter out these malicious URL's in the PHP code.

He provides four test cases to show how simple it is to abuse - one using a HTTP header, another pushing XSS through, the third mentions search pages and the fourth a direct code injection.

You can download the code here.