Merge pull request #18877 from MauricioFauth/changelog-controller

MauricioFauth · web-flow · commit eabaf493c34d · 2024-01-04T18:03:14.000-03:00
Add unit test for ChangeLogController
diff --git a/app/services_controllers.php b/app/services_controllers.php
@@ -58,7 +58,7 @@
         ],
         ChangeLogController::class => [
             'class' => ChangeLogController::class,
-            'arguments' => ['$response' => '@response', '$template' => '@template'],
+            'arguments' => ['$response' => '@response', '$template' => '@template', '$config' => '@config'],
         ],
         CheckRelationsController::class => [
             'class' => CheckRelationsController::class,
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -390,6 +390,11 @@ parameters:
 			count: 7
 			path: src/Config.php
 
+		-
+			message: "#^Method PhpMyAdmin\\\\Config\\:\\:getChangeLogFilePath\\(\\) should return string but returns mixed\\.$#"
+			count: 1
+			path: src/Config.php
+
 		-
 			message: "#^Method PhpMyAdmin\\\\Config\\:\\:getUploadTempDir\\(\\) should return string\\|null but returns string\\|false\\.$#"
 			count: 1
@@ -1465,31 +1470,6 @@ parameters:
 			count: 1
 			path: src/Controllers/AbstractController.php
 
-		-
-			message: "#^Parameter \\#1 \\$filename of function file_get_contents expects string, mixed given\\.$#"
-			count: 1
-			path: src/Controllers/ChangeLogController.php
-
-		-
-			message: "#^Parameter \\#1 \\$filename of function is_readable expects string, mixed given\\.$#"
-			count: 1
-			path: src/Controllers/ChangeLogController.php
-
-		-
-			message: "#^Parameter \\#1 \\$filename of function readgzfile expects string, mixed given\\.$#"
-			count: 1
-			path: src/Controllers/ChangeLogController.php
-
-		-
-			message: "#^Parameter \\#1 \\$haystack of function str_ends_with expects string, mixed given\\.$#"
-			count: 1
-			path: src/Controllers/ChangeLogController.php
-
-		-
-			message: "#^Parameter \\#2 \\.\\.\\.\\$values of function printf expects bool\\|float\\|int\\|string\\|null, mixed given\\.$#"
-			count: 1
-			path: src/Controllers/ChangeLogController.php
-
 		-
 			message: "#^Parameter \\#2 \\$table of method PhpMyAdmin\\\\Database\\\\CentralColumns\\:\\:getColumnsNotInCentralList\\(\\) expects string, mixed given\\.$#"
 			count: 1
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -851,12 +851,12 @@
     </MixedArgumentTypeCoercion>
   </file>
   <file src="src/Controllers/ChangeLogController.php">
-    <PossiblyUnusedParam>
-      <code>$request</code>
-    </PossiblyUnusedParam>
     <UnusedFunctionCall>
       <code>readgzfile</code>
     </UnusedFunctionCall>
+    <UnusedParam>
+      <code>$request</code>
+    </UnusedParam>
   </file>
   <file src="src/Controllers/CheckRelationsController.php">
     <DeprecatedMethod>
diff --git a/src/Config.php b/src/Config.php
@@ -61,6 +61,7 @@
 use function time;
 use function trim;
 
+use const CHANGELOG_FILE;
 use const DIRECTORY_SEPARATOR;
 use const PHP_OS;
 use const PHP_URL_PATH;
@@ -1208,4 +1209,9 @@ public function hasSelectedServer(): bool
     {
         return $this->hasSelectedServer;
     }
+
+    public function getChangeLogFilePath(): string
+    {
+        return CHANGELOG_FILE;
+    }
 }
diff --git a/src/Controllers/ChangeLogController.php b/src/Controllers/ChangeLogController.php
@@ -1,13 +1,13 @@
 <?php
-/**
- * Simple script to set correct charset for changelog
- */
 
 declare(strict_types=1);
 
 namespace PhpMyAdmin\Controllers;
 
+use PhpMyAdmin\Config;
 use PhpMyAdmin\Http\ServerRequest;
+use PhpMyAdmin\ResponseRenderer;
+use PhpMyAdmin\Template;
 use PhpMyAdmin\Url;
 
 use function __;
@@ -22,14 +22,19 @@
 use function readgzfile;
 use function str_ends_with;
 
-class ChangeLogController extends AbstractController
+final class ChangeLogController extends AbstractController
 {
+    public function __construct(ResponseRenderer $response, Template $template, private readonly Config $config)
+    {
+        parent::__construct($response, $template);
+    }
+
     public function __invoke(ServerRequest $request): void
     {
         $this->response->disable();
         $this->response->getHeader()->sendHttpHeaders();
 
-        $filename = CHANGELOG_FILE;
+        $filename = $this->config->getChangeLogFilePath();
 
         /**
          * Read changelog.
@@ -47,7 +52,7 @@ public function __invoke(ServerRequest $request): void
             return;
         }
 
-        // Test if the if is in a compressed format
+        // Test if the file is in a compressed format
         if (str_ends_with($filename, '.gz')) {
             ob_start();
             readgzfile($filename);
diff --git a/tests/classes/ConfigTest.php b/tests/classes/ConfigTest.php
@@ -36,6 +36,7 @@
 use function tempnam;
 use function unlink;
 
+use const CHANGELOG_FILE;
 use const CONFIG_FILE;
 use const DIRECTORY_SEPARATOR;
 use const INFO_MODULES;
@@ -926,4 +927,9 @@ public function testVendorConfigFile(): void
         self::assertDirectoryExists($vendorConfig['cacheDir']);
         self::assertIsString($vendorConfig['versionSuffix']);
     }
+
+    public function testGetChangeLogFilePath(): void
+    {
+        self::assertSame(CHANGELOG_FILE, (new Config())->getChangeLogFilePath());
+    }
 }
diff --git a/tests/classes/Controllers/ChangeLogControllerTest.php b/tests/classes/Controllers/ChangeLogControllerTest.php
@@ -0,0 +1,100 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpMyAdmin\Tests\Controllers;
+
+use PhpMyAdmin\Config;
+use PhpMyAdmin\Controllers\ChangeLogController;
+use PhpMyAdmin\Http\Factory\ServerRequestFactory;
+use PhpMyAdmin\Template;
+use PhpMyAdmin\Tests\AbstractTestCase;
+use PhpMyAdmin\Tests\Stubs\ResponseRenderer;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\RequiresPhpExtension;
+
+use const TEST_PATH;
+
+#[CoversClass(ChangeLogController::class)]
+final class ChangeLogControllerTest extends AbstractTestCase
+{
+    public function testWithValidFile(): void
+    {
+        $config = self::createStub(Config::class);
+        $config->method('getChangeLogFilePath')->willReturn(TEST_PATH . 'tests/test_data/changelog/ChangeLog');
+
+        $request = ServerRequestFactory::create()->createServerRequest('GET', 'http://example.com/');
+
+        $responseRenderer = new ResponseRenderer();
+        $template = new Template();
+        $controller = new ChangeLogController($responseRenderer, $template, $config);
+        $controller($request);
+
+        self::assertTrue($responseRenderer->isDisabled());
+        $response = $responseRenderer->getResponse();
+        self::assertSame(['text/html; charset=utf-8'], $response->getHeader('Content-Type'));
+
+        // phpcs:disable Generic.Files.LineLength.TooLong
+        $changelog = <<<'HTML'
+phpMyAdmin - ChangeLog
+======================
+
+5.2.2 (not yet released)
+- <a target="_blank" rel="noopener noreferrer" href="index.php?route=/url&lang=en&url=https://github.com/phpmyadmin/phpmyadmin/issues/17522">issue #17522</a> Fix case where the routes cache file is invalid
+- issue        Upgrade slim/psr7 to 1.4.1 for <a target="_blank" rel="noopener noreferrer" href="index.php?route=/url&lang=en&url=https://www.cve.org/CVERecord?id=CVE-2023-30536">CVE-2023-30536</a> - GHSA-q2qj-628g-vhfw
+
+5.2.1 (2023-02-07)
+- <a target="_blank" rel="noopener noreferrer" href="index.php?route=/url&lang=en&url=https://github.com/phpmyadmin/phpmyadmin/issues/16418">issue #16418</a> Fix <a target="_blank" rel="noopener noreferrer" href="index.php?route=/url&lang=en&url=https://docs.phpmyadmin.net/en/latest/faq.html#faq1-44">FAQ 1.44</a> about manually removing vendor folders
+- issue        [security] Fix an XSS attack through the drag-and-drop upload feature (<a target="_blank" rel="noopener noreferrer" href="index.php?route=/url&lang=en&url=https://www.phpmyadmin.net/security/PMASA-2023-01/">PMASA-2023-01</a>)
+
+         --- Older ChangeLogs can be found on our project website ---
+                     <a target="_blank" rel="noopener noreferrer" href="index.php?route=/url&lang=en&url=https://www.phpmyadmin.net/old-stuff/ChangeLogs/">https://www.phpmyadmin.net/old-stuff/ChangeLogs/</a>
+
+HTML;
+        // phpcs:enable
+        $expected = $template->render('changelog', ['changelog' => $changelog]);
+
+        self::assertSame($expected, $responseRenderer->getHTMLResult());
+    }
+
+    #[RequiresPhpExtension('zlib')]
+    public function testWithCompressedFile(): void
+    {
+        $config = self::createStub(Config::class);
+        $config->method('getChangeLogFilePath')->willReturn(TEST_PATH . 'tests/test_data/changelog/ChangeLog.gz');
+
+        $request = ServerRequestFactory::create()->createServerRequest('GET', 'http://example.com/');
+
+        $responseRenderer = new ResponseRenderer();
+        $controller = new ChangeLogController($responseRenderer, new Template(), $config);
+        $controller($request);
+
+        self::assertStringContainsString(
+            '- <a target="_blank" rel="noopener noreferrer"'
+            . ' href="index.php?route=/url&lang=en&url=https://github.com/phpmyadmin/phpmyadmin/issues/16418">'
+            . 'issue #16418</a> Fix <a target="_blank" rel="noopener noreferrer"'
+            . ' href="index.php?route=/url&lang=en&url=https://docs.phpmyadmin.net/en/latest/faq.html#faq1-44">'
+            . 'FAQ 1.44</a> about manually removing vendor folders',
+            $responseRenderer->getHTMLResult(),
+        );
+    }
+
+    public function testWithInvalidFile(): void
+    {
+        $config = self::createStub(Config::class);
+        $config->method('getChangeLogFilePath')->willReturn(TEST_PATH . 'tests/test_data/changelog/InvalidChangeLog');
+
+        $request = ServerRequestFactory::create()->createServerRequest('GET', 'http://example.com/');
+
+        $responseRenderer = new ResponseRenderer();
+        $controller = new ChangeLogController($responseRenderer, new Template(), $config);
+        $controller($request);
+
+        self::assertSame('', $responseRenderer->getHTMLResult());
+        self::assertSame(
+            'The ' . TEST_PATH . 'tests/test_data/changelog/InvalidChangeLog file is not available on this system,'
+            . ' please visit <a href="https://www.phpmyadmin.net/">phpmyadmin.net</a> for more information.',
+            self::getActualOutputForAssertion(),
+        );
+    }
+}
diff --git a/tests/test_data/changelog/ChangeLog b/tests/test_data/changelog/ChangeLog
@@ -0,0 +1,13 @@
+phpMyAdmin - ChangeLog
+======================
+
+5.2.2 (not yet released)
+- issue #17522 Fix case where the routes cache file is invalid
+- issue        Upgrade slim/psr7 to 1.4.1 for CVE-2023-30536 - GHSA-q2qj-628g-vhfw
+
+5.2.1 (2023-02-07)
+- issue #16418 Fix FAQ 1.44 about manually removing vendor folders
+- issue        [security] Fix an XSS attack through the drag-and-drop upload feature (PMASA-2023-01)
+
+         --- Older ChangeLogs can be found on our project website ---
+                     https://www.phpmyadmin.net/old-stuff/ChangeLogs/
diff --git a/tests/test_data/changelog/ChangeLog.gz b/tests/test_data/changelog/ChangeLog.gz

Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,7 @@`
`61`	`61`	`use function time;`
`62`	`62`	`use function trim;`
`63`	`63`
	`64`	`+use const CHANGELOG_FILE;`
`64`	`65`	`use const DIRECTORY_SEPARATOR;`
`65`	`66`	`use const PHP_OS;`
`66`	`67`	`use const PHP_URL_PATH;`
`@@ -1208,4 +1209,9 @@ public function hasSelectedServer(): bool`
`1208`	`1209`	`{`
`1209`	`1210`	`return $this->hasSelectedServer;`
`1210`	`1211`	`}`
	`1212`	`+`
	`1213`	`+ public function getChangeLogFilePath(): string`
	`1214`	`+ {`
	`1215`	`+ return CHANGELOG_FILE;`
	`1216`	`+ }`
`1211`	`1217`	`}`