minte9
LearnRemember




R Q

App

Let's start with the simplest web application we can think of in PHP.
 
/** 
 * HTTP Framework (Request/Response) - index.php
 * 
 * php -S localhost:8000
 * http://localhost/index.php?name=John
 *    Hello John
 */

ini_set("display_errors", 1);

$name = $_GET['name'];

printf("Hello %s", $name);

Warning

Fixing the undefined php warning.
 
/**
 * Fix Warning - index2.php
 * 
 * php -S localhost:8000
 * http://localhost/index.php 
 *      Warning: Undefined array key "name"
 * 
 * http://localhost:8000/index2.php?name=John
 *      Hello John
 * http://localhost:8000/index2.php
 *      Hello World
 */

ini_set("display_errors", 1);

$name = $_GET['name'] ?? "Wolrd"; // Fix Warning

printf("Hello %s", $name);

XSS

Fixing XSS vulnerability - Cross Site Scripting
 
/**
 * Fix XSS - index3.php
 * 
 * php -S localhost:8000
 * http://localhost:8000/index2.php?name=<script>alert('Hack!');</script>
 *      XSS vulernambility
 * http://localhost:8000/index3.php?name=<script>alert('Hack!');</script>
 *      Hello <script>alert('Hack!');</script>
 */

ini_set("display_errors", 1);

$name = $_GET['name'] ?? "World";
header('Content-Type: text/html; charset=utf-8');

printf("Hello %s", htmlspecialchars($name, ENT_QUOTES, 'UTF-8'));

Testing

This simple code is not that simple anymore and is hard to test.
T 
/**
 * test.php - unit tests
 * 
 * cd ../test/framework/custom/
 * composer require --dev phpunit/phpunit
 * 
 * vendor/bin/phpunit test.php
 *      OK (1 test, 1 assertion)
 * 
 */

require __DIR__ . "/vendor/autoload.php";

use PHPUnit\Framework\TestCase;

final class Test extends TestCase
{
    public function test_Hello()
    {
        $_GET['name'] = "Fabian";

        ob_start(); // not naturaly and ugly
        include "hello.php";
        $content = ob_get_clean();

        $this->assertEquals("Hello Fabian", $content);
    }
}

Questions    
Create Framework, Http Foundation