Escaped the html of the balance fields before any other tests. Also a…

…dded the corresponding unit test.

------
Escapado el html de los campos del balance antes de cualquier otro test. Añadido también el correspondiente test unitario.

Core/Model/Balance.php

@@ -125,20 +125,24 @@ public static function tableName(): string
 
     public function test(): bool
     {
-        if (1 !== preg_match('/^[A-Z0-9_\+\.\-]{1,15}$/i', $this->codbalance)) {
+        // escapamos el html
+        $this->codbalance = self::toolBox()::utils()::noHtml($this->codbalance);
+        $this->descripcion1 = self::toolBox()::utils()::noHtml($this->descripcion1);
+        $this->descripcion2 = self::toolBox()::utils()::noHtml($this->descripcion2);
+        $this->descripcion3 = self::toolBox()::utils()::noHtml($this->descripcion3);
+        $this->descripcion4 = self::toolBox()::utils()::noHtml($this->descripcion4);
+        $this->descripcion4ba = self::toolBox()::utils()::noHtml($this->descripcion4ba);
+        $this->naturaleza = self::toolBox()::utils()::noHtml($this->naturaleza);
+
+        // comprobamos que tenga un código válido
+        if (empty($this->codbalance) || 1 !== preg_match('/^[A-Z0-9_\+\.\-]{1,15}$/i', $this->codbalance)) {
             $this->toolBox()->i18nLog()->error(
                 'invalid-alphanumeric-code',
                 ['%value%' => $this->codbalance, '%column%' => 'codbalance', '%min%' => '1', '%max%' => '15']
             );
             return false;
         }
 
-        $utils = $this->toolBox()->utils();
-        $this->descripcion1 = $utils->noHtml($this->descripcion1);
-        $this->descripcion2 = $utils->noHtml($this->descripcion2);
-        $this->descripcion3 = $utils->noHtml($this->descripcion3);
-        $this->descripcion4 = $utils->noHtml($this->descripcion4);
-        $this->descripcion4ba = $utils->noHtml($this->descripcion4ba);
         return parent::test();
     }
 

Test/Core/Model/BalanceTest.php

@@ -0,0 +1,73 @@
+<?php
+/**
+ * This file is part of FacturaScripts
+ * Copyright (C) 2022 Carlos Garcia Gomez <carlos@facturascripts.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace FacturaScripts\Test\Core\Model;
+
+use FacturaScripts\Core\Model\Balance;
+use PHPUnit\Framework\TestCase;
+
+final class BalanceTest extends TestCase
+{
+    public function testCreate()
+    {
+        // creamos un balance
+        $balance = new Balance();
+        $balance->codbalance = 'test';
+        $balance->descripcion1 = 'test';
+        $balance->naturaleza = 'A';
+        $this->assertTrue($balance->save(), 'cant-save-balance');
+
+        // eliminamos
+        $this->assertTrue($balance->delete(), 'cant-delete-balance');
+    }
+
+    public function testCantCreateEmpty()
+    {
+        $balance = new Balance();
+        $this->assertFalse($balance->save(), 'cant-save-balance');
+    }
+
+    public function testHtmlOnFields()
+    {
+        $balance = new Balance();
+        $balance->codbalance = '<test>';
+        $balance->descripcion1 = '<test>';
+        $balance->descripcion2 = '<test>';
+        $balance->descripcion3 = '<test>';
+        $balance->descripcion4 = '<test>';
+        $balance->descripcion4ba = '<test>';
+        $balance->naturaleza = '<test>';
+        $this->assertFalse($balance->save(), 'cant-save-balance-with-html');
+
+        // cambiamos el codigo a un codigo válido
+        $balance->codbalance = 'test';
+        $this->assertTrue($balance->save(), 'cant-save-balance-2');
+
+        // comprobamos que el html se ha escapado
+        $this->assertEquals('&lt;test&gt;', $balance->descripcion1);
+        $this->assertEquals('&lt;test&gt;', $balance->descripcion2);
+        $this->assertEquals('&lt;test&gt;', $balance->descripcion3);
+        $this->assertEquals('&lt;test&gt;', $balance->descripcion4);
+        $this->assertEquals('&lt;test&gt;', $balance->descripcion4ba);
+        $this->assertEquals('&lt;test&gt;', $balance->naturaleza);
+
+        // eliminamos
+        $this->assertTrue($balance->delete(), 'cant-delete-balance');
+    }
+}

Test/Core/Model/IdentificadorFiscalTest.php

@@ -23,7 +23,7 @@
 use FacturaScripts\Test\Core\LogErrorsTrait;
 use PHPUnit\Framework\TestCase;
 
-class IdentificadorFiscalTest extends TestCase
+final class IdentificadorFiscalTest extends TestCase
 {
     use LogErrorsTrait;