apiRoutesContainingAny(['attendance', 'homework', 'quiz', 'project', 'midterm', 'final', 'class-progress', 'report-card', 'assignment']); $dates = ['1900-01-01', '2099-12-31', '2025-02-30', '0000-00-00']; foreach (array_slice($routes, 0, 120) as $route) { $method = $this->primaryMethod($route); if (! in_array($method, ['POST', 'PUT', 'PATCH', 'GET'], true)) { continue; } foreach ($dates as $date) { $uri = $route->uri(); $payload = $this->payloadFor($method, $uri) + ['date' => $date, 'due_date' => $date, 'exam_date' => $date]; $response = $method === 'GET' ? $this->actingAs($this->actorFor($uri), 'api')->getJson($this->materializePath($uri) . '?date=' . urlencode($date)) : $this->requestAs($this->actorFor($uri), $method, $uri, $payload); $this->assertControlled($response, $method, $uri); $this->assertNoServerError($response, 'academic boundary date ' . $date . ' at ' . $method . ' ' . $uri); } } } public function test_semester_and_term_values_are_not_free_form_privilege_channels(): void { $routes = $this->apiRoutesContainingAny(['attendance', 'scores', 'report-card', 'class-progress', 'finance', 'school-year']); foreach (array_slice($routes, 0, 100) as $route) { $method = $this->primaryMethod($route); $uri = $route->uri(); $payload = $this->payloadFor($method, $uri) + ['semester' => 'admin', 'term' => '../../secret', 'quarter' => '']; $response = $method === 'GET' ? $this->actingAs($this->actorFor($uri), 'api')->getJson($this->materializePath($uri) . '?semester=admin&term=../../secret') : $this->requestAs($this->actorFor($uri), $method, $uri, $payload); $this->assertControlled($response, $method, $uri); $this->assertNoServerError($response, 'bad semester/term values at ' . $method . ' ' . $uri); } } }