client->call(Client::METHOD_POST, '/account', [
'content-type' => 'application/json',
'x-appwrite-project' => 'console'], [
'userId' => 'unique()',
'email' => $email,
'password' => $password,
'name' => $name,
], false);
$this->assertEquals(201, $user['headers']['status-code']);
$response = $this->client->call(Client::METHOD_POST, '/teams/' . $teamUid . '/memberships', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'email' => $email,
'name' => $name,
'roles' => ['admin', 'editor'],
'url' => 'http://localhost:5000/join-us\">INJECTED
'
]);
$this->assertEquals(201, $response['headers']['status-code']);
$email = $this->getLastEmail();
$encoded = 'http://localhost:5000/join-us\"></a><h1>INJECTED</h1>?';
$this->assertStringNotContainsString('INJECTED
', $email['html']);
$this->assertStringContainsString($encoded, $email['html']);
$this->assertStringContainsString($encoded, $email['text']);
$response = $this->client->call(Client::METHOD_DELETE, '/teams/' . $teamUid . '/memberships/'.$response['body']['$id'], array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()));
$this->assertEquals(204, $response['headers']['status-code']);
return $data;
}
}