[ticket/security/244] Add missing form parameters to tests

SECURITY-244
author: Marc Alexander <admin@m-a-styles.de> 2019-07-21 16:03:19 +0200
committer: Marc Alexander <admin@m-a-styles.de> 2019-08-24 22:23:38 +0200
commit: 59f489c01f63d76ae879b2e25b8fad1b5a82a3dc (patch)
tree: 85585b34dbb0d5f56d338a616689866017855f1c /tests/test_framework
parent: 6c8d0063368a1815a270d97dc0defdee0f6bf027 (diff)
download: forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.tar
forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.tar.gz
forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.tar.bz2
forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.tar.xz
forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.zip
1 files changed, 37 insertions, 14 deletions
diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php
index 4d294fd523..2659cf6e73 100644
--- a/tests/test_framework/phpbb_functional_test_case.php
+++ b/tests/test_framework/phpbb_functional_test_case.php
@@ -1166,24 +1166,14 @@ class phpbb_functional_test_case extends phpbb_test_case
 					'error'		=> UPLOAD_ERR_OK,
 				);
 
-				$crawler = self::$client->request('POST', $posting_url, array('add_file' => $this->lang('ADD_FILE')), array('fileupload' => $file));
+				$file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, $posting_url));
+
+				$crawler = self::$client->request('POST', $posting_url, $file_form_data, array('fileupload' => $file));
 			}
 			unset($form_data['upload_files']);
 		}
 
-		$hidden_fields = array(
-			$crawler->filter('[type="hidden"]')->each(function ($node, $i) {
-				return array('name' => $node->attr('name'), 'value' => $node->attr('value'));
-			}),
-		);
-
-		foreach ($hidden_fields as $fields)
-		{
-			foreach($fields as $field)
-			{
-				$form_data[$field['name']] = $field['value'];
-			}
-		}
+		$form_data = array_merge($form_data, $this->get_hidden_fields($crawler, $posting_url));
 
 		// I use a request because the form submission method does not allow you to send data that is not
 		// contained in one of the actual form fields that the browser sees (i.e. it ignores "hidden" inputs)
@@ -1314,4 +1304,37 @@ class phpbb_functional_test_case extends phpbb_test_case
 
 		return self::request('GET', substr($link, strpos($link, 'mcp.')));
 	}
+
+	/**
+	 * Get hidden fields for URL
+	 *
+	 * @param Symfony\Component\DomCrawler\Crawler|null $crawler Crawler instance or null
+	 * @param string $url Request URL
+	 *
+	 * @return array Hidden form fields array
+	 */
+	protected function get_hidden_fields($crawler, $url)
+	{
+		if (!$crawler)
+		{
+			$crawler = self::$client->request('GET', $url);
+		}
+		$hidden_fields = [
+			$crawler->filter('[type="hidden"]')->each(function ($node, $i) {
+				return ['name' => $node->attr('name'), 'value' => $node->attr('value')];
+			}),
+		];
+
+		$file_form_data = [];
+
+		foreach ($hidden_fields as $fields)
+		{
+			foreach($fields as $field)
+			{
+				$file_form_data[$field['name']] = $field['value'];
+			}
+		}
+
+		return $file_form_data;
+	}
 }
author	Marc Alexander <admin@m-a-styles.de>	2019-07-21 16:03:19 +0200
committer	Marc Alexander <admin@m-a-styles.de>	2019-08-24 22:23:38 +0200
commit	59f489c01f63d76ae879b2e25b8fad1b5a82a3dc (patch)
tree	85585b34dbb0d5f56d338a616689866017855f1c /tests/test_framework
parent	6c8d0063368a1815a270d97dc0defdee0f6bf027 (diff)
download	forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.tar forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.tar.gz forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.tar.bz2 forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.tar.xz forums-59f489c01f63d76ae879b2e25b8fad1b5a82a3dc.zip