diff options
Diffstat (limited to 'tests/security/extract_current_page_test.php')
| -rw-r--r-- | tests/security/extract_current_page_test.php | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 0f5128884b..d77cbbcaf3 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -10,11 +10,10 @@ require_once dirname(__FILE__) . '/base.php'; require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; -require_once dirname(__FILE__) . '/../../phpBB/includes/session.php'; class phpbb_security_extract_current_page_test extends phpbb_security_test_base { - static public function security_variables() + public function security_variables() { return array( array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), @@ -27,10 +26,14 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_php_self($url, $query_string, $expected) { - $_SERVER['PHP_SELF'] = $url; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; - $result = session::extract_current_page('./'); + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); + + $result = phpbb_session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; $this->assertEquals($expected, $result['query_string'], $label); @@ -41,10 +44,14 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_request_uri($url, $query_string, $expected) { - $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; + + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); - $result = session::extract_current_page('./'); + $result = phpbb_session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.'; $this->assertEquals($expected, $result['query_string'], $label); |