aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/bbcode/url_bbcode_test.php4
-rw-r--r--tests/download/http_byte_range_test.php12
-rw-r--r--tests/mock/request.php38
-rw-r--r--tests/request/request_test.php68
-rw-r--r--tests/security/base.php36
-rw-r--r--tests/security/extract_current_page_test.php16
-rw-r--r--tests/session/testable_factory.php5
7 files changed, 149 insertions, 30 deletions
diff --git a/tests/bbcode/url_bbcode_test.php b/tests/bbcode/url_bbcode_test.php
index cd85dbd0d9..68c97ede50 100644
--- a/tests/bbcode/url_bbcode_test.php
+++ b/tests/bbcode/url_bbcode_test.php
@@ -12,6 +12,7 @@ require_once dirname(__FILE__) . '/../../phpBB/includes/functions_content.php';
require_once dirname(__FILE__) . '/../../phpBB/includes/bbcode.php';
require_once dirname(__FILE__) . '/../../phpBB/includes/message_parser.php';
require_once dirname(__FILE__) . '/../mock_user.php';
+require_once dirname(__FILE__) . '/../mock/request.php';
class phpbb_url_bbcode_test extends phpbb_test_case
{
@@ -51,8 +52,9 @@ class phpbb_url_bbcode_test extends phpbb_test_case
*/
public function test_url($description, $message, $expected)
{
- global $user;
+ global $user, $request;
$user = new phpbb_mock_user;
+ $request = new phpbb_mock_request;
$bbcode = new bbcode_firstpass();
$bbcode->message = $message;
diff --git a/tests/download/http_byte_range_test.php b/tests/download/http_byte_range_test.php
index ba2caee192..36cbcab0b0 100644
--- a/tests/download/http_byte_range_test.php
+++ b/tests/download/http_byte_range_test.php
@@ -8,23 +8,27 @@
*/
require_once dirname(__FILE__) . '/../../phpBB/includes/functions_download.php';
+require_once dirname(__FILE__) . '/../mock/request.php';
class phpbb_download_http_byte_range_test extends phpbb_test_case
{
public function test_find_range_request()
{
// Missing 'bytes=' prefix
- $_SERVER['HTTP_RANGE'] = 'bztes=';
+ $GLOBALS['request'] = new phpbb_mock_request();
+ $GLOBALS['request']->set_header('Range', 'bztes=');
$this->assertEquals(false, phpbb_find_range_request());
- unset($_SERVER['HTTP_RANGE']);
+ unset($GLOBALS['request']);
+ $GLOBALS['request'] = new phpbb_mock_request();
$_ENV['HTTP_RANGE'] = 'bztes=';
$this->assertEquals(false, phpbb_find_range_request());
unset($_ENV['HTTP_RANGE']);
- $_SERVER['HTTP_RANGE'] = 'bytes=0-0,123-125';
+ $GLOBALS['request'] = new phpbb_mock_request();
+ $GLOBALS['request']->set_header('Range', 'bytes=0-0,123-125');
$this->assertEquals(array('0-0', '123-125'), phpbb_find_range_request());
- unset($_SERVER['HTTP_RANGE']);
+ unset($GLOBALS['request']);
}
/**
diff --git a/tests/mock/request.php b/tests/mock/request.php
index da4015e78b..8b2708304c 100644
--- a/tests/mock/request.php
+++ b/tests/mock/request.php
@@ -11,12 +11,13 @@ class phpbb_mock_request implements phpbb_request_interface
{
protected $data;
- public function __construct($get = array(), $post = array(), $cookie = array(), $request = false)
+ public function __construct($get = array(), $post = array(), $cookie = array(), $server = array(), $request = false)
{
$this->data[phpbb_request_interface::GET] = $get;
$this->data[phpbb_request_interface::POST] = $post;
$this->data[phpbb_request_interface::COOKIE] = $cookie;
$this->data[phpbb_request_interface::REQUEST] = ($request === false) ? $post + $get : $request;
+ $this->data[phpbb_request_interface::SERVER] = $server;
}
public function overwrite($var_name, $value, $super_global = phpbb_request_interface::REQUEST)
@@ -29,6 +30,18 @@ class phpbb_mock_request implements phpbb_request_interface
return isset($this->data[$super_global][$var_name]) ? $this->data[$super_global][$var_name] : $default;
}
+ public function server($var_name, $default = '')
+ {
+ $super_global = phpbb_request_interface::SERVER;
+ return isset($this->data[$super_global][$var_name]) ? $this->data[$super_global][$var_name] : $default;
+ }
+
+ public function header($header_name, $default = '')
+ {
+ $var_name = 'HTTP_' . str_replace('-', '_', strtoupper($header_name));
+ return $this->server($var_name, $default);
+ }
+
public function is_set_post($name)
{
return $this->is_set($name, phpbb_request_interface::POST);
@@ -39,8 +52,31 @@ class phpbb_mock_request implements phpbb_request_interface
return isset($this->data[$super_global][$var]);
}
+ public function is_ajax()
+ {
+ return false;
+ }
+
+ public function is_secure()
+ {
+ return false;
+ }
+
public function variable_names($super_global = phpbb_request_interface::REQUEST)
{
return array_keys($this->data[$super_global]);
}
+
+ /* custom methods */
+
+ public function set_header($header_name, $value)
+ {
+ $var_name = 'HTTP_' . str_replace('-', '_', strtoupper($header_name));
+ $this->data[phpbb_request_interface::SERVER][$var_name] = $value;
+ }
+
+ public function merge($super_global = phpbb_request_interface::REQUEST, $values)
+ {
+ $this->data[$super_global] = array_merge($this->data[$super_global], $values);
+ }
}
diff --git a/tests/request/request_test.php b/tests/request/request_test.php
index 203c9fd880..e492fa5cf1 100644
--- a/tests/request/request_test.php
+++ b/tests/request/request_test.php
@@ -22,8 +22,11 @@ class phpbb_request_test extends phpbb_test_case
$_REQUEST['test'] = 3;
$_GET['unset'] = '';
- $this->type_cast_helper = $this->getMock('phpbb_request_type_cast_helper_interface');
+ $_SERVER['HTTP_HOST'] = 'example.com';
+ $_SERVER['HTTP_ACCEPT'] = 'application/json';
+ $_SERVER['HTTP_SOMEVAR'] = '<value>';
+ $this->type_cast_helper = $this->getMock('phpbb_request_type_cast_helper_interface');
$this->request = new phpbb_request($this->type_cast_helper);
}
@@ -44,6 +47,44 @@ class phpbb_request_test extends phpbb_test_case
$this->assertEquals($_POST, $GLOBALS['_POST'], 'Checking whether $_POST can still be accessed via $GLOBALS[\'_POST\']');
}
+ public function test_server()
+ {
+ $this->assertEquals('example.com', $this->request->server('HTTP_HOST'));
+ }
+
+ public function test_server_escaping()
+ {
+ $this->type_cast_helper
+ ->expects($this->once())
+ ->method('recursive_set_var')
+ ->with(
+ $this->anything(),
+ '',
+ true
+ );
+
+ $this->request->server('HTTP_SOMEVAR');
+ }
+
+ public function test_header()
+ {
+ $this->assertEquals('application/json', $this->request->header('Accept'));
+ }
+
+ public function test_header_escaping()
+ {
+ $this->type_cast_helper
+ ->expects($this->once())
+ ->method('recursive_set_var')
+ ->with(
+ $this->anything(),
+ '',
+ true
+ );
+
+ $this->request->header('SOMEVAR');
+ }
+
/**
* Checks that directly accessing $_POST will trigger
* an error.
@@ -60,6 +101,31 @@ class phpbb_request_test extends phpbb_test_case
$this->assertFalse($this->request->is_set_post('unset'));
}
+ public function test_is_ajax_without_ajax()
+ {
+ $this->assertFalse($this->request->is_ajax());
+ }
+
+ public function test_is_ajax_with_ajax()
+ {
+ $this->request->enable_super_globals();
+ $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
+ $this->request = new phpbb_request($this->type_cast_helper);
+
+ $this->assertTrue($this->request->is_ajax());
+ }
+
+ public function test_is_secure()
+ {
+ $this->assertFalse($this->request->is_secure());
+
+ $this->request->enable_super_globals();
+ $_SERVER['HTTPS'] = 'on';
+ $this->request = new phpbb_request($this->type_cast_helper);
+
+ $this->assertTrue($this->request->is_secure());
+ }
+
public function test_variable_names()
{
$expected = array('test', 'unset');
diff --git a/tests/security/base.php b/tests/security/base.php
index db9c884cf4..4b259a2aac 100644
--- a/tests/security/base.php
+++ b/tests/security/base.php
@@ -7,6 +7,8 @@
*
*/
+require_once dirname(__FILE__) . '/../mock/request.php';
+
abstract class phpbb_security_test_base extends phpbb_test_case
{
/**
@@ -14,20 +16,20 @@ abstract class phpbb_security_test_base extends phpbb_test_case
*/
protected function setUp()
{
- global $user, $phpbb_root_path;
+ global $user, $phpbb_root_path, $request;
// Put this into a global function being run by every test to init a proper user session
- $_SERVER['HTTP_HOST'] = 'localhost';
- $_SERVER['SERVER_NAME'] = 'localhost';
- $_SERVER['SERVER_ADDR'] = '127.0.0.1';
- $_SERVER['SERVER_PORT'] = 80;
- $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
- $_SERVER['QUERY_STRING'] = '';
- $_SERVER['REQUEST_URI'] = '/tests/';
- $_SERVER['SCRIPT_NAME'] = '/tests/index.php';
- $_SERVER['PHP_SELF'] = '/tests/index.php';
- $_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
- $_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
+ $server['HTTP_HOST'] = 'localhost';
+ $server['SERVER_NAME'] = 'localhost';
+ $server['SERVER_ADDR'] = '127.0.0.1';
+ $server['SERVER_PORT'] = 80;
+ $server['REMOTE_ADDR'] = '127.0.0.1';
+ $server['QUERY_STRING'] = '';
+ $server['REQUEST_URI'] = '/tests/';
+ $server['SCRIPT_NAME'] = '/tests/index.php';
+ $server['PHP_SELF'] = '/tests/index.php';
+ $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
+ $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
/*
[HTTP_ACCEPT_ENCODING] => gzip,deflate
@@ -36,13 +38,15 @@ abstract class phpbb_security_test_base extends phpbb_test_case
[SCRIPT_FILENAME] => /var/www/tests/index.php
*/
+ $request = new phpbb_mock_request(array(), array(), array(), $server);
+
// Set no user and trick a bit to circumvent errors
$user = new user();
$user->lang = true;
- $user->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
- $user->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
- $user->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
- $user->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
+ $user->browser = $server['HTTP_USER_AGENT'];
+ $user->referer = '';
+ $user->forwarded_for = '';
+ $user->host = $server['HTTP_HOST'];
$user->page = session::extract_current_page($phpbb_root_path);
}
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php
index 71c7a3a397..34c7b52f49 100644
--- a/tests/security/extract_current_page_test.php
+++ b/tests/security/extract_current_page_test.php
@@ -27,8 +27,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
*/
public function test_query_string_php_self($url, $query_string, $expected)
{
- $_SERVER['PHP_SELF'] = $url;
- $_SERVER['QUERY_STRING'] = $query_string;
+ global $request;
+
+ $request->merge(phpbb_request_interface::SERVER, array(
+ 'PHP_SELF' => $url,
+ 'QUERY_STRING' => $query_string,
+ ));
$result = session::extract_current_page('./');
@@ -41,8 +45,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
*/
public function test_query_string_request_uri($url, $query_string, $expected)
{
- $_SERVER['REQUEST_URI'] = $url . '?' . $query_string;
- $_SERVER['QUERY_STRING'] = $query_string;
+ global $request;
+
+ $request->merge(phpbb_request_interface::SERVER, array(
+ 'PHP_SELF' => $url,
+ 'QUERY_STRING' => $query_string,
+ ));
$result = session::extract_current_page('./');
diff --git a/tests/session/testable_factory.php b/tests/session/testable_factory.php
index 2b6a1683d3..3d4fbcc7cb 100644
--- a/tests/session/testable_factory.php
+++ b/tests/session/testable_factory.php
@@ -73,7 +73,8 @@ class phpbb_session_testable_factory
$request = $this->request = new phpbb_mock_request(
array(),
array(),
- $this->cookies
+ $this->cookies,
+ $this->server_data
);
request_var(null, null, null, null, $request);
@@ -85,8 +86,6 @@ class phpbb_session_testable_factory
$cache = $this->cache = new phpbb_mock_cache($this->get_cache_data());
$SID = $_SID = null;
- $_SERVER = $this->server_data;
-
$session = new phpbb_mock_session_testable;
return $session;
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-28 17:22:04 +0000