redirect(), expected triggered error (else false), expected returned result url (else false)) return array( array('data://x', 'Tried to redirect to potentially insecure url.', false), array('bad://localhost/phpBB/index.php', 'Tried to redirect to potentially insecure url.', false), array('http://www.otherdomain.com/somescript.php', 'Tried to redirect to potentially insecure url.', false), array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false), array('javascript:test', false, 'http://localhost/phpBB/../javascript:test'), array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false), array('https://foobar.com\@http://localhost/phpBB', 'Tried to redirect to potentially insecure url.', false), array('https://foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false), array('http://localhost.foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false), ); } protected function setUp() { parent::setUp(); $GLOBALS['config'] = array( 'force_server_vars' => '0', ); } /** * @dataProvider provider */ public function test_redirect($test, $expected_error, $expected_result) { global $user; if ($expected_error !== false) { $this->setExpectedTriggerError(E_USER_ERROR, $expected_error); } $result = redirect($test, true); // only verify result if we did not expect an error if ($expected_error === false) { $this->assertEquals($expected_result, $result); } } }