1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
<?php
/**
*
* @package testing
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../../phpBB/includes/startup.php';
class phpbb_security_trailing_path_test extends phpbb_test_case
{
public function data_has_trailing_path()
{
return array(
array(false, '', '', ''),
array(true, '/', '', ''),
array(true, '/foo', '', ''),
array(true, '', '/foo', ''),
array(true, '/foo', '/foo', ''),
array(false, '', '', '/'),
array(false, '', '', '/?/x.php/'),
array(false, '', '', '/index.php'),
array(false, '', '', '/dir.phpisfunny/foo.php'),
array(true, '', '', '/index.php/foo.php'),
array(false, '', '', '/phpBB/viewtopic.php?f=3&t=5'),
array(false, '', '', '/phpBB/viewtopic.php?f=3&t=5/'),
array(false, '', '', '/phpBB/viewtopic.php?f=3&t=5/foo'),
array(true, '/foo', '/foo', '/phpBB/viewtopic.php?f=3&t=5/foo'),
array(false, '', '', '/projects/php.bb/phpBB/viewtopic.php?f=3&t=5/'),
array(false, '', '', '/projects/php.bb/phpBB/viewtopic.php?f=3&t=5'),
array(false, '', '', '/projects/php.bb/phpBB/viewtopic.php?f=3&t=5/foo.php/'),
array(false, '', '', '/projects/php.bb/phpBB/index.php'),
array(true, '', '', '/projects/php.bb/phpBB/index.php/'),
array(true, '', '', '/phpBB/index.php/?foo/a'),
array(true, '', '', '/projects/php.bb/phpBB/index.php/?a=5'),
array(false, '', '', '/projects/php.bb/phpBB/index.php?/a=5'),
array(false, '', '/phpBB/index.php', '/phpBB/index.php', '/phpBB/index.php'),
array(true, '', '/phpBB/index.php', '/phpBB/index.php'),
array(true, '', '/phpBB/index.php/', '/phpBB/index.php/', '/phpBB/index.php'),
array(true, '', '/phpBB/index.php/', '/phpBB/index.php/'),
);
}
/**
* @dataProvider data_has_trailing_path
*/
public function test_has_trailing_path($expected, $path_info, $orig_path_info, $request_uri, $script_name = '')
{
global $phpEx;
$_SERVER['PATH_INFO'] = $path_info;
$_SERVER['ORIG_PATH_INFO'] = $orig_path_info;
$_SERVER['REQUEST_URI'] = $request_uri;
$_SERVER['SCRIPT_NAME'] = $script_name;
$this->assertSame($expected, phpbb_has_trailing_path($phpEx));
}
}
|
