diff options
| author | Igor Wiedler <igor@wiedler.ch> | 2011-08-06 19:47:12 +0200 |
|---|---|---|
| committer | Igor Wiedler <igor@wiedler.ch> | 2011-08-06 19:47:12 +0200 |
| commit | 24e9fb24d105b8e475dbaf66fd99be2839b86675 (patch) | |
| tree | 204cee3e18b03f6ecf1ef7baf5eb6f47bcdb9409 | |
| parent | d1a0dfbafb8ee0710fec01bf16149f85810c29dd (diff) | |
| download | forums-24e9fb24d105b8e475dbaf66fd99be2839b86675.tar forums-24e9fb24d105b8e475dbaf66fd99be2839b86675.tar.gz forums-24e9fb24d105b8e475dbaf66fd99be2839b86675.tar.bz2 forums-24e9fb24d105b8e475dbaf66fd99be2839b86675.tar.xz forums-24e9fb24d105b8e475dbaf66fd99be2839b86675.zip | |
[feature/request-class] Make server() use the $html_encode parameter
$request->server() should not auto html-escape values. header() however should.
Also introduce some tests for this behaviour.
Thanks to nn- for catching this.
PHPBB3-9716
| -rw-r--r-- | phpBB/includes/request/request.php | 4 | ||||
| -rw-r--r-- | tests/request/request_test.php | 44 |
2 files changed, 46 insertions, 2 deletions
diff --git a/phpBB/includes/request/request.php b/phpBB/includes/request/request.php index 13493387a8..466397480b 100644 --- a/phpBB/includes/request/request.php +++ b/phpBB/includes/request/request.php @@ -261,12 +261,12 @@ class phpbb_request implements phpbb_request_interface if ($this->is_set($var_name, phpbb_request_interface::SERVER)) { - return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER); + return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER, $html_encode); } else { $var = getenv($var_name); - $this->type_cast_helper->recursive_set_var($var, $default, $multibyte); + $this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $html_encode); return $var; } } diff --git a/tests/request/request_test.php b/tests/request/request_test.php index 9999e88121..24c9ae5112 100644 --- a/tests/request/request_test.php +++ b/tests/request/request_test.php @@ -22,6 +22,10 @@ class phpbb_request_test extends phpbb_test_case $_REQUEST['test'] = 3; $_GET['unset'] = ''; + $_SERVER['HTTP_HOST'] = 'example.com'; + $_SERVER['HTTP_ACCEPT'] = 'application/json'; + $_SERVER['HTTP_SOMEVAR'] = '<value>'; + $this->type_cast_helper = $this->getMock('phpbb_request_type_cast_helper_interface'); $this->request = new phpbb_request($this->type_cast_helper); } @@ -43,6 +47,46 @@ class phpbb_request_test extends phpbb_test_case $this->assertEquals($_POST, $GLOBALS['_POST'], 'Checking whether $_POST can still be accessed via $GLOBALS[\'_POST\']'); } + public function test_server() + { + $this->assertEquals('example.com', $this->request->server('HTTP_HOST')); + } + + public function test_server_escaping() + { + $this->type_cast_helper + ->expects($this->once()) + ->method('recursive_set_var') + ->with( + $this->anything(), + '', + true, + false + ); + + $this->request->server('HTTP_SOMEVAR'); + } + + public function test_header() + { + $this->assertEquals('application/json', $this->request->header('Accept')); + } + + public function test_header_escaping() + { + $this->type_cast_helper + ->expects($this->once()) + ->method('recursive_set_var') + ->with( + $this->anything(), + '', + true, + true + ); + + $this->request->header('SOMEVAR'); + } + /** * Checks that directly accessing $_POST will trigger * an error. |