aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTristan Darricau <github@nicofuma.fr>2014-11-12 12:16:36 +0100
committerTristan Darricau <github@nicofuma.fr>2014-11-12 15:43:12 +0100
commitf142ed28e4be52278dec6ee587fc24d65f33c96a (patch)
tree38d13df10821ea21d7932c591b756609f34e21e9
parent6d533d2f8630d5bed2bfdbfd09cc9c689fbad1b5 (diff)
downloadforums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar
forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.gz
forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.bz2
forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.xz
forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.zip
[ticket/13280] Make the tests failing
PHPBB3-13280
Diffstat
-rw-r--r--tests/security/base.php50
-rw-r--r--tests/security/extract_current_page_test.php77
-rw-r--r--tests/security/redirect_test.php4
-rw-r--r--tests/session/extract_page_test.php47
4 files changed, 78 insertions, 100 deletions
diff --git a/tests/security/base.php b/tests/security/base.php
index 5519cac441..330408b448 100644
--- a/tests/security/base.php
+++ b/tests/security/base.php
@@ -13,6 +13,8 @@
abstract class phpbb_security_test_base extends phpbb_test_case
{
+ protected $server = array();
+
/**
* Set up the required user object and server variables for the suites
*/
@@ -21,17 +23,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case
global $user, $phpbb_root_path, $phpEx, $request, $symfony_request, $phpbb_filesystem;
// Put this into a global function being run by every test to init a proper user session
- $server['HTTP_HOST'] = 'localhost';
- $server['SERVER_NAME'] = 'localhost';
- $server['SERVER_ADDR'] = '127.0.0.1';
- $server['SERVER_PORT'] = 80;
- $server['REMOTE_ADDR'] = '127.0.0.1';
- $server['QUERY_STRING'] = '';
- $server['REQUEST_URI'] = '/tests/';
- $server['SCRIPT_NAME'] = '/tests/index.php';
- $server['PHP_SELF'] = '/tests/index.php';
- $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
- $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
+ $this->server['HTTP_HOST'] = 'localhost';
+ $this->server['SERVER_NAME'] = 'localhost';
+ $this->server['SERVER_ADDR'] = '127.0.0.1';
+ $this->server['SERVER_PORT'] = 80;
+ $this->server['REMOTE_ADDR'] = '127.0.0.1';
+ $this->server['QUERY_STRING'] = '';
+ $this->server['REQUEST_URI'] = '/tests/';
+ $this->server['SCRIPT_NAME'] = '/tests/index.php';
+ $this->server['SCRIPT_FILENAME'] = '/var/www/tests/index.php';
+ $this->server['PHP_SELF'] = '/tests/index.php';
+ $this->server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
+ $this->server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
/*
[HTTP_ACCEPT_ENCODING] => gzip,deflate
@@ -40,31 +43,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case
[SCRIPT_FILENAME] => /var/www/tests/index.php
*/
- $request = new phpbb_mock_request(array(), array(), array(), $server);
- $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
- $request,
- ));
- $symfony_request->expects($this->any())
- ->method('getScriptName')
- ->will($this->returnValue($server['SCRIPT_NAME']));
- $symfony_request->expects($this->any())
- ->method('getQueryString')
- ->will($this->returnValue($server['QUERY_STRING']));
- $symfony_request->expects($this->any())
- ->method('getBasePath')
- ->will($this->returnValue($server['REQUEST_URI']));
- $symfony_request->expects($this->any())
- ->method('getPathInfo')
- ->will($this->returnValue('/'));
- $phpbb_filesystem = new \phpbb\filesystem($symfony_request, $phpbb_root_path, $phpEx);
+ $request = new phpbb_mock_request(array(), array(), array(), $this->server);
+ $symfony_request = new \phpbb\symfony_request($request);
+
+ $phpbb_filesystem = new \phpbb\filesystem();
// Set no user and trick a bit to circumvent errors
$user = new \phpbb\user('\phpbb\datetime');
$user->lang = true;
- $user->browser = $server['HTTP_USER_AGENT'];
+ $user->browser = $this->server['HTTP_USER_AGENT'];
$user->referer = '';
$user->forwarded_for = '';
- $user->host = $server['HTTP_HOST'];
+ $user->host = $this->server['HTTP_HOST'];
$user->page = \phpbb\session::extract_current_page($phpbb_root_path);
}
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php
index 58dea68dc8..5c0369f270 100644
--- a/tests/security/extract_current_page_test.php
+++ b/tests/security/extract_current_page_test.php
@@ -1,15 +1,15 @@
<?php
/**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
require_once dirname(__FILE__) . '/base.php';
@@ -20,33 +20,25 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
public function security_variables()
{
return array(
- array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
- array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
+ array('mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
+ array('mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
+ array('mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
);
}
/**
- * @dataProvider security_variables
- */
- public function test_query_string_php_self($url, $query_string, $expected)
+ * @dataProvider security_variables
+ */
+ public function test_query_string_php_self($query_string, $expected)
{
global $symfony_request, $request;
- $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
- $request,
- ));
- $symfony_request->expects($this->any())
- ->method('getScriptName')
- ->will($this->returnValue($url));
- $symfony_request->expects($this->any())
- ->method('getQueryString')
- ->will($this->returnValue($query_string));
- $symfony_request->expects($this->any())
- ->method('getBasePath')
- ->will($this->returnValue($server['REQUEST_URI']));
- $symfony_request->expects($this->any())
- ->method('getPathInfo')
- ->will($this->returnValue('/'));
+ $this->server['REQUEST_URI'] = '';
+ $this->server['QUERY_STRING'] = $query_string;
+
+ $request = new phpbb_mock_request(array(), array(), array(), $this->server);
+ $symfony_request = new \phpbb\symfony_request($request);
+
$result = \phpbb\session::extract_current_page('./');
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
@@ -54,27 +46,16 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
}
/**
- * @dataProvider security_variables
- */
- public function test_query_string_request_uri($url, $query_string, $expected)
+ * @dataProvider security_variables
+ */
+ public function test_query_string_request_uri($query_string, $expected)
{
global $symfony_request, $request;
- $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
- $request,
- ));
- $symfony_request->expects($this->any())
- ->method('getScriptName')
- ->will($this->returnValue($url));
- $symfony_request->expects($this->any())
- ->method('getQueryString')
- ->will($this->returnValue($query_string));
- $symfony_request->expects($this->any())
- ->method('getBasePath')
- ->will($this->returnValue($server['REQUEST_URI']));
- $symfony_request->expects($this->any())
- ->method('getPathInfo')
- ->will($this->returnValue('/'));
+ $this->server['QUERY_STRING'] = $query_string;
+
+ $request = new phpbb_mock_request(array(), array(), array(), $this->server);
+ $symfony_request = new \phpbb\symfony_request($request);
$result = \phpbb\session::extract_current_page('./');
diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php
index 3961c2781e..21fb103ed1 100644
--- a/tests/security/redirect_test.php
+++ b/tests/security/redirect_test.php
@@ -73,6 +73,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
protected function setUp()
{
+ global $phpbb_dispatcher;
+
parent::setUp();
$GLOBALS['config'] = array(
@@ -80,6 +82,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
);
$this->path_helper = $this->get_path_helper();
+
+ $phpbb_dispatcher = new phpbb_mock_event_dispatcher();
}
/**
diff --git a/tests/session/extract_page_test.php b/tests/session/extract_page_test.php
index f314d35f87..f0d1cdb60e 100644
--- a/tests/session/extract_page_test.php
+++ b/tests/session/extract_page_test.php
@@ -12,6 +12,7 @@
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
class phpbb_session_extract_page_test extends phpbb_session_test_case
{
@@ -99,7 +100,7 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
// ^-- Ignored because .. returns different directory in live vs testing
'query_string' => '',
'script_path' => '/phpBB/adm/',
- //'root_script_path' => '/phpBB/',
+ //'root_script_path' => '/phpBB/adm/',
//'page' => 'adm/index.php',
'forum' => 0,
),
@@ -108,15 +109,15 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
'./',
'/phpBB/adm/app.php',
'page=1&test=2',
- '/phpBB/',
+ '/phpBB/adm/',
'/foo/bar',
array(
'page_name' => 'app.php/foo/bar',
- 'page_dir' => '',
+ //'page_dir' => '',
'query_string' => 'page=1&test=2',
- 'script_path' => '/phpBB/',
- 'root_script_path' => '/phpBB/',
- 'page' => 'app.php/foo/bar?page=1&test=2',
+ 'script_path' => '/phpBB/adm/',
+ //'root_script_path' => '/phpBB/adm/',
+ //'page' => 'app.php/foo/bar?page=1&test=2',
'forum' => 0,
),
),
@@ -142,23 +143,25 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
/** @dataProvider extract_current_page_data */
function test_extract_current_page($root_path, $getScriptName, $getQueryString, $getBasePath, $getPathInfo, $expected)
{
- global $symfony_request;
+ global $symfony_request, $request, $phpbb_filesystem;
+
+ $phpbb_filesystem = new \phpbb\filesystem();
+
+ $server['HTTP_HOST'] = 'localhost';
+ $server['SERVER_NAME'] = 'localhost';
+ $server['SERVER_ADDR'] = '127.0.0.1';
+ $server['SERVER_PORT'] = 80;
+ $server['REMOTE_ADDR'] = '127.0.0.1';
+ $server['QUERY_STRING'] = $getQueryString;
+ $server['REQUEST_URI'] = $getScriptName . $getPathInfo . ($getQueryString === '' ? '' : '?' . $getQueryString);
+ $server['SCRIPT_NAME'] = $getScriptName;
+ $server['SCRIPT_FILENAME'] = '/var/www/' . $getScriptName;
+ $server['PHP_SELF'] = $getScriptName;
+ $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
+ $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
- $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
- new phpbb_mock_request(),
- ));
- $symfony_request->expects($this->any())
- ->method('getScriptName')
- ->will($this->returnValue($getScriptName));
- $symfony_request->expects($this->any())
- ->method('getQueryString')
- ->will($this->returnValue($getQueryString));
- $symfony_request->expects($this->any())
- ->method('getBasePath')
- ->will($this->returnValue($getBasePath));
- $symfony_request->expects($this->any())
- ->method('getPathInfo')
- ->will($this->returnValue($getPathInfo));
+ $request = new phpbb_mock_request(array(), array(), array(), $server);
+ $symfony_request = new \phpbb\symfony_request($request);
$output = \phpbb\session::extract_current_page($root_path);
generated by cgit v1.2.1 (git 2.21.0) at 2024-09-27 10:04:05 +0000