[ticket/security/244] Add missing form parameters to tests

SECURITY-244

2 files changed, 18 insertions, 5 deletions

diff --git a/tests/functional/fileupload_form_test.php b/tests/functional/fileupload_form_test.php
index b0780172ff..ff9450be0d 100644
--- a/tests/functional/fileupload_form_test.php
+++ b/tests/functional/fileupload_form_test.php
@@ -46,6 +46,13 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case
 
 	private function upload_file($filename, $mimetype)
 	{
+		$crawler = self::$client->request(
+			'GET',
+			'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid
+		);
+
+		$file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid));
+
 		$file = array(
 			'tmp_name' => $this->path . $filename,
 			'name' => $filename,
@@ -57,7 +64,7 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case
 		$crawler = self::$client->request(
 			'POST',
 			'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid,
-			array('add_file' => $this->lang('ADD_FILE')),
+			$file_form_data,
 			array('fileupload' => $file)
 		);
 
diff --git a/tests/functional/plupload_test.php b/tests/functional/plupload_test.php
index 9d284a7e57..4ab1c8e9e5 100644
--- a/tests/functional/plupload_test.php
+++ b/tests/functional/plupload_test.php
@@ -76,6 +76,10 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
 		$chunk_size = ceil(filesize($this->path . 'valid.jpg') / self::CHUNKS);
 		$handle = fopen($this->path . 'valid.jpg', 'rb');
 
+		$crawler = self::$client->request('POST', $url . '&sid=' . $this->sid);
+
+		$file_form_data = $this->get_hidden_fields($crawler, $url);
+
 		for ($i = 0; $i < self::CHUNKS; $i++)
 		{
 			$chunk = fread($handle, $chunk_size);
@@ -94,13 +98,13 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
 			$crawler = self::$client->request(
 				'POST',
 				$url . '&sid=' . $this->sid,
-				array(
+				array_merge(array(
 					'chunk' => $i,
 					'chunks' => self::CHUNKS,
 					'name' => md5('valid') . '.jpg',
 					'real_filename' => 'valid.jpg',
 					'add_file' => $this->lang('ADD_FILE'),
-				),
+				), $file_form_data),
 				array('fileupload' => $file),
 				array('X-PHPBB-USING-PLUPLOAD' => '1')
 			);
@@ -134,17 +138,19 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
 			'error' => UPLOAD_ERR_OK,
 		);
 
+		$file_form_data = $this->get_hidden_fields(null, $url);
+
 		self::$client->setServerParameter('HTTP_X_PHPBB_USING_PLUPLOAD', '1');
 		self::$client->request(
 			'POST',
 			$url . '&sid=' . $this->sid,
-			array(
+			array_merge(array(
 				'chunk' => '0',
 				'chunks' => '1',
 				'name' => md5('valid') . '.jpg',
 				'real_filename' => 'valid.jpg',
 				'add_file' => $this->lang('ADD_FILE'),
-			),
+			), $file_form_data),
 			array('fileupload' => $file)
 		);