diff options
| author | Igor Wiedler <igor@wiedler.ch> | 2011-01-10 00:18:37 +0100 |
|---|---|---|
| committer | Igor Wiedler <igor@wiedler.ch> | 2011-01-10 00:18:37 +0100 |
| commit | 01fe91c5c4e897801f5c179cd4060e686762f105 (patch) | |
| tree | 178535f1cecfa2fd5748b21f9d59d1d471d1bd35 /tests/security/extract_current_page_test.php | |
| parent | 0a945100fd285658f1c3c936d413939eb11a6e16 (diff) | |
| download | forums-01fe91c5c4e897801f5c179cd4060e686762f105.tar forums-01fe91c5c4e897801f5c179cd4060e686762f105.tar.gz forums-01fe91c5c4e897801f5c179cd4060e686762f105.tar.bz2 forums-01fe91c5c4e897801f5c179cd4060e686762f105.tar.xz forums-01fe91c5c4e897801f5c179cd4060e686762f105.zip | |
[ticket/9987] Rename test files to include a _test suffix
PHPBB3-9987
Diffstat (limited to 'tests/security/extract_current_page_test.php')
| -rw-r--r-- | tests/security/extract_current_page_test.php | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php new file mode 100644 index 0000000000..ff0ab4d1bb --- /dev/null +++ b/tests/security/extract_current_page_test.php @@ -0,0 +1,53 @@ +<?php +/** +* +* @package testing +* @copyright (c) 2008 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +require_once __DIR__ . '/base.php'; + +require_once __DIR__ . '/../../phpBB/includes/functions.php'; +require_once __DIR__ . '/../../phpBB/includes/session.php'; + +class phpbb_security_extract_current_page_test extends phpbb_security_test_base +{ + public static function security_variables() + { + return array( + array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + ); + } + + /** + * @dataProvider security_variables + */ + public function test_query_string_php_self($url, $query_string, $expected) + { + $_SERVER['PHP_SELF'] = $url; + $_SERVER['QUERY_STRING'] = $query_string; + + $result = session::extract_current_page('./'); + + $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; + $this->assertEquals($expected, $result['query_string'], $label); + } + + /** + * @dataProvider security_variables + */ + public function test_query_string_request_uri($url, $query_string, $expected) + { + $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; + $_SERVER['QUERY_STRING'] = $query_string; + + $result = session::extract_current_page('./'); + + $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.'; + $this->assertEquals($expected, $result['query_string'], $label); + } +} + |