diff options
| author | Oleg Pudeyev <oleg@bsdpower.com> | 2012-11-06 11:11:27 -0500 |
|---|---|---|
| committer | Oleg Pudeyev <oleg@bsdpower.com> | 2012-11-06 11:11:27 -0500 |
| commit | 87ea50948ea53c0d1beab5b44badebeae4292d1a (patch) | |
| tree | dbc99fde4dfc62b84bae60c7e4ab5c02ddbe8a3c /tests/security/extract_current_page_test.php | |
| parent | 5b48df41685da785b082612318ebe7a8012c4149 (diff) | |
| parent | 44ff9d020fd218cbdb2f07a0d7f85a630367e3c2 (diff) | |
| download | forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar.gz forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar.bz2 forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar.xz forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.zip | |
Merge remote-tracking branch 'upstream/develop' into feature/prune-users
* upstream/develop: (2171 commits)
[ticket/11164] Update composer.phar
[ticket/10933] Use inheritDoc, eliminate copy pasted docblocks.
[ticket/10933] Dependency inject template context.
[ticket/10933] Expanded prose documentation for phpbb_extension_provider.
[ticket/10933] Specify empty template path for absolute includephp test.
[ticket/10933] Useful documentation for template locate function
[ticket/10933] Typo fixes
[ticket/10933] Initialize template context when template is constructed.
[ticket/11099] Mark acp_ban::display_ban_options() as static.
[ticket/11158] Require acl_u_sig for ucp signature module.
[ticket/11158] Revert old fix in PHPBB3-10186.
[ticket/11159] static public is the currently approved order.
[ticket/11157] static public is the currently approved order.
[ticket/11157] Fix remaining captcha spam.
[ticket/11157] get_captcha_types is an instance method.
[ticket/11156] Delete "Misc" tab of forum based permissions + move items
[ticket/10848] Move include up.
[ticket/11014] Fix old pagination assignment
[ticket/11018] Fix several paginations in ACP
[ticket/11014] Fix IF statements for new template pagination
...
Conflicts:
phpBB/includes/functions_user.php
Diffstat (limited to 'tests/security/extract_current_page_test.php')
| -rw-r--r-- | tests/security/extract_current_page_test.php | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 71c7a3a397..d77cbbcaf3 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -3,18 +3,17 @@ * * @package testing * @copyright (c) 2008 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 * */ require_once dirname(__FILE__) . '/base.php'; require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; -require_once dirname(__FILE__) . '/../../phpBB/includes/session.php'; class phpbb_security_extract_current_page_test extends phpbb_security_test_base { - public static function security_variables() + public function security_variables() { return array( array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), @@ -27,10 +26,14 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_php_self($url, $query_string, $expected) { - $_SERVER['PHP_SELF'] = $url; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; - $result = session::extract_current_page('./'); + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); + + $result = phpbb_session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; $this->assertEquals($expected, $result['query_string'], $label); @@ -41,10 +44,14 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_request_uri($url, $query_string, $expected) { - $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; + + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); - $result = session::extract_current_page('./'); + $result = phpbb_session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.'; $this->assertEquals($expected, $result['query_string'], $label); |