diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-06-08 21:43:27 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-06-08 21:43:27 +0000 |
| commit | 6a59f3efd68ad9467d053bd151273e898ce65504 (patch) | |
| tree | acd4d88769c93508cddca5c2179109088555eaf2 /tests/security/redirect.php | |
| parent | b54a9ec1e29305ef37605c1b60533abb7102a697 (diff) | |
| download | forums-6a59f3efd68ad9467d053bd151273e898ce65504.tar forums-6a59f3efd68ad9467d053bd151273e898ce65504.tar.gz forums-6a59f3efd68ad9467d053bd151273e898ce65504.tar.bz2 forums-6a59f3efd68ad9467d053bd151273e898ce65504.tar.xz forums-6a59f3efd68ad9467d053bd151273e898ce65504.zip | |
fix security test for redirect. Also set common server variables to mimick a real testbed.
git-svn-id: file:///svn/phpbb/trunk@8623 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'tests/security/redirect.php')
| -rw-r--r-- | tests/security/redirect.php | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/tests/security/redirect.php b/tests/security/redirect.php index c2613c3265..88e8e3d0a9 100644 --- a/tests/security/redirect.php +++ b/tests/security/redirect.php @@ -21,11 +21,17 @@ require_once '../phpBB/includes/session.php'; class phpbb_security_redirect_test extends PHPUnit_Extensions_OutputTestCase { + protected $error_triggered = false; + public static function provider() { + // array(Input -> redirect(), expected triggered error (else false), expected returned result url (else false)) return array( - array('data://x', 'Tried to redirect to potentially insecure url.', 'data://x'), - array('javascript:test', '', 'http://../tests/javascript:test'), + array('data://x', false, 'http://localhost/phpBB'), + array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'), + array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false), + array('javascript:test', false, 'http://localhost/phpBB/../tests/javascript:test'), + array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false), ); } @@ -35,26 +41,42 @@ class phpbb_security_redirect_test extends PHPUnit_Extensions_OutputTestCase public function own_error_handler($errno, $errstr, $errfile, $errline) { echo $errstr; + $this->error_triggered = true; } /** * @dataProvider provider */ - public function test_redirect($test, $expected_output, $expected_result) + public function test_redirect($test, $expected_error, $expected_result) { global $user; - // Set no user and trick a bit to circumvent errors - $user = new user(); - $user->lang = true; - $user->page = session::extract_current_page(PHPBB_ROOT_PATH); + set_error_handler(array($this, 'own_error_handler')); + $result = redirect($test, true); + + // If we expect no error and a returned result, we set the output string to be expected and check if an error was triggered (then fail instantly) + if ($expected_error === false) + { + $this->expectOutputString($expected_result); + print $result; - $this->expectOutputString($expected_output . '#' . $expected_result); + if ($this->error_triggered) + { + $this->fail(); + } + } + // If we expect an error, we set the expected output string to the error and check if there was an error triggered. + else + { + $this->expectOutputString($expected_error); - set_error_handler(array($this, 'own_error_handler')); + if (!$this->error_triggered) + { + $this->fail(); + } - $result = redirect($test, true); - print "#" . $result; + $this->error_triggered = false; + } restore_error_handler(); } |