diff options
author | Igor Wiedler <igor@wiedler.ch> | 2011-07-13 19:20:16 +0200 |
---|---|---|
committer | Igor Wiedler <igor@wiedler.ch> | 2011-07-15 22:34:24 +0200 |
commit | 0bf6966c5228d446c4f0d3862619db0f619c7369 (patch) | |
tree | 3f8adfb570262a9296e7a4fdb191804bfde7a4c0 /tests/security | |
parent | 09e0460e5b53f83f4c06703c8bd8f1cb0f22eb48 (diff) | |
download | forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.gz forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.bz2 forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.xz forums-0bf6966c5228d446c4f0d3862619db0f619c7369.zip |
[feature/request-class] Add server(), header() and is_ajax() to request
Extend the request class with helpers for reading server vars (server())
and HTTP request headers (header()). Refactor the existing code base
to make use of these helpers, make $_SERVER a deactivated super global.
Also introduce an is_ajax() method, which checks the X-Requested-With
header for the value 'XMLHttpRequest', which is sent by JavaScript
libraries, such as jQuery.
PHPBB3-9716
Diffstat (limited to 'tests/security')
-rw-r--r-- | tests/security/base.php | 36 | ||||
-rw-r--r-- | tests/security/extract_current_page_test.php | 16 |
2 files changed, 32 insertions, 20 deletions
diff --git a/tests/security/base.php b/tests/security/base.php index db9c884cf4..4b259a2aac 100644 --- a/tests/security/base.php +++ b/tests/security/base.php @@ -7,6 +7,8 @@ * */ +require_once dirname(__FILE__) . '/../mock/request.php'; + abstract class phpbb_security_test_base extends phpbb_test_case { /** @@ -14,20 +16,20 @@ abstract class phpbb_security_test_base extends phpbb_test_case */ protected function setUp() { - global $user, $phpbb_root_path; + global $user, $phpbb_root_path, $request; // Put this into a global function being run by every test to init a proper user session - $_SERVER['HTTP_HOST'] = 'localhost'; - $_SERVER['SERVER_NAME'] = 'localhost'; - $_SERVER['SERVER_ADDR'] = '127.0.0.1'; - $_SERVER['SERVER_PORT'] = 80; - $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; - $_SERVER['QUERY_STRING'] = ''; - $_SERVER['REQUEST_URI'] = '/tests/'; - $_SERVER['SCRIPT_NAME'] = '/tests/index.php'; - $_SERVER['PHP_SELF'] = '/tests/index.php'; - $_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; - $_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; + $server['HTTP_HOST'] = 'localhost'; + $server['SERVER_NAME'] = 'localhost'; + $server['SERVER_ADDR'] = '127.0.0.1'; + $server['SERVER_PORT'] = 80; + $server['REMOTE_ADDR'] = '127.0.0.1'; + $server['QUERY_STRING'] = ''; + $server['REQUEST_URI'] = '/tests/'; + $server['SCRIPT_NAME'] = '/tests/index.php'; + $server['PHP_SELF'] = '/tests/index.php'; + $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; + $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; /* [HTTP_ACCEPT_ENCODING] => gzip,deflate @@ -36,13 +38,15 @@ abstract class phpbb_security_test_base extends phpbb_test_case [SCRIPT_FILENAME] => /var/www/tests/index.php */ + $request = new phpbb_mock_request(array(), array(), array(), $server); + // Set no user and trick a bit to circumvent errors $user = new user(); $user->lang = true; - $user->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; - $user->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; - $user->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; - $user->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + $user->browser = $server['HTTP_USER_AGENT']; + $user->referer = ''; + $user->forwarded_for = ''; + $user->host = $server['HTTP_HOST']; $user->page = session::extract_current_page($phpbb_root_path); } diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 71c7a3a397..34c7b52f49 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -27,8 +27,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_php_self($url, $query_string, $expected) { - $_SERVER['PHP_SELF'] = $url; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; + + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); $result = session::extract_current_page('./'); @@ -41,8 +45,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_request_uri($url, $query_string, $expected) { - $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; + + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); $result = session::extract_current_page('./'); |