[feature/request-class] Add server(), header() and is_ajax() to request

Extend the request class with helpers for reading server vars (server()) and HTTP request headers (header()). Refactor the existing code base to make use of these helpers, make $_SERVER a deactivated super global. Also introduce an is_ajax() method, which checks the X-Requested-With header for the value 'XMLHttpRequest', which is sent by JavaScript libraries, such as jQuery. PHPBB3-9716
author: Igor Wiedler <igor@wiedler.ch> 2011-07-13 19:20:16 +0200
committer: Igor Wiedler <igor@wiedler.ch> 2011-07-15 22:34:24 +0200
commit: 0bf6966c5228d446c4f0d3862619db0f619c7369 (patch)
tree: 3f8adfb570262a9296e7a4fdb191804bfde7a4c0 /tests/security
parent: 09e0460e5b53f83f4c06703c8bd8f1cb0f22eb48 (diff)
download: forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar
forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.gz
forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.bz2
forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.xz
forums-0bf6966c5228d446c4f0d3862619db0f619c7369.zip
2 files changed, 32 insertions, 20 deletions
diff --git a/tests/security/base.php b/tests/security/base.php
index db9c884cf4..4b259a2aac 100644
--- a/tests/security/base.php
+++ b/tests/security/base.php
@@ -7,6 +7,8 @@
 *
 */
 
+require_once dirname(__FILE__) . '/../mock/request.php';
+
 abstract class phpbb_security_test_base extends phpbb_test_case
 {
 	/**
@@ -14,20 +16,20 @@ abstract class phpbb_security_test_base extends phpbb_test_case
 	*/
 	protected function setUp()
 	{
-		global $user, $phpbb_root_path;
+		global $user, $phpbb_root_path, $request;
 
 		// Put this into a global function being run by every test to init a proper user session
-		$_SERVER['HTTP_HOST']		= 'localhost';
-		$_SERVER['SERVER_NAME']		= 'localhost';
-		$_SERVER['SERVER_ADDR']		= '127.0.0.1';
-		$_SERVER['SERVER_PORT']		= 80;
-		$_SERVER['REMOTE_ADDR']		= '127.0.0.1';
-		$_SERVER['QUERY_STRING']	= '';
-		$_SERVER['REQUEST_URI']		= '/tests/';
-		$_SERVER['SCRIPT_NAME']		= '/tests/index.php';
-		$_SERVER['PHP_SELF']		= '/tests/index.php';
-		$_SERVER['HTTP_USER_AGENT']	= 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
-		$_SERVER['HTTP_ACCEPT_LANGUAGE']	= 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
+		$server['HTTP_HOST']		= 'localhost';
+		$server['SERVER_NAME']		= 'localhost';
+		$server['SERVER_ADDR']		= '127.0.0.1';
+		$server['SERVER_PORT']		= 80;
+		$server['REMOTE_ADDR']		= '127.0.0.1';
+		$server['QUERY_STRING']	= '';
+		$server['REQUEST_URI']		= '/tests/';
+		$server['SCRIPT_NAME']		= '/tests/index.php';
+		$server['PHP_SELF']		= '/tests/index.php';
+		$server['HTTP_USER_AGENT']	= 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
+		$server['HTTP_ACCEPT_LANGUAGE']	= 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
 
 /*
 		[HTTP_ACCEPT_ENCODING] => gzip,deflate
@@ -36,13 +38,15 @@ abstract class phpbb_security_test_base extends phpbb_test_case
 		[SCRIPT_FILENAME] => /var/www/tests/index.php
 */
 
+		$request = new phpbb_mock_request(array(), array(), array(), $server);
+
 		// Set no user and trick a bit to circumvent errors
 		$user = new user();
 		$user->lang = true;
-		$user->browser				= (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
-		$user->referer				= (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
-		$user->forwarded_for		= (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
-		$user->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
+		$user->browser				= $server['HTTP_USER_AGENT'];
+		$user->referer				= '';
+		$user->forwarded_for		= '';
+		$user->host					= $server['HTTP_HOST'];
 		$user->page = session::extract_current_page($phpbb_root_path);
 	}
 
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php
index 71c7a3a397..34c7b52f49 100644
--- a/tests/security/extract_current_page_test.php
+++ b/tests/security/extract_current_page_test.php
@@ -27,8 +27,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 	*/
 	public function test_query_string_php_self($url, $query_string, $expected)
 	{
-		$_SERVER['PHP_SELF'] = $url;
-		$_SERVER['QUERY_STRING'] = $query_string;
+		global $request;
+
+		$request->merge(phpbb_request_interface::SERVER, array(
+			'PHP_SELF'	=> $url,
+			'QUERY_STRING'	=> $query_string,
+		));
 
 		$result = session::extract_current_page('./');
 
@@ -41,8 +45,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 	*/
 	public function test_query_string_request_uri($url, $query_string, $expected)
 	{
-		$_SERVER['REQUEST_URI'] = $url . '?' . $query_string;
-		$_SERVER['QUERY_STRING'] = $query_string;
+		global $request;
+
+		$request->merge(phpbb_request_interface::SERVER, array(
+			'PHP_SELF'	=> $url,
+			'QUERY_STRING'	=> $query_string,
+		));
 
 		$result = session::extract_current_page('./');
author	Igor Wiedler <igor@wiedler.ch>	2011-07-13 19:20:16 +0200
committer	Igor Wiedler <igor@wiedler.ch>	2011-07-15 22:34:24 +0200
commit	0bf6966c5228d446c4f0d3862619db0f619c7369 (patch)
tree	3f8adfb570262a9296e7a4fdb191804bfde7a4c0 /tests/security
parent	09e0460e5b53f83f4c06703c8bd8f1cb0f22eb48 (diff)
download	forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.gz forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.bz2 forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.xz forums-0bf6966c5228d446c4f0d3862619db0f619c7369.zip