aboutsummaryrefslogtreecommitdiffstats
path: root/tests/security
diff options
context:
space:
mode:
authorIgor Wiedler <igor@wiedler.ch>2011-07-13 19:20:16 +0200
committerIgor Wiedler <igor@wiedler.ch>2011-07-15 22:34:24 +0200
commit0bf6966c5228d446c4f0d3862619db0f619c7369 (patch)
tree3f8adfb570262a9296e7a4fdb191804bfde7a4c0 /tests/security
parent09e0460e5b53f83f4c06703c8bd8f1cb0f22eb48 (diff)
downloadforums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar
forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.gz
forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.bz2
forums-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.xz
forums-0bf6966c5228d446c4f0d3862619db0f619c7369.zip
[feature/request-class] Add server(), header() and is_ajax() to request
Extend the request class with helpers for reading server vars (server()) and HTTP request headers (header()). Refactor the existing code base to make use of these helpers, make $_SERVER a deactivated super global. Also introduce an is_ajax() method, which checks the X-Requested-With header for the value 'XMLHttpRequest', which is sent by JavaScript libraries, such as jQuery. PHPBB3-9716
Diffstat (limited to 'tests/security')
-rw-r--r--tests/security/base.php36
-rw-r--r--tests/security/extract_current_page_test.php16
2 files changed, 32 insertions, 20 deletions
diff --git a/tests/security/base.php b/tests/security/base.php
index db9c884cf4..4b259a2aac 100644
--- a/tests/security/base.php
+++ b/tests/security/base.php
@@ -7,6 +7,8 @@
*
*/
+require_once dirname(__FILE__) . '/../mock/request.php';
+
abstract class phpbb_security_test_base extends phpbb_test_case
{
/**
@@ -14,20 +16,20 @@ abstract class phpbb_security_test_base extends phpbb_test_case
*/
protected function setUp()
{
- global $user, $phpbb_root_path;
+ global $user, $phpbb_root_path, $request;
// Put this into a global function being run by every test to init a proper user session
- $_SERVER['HTTP_HOST'] = 'localhost';
- $_SERVER['SERVER_NAME'] = 'localhost';
- $_SERVER['SERVER_ADDR'] = '127.0.0.1';
- $_SERVER['SERVER_PORT'] = 80;
- $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
- $_SERVER['QUERY_STRING'] = '';
- $_SERVER['REQUEST_URI'] = '/tests/';
- $_SERVER['SCRIPT_NAME'] = '/tests/index.php';
- $_SERVER['PHP_SELF'] = '/tests/index.php';
- $_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
- $_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
+ $server['HTTP_HOST'] = 'localhost';
+ $server['SERVER_NAME'] = 'localhost';
+ $server['SERVER_ADDR'] = '127.0.0.1';
+ $server['SERVER_PORT'] = 80;
+ $server['REMOTE_ADDR'] = '127.0.0.1';
+ $server['QUERY_STRING'] = '';
+ $server['REQUEST_URI'] = '/tests/';
+ $server['SCRIPT_NAME'] = '/tests/index.php';
+ $server['PHP_SELF'] = '/tests/index.php';
+ $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
+ $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
/*
[HTTP_ACCEPT_ENCODING] => gzip,deflate
@@ -36,13 +38,15 @@ abstract class phpbb_security_test_base extends phpbb_test_case
[SCRIPT_FILENAME] => /var/www/tests/index.php
*/
+ $request = new phpbb_mock_request(array(), array(), array(), $server);
+
// Set no user and trick a bit to circumvent errors
$user = new user();
$user->lang = true;
- $user->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
- $user->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
- $user->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
- $user->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
+ $user->browser = $server['HTTP_USER_AGENT'];
+ $user->referer = '';
+ $user->forwarded_for = '';
+ $user->host = $server['HTTP_HOST'];
$user->page = session::extract_current_page($phpbb_root_path);
}
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php
index 71c7a3a397..34c7b52f49 100644
--- a/tests/security/extract_current_page_test.php
+++ b/tests/security/extract_current_page_test.php
@@ -27,8 +27,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
*/
public function test_query_string_php_self($url, $query_string, $expected)
{
- $_SERVER['PHP_SELF'] = $url;
- $_SERVER['QUERY_STRING'] = $query_string;
+ global $request;
+
+ $request->merge(phpbb_request_interface::SERVER, array(
+ 'PHP_SELF' => $url,
+ 'QUERY_STRING' => $query_string,
+ ));
$result = session::extract_current_page('./');
@@ -41,8 +45,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
*/
public function test_query_string_request_uri($url, $query_string, $expected)
{
- $_SERVER['REQUEST_URI'] = $url . '?' . $query_string;
- $_SERVER['QUERY_STRING'] = $query_string;
+ global $request;
+
+ $request->merge(phpbb_request_interface::SERVER, array(
+ 'PHP_SELF' => $url,
+ 'QUERY_STRING' => $query_string,
+ ));
$result = session::extract_current_page('./');