diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2013-11-08 23:12:42 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2013-11-08 23:12:42 +0100 |
| commit | 60dda5577dfcbb3c5aac0fdd2a052e12293061a5 (patch) | |
| tree | 08d5c96f6de24c5c887bab732791fd48875df67f /tests/security | |
| parent | 082a467cc8813b63bde604a3e08485d01c228acb (diff) | |
| download | forums-60dda5577dfcbb3c5aac0fdd2a052e12293061a5.tar forums-60dda5577dfcbb3c5aac0fdd2a052e12293061a5.tar.gz forums-60dda5577dfcbb3c5aac0fdd2a052e12293061a5.tar.bz2 forums-60dda5577dfcbb3c5aac0fdd2a052e12293061a5.tar.xz forums-60dda5577dfcbb3c5aac0fdd2a052e12293061a5.zip | |
[ticket/11997] Correctly redirect to front controllers
We currently do a lot of checks in order to prevent users from getting to
a 404 page. However, this logic relies on checking if a file or folder exists.
Due to the front controllers and the URL rewriting in 3.1, it is no longer
possible to rely on existing files for redirecting. This patch will take
care of properly redirecting users to front controller files. An incorrect
link will cause users to get a 404 error though.
PHPBB3-11997
Diffstat (limited to 'tests/security')
| -rw-r--r-- | tests/security/redirect_test.php | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php index 8e36780ca4..e934a4ab1b 100644 --- a/tests/security/redirect_test.php +++ b/tests/security/redirect_test.php @@ -21,8 +21,22 @@ class phpbb_security_redirect_test extends phpbb_security_test_base array('bad://localhost/phpBB/index.php', 'INSECURE_REDIRECT', false), array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'), array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'INSECURE_REDIRECT', false), - array('javascript:test', false, 'http://localhost/phpBB/../javascript:test'), + array('javascript:test', false, 'http://localhost/phpBB/javascript:test'), array('http://localhost/phpBB/index.php;url=', 'INSECURE_REDIRECT', false), + array('http://localhost/phpBB/app.php/foobar', false, 'http://localhost/phpBB/app.php/foobar'), + array('./app.php/foobar', false, 'http://localhost/phpBB/app.php/foobar'), + array('app.php/foobar', false, 'http://localhost/phpBB/app.php/foobar'), + array('./../app.php/foobar', false, 'http://localhost/phpBB/app.php/foobar'), + array('./../app.php/foo/bar', false, 'http://localhost/phpBB/app.php/foo/bar'), + array('./../foo/bar', false, 'http://localhost/phpBB/foo/bar'), + array('app.php/', false, 'http://localhost/phpBB/app.php/'), + array('./app.php/', false, 'http://localhost/phpBB/app.php/'), + array('foobar', false, 'http://localhost/phpBB/foobar'), + array('./foobar', false, 'http://localhost/phpBB/foobar'), + array('foo/bar', false, 'http://localhost/phpBB/foo/bar'), + array('./foo/bar', false, 'http://localhost/phpBB/foo/bar'), + array('./../index.php', false, 'http://localhost/phpBB/index.php'), + array('../index.php', false, 'http://localhost/phpBB/index.php'), ); } |