Merge remote-tracking branch 'upstream/develop' into feature/prune-users

* upstream/develop: (2171 commits) [ticket/11164] Update composer.phar [ticket/10933] Use inheritDoc, eliminate copy pasted docblocks. [ticket/10933] Dependency inject template context. [ticket/10933] Expanded prose documentation for phpbb_extension_provider. [ticket/10933] Specify empty template path for absolute includephp test. [ticket/10933] Useful documentation for template locate function [ticket/10933] Typo fixes [ticket/10933] Initialize template context when template is constructed. [ticket/11099] Mark acp_ban::display_ban_options() as static. [ticket/11158] Require acl_u_sig for ucp signature module. [ticket/11158] Revert old fix in PHPBB3-10186. [ticket/11159] static public is the currently approved order. [ticket/11157] static public is the currently approved order. [ticket/11157] Fix remaining captcha spam. [ticket/11157] get_captcha_types is an instance method. [ticket/11156] Delete "Misc" tab of forum based permissions + move items [ticket/10848] Move include up. [ticket/11014] Fix old pagination assignment [ticket/11018] Fix several paginations in ACP [ticket/11014] Fix IF statements for new template pagination ... Conflicts: phpBB/includes/functions_user.php
author: Oleg Pudeyev <oleg@bsdpower.com> 2012-11-06 11:11:27 -0500
committer: Oleg Pudeyev <oleg@bsdpower.com> 2012-11-06 11:11:27 -0500
commit: 87ea50948ea53c0d1beab5b44badebeae4292d1a (patch)
tree: dbc99fde4dfc62b84bae60c7e4ab5c02ddbe8a3c /tests/security
parent: 5b48df41685da785b082612318ebe7a8012c4149 (diff)
parent: 44ff9d020fd218cbdb2f07a0d7f85a630367e3c2 (diff)
download: forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar
forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar.gz
forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar.bz2
forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar.xz
forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.zip
4 files changed, 40 insertions, 32 deletions
diff --git a/tests/security/base.php b/tests/security/base.php
index db9c884cf4..08878ad60d 100644
--- a/tests/security/base.php
+++ b/tests/security/base.php
@@ -3,7 +3,7 @@
 *
 * @package testing
 * @copyright (c) 2008 phpBB Group
-* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
 *
 */
 
@@ -14,20 +14,20 @@ abstract class phpbb_security_test_base extends phpbb_test_case
 	*/
 	protected function setUp()
 	{
-		global $user, $phpbb_root_path;
+		global $user, $phpbb_root_path, $request;
 
 		// Put this into a global function being run by every test to init a proper user session
-		$_SERVER['HTTP_HOST']		= 'localhost';
-		$_SERVER['SERVER_NAME']		= 'localhost';
-		$_SERVER['SERVER_ADDR']		= '127.0.0.1';
-		$_SERVER['SERVER_PORT']		= 80;
-		$_SERVER['REMOTE_ADDR']		= '127.0.0.1';
-		$_SERVER['QUERY_STRING']	= '';
-		$_SERVER['REQUEST_URI']		= '/tests/';
-		$_SERVER['SCRIPT_NAME']		= '/tests/index.php';
-		$_SERVER['PHP_SELF']		= '/tests/index.php';
-		$_SERVER['HTTP_USER_AGENT']	= 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
-		$_SERVER['HTTP_ACCEPT_LANGUAGE']	= 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
+		$server['HTTP_HOST']		= 'localhost';
+		$server['SERVER_NAME']		= 'localhost';
+		$server['SERVER_ADDR']		= '127.0.0.1';
+		$server['SERVER_PORT']		= 80;
+		$server['REMOTE_ADDR']		= '127.0.0.1';
+		$server['QUERY_STRING']	= '';
+		$server['REQUEST_URI']		= '/tests/';
+		$server['SCRIPT_NAME']		= '/tests/index.php';
+		$server['PHP_SELF']		= '/tests/index.php';
+		$server['HTTP_USER_AGENT']	= 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
+		$server['HTTP_ACCEPT_LANGUAGE']	= 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
 
 /*
 		[HTTP_ACCEPT_ENCODING] => gzip,deflate
@@ -36,14 +36,16 @@ abstract class phpbb_security_test_base extends phpbb_test_case
 		[SCRIPT_FILENAME] => /var/www/tests/index.php
 */
 
+		$request = new phpbb_mock_request(array(), array(), array(), $server);
+
 		// Set no user and trick a bit to circumvent errors
-		$user = new user();
+		$user = new phpbb_user();
 		$user->lang = true;
-		$user->browser				= (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
-		$user->referer				= (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
-		$user->forwarded_for		= (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
-		$user->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
-		$user->page = session::extract_current_page($phpbb_root_path);
+		$user->browser				= $server['HTTP_USER_AGENT'];
+		$user->referer				= '';
+		$user->forwarded_for		= '';
+		$user->host					= $server['HTTP_HOST'];
+		$user->page = phpbb_session::extract_current_page($phpbb_root_path);
 	}
 
 	protected function tearDown()
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php
index 71c7a3a397..d77cbbcaf3 100644
--- a/tests/security/extract_current_page_test.php
+++ b/tests/security/extract_current_page_test.php
@@ -3,18 +3,17 @@
 *
 * @package testing
 * @copyright (c) 2008 phpBB Group
-* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
 *
 */
 
 require_once dirname(__FILE__) . '/base.php';
 
 require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
-require_once dirname(__FILE__) . '/../../phpBB/includes/session.php';
 
 class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 {
-	public static function security_variables()
+	public function security_variables()
 	{
 		return array(
 			array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
@@ -27,10 +26,14 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 	*/
 	public function test_query_string_php_self($url, $query_string, $expected)
 	{
-		$_SERVER['PHP_SELF'] = $url;
-		$_SERVER['QUERY_STRING'] = $query_string;
+		global $request;
 
-		$result = session::extract_current_page('./');
+		$request->merge(phpbb_request_interface::SERVER, array(
+			'PHP_SELF'	=> $url,
+			'QUERY_STRING'	=> $query_string,
+		));
+
+		$result = phpbb_session::extract_current_page('./');
 
 		$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
 		$this->assertEquals($expected, $result['query_string'], $label);
@@ -41,10 +44,14 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 	*/
 	public function test_query_string_request_uri($url, $query_string, $expected)
 	{
-		$_SERVER['REQUEST_URI'] = $url . '?' . $query_string;
-		$_SERVER['QUERY_STRING'] = $query_string;
+		global $request;
+
+		$request->merge(phpbb_request_interface::SERVER, array(
+			'PHP_SELF'	=> $url,
+			'QUERY_STRING'	=> $query_string,
+		));
 
-		$result = session::extract_current_page('./');
+		$result = phpbb_session::extract_current_page('./');
 
 		$label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
 		$this->assertEquals($expected, $result['query_string'], $label);
diff --git a/tests/security/hash_test.php b/tests/security/hash_test.php
index 19a3822145..0c2580c19b 100644
--- a/tests/security/hash_test.php
+++ b/tests/security/hash_test.php
@@ -3,7 +3,7 @@
 *
 * @package testing
 * @copyright (c) 2011 phpBB Group
-* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
 *
 */
 
diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php
index 76347d309f..1325466137 100644
--- a/tests/security/redirect_test.php
+++ b/tests/security/redirect_test.php
@@ -3,18 +3,17 @@
 *
 * @package testing
 * @copyright (c) 2008 phpBB Group
-* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
 *
 */
 
 require_once dirname(__FILE__) . '/base.php';
 
 require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
-require_once dirname(__FILE__) . '/../../phpBB/includes/session.php';
 
 class phpbb_security_redirect_test extends phpbb_security_test_base
 {
-	public static function provider()
+	public function provider()
 	{
 		// array(Input -> redirect(), expected triggered error (else false), expected returned result url (else false))
 		return array(
author	Oleg Pudeyev <oleg@bsdpower.com>	2012-11-06 11:11:27 -0500
committer	Oleg Pudeyev <oleg@bsdpower.com>	2012-11-06 11:11:27 -0500
commit	87ea50948ea53c0d1beab5b44badebeae4292d1a (patch)
tree	dbc99fde4dfc62b84bae60c7e4ab5c02ddbe8a3c /tests/security
parent	5b48df41685da785b082612318ebe7a8012c4149 (diff)
parent	44ff9d020fd218cbdb2f07a0d7f85a630367e3c2 (diff)
download	forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar.gz forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar.bz2 forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.tar.xz forums-87ea50948ea53c0d1beab5b44badebeae4292d1a.zip