[ticket/13280] Make the tests failing

PHPBB3-13280
author: Tristan Darricau <github@nicofuma.fr> 2014-11-12 12:16:36 +0100
committer: Tristan Darricau <github@nicofuma.fr> 2014-11-12 15:43:12 +0100
commit: f142ed28e4be52278dec6ee587fc24d65f33c96a (patch)
tree: 38d13df10821ea21d7932c591b756609f34e21e9 /tests/security
parent: 6d533d2f8630d5bed2bfdbfd09cc9c689fbad1b5 (diff)
download: forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar
forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.gz
forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.bz2
forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.xz
forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.zip
3 files changed, 53 insertions, 78 deletions
diff --git a/tests/security/base.php b/tests/security/base.php
index 5519cac441..330408b448 100644
--- a/tests/security/base.php
+++ b/tests/security/base.php
@@ -13,6 +13,8 @@
 
 abstract class phpbb_security_test_base extends phpbb_test_case
 {
+	protected $server = array();
+
 	/**
 	* Set up the required user object and server variables for the suites
 	*/
@@ -21,17 +23,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case
 		global $user, $phpbb_root_path, $phpEx, $request, $symfony_request, $phpbb_filesystem;
 
 		// Put this into a global function being run by every test to init a proper user session
-		$server['HTTP_HOST']		= 'localhost';
-		$server['SERVER_NAME']		= 'localhost';
-		$server['SERVER_ADDR']		= '127.0.0.1';
-		$server['SERVER_PORT']		= 80;
-		$server['REMOTE_ADDR']		= '127.0.0.1';
-		$server['QUERY_STRING']	= '';
-		$server['REQUEST_URI']		= '/tests/';
-		$server['SCRIPT_NAME']		= '/tests/index.php';
-		$server['PHP_SELF']		= '/tests/index.php';
-		$server['HTTP_USER_AGENT']	= 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
-		$server['HTTP_ACCEPT_LANGUAGE']	= 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
+		$this->server['HTTP_HOST']				= 'localhost';
+		$this->server['SERVER_NAME']			= 'localhost';
+		$this->server['SERVER_ADDR']			= '127.0.0.1';
+		$this->server['SERVER_PORT']			= 80;
+		$this->server['REMOTE_ADDR']			= '127.0.0.1';
+		$this->server['QUERY_STRING']			= '';
+		$this->server['REQUEST_URI']			= '/tests/';
+		$this->server['SCRIPT_NAME']			= '/tests/index.php';
+		$this->server['SCRIPT_FILENAME']		= '/var/www/tests/index.php';
+		$this->server['PHP_SELF']				= '/tests/index.php';
+		$this->server['HTTP_USER_AGENT']		= 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
+		$this->server['HTTP_ACCEPT_LANGUAGE']	= 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
 
 /*
 		[HTTP_ACCEPT_ENCODING] => gzip,deflate
@@ -40,31 +43,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case
 		[SCRIPT_FILENAME] => /var/www/tests/index.php
 */
 
-		$request = new phpbb_mock_request(array(), array(), array(), $server);
-		$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
-			$request,
-		));
-		$symfony_request->expects($this->any())
-			->method('getScriptName')
-			->will($this->returnValue($server['SCRIPT_NAME']));
-		$symfony_request->expects($this->any())
-			->method('getQueryString')
-			->will($this->returnValue($server['QUERY_STRING']));
-		$symfony_request->expects($this->any())
-			->method('getBasePath')
-			->will($this->returnValue($server['REQUEST_URI']));
-		$symfony_request->expects($this->any())
-			->method('getPathInfo')
-			->will($this->returnValue('/'));
-		$phpbb_filesystem = new \phpbb\filesystem($symfony_request, $phpbb_root_path, $phpEx);
+		$request = new phpbb_mock_request(array(), array(), array(), $this->server);
+		$symfony_request = new \phpbb\symfony_request($request);
+
+		$phpbb_filesystem = new \phpbb\filesystem();
 
 		// Set no user and trick a bit to circumvent errors
 		$user = new \phpbb\user('\phpbb\datetime');
 		$user->lang = true;
-		$user->browser				= $server['HTTP_USER_AGENT'];
+		$user->browser				= $this->server['HTTP_USER_AGENT'];
 		$user->referer				= '';
 		$user->forwarded_for		= '';
-		$user->host					= $server['HTTP_HOST'];
+		$user->host					= $this->server['HTTP_HOST'];
 		$user->page = \phpbb\session::extract_current_page($phpbb_root_path);
 	}
 
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php
index 58dea68dc8..5c0369f270 100644
--- a/tests/security/extract_current_page_test.php
+++ b/tests/security/extract_current_page_test.php
@@ -1,15 +1,15 @@
 <?php
 /**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
 
 require_once dirname(__FILE__) . '/base.php';
 
@@ -20,33 +20,25 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 	public function security_variables()
 	{
 		return array(
-			array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
-			array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
+			array('mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
+			array('mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
+			array('mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
 		);
 	}
 
 	/**
-	* @dataProvider security_variables
-	*/
-	public function test_query_string_php_self($url, $query_string, $expected)
+	 * @dataProvider security_variables
+	 */
+	public function test_query_string_php_self($query_string, $expected)
 	{
 		global $symfony_request, $request;
 
-		$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
-			$request,
-		));
-		$symfony_request->expects($this->any())
-			->method('getScriptName')
-			->will($this->returnValue($url));
-		$symfony_request->expects($this->any())
-			->method('getQueryString')
-			->will($this->returnValue($query_string));
-		$symfony_request->expects($this->any())
-			->method('getBasePath')
-			->will($this->returnValue($server['REQUEST_URI']));
-		$symfony_request->expects($this->any())
-			->method('getPathInfo')
-			->will($this->returnValue('/'));
+		$this->server['REQUEST_URI'] = '';
+		$this->server['QUERY_STRING'] = $query_string;
+
+		$request = new phpbb_mock_request(array(), array(), array(), $this->server);
+		$symfony_request = new \phpbb\symfony_request($request);
+
 		$result = \phpbb\session::extract_current_page('./');
 
 		$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
@@ -54,27 +46,16 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 	}
 
 	/**
-	* @dataProvider security_variables
-	*/
-	public function test_query_string_request_uri($url, $query_string, $expected)
+	 * @dataProvider security_variables
+	 */
+	public function test_query_string_request_uri($query_string, $expected)
 	{
 		global $symfony_request, $request;
 
-		$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
-			$request,
-		));
-		$symfony_request->expects($this->any())
-			->method('getScriptName')
-			->will($this->returnValue($url));
-		$symfony_request->expects($this->any())
-			->method('getQueryString')
-			->will($this->returnValue($query_string));
-		$symfony_request->expects($this->any())
-			->method('getBasePath')
-			->will($this->returnValue($server['REQUEST_URI']));
-		$symfony_request->expects($this->any())
-			->method('getPathInfo')
-			->will($this->returnValue('/'));
+		$this->server['QUERY_STRING'] = $query_string;
+
+		$request = new phpbb_mock_request(array(), array(), array(), $this->server);
+		$symfony_request = new \phpbb\symfony_request($request);
 
 		$result = \phpbb\session::extract_current_page('./');
 
diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php
index 3961c2781e..21fb103ed1 100644
--- a/tests/security/redirect_test.php
+++ b/tests/security/redirect_test.php
@@ -73,6 +73,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
 
 	protected function setUp()
 	{
+		global $phpbb_dispatcher;
+
 		parent::setUp();
 
 		$GLOBALS['config'] = array(
@@ -80,6 +82,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
 		);
 
 		$this->path_helper = $this->get_path_helper();
+
+		$phpbb_dispatcher = new phpbb_mock_event_dispatcher();
 	}
 
 	/**
author	Tristan Darricau <github@nicofuma.fr>	2014-11-12 12:16:36 +0100
committer	Tristan Darricau <github@nicofuma.fr>	2014-11-12 15:43:12 +0100
commit	f142ed28e4be52278dec6ee587fc24d65f33c96a (patch)
tree	38d13df10821ea21d7932c591b756609f34e21e9 /tests/security
parent	6d533d2f8630d5bed2bfdbfd09cc9c689fbad1b5 (diff)
download	forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.gz forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.bz2 forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.xz forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.zip