diff options
author | Tristan Darricau <github@nicofuma.fr> | 2014-11-12 12:16:36 +0100 |
---|---|---|
committer | Tristan Darricau <github@nicofuma.fr> | 2014-11-12 15:43:12 +0100 |
commit | f142ed28e4be52278dec6ee587fc24d65f33c96a (patch) | |
tree | 38d13df10821ea21d7932c591b756609f34e21e9 /tests | |
parent | 6d533d2f8630d5bed2bfdbfd09cc9c689fbad1b5 (diff) | |
download | forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.gz forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.bz2 forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.tar.xz forums-f142ed28e4be52278dec6ee587fc24d65f33c96a.zip |
[ticket/13280] Make the tests failing
PHPBB3-13280
Diffstat (limited to 'tests')
-rw-r--r-- | tests/security/base.php | 50 | ||||
-rw-r--r-- | tests/security/extract_current_page_test.php | 77 | ||||
-rw-r--r-- | tests/security/redirect_test.php | 4 | ||||
-rw-r--r-- | tests/session/extract_page_test.php | 47 |
4 files changed, 78 insertions, 100 deletions
diff --git a/tests/security/base.php b/tests/security/base.php index 5519cac441..330408b448 100644 --- a/tests/security/base.php +++ b/tests/security/base.php @@ -13,6 +13,8 @@ abstract class phpbb_security_test_base extends phpbb_test_case { + protected $server = array(); + /** * Set up the required user object and server variables for the suites */ @@ -21,17 +23,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case global $user, $phpbb_root_path, $phpEx, $request, $symfony_request, $phpbb_filesystem; // Put this into a global function being run by every test to init a proper user session - $server['HTTP_HOST'] = 'localhost'; - $server['SERVER_NAME'] = 'localhost'; - $server['SERVER_ADDR'] = '127.0.0.1'; - $server['SERVER_PORT'] = 80; - $server['REMOTE_ADDR'] = '127.0.0.1'; - $server['QUERY_STRING'] = ''; - $server['REQUEST_URI'] = '/tests/'; - $server['SCRIPT_NAME'] = '/tests/index.php'; - $server['PHP_SELF'] = '/tests/index.php'; - $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; - $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; + $this->server['HTTP_HOST'] = 'localhost'; + $this->server['SERVER_NAME'] = 'localhost'; + $this->server['SERVER_ADDR'] = '127.0.0.1'; + $this->server['SERVER_PORT'] = 80; + $this->server['REMOTE_ADDR'] = '127.0.0.1'; + $this->server['QUERY_STRING'] = ''; + $this->server['REQUEST_URI'] = '/tests/'; + $this->server['SCRIPT_NAME'] = '/tests/index.php'; + $this->server['SCRIPT_FILENAME'] = '/var/www/tests/index.php'; + $this->server['PHP_SELF'] = '/tests/index.php'; + $this->server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; + $this->server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; /* [HTTP_ACCEPT_ENCODING] => gzip,deflate @@ -40,31 +43,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case [SCRIPT_FILENAME] => /var/www/tests/index.php */ - $request = new phpbb_mock_request(array(), array(), array(), $server); - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($server['SCRIPT_NAME'])); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($server['QUERY_STRING'])); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($server['REQUEST_URI'])); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue('/')); - $phpbb_filesystem = new \phpbb\filesystem($symfony_request, $phpbb_root_path, $phpEx); + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); + + $phpbb_filesystem = new \phpbb\filesystem(); // Set no user and trick a bit to circumvent errors $user = new \phpbb\user('\phpbb\datetime'); $user->lang = true; - $user->browser = $server['HTTP_USER_AGENT']; + $user->browser = $this->server['HTTP_USER_AGENT']; $user->referer = ''; $user->forwarded_for = ''; - $user->host = $server['HTTP_HOST']; + $user->host = $this->server['HTTP_HOST']; $user->page = \phpbb\session::extract_current_page($phpbb_root_path); } diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 58dea68dc8..5c0369f270 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -1,15 +1,15 @@ <?php /** -* -* This file is part of the phpBB Forum Software package. -* -* @copyright (c) phpBB Limited <https://www.phpbb.com> -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ require_once dirname(__FILE__) . '/base.php'; @@ -20,33 +20,25 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base public function security_variables() { return array( - array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), - array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + array('mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), + array('mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), + array('mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), ); } /** - * @dataProvider security_variables - */ - public function test_query_string_php_self($url, $query_string, $expected) + * @dataProvider security_variables + */ + public function test_query_string_php_self($query_string, $expected) { global $symfony_request, $request; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($url)); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($query_string)); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($server['REQUEST_URI'])); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue('/')); + $this->server['REQUEST_URI'] = ''; + $this->server['QUERY_STRING'] = $query_string; + + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); + $result = \phpbb\session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; @@ -54,27 +46,16 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base } /** - * @dataProvider security_variables - */ - public function test_query_string_request_uri($url, $query_string, $expected) + * @dataProvider security_variables + */ + public function test_query_string_request_uri($query_string, $expected) { global $symfony_request, $request; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($url)); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($query_string)); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($server['REQUEST_URI'])); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue('/')); + $this->server['QUERY_STRING'] = $query_string; + + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); $result = \phpbb\session::extract_current_page('./'); diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php index 3961c2781e..21fb103ed1 100644 --- a/tests/security/redirect_test.php +++ b/tests/security/redirect_test.php @@ -73,6 +73,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base protected function setUp() { + global $phpbb_dispatcher; + parent::setUp(); $GLOBALS['config'] = array( @@ -80,6 +82,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base ); $this->path_helper = $this->get_path_helper(); + + $phpbb_dispatcher = new phpbb_mock_event_dispatcher(); } /** diff --git a/tests/session/extract_page_test.php b/tests/session/extract_page_test.php index f314d35f87..f0d1cdb60e 100644 --- a/tests/session/extract_page_test.php +++ b/tests/session/extract_page_test.php @@ -12,6 +12,7 @@ */ require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; +require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; class phpbb_session_extract_page_test extends phpbb_session_test_case { @@ -99,7 +100,7 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case // ^-- Ignored because .. returns different directory in live vs testing 'query_string' => '', 'script_path' => '/phpBB/adm/', - //'root_script_path' => '/phpBB/', + //'root_script_path' => '/phpBB/adm/', //'page' => 'adm/index.php', 'forum' => 0, ), @@ -108,15 +109,15 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case './', '/phpBB/adm/app.php', 'page=1&test=2', - '/phpBB/', + '/phpBB/adm/', '/foo/bar', array( 'page_name' => 'app.php/foo/bar', - 'page_dir' => '', + //'page_dir' => '', 'query_string' => 'page=1&test=2', - 'script_path' => '/phpBB/', - 'root_script_path' => '/phpBB/', - 'page' => 'app.php/foo/bar?page=1&test=2', + 'script_path' => '/phpBB/adm/', + //'root_script_path' => '/phpBB/adm/', + //'page' => 'app.php/foo/bar?page=1&test=2', 'forum' => 0, ), ), @@ -142,23 +143,25 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case /** @dataProvider extract_current_page_data */ function test_extract_current_page($root_path, $getScriptName, $getQueryString, $getBasePath, $getPathInfo, $expected) { - global $symfony_request; + global $symfony_request, $request, $phpbb_filesystem; + + $phpbb_filesystem = new \phpbb\filesystem(); + + $server['HTTP_HOST'] = 'localhost'; + $server['SERVER_NAME'] = 'localhost'; + $server['SERVER_ADDR'] = '127.0.0.1'; + $server['SERVER_PORT'] = 80; + $server['REMOTE_ADDR'] = '127.0.0.1'; + $server['QUERY_STRING'] = $getQueryString; + $server['REQUEST_URI'] = $getScriptName . $getPathInfo . ($getQueryString === '' ? '' : '?' . $getQueryString); + $server['SCRIPT_NAME'] = $getScriptName; + $server['SCRIPT_FILENAME'] = '/var/www/' . $getScriptName; + $server['PHP_SELF'] = $getScriptName; + $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; + $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - new phpbb_mock_request(), - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($getScriptName)); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($getQueryString)); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($getBasePath)); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue($getPathInfo)); + $request = new phpbb_mock_request(array(), array(), array(), $server); + $symfony_request = new \phpbb\symfony_request($request); $output = \phpbb\session::extract_current_page($root_path); |