aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--phpBB/includes/request/request.php4
-rw-r--r--tests/request/request_test.php44
2 files changed, 46 insertions, 2 deletions
diff --git a/phpBB/includes/request/request.php b/phpBB/includes/request/request.php
index 13493387a8..466397480b 100644
--- a/phpBB/includes/request/request.php
+++ b/phpBB/includes/request/request.php
@@ -261,12 +261,12 @@ class phpbb_request implements phpbb_request_interface
if ($this->is_set($var_name, phpbb_request_interface::SERVER))
{
- return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER);
+ return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER, $html_encode);
}
else
{
$var = getenv($var_name);
- $this->type_cast_helper->recursive_set_var($var, $default, $multibyte);
+ $this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $html_encode);
return $var;
}
}
diff --git a/tests/request/request_test.php b/tests/request/request_test.php
index 9999e88121..24c9ae5112 100644
--- a/tests/request/request_test.php
+++ b/tests/request/request_test.php
@@ -22,6 +22,10 @@ class phpbb_request_test extends phpbb_test_case
$_REQUEST['test'] = 3;
$_GET['unset'] = '';
+ $_SERVER['HTTP_HOST'] = 'example.com';
+ $_SERVER['HTTP_ACCEPT'] = 'application/json';
+ $_SERVER['HTTP_SOMEVAR'] = '<value>';
+
$this->type_cast_helper = $this->getMock('phpbb_request_type_cast_helper_interface');
$this->request = new phpbb_request($this->type_cast_helper);
}
@@ -43,6 +47,46 @@ class phpbb_request_test extends phpbb_test_case
$this->assertEquals($_POST, $GLOBALS['_POST'], 'Checking whether $_POST can still be accessed via $GLOBALS[\'_POST\']');
}
+ public function test_server()
+ {
+ $this->assertEquals('example.com', $this->request->server('HTTP_HOST'));
+ }
+
+ public function test_server_escaping()
+ {
+ $this->type_cast_helper
+ ->expects($this->once())
+ ->method('recursive_set_var')
+ ->with(
+ $this->anything(),
+ '',
+ true,
+ false
+ );
+
+ $this->request->server('HTTP_SOMEVAR');
+ }
+
+ public function test_header()
+ {
+ $this->assertEquals('application/json', $this->request->header('Accept'));
+ }
+
+ public function test_header_escaping()
+ {
+ $this->type_cast_helper
+ ->expects($this->once())
+ ->method('recursive_set_var')
+ ->with(
+ $this->anything(),
+ '',
+ true,
+ true
+ );
+
+ $this->request->header('SOMEVAR');
+ }
+
/**
* Checks that directly accessing $_POST will trigger
* an error.