diff options
Diffstat (limited to 'tests/security/extract_current_page_test.php')
| -rw-r--r-- | tests/security/extract_current_page_test.php | 59 |
1 files changed, 22 insertions, 37 deletions
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 1284aab94c..767b901a43 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -1,9 +1,13 @@ <?php /** * -* @package testing -* @copyright (c) 2008 phpBB Group -* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. * */ @@ -16,33 +20,25 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base public function security_variables() { return array( - array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), - array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + array('mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), + array('mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), + array('mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), ); } /** * @dataProvider security_variables */ - public function test_query_string_php_self($url, $query_string, $expected) + public function test_query_string_php_self($query_string, $expected) { global $symfony_request, $request; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($url)); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($query_string)); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($server['REQUEST_URI'])); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue('/')); + $this->server['REQUEST_URI'] = ''; + $this->server['QUERY_STRING'] = $query_string; + + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); + $result = \phpbb\session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; @@ -52,25 +48,14 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base /** * @dataProvider security_variables */ - public function test_query_string_request_uri($url, $query_string, $expected) + public function test_query_string_request_uri($query_string, $expected) { global $symfony_request, $request; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($url)); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($query_string)); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($server['REQUEST_URI'])); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue('/')); + $this->server['QUERY_STRING'] = $query_string; + + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); $result = \phpbb\session::extract_current_page('./'); |