aboutsummaryrefslogtreecommitdiffstats
path: root/tests/security/extract_current_page_test.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/security/extract_current_page_test.php')
-rw-r--r--tests/security/extract_current_page_test.php55
1 files changed, 43 insertions, 12 deletions
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php
index 0f5128884b..58dea68dc8 100644
--- a/tests/security/extract_current_page_test.php
+++ b/tests/security/extract_current_page_test.php
@@ -1,20 +1,23 @@
<?php
/**
*
-* @package testing
-* @copyright (c) 2008 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
*
*/
require_once dirname(__FILE__) . '/base.php';
require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
-require_once dirname(__FILE__) . '/../../phpBB/includes/session.php';
class phpbb_security_extract_current_page_test extends phpbb_security_test_base
{
- static public function security_variables()
+ public function security_variables()
{
return array(
array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
@@ -27,10 +30,24 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
*/
public function test_query_string_php_self($url, $query_string, $expected)
{
- $_SERVER['PHP_SELF'] = $url;
- $_SERVER['QUERY_STRING'] = $query_string;
+ global $symfony_request, $request;
- $result = session::extract_current_page('./');
+ $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
+ $request,
+ ));
+ $symfony_request->expects($this->any())
+ ->method('getScriptName')
+ ->will($this->returnValue($url));
+ $symfony_request->expects($this->any())
+ ->method('getQueryString')
+ ->will($this->returnValue($query_string));
+ $symfony_request->expects($this->any())
+ ->method('getBasePath')
+ ->will($this->returnValue($server['REQUEST_URI']));
+ $symfony_request->expects($this->any())
+ ->method('getPathInfo')
+ ->will($this->returnValue('/'));
+ $result = \phpbb\session::extract_current_page('./');
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
$this->assertEquals($expected, $result['query_string'], $label);
@@ -41,13 +58,27 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
*/
public function test_query_string_request_uri($url, $query_string, $expected)
{
- $_SERVER['REQUEST_URI'] = $url . '?' . $query_string;
- $_SERVER['QUERY_STRING'] = $query_string;
+ global $symfony_request, $request;
- $result = session::extract_current_page('./');
+ $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
+ $request,
+ ));
+ $symfony_request->expects($this->any())
+ ->method('getScriptName')
+ ->will($this->returnValue($url));
+ $symfony_request->expects($this->any())
+ ->method('getQueryString')
+ ->will($this->returnValue($query_string));
+ $symfony_request->expects($this->any())
+ ->method('getBasePath')
+ ->will($this->returnValue($server['REQUEST_URI']));
+ $symfony_request->expects($this->any())
+ ->method('getPathInfo')
+ ->will($this->returnValue('/'));
+
+ $result = \phpbb\session::extract_current_page('./');
$label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
$this->assertEquals($expected, $result['query_string'], $label);
}
}
-
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-04 15:43:25 +0000