diff options
Diffstat (limited to 'tests/security/extract_current_page_test.php')
-rw-r--r-- | tests/security/extract_current_page_test.php | 77 |
1 files changed, 29 insertions, 48 deletions
diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 58dea68dc8..5c0369f270 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -1,15 +1,15 @@ <?php /** -* -* This file is part of the phpBB Forum Software package. -* -* @copyright (c) phpBB Limited <https://www.phpbb.com> -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ require_once dirname(__FILE__) . '/base.php'; @@ -20,33 +20,25 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base public function security_variables() { return array( - array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), - array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + array('mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), + array('mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), + array('mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), ); } /** - * @dataProvider security_variables - */ - public function test_query_string_php_self($url, $query_string, $expected) + * @dataProvider security_variables + */ + public function test_query_string_php_self($query_string, $expected) { global $symfony_request, $request; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($url)); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($query_string)); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($server['REQUEST_URI'])); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue('/')); + $this->server['REQUEST_URI'] = ''; + $this->server['QUERY_STRING'] = $query_string; + + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); + $result = \phpbb\session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; @@ -54,27 +46,16 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base } /** - * @dataProvider security_variables - */ - public function test_query_string_request_uri($url, $query_string, $expected) + * @dataProvider security_variables + */ + public function test_query_string_request_uri($query_string, $expected) { global $symfony_request, $request; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($url)); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($query_string)); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($server['REQUEST_URI'])); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue('/')); + $this->server['QUERY_STRING'] = $query_string; + + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); $result = \phpbb\session::extract_current_page('./'); |