diff options
Diffstat (limited to 'tests/security')
| -rw-r--r-- | tests/security/base.php | 36 | ||||
| -rw-r--r-- | tests/security/extract_current_page_test.php | 16 | ||||
| -rw-r--r-- | tests/security/redirect_test.php | 3 |
3 files changed, 33 insertions, 22 deletions
diff --git a/tests/security/base.php b/tests/security/base.php index db9c884cf4..4b259a2aac 100644 --- a/tests/security/base.php +++ b/tests/security/base.php @@ -7,6 +7,8 @@ * */ +require_once dirname(__FILE__) . '/../mock/request.php'; + abstract class phpbb_security_test_base extends phpbb_test_case { /** @@ -14,20 +16,20 @@ abstract class phpbb_security_test_base extends phpbb_test_case */ protected function setUp() { - global $user, $phpbb_root_path; + global $user, $phpbb_root_path, $request; // Put this into a global function being run by every test to init a proper user session - $_SERVER['HTTP_HOST'] = 'localhost'; - $_SERVER['SERVER_NAME'] = 'localhost'; - $_SERVER['SERVER_ADDR'] = '127.0.0.1'; - $_SERVER['SERVER_PORT'] = 80; - $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; - $_SERVER['QUERY_STRING'] = ''; - $_SERVER['REQUEST_URI'] = '/tests/'; - $_SERVER['SCRIPT_NAME'] = '/tests/index.php'; - $_SERVER['PHP_SELF'] = '/tests/index.php'; - $_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; - $_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; + $server['HTTP_HOST'] = 'localhost'; + $server['SERVER_NAME'] = 'localhost'; + $server['SERVER_ADDR'] = '127.0.0.1'; + $server['SERVER_PORT'] = 80; + $server['REMOTE_ADDR'] = '127.0.0.1'; + $server['QUERY_STRING'] = ''; + $server['REQUEST_URI'] = '/tests/'; + $server['SCRIPT_NAME'] = '/tests/index.php'; + $server['PHP_SELF'] = '/tests/index.php'; + $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; + $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; /* [HTTP_ACCEPT_ENCODING] => gzip,deflate @@ -36,13 +38,15 @@ abstract class phpbb_security_test_base extends phpbb_test_case [SCRIPT_FILENAME] => /var/www/tests/index.php */ + $request = new phpbb_mock_request(array(), array(), array(), $server); + // Set no user and trick a bit to circumvent errors $user = new user(); $user->lang = true; - $user->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; - $user->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; - $user->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; - $user->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + $user->browser = $server['HTTP_USER_AGENT']; + $user->referer = ''; + $user->forwarded_for = ''; + $user->host = $server['HTTP_HOST']; $user->page = session::extract_current_page($phpbb_root_path); } diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 71c7a3a397..34c7b52f49 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -27,8 +27,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_php_self($url, $query_string, $expected) { - $_SERVER['PHP_SELF'] = $url; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; + + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); $result = session::extract_current_page('./'); @@ -41,8 +45,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_request_uri($url, $query_string, $expected) { - $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; + + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); $result = session::extract_current_page('./'); diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php index 70ba8527b1..76347d309f 100644 --- a/tests/security/redirect_test.php +++ b/tests/security/redirect_test.php @@ -30,7 +30,7 @@ class phpbb_security_redirect_test extends phpbb_security_test_base protected function setUp() { parent::setUp(); - + $GLOBALS['config'] = array( 'force_server_vars' => '0', ); @@ -57,4 +57,3 @@ class phpbb_security_redirect_test extends phpbb_security_test_base } } } - |