diff options
Diffstat (limited to 'tests/security')
| -rw-r--r-- | tests/security/base.php | 4 | ||||
| -rw-r--r-- | tests/security/extract_current_page_test.php | 2 | ||||
| -rw-r--r-- | tests/security/hash_test.php | 8 |
3 files changed, 11 insertions, 3 deletions
diff --git a/tests/security/base.php b/tests/security/base.php index c7dbbb550a..26f267745c 100644 --- a/tests/security/base.php +++ b/tests/security/base.php @@ -55,13 +55,13 @@ abstract class phpbb_security_test_base extends phpbb_test_case $phpbb_filesystem = new phpbb_filesystem($symfony_request, $phpbb_root_path, $phpEx); // Set no user and trick a bit to circumvent errors - $user = new phpbb_user(); + $user = new \phpbb\user(); $user->lang = true; $user->browser = $server['HTTP_USER_AGENT']; $user->referer = ''; $user->forwarded_for = ''; $user->host = $server['HTTP_HOST']; - $user->page = phpbb_session::extract_current_page($phpbb_root_path); + $user->page = \phpbb\session::extract_current_page($phpbb_root_path); } protected function tearDown() diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 2c69e7955b..a7560f0d15 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -72,7 +72,7 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base ->method('getPathInfo') ->will($this->returnValue('/')); - $result = phpbb_session::extract_current_page('./'); + $result = \phpbb\session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.'; $this->assertEquals($expected, $result['query_string'], $label); diff --git a/tests/security/hash_test.php b/tests/security/hash_test.php index 0c2580c19b..e226365ef3 100644 --- a/tests/security/hash_test.php +++ b/tests/security/hash_test.php @@ -17,5 +17,13 @@ class phpbb_security_hash_test extends phpbb_test_case $this->assertTrue(phpbb_check_hash('test', '$P$9isfrtKXWqrz8PvztXlL3.daw4U0zI1')); $this->assertFalse(phpbb_check_hash('foo', '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1')); } + + public function test_check_hash_with_large_input() + { + // 16 MB password, should be rejected quite fast + $start_time = time(); + $this->assertFalse(phpbb_check_hash(str_repeat('a', 1024 * 1024 * 16), '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1')); + $this->assertLessThanOrEqual(5, time() - $start_time); + } } |