From 59f489c01f63d76ae879b2e25b8fad1b5a82a3dc Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sun, 21 Jul 2019 16:03:19 +0200
Subject: [ticket/security/244] Add missing form parameters to tests

SECURITY-244
---
 tests/functional/fileupload_form_test.php |  9 ++++++++-
 tests/functional/plupload_test.php        | 14 ++++++++++----
 2 files changed, 18 insertions(+), 5 deletions(-)

(limited to 'tests/functional')

diff --git a/tests/functional/fileupload_form_test.php b/tests/functional/fileupload_form_test.php
index b0780172ff..ff9450be0d 100644
--- a/tests/functional/fileupload_form_test.php
+++ b/tests/functional/fileupload_form_test.php
@@ -46,6 +46,13 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case
 
 	private function upload_file($filename, $mimetype)
 	{
+		$crawler = self::$client->request(
+			'GET',
+			'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid
+		);
+
+		$file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid));
+
 		$file = array(
 			'tmp_name' => $this->path . $filename,
 			'name' => $filename,
@@ -57,7 +64,7 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case
 		$crawler = self::$client->request(
 			'POST',
 			'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid,
-			array('add_file' => $this->lang('ADD_FILE')),
+			$file_form_data,
 			array('fileupload' => $file)
 		);
 
diff --git a/tests/functional/plupload_test.php b/tests/functional/plupload_test.php
index 9d284a7e57..4ab1c8e9e5 100644
--- a/tests/functional/plupload_test.php
+++ b/tests/functional/plupload_test.php
@@ -76,6 +76,10 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
 		$chunk_size = ceil(filesize($this->path . 'valid.jpg') / self::CHUNKS);
 		$handle = fopen($this->path . 'valid.jpg', 'rb');
 
+		$crawler = self::$client->request('POST', $url . '&sid=' . $this->sid);
+
+		$file_form_data = $this->get_hidden_fields($crawler, $url);
+
 		for ($i = 0; $i < self::CHUNKS; $i++)
 		{
 			$chunk = fread($handle, $chunk_size);
@@ -94,13 +98,13 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
 			$crawler = self::$client->request(
 				'POST',
 				$url . '&sid=' . $this->sid,
-				array(
+				array_merge(array(
 					'chunk' => $i,
 					'chunks' => self::CHUNKS,
 					'name' => md5('valid') . '.jpg',
 					'real_filename' => 'valid.jpg',
 					'add_file' => $this->lang('ADD_FILE'),
-				),
+				), $file_form_data),
 				array('fileupload' => $file),
 				array('X-PHPBB-USING-PLUPLOAD' => '1')
 			);
@@ -134,17 +138,19 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
 			'error' => UPLOAD_ERR_OK,
 		);
 
+		$file_form_data = $this->get_hidden_fields(null, $url);
+
 		self::$client->setServerParameter('HTTP_X_PHPBB_USING_PLUPLOAD', '1');
 		self::$client->request(
 			'POST',
 			$url . '&sid=' . $this->sid,
-			array(
+			array_merge(array(
 				'chunk' => '0',
 				'chunks' => '1',
 				'name' => md5('valid') . '.jpg',
 				'real_filename' => 'valid.jpg',
 				'add_file' => $this->lang('ADD_FILE'),
-			),
+			), $file_form_data),
 			array('fileupload' => $file)
 		);
 
-- 
cgit v1.2.1


From 88d94a7c1992e43dd8300ba41352e36d3d2c6381 Mon Sep 17 00:00:00 2001
From: v12mike <v12mike@ingenious.co.nz>
Date: Sun, 8 Sep 2019 14:23:09 -0400
Subject: [ticket/16150] Make post subject links reliable

Change links that were relative to topic page into absolute links.
Update related test cases.

PHPBB3-16150
---
 tests/functional/download_test.php              | 2 +-
 tests/functional/feed_test.php                  | 6 +++---
 tests/functional/posting_test.php               | 4 ++--
 tests/functional/prune_shadow_topic_test.php    | 2 +-
 tests/functional/visibility_softdelete_test.php | 4 ++--
 5 files changed, 9 insertions(+), 9 deletions(-)

(limited to 'tests/functional')

diff --git a/tests/functional/download_test.php b/tests/functional/download_test.php
index e2f1d065be..3d4f316d72 100644
--- a/tests/functional/download_test.php
+++ b/tests/functional/download_test.php
@@ -55,7 +55,7 @@ class phpbb_functional_download_test extends phpbb_functional_test_case
 
 		// Test creating a reply
 		$post2 = $this->create_post($this->data['forums']['Download #1'], $post['topic_id'], 'Re: Download Topic #1-#2', 'This is a test post posted by the testing framework.', array('upload_files' => 1));
-		$crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}");
+		$crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}");
 
 		$this->assertContains('Re: Download Topic #1-#2', $crawler->filter('html')->text());
 		$this->data['posts']['Re: Download Topic #1-#2'] = (int) $post2['post_id'];
diff --git a/tests/functional/feed_test.php b/tests/functional/feed_test.php
index 3792b0a23c..725a44ae5e 100644
--- a/tests/functional/feed_test.php
+++ b/tests/functional/feed_test.php
@@ -337,7 +337,7 @@ class phpbb_functional_feed_test extends phpbb_functional_test_case
 
 		// Test creating a reply
 		$post2 = $this->create_post($this->data['forums']['Feeds #news'], $post['topic_id'], 'Re: Feeds #news - Topic #2', 'This is a test post posted by the testing framework.');
-		$crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}");
+		$crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}");
 
 		self::assertContains('Re: Feeds #news - Topic #2', $crawler->filter('html')->text());
 		$this->data['posts']['Re: Feeds #news - Topic #2'] = (int) $post2['post_id'];
@@ -493,7 +493,7 @@ class phpbb_functional_feed_test extends phpbb_functional_test_case
 
 		// Test creating a reply
 		$post2 = $this->create_post($this->data['forums']['Feeds #1'], $post['topic_id'], 'Re: Feeds #1 - Topic #2', 'This is a test post posted by the testing framework.');
-		$crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}");
+		$crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}");
 
 		self::assertContains('Re: Feeds #1 - Topic #2', $crawler->filter('html')->text());
 		$this->data['posts']['Re: Feeds #1 - Topic #2'] = (int) $post2['post_id'];
@@ -1222,7 +1222,7 @@ class phpbb_functional_feed_test extends phpbb_functional_test_case
 
 		// Test creating a reply with 1 missing attachment
 		$post2 = $this->create_post($this->data['forums']['Feeds #1'], $this->data['topics']['Feeds #1 - Topic #3'], 'Re: Feeds #1 - Topic #3-1', 'This is a test post posted by the testing framework. [attachment=0]Attachment #0[/attachment]');
-		$crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}");
+		$crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}");
 
 		self::assertContains('Re: Feeds #1 - Topic #3-1', $crawler->filter('html')->text());
 		$this->data['posts']['Re: Feeds #1 - Topic #3-1'] = (int) $post2['post_id'];
diff --git a/tests/functional/posting_test.php b/tests/functional/posting_test.php
index 764376a945..7150f20a9d 100644
--- a/tests/functional/posting_test.php
+++ b/tests/functional/posting_test.php
@@ -29,7 +29,7 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case
 		// Test creating a reply with bbcode
 		$post2 = $this->create_post(2, $post['topic_id'], 'Re: Test Topic 1', 'This is a test [b]post[/b] posted by the testing framework.');
 
-		$crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}");
+		$crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}");
 		$this->assertContains('This is a test post posted by the testing framework.', $crawler->filter('html')->text());
 
 		// Test quoting a message
@@ -161,7 +161,7 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case
 		{
 			$this->set_quote_depth($quote_depth);
 
-			$post = $this->create_post(2, $topic['topic_id'], 'Re: Test Topic 1', $text);
+			$post = $this->create_post(2, $topic['topic_id'], "Re: Test Topic 1#$quote_depth", $text);
 			$url  = "viewtopic.php?p={$post['post_id']}&sid={$this->sid}";
 
 			$crawler = self::request('GET', $url);
diff --git a/tests/functional/prune_shadow_topic_test.php b/tests/functional/prune_shadow_topic_test.php
index c014119b98..2bf0280d62 100644
--- a/tests/functional/prune_shadow_topic_test.php
+++ b/tests/functional/prune_shadow_topic_test.php
@@ -77,7 +77,7 @@ class phpbb_functional_prune_shadow_topic_test extends phpbb_functional_test_cas
 
 		// Test creating a reply
 		$post2 = $this->create_post($this->data['forums']['Prune Shadow'], $this->post['topic_id'], 'Re: Prune Shadow #1-#2', 'This is a test post posted by the testing framework.');
-		$crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}");
+		$crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}");
 
 		$this->assertContains('Re: Prune Shadow #1-#2', $crawler->filter('html')->text());
 		$this->data['posts']['Re: Prune Shadow #1-#2'] = (int) $post2['post_id'];
diff --git a/tests/functional/visibility_softdelete_test.php b/tests/functional/visibility_softdelete_test.php
index 6450c00c1e..fd994361a5 100644
--- a/tests/functional/visibility_softdelete_test.php
+++ b/tests/functional/visibility_softdelete_test.php
@@ -97,7 +97,7 @@ class phpbb_functional_visibility_softdelete_test extends phpbb_functional_test_
 
 		// Test creating a reply
 		$post2 = $this->create_post($this->data['forums']['Soft Delete #1'], $post['topic_id'], 'Re: Soft Delete Topic #1-#2', 'This is a test post posted by the testing framework.');
-		$crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}");
+		$crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}");
 
 		$this->assertContains('Re: Soft Delete Topic #1-#2', $crawler->filter('html')->text());
 		$this->data['posts']['Re: Soft Delete Topic #1-#2'] = (int) $post2['post_id'];
@@ -114,7 +114,7 @@ class phpbb_functional_visibility_softdelete_test extends phpbb_functional_test_
 
 		// Test creating another reply
 		$post3 = $this->create_post($this->data['forums']['Soft Delete #1'], $post['topic_id'], 'Re: Soft Delete Topic #1-#3', 'This is another test post posted by the testing framework.');
-		$crawler = self::request('GET', "viewtopic.php?t={$post3['topic_id']}&sid={$this->sid}");
+		$crawler = self::request('GET', "viewtopic.php?p={$post3['post_id']}&sid={$this->sid}");
 
 		$this->assertContains('Re: Soft Delete Topic #1-#3', $crawler->filter('html')->text());
 		$this->data['posts']['Re: Soft Delete Topic #1-#3'] = (int) $post3['post_id'];
-- 
cgit v1.2.1