From 7591a84c0d66a64fb0ec2b77f785f7e83088ceaf Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 3 Jun 2008 16:15:01 +0000 Subject: two new tests, added security suite and fixed utf8 tests. git-svn-id: file:///svn/phpbb/trunk@8584 89ea8834-ac86-4346-8a33-228a782c2dd0 --- tests/security/extract_current_page.php | 57 +++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 tests/security/extract_current_page.php (limited to 'tests/security/extract_current_page.php') diff --git a/tests/security/extract_current_page.php b/tests/security/extract_current_page.php new file mode 100644 index 0000000000..4048a6303c --- /dev/null +++ b/tests/security/extract_current_page.php @@ -0,0 +1,57 @@ +', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + ); + } + + /** + * @dataProvider security_variables + */ + public function test_query_string_php_self($url, $query_string, $expected) + { + $_SERVER['PHP_SELF'] = $url; + $_SERVER['QUERY_STRING'] = $query_string; + + $result = session::extract_current_page('./'); + + $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; + $this->assertEquals($expected, $result['query_string'], $label); + } + + /** + * @dataProvider security_variables + */ + public function test_query_string_request_uri($url, $query_string, $expected) + { + $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; + $_SERVER['QUERY_STRING'] = $query_string; + + $result = session::extract_current_page('./'); + + $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.'; + $this->assertEquals($expected, $result['query_string'], $label); + } +} + +?> \ No newline at end of file -- cgit v1.2.1