From 01fe91c5c4e897801f5c179cd4060e686762f105 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Mon, 10 Jan 2011 00:18:37 +0100 Subject: [ticket/9987] Rename test files to include a _test suffix PHPBB3-9987 --- tests/security/extract_current_page_test.php | 53 ++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 tests/security/extract_current_page_test.php (limited to 'tests/security/extract_current_page_test.php') diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php new file mode 100644 index 0000000000..ff0ab4d1bb --- /dev/null +++ b/tests/security/extract_current_page_test.php @@ -0,0 +1,53 @@ +', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + ); + } + + /** + * @dataProvider security_variables + */ + public function test_query_string_php_self($url, $query_string, $expected) + { + $_SERVER['PHP_SELF'] = $url; + $_SERVER['QUERY_STRING'] = $query_string; + + $result = session::extract_current_page('./'); + + $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; + $this->assertEquals($expected, $result['query_string'], $label); + } + + /** + * @dataProvider security_variables + */ + public function test_query_string_request_uri($url, $query_string, $expected) + { + $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; + $_SERVER['QUERY_STRING'] = $query_string; + + $result = session::extract_current_page('./'); + + $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.'; + $this->assertEquals($expected, $result['query_string'], $label); + } +} + -- cgit v1.2.1