From 01fe91c5c4e897801f5c179cd4060e686762f105 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Mon, 10 Jan 2011 00:18:37 +0100 Subject: [ticket/9987] Rename test files to include a _test suffix PHPBB3-9987 --- tests/security/extract_current_page.php | 53 ------------------------ tests/security/extract_current_page_test.php | 53 ++++++++++++++++++++++++ tests/security/redirect.php | 60 ---------------------------- tests/security/redirect_test.php | 60 ++++++++++++++++++++++++++++ 4 files changed, 113 insertions(+), 113 deletions(-) delete mode 100644 tests/security/extract_current_page.php create mode 100644 tests/security/extract_current_page_test.php delete mode 100644 tests/security/redirect.php create mode 100644 tests/security/redirect_test.php (limited to 'tests/security') diff --git a/tests/security/extract_current_page.php b/tests/security/extract_current_page.php deleted file mode 100644 index ff0ab4d1bb..0000000000 --- a/tests/security/extract_current_page.php +++ /dev/null @@ -1,53 +0,0 @@ -', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), - array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), - ); - } - - /** - * @dataProvider security_variables - */ - public function test_query_string_php_self($url, $query_string, $expected) - { - $_SERVER['PHP_SELF'] = $url; - $_SERVER['QUERY_STRING'] = $query_string; - - $result = session::extract_current_page('./'); - - $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; - $this->assertEquals($expected, $result['query_string'], $label); - } - - /** - * @dataProvider security_variables - */ - public function test_query_string_request_uri($url, $query_string, $expected) - { - $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; - $_SERVER['QUERY_STRING'] = $query_string; - - $result = session::extract_current_page('./'); - - $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.'; - $this->assertEquals($expected, $result['query_string'], $label); - } -} - diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php new file mode 100644 index 0000000000..ff0ab4d1bb --- /dev/null +++ b/tests/security/extract_current_page_test.php @@ -0,0 +1,53 @@ +', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + ); + } + + /** + * @dataProvider security_variables + */ + public function test_query_string_php_self($url, $query_string, $expected) + { + $_SERVER['PHP_SELF'] = $url; + $_SERVER['QUERY_STRING'] = $query_string; + + $result = session::extract_current_page('./'); + + $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; + $this->assertEquals($expected, $result['query_string'], $label); + } + + /** + * @dataProvider security_variables + */ + public function test_query_string_request_uri($url, $query_string, $expected) + { + $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; + $_SERVER['QUERY_STRING'] = $query_string; + + $result = session::extract_current_page('./'); + + $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.'; + $this->assertEquals($expected, $result['query_string'], $label); + } +} + diff --git a/tests/security/redirect.php b/tests/security/redirect.php deleted file mode 100644 index c53414e7df..0000000000 --- a/tests/security/redirect.php +++ /dev/null @@ -1,60 +0,0 @@ - redirect(), expected triggered error (else false), expected returned result url (else false)) - return array( - array('data://x', false, 'http://localhost/phpBB'), - array('bad://localhost/phpBB/index.php', 'Tried to redirect to potentially insecure url.', false), - array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'), - array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false), - array('javascript:test', false, 'http://localhost/phpBB/../javascript:test'), - array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false), - ); - } - - protected function setUp() - { - parent::setUp(); - - $GLOBALS['config'] = array( - 'force_server_vars' => '0', - ); - } - - /** - * @dataProvider provider - */ - public function test_redirect($test, $expected_error, $expected_result) - { - global $user; - - if ($expected_error !== false) - { - $this->setExpectedTriggerError(E_USER_ERROR, $expected_error); - } - - $result = redirect($test, true); - - // only verify result if we did not expect an error - if ($expected_error === false) - { - $this->assertEquals($expected_result, $result); - } - } -} - diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php new file mode 100644 index 0000000000..c53414e7df --- /dev/null +++ b/tests/security/redirect_test.php @@ -0,0 +1,60 @@ + redirect(), expected triggered error (else false), expected returned result url (else false)) + return array( + array('data://x', false, 'http://localhost/phpBB'), + array('bad://localhost/phpBB/index.php', 'Tried to redirect to potentially insecure url.', false), + array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'), + array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false), + array('javascript:test', false, 'http://localhost/phpBB/../javascript:test'), + array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false), + ); + } + + protected function setUp() + { + parent::setUp(); + + $GLOBALS['config'] = array( + 'force_server_vars' => '0', + ); + } + + /** + * @dataProvider provider + */ + public function test_redirect($test, $expected_error, $expected_result) + { + global $user; + + if ($expected_error !== false) + { + $this->setExpectedTriggerError(E_USER_ERROR, $expected_error); + } + + $result = redirect($test, true); + + // only verify result if we did not expect an error + if ($expected_error === false) + { + $this->assertEquals($expected_result, $result); + } + } +} + -- cgit v1.2.1