From 6cc7da0c9c0fc8515aad780fba5de5b3860e5d56 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 3 Nov 2014 16:07:32 +0100
Subject: [ticket/13280] Properly format the current page and add sanitizer to
 tests

PHPBB3-13280
---
 tests/security/extract_current_page_test.php | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

(limited to 'tests/security')

diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php
index 58dea68dc8..8e536ee461 100644
--- a/tests/security/extract_current_page_test.php
+++ b/tests/security/extract_current_page_test.php
@@ -37,16 +37,16 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 		));
 		$symfony_request->expects($this->any())
 			->method('getScriptName')
-			->will($this->returnValue($url));
+			->will($this->returnValue($this->sanitizer($url)));
 		$symfony_request->expects($this->any())
 			->method('getQueryString')
-			->will($this->returnValue($query_string));
+			->will($this->returnValue($this->sanitizer($query_string)));
 		$symfony_request->expects($this->any())
 			->method('getBasePath')
 			->will($this->returnValue($server['REQUEST_URI']));
-		$symfony_request->expects($this->any())
+		$symfony_request->expects($this->sanitizer($this->any()))
 			->method('getPathInfo')
-			->will($this->returnValue('/'));
+			->will($this->returnValue($this->sanitizer('/')));
 		$result = \phpbb\session::extract_current_page('./');
 
 		$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
@@ -65,20 +65,27 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 		));
 		$symfony_request->expects($this->any())
 			->method('getScriptName')
-			->will($this->returnValue($url));
+			->will($this->returnValue($this->sanitizer($url)));
 		$symfony_request->expects($this->any())
 			->method('getQueryString')
-			->will($this->returnValue($query_string));
+			->will($this->returnValue($this->sanitizer($query_string)));
 		$symfony_request->expects($this->any())
 			->method('getBasePath')
-			->will($this->returnValue($server['REQUEST_URI']));
+			->will($this->returnValue($this->sanitizer($server['REQUEST_URI'])));
 		$symfony_request->expects($this->any())
 			->method('getPathInfo')
-			->will($this->returnValue('/'));
+			->will($this->returnValue($this->sanitizer('/')));
 
 		$result = \phpbb\session::extract_current_page('./');
 
 		$label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
 		$this->assertEquals($expected, $result['query_string'], $label);
 	}
+
+	protected function sanitizer($value)
+	{
+		$type_cast_helper = new \phpbb\request\type_cast_helper();
+		$type_cast_helper->set_var($value, $value, gettype($value), true);
+		return $value;
+	}
 }
-- 
cgit v1.2.1