mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-12 01:11:15 +02:00
Code Issues Releases Wiki Activity

[feature/request-class] Make server() use the $html_encode parameter

Browse Source 
$request->server() should not auto html-escape values. header() however should.
Also introduce some tests for this behaviour.

Thanks to nn- for catching this.

PHPBB3-9716
This commit is contained in:
Igor Wiedler
2011-08-06 19:47:12 +02:00
parent d1a0dfbafb
commit 24e9fb24d1
2 changed files with 46 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/includes/request/request.php
View File

@ -261,12 +261,12 @@ class phpbb_request implements phpbb_request_interface
if ($this->is_set($var_name, phpbb_request_interface::SERVER))
{
return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER);
return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER, $html_encode);
}
else
{
$var = getenv($var_name);
$this->type_cast_helper->recursive_set_var($var, $default, $multibyte);
$this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $html_encode);
return $var;
}
}

44
tests/request/request_test.php
View File

@ -22,6 +22,10 @@ class phpbb_request_test extends phpbb_test_case
$_REQUEST['test'] = 3;
$_GET['unset'] = '';
$_SERVER['HTTP_HOST'] = 'example.com';
$_SERVER['HTTP_ACCEPT'] = 'application/json';
$_SERVER['HTTP_SOMEVAR'] = '<value>';
$this->type_cast_helper = $this->getMock('phpbb_request_type_cast_helper_interface');
$this->request = new phpbb_request($this->type_cast_helper);
}
@ -43,6 +47,46 @@ class phpbb_request_test extends phpbb_test_case
$this->assertEquals($_POST, $GLOBALS['_POST'], 'Checking whether $_POST can still be accessed via $GLOBALS[\'_POST\']');
}
public function test_server()
{
$this->assertEquals('example.com', $this->request->server('HTTP_HOST'));
}
public function test_server_escaping()
{
$this->type_cast_helper
->expects($this->once())
->method('recursive_set_var')
->with(
$this->anything(),
'',
true,
false
);
$this->request->server('HTTP_SOMEVAR');
}
public function test_header()
{
$this->assertEquals('application/json', $this->request->header('Accept'));
}
public function test_header_escaping()
{
$this->type_cast_helper
->expects($this->once())
->method('recursive_set_var')
->with(
$this->anything(),
'',
true,
true
);
$this->request->header('SOMEVAR');
}
/**
* Checks that directly accessing $_POST will trigger
* an error.