mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-11 03:04:09 +02:00
Merge pull request #1726 from EXreaction/ticket/11850
Fix $user->page on pages through the controller
This commit is contained in:
David King
@@ -14,7 +14,7 @@ abstract class phpbb_security_test_base extends phpbb_test_case
|
||||
*/
|
||||
protected function setUp()
|
||||
{
|
||||
global $user, $phpbb_root_path, $request;
|
||||
global $user, $phpbb_root_path, $phpEx, $request, $symfony_request, $phpbb_filesystem;
|
||||
|
||||
// Put this into a global function being run by every test to init a proper user session
|
||||
$server['HTTP_HOST'] = 'localhost';
|
||||
@@ -37,6 +37,22 @@ abstract class phpbb_security_test_base extends phpbb_test_case
|
||||
*/
|
||||
|
||||
$request = new phpbb_mock_request(array(), array(), array(), $server);
|
||||
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
|
||||
$request,
|
||||
));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getScriptName')
|
||||
->will($this->returnValue($server['SCRIPT_NAME']));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getQueryString')
|
||||
->will($this->returnValue($server['QUERY_STRING']));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getBasePath')
|
||||
->will($this->returnValue($server['REQUEST_URI']));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getPathInfo')
|
||||
->will($this->returnValue('/'));
|
||||
$phpbb_filesystem = new \phpbb\filesystem($symfony_request, $phpbb_root_path, $phpEx);
|
||||
|
||||
// Set no user and trick a bit to circumvent errors
|
||||
$user = new \phpbb\user();
|
||||
|
||||
@@ -26,13 +26,23 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
|
||||
*/
|
||||
public function test_query_string_php_self($url, $query_string, $expected)
|
||||
{
|
||||
global $request;
|
||||
global $symfony_request, $request;
|
||||
|
||||
$request->merge(\phpbb\request\request_interface::SERVER, array(
|
||||
'PHP_SELF' => $url,
|
||||
'QUERY_STRING' => $query_string,
|
||||
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
|
||||
$request,
|
||||
));
|
||||
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getScriptName')
|
||||
->will($this->returnValue($url));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getQueryString')
|
||||
->will($this->returnValue($query_string));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getBasePath')
|
||||
->will($this->returnValue($server['REQUEST_URI']));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getPathInfo')
|
||||
->will($this->returnValue('/'));
|
||||
$result = \phpbb\session::extract_current_page('./');
|
||||
|
||||
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
|
||||
@@ -44,12 +54,23 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
|
||||
*/
|
||||
public function test_query_string_request_uri($url, $query_string, $expected)
|
||||
{
|
||||
global $request;
|
||||
global $symfony_request, $request;
|
||||
|
||||
$request->merge(\phpbb\request\request_interface::SERVER, array(
|
||||
'PHP_SELF' => $url,
|
||||
'QUERY_STRING' => $query_string,
|
||||
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
|
||||
$request,
|
||||
));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getScriptName')
|
||||
->will($this->returnValue($url));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getQueryString')
|
||||
->will($this->returnValue($query_string));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getBasePath')
|
||||
->will($this->returnValue($server['REQUEST_URI']));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getPathInfo')
|
||||
->will($this->returnValue('/'));
|
||||
|
||||
$result = \phpbb\session::extract_current_page('./');
|
||||
|
||||
@@ -57,4 +78,3 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
|
||||
$this->assertEquals($expected, $result['query_string'], $label);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -24,6 +24,7 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
|
||||
'/phpBB/index.php',
|
||||
'',
|
||||
'/phpBB/',
|
||||
'/',
|
||||
array(
|
||||
'page_name' => 'index.php',
|
||||
'page_dir' => '',
|
||||
@@ -38,7 +39,8 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
|
||||
'./',
|
||||
'/phpBB/ucp.php',
|
||||
'mode=login',
|
||||
'/phpBB/ucp.php?mode=login',
|
||||
'/phpBB/',
|
||||
'/',
|
||||
array(
|
||||
'page_name' => 'ucp.php',
|
||||
'page_dir' => '',
|
||||
@@ -53,7 +55,8 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
|
||||
'./',
|
||||
'/phpBB/ucp.php',
|
||||
'mode=register',
|
||||
'/phpBB/ucp.php?mode=register',
|
||||
'/phpBB/',
|
||||
'/',
|
||||
array(
|
||||
'page_name' => 'ucp.php',
|
||||
'page_dir' => '',
|
||||
@@ -68,7 +71,8 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
|
||||
'./',
|
||||
'/phpBB/ucp.php',
|
||||
'mode=register',
|
||||
'/phpBB/ucp.php?mode=register',
|
||||
'/phpBB/',
|
||||
'/',
|
||||
array(
|
||||
'page_name' => 'ucp.php',
|
||||
'page_dir' => '',
|
||||
@@ -83,30 +87,76 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
|
||||
'./../',
|
||||
'/phpBB/adm/index.php',
|
||||
'sid=e7215d958cdd41a6fc13509bebe53e42',
|
||||
'/phpBB/adm/index.php?sid=e7215d958cdd41a6fc13509bebe53e42',
|
||||
'/phpBB/adm/',
|
||||
'/',
|
||||
array(
|
||||
'page_name' => 'index.php',
|
||||
//'page_dir' => 'adm',
|
||||
// ^-- Ignored because .. returns different directory in live vs testing
|
||||
'query_string' => '',
|
||||
'script_path' => '/phpBB/adm/',
|
||||
'root_script_path' => '/phpBB/',
|
||||
//'root_script_path' => '/phpBB/',
|
||||
//'page' => 'adm/index.php',
|
||||
'forum' => 0,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'./',
|
||||
'/phpBB/adm/app.php',
|
||||
'page=1&test=2',
|
||||
'/phpBB/',
|
||||
'/foo/bar',
|
||||
array(
|
||||
'page_name' => 'app.php/foo/bar',
|
||||
'page_dir' => '',
|
||||
'query_string' => 'page=1&test=2',
|
||||
'script_path' => '/phpBB/',
|
||||
'root_script_path' => '/phpBB/',
|
||||
'page' => 'app.php/foo/bar?page=1&test=2',
|
||||
'forum' => 0,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'./../phpBB/',
|
||||
'/test/test.php',
|
||||
'page=1&test=2',
|
||||
'/test/',
|
||||
'',
|
||||
array(
|
||||
'page_name' => 'test.php',
|
||||
//'page_dir' => '',
|
||||
'query_string' => 'page=1&test=2',
|
||||
'script_path' => '/test/',
|
||||
//'root_script_path' => '../phpBB/',
|
||||
//'page' => '../test/test.php/foo/bar?page=1&test=2',
|
||||
'forum' => 0,
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
/** @dataProvider extract_current_page_data */
|
||||
function test_extract_current_page($root_path, $php_self, $query_string, $request_uri, $expected)
|
||||
function test_extract_current_page($root_path, $getScriptName, $getQueryString, $getBasePath, $getPathInfo, $expected)
|
||||
{
|
||||
$output = $this->session_facade->extract_current_page(
|
||||
$root_path,
|
||||
$php_self,
|
||||
$query_string,
|
||||
$request_uri
|
||||
);
|
||||
global $symfony_request;
|
||||
|
||||
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
|
||||
new phpbb_mock_request(),
|
||||
));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getScriptName')
|
||||
->will($this->returnValue($getScriptName));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getQueryString')
|
||||
->will($this->returnValue($getQueryString));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getBasePath')
|
||||
->will($this->returnValue($getBasePath));
|
||||
$symfony_request->expects($this->any())
|
||||
->method('getPathInfo')
|
||||
->will($this->returnValue($getPathInfo));
|
||||
|
||||
$output = \phpbb\session::extract_current_page($root_path);
|
||||
|
||||
// This compares the result of the output.
|
||||
// Any keys that are not in the expected array are overwritten by the output (aka not checked).
|
||||
|
||||
@@ -33,21 +33,6 @@ class phpbb_session_testable_facade
|
||||
$this->session_factory = $session_factory;
|
||||
}
|
||||
|
||||
function extract_current_page(
|
||||
$root_path,
|
||||
$php_self,
|
||||
$query_string,
|
||||
$request_uri
|
||||
)
|
||||
{
|
||||
$this->session_factory->get_session($this->db);
|
||||
global $request;
|
||||
$request->overwrite('PHP_SELF', $php_self, \phpbb\request\request_interface::SERVER);
|
||||
$request->overwrite('QUERY_STRING', $query_string, \phpbb\request\request_interface::SERVER);
|
||||
$request->overwrite('REQUEST_URI', $request_uri, \phpbb\request\request_interface::SERVER);
|
||||
return \phpbb\session::extract_current_page($root_path);
|
||||
}
|
||||
|
||||
function extract_current_hostname(
|
||||
$host,
|
||||
$server_name_config,
|
||||
@@ -139,4 +124,3 @@ class phpbb_session_testable_facade
|
||||
return $session->validate_referer($check_script_path);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -19,6 +19,19 @@ abstract class phpbb_session_test_case extends phpbb_database_test_case
|
||||
function setUp()
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
global $symfony_request, $phpbb_filesystem, $phpbb_path_helper, $request, $phpbb_root_path, $phpEx;
|
||||
$symfony_request = new \phpbb\symfony_request(
|
||||
new phpbb_mock_request()
|
||||
);
|
||||
$phpbb_filesystem = new \phpbb\filesystem();
|
||||
$phpbb_path_helper = new \phpbb\path_helper(
|
||||
$symfony_request,
|
||||
$phpbb_filesystem,
|
||||
$phpbb_root_path,
|
||||
$phpEx
|
||||
);
|
||||
|
||||
$this->session_factory = new phpbb_session_testable_factory;
|
||||
$this->db = $this->new_dbal();
|
||||
$this->session_facade =
|
||||
|
||||
Reference in New Issue
Block a user