Merge branch 'develop' of github.com:phpbb/phpbb3 into ticket/11850

# By Nils Adermann (68) and others # Via Andreas Fischer (12) and others * 'develop' of github.com:phpbb/phpbb3: (102 commits) [ticket/11876] Replace MD5 with SHA256. [ticket/11876] Move checksum generation from build PHP files to phing build.xml [develop-olympus] Build against 3.0.12 instead of 3.0.12-RC3. Tag exists now. [prep-release-3.0.12] Update changelog for 3.0.12 release. [ticket/11873] Add unit test for large password input. [ticket/11873] Do not hash very large passwords in order to safe resources. [ticket/11862] Correct var names in user_delete() events due to prune-users [develop-olympus] Use 3.0.13-dev as build version. Use latest 3.0.12 RC tag. [prep-release-3.0.12] Bumping version number for 3.0.12 final. [ticket/11852] Add class file [ticket/11852] Move tests to folder with new class name [ticket/11852] Split filesystem and path_helper into 2 classes [ticket/11868] Add @depends to test [ticket/11868] Add functional test for registration [ticket/11868] Replace phpbb_request_interface references [ticket/11866] Only single backslash in .md files [ticket/11866] Remove outdated and broken develop script [ticket/11866] More namespaces [ticket/11866] Update some occurances of phpbb_db_ to new Namespace [ticket/11865] Convert old class name to namespaced version ... Conflicts: tests/security/extract_current_page_test.php tests/session/testable_facade.php
2025-08-29 11:10:18 +02:00 · 2013-09-30 18:24:46 -05:00
parent 2ee22d4615 179f41475b
commit a6df011a10
503 changed files with 3546 additions and 2454 deletions
--- a/tests/security/base.php
+++ b/tests/security/base.php
@@ -55,13 +55,13 @@ abstract class phpbb_security_test_base extends phpbb_test_case
 		$phpbb_filesystem = new phpbb_filesystem($symfony_request, $phpbb_root_path, $phpEx);

 		// Set no user and trick a bit to circumvent errors
-		$user = new phpbb_user();
+		$user = new \phpbb\user();
 		$user->lang = true;
 		$user->browser				= $server['HTTP_USER_AGENT'];
 		$user->referer				= '';
 		$user->forwarded_for		= '';
 		$user->host					= $server['HTTP_HOST'];
-		$user->page = phpbb_session::extract_current_page($phpbb_root_path);
+		$user->page = \phpbb\session::extract_current_page($phpbb_root_path);
 	}

 	protected function tearDown()
--- a/tests/security/extract_current_page_test.php
+++ b/tests/security/extract_current_page_test.php
@@ -72,7 +72,7 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
 			->method('getPathInfo')
 			->will($this->returnValue('/'));

-		$result = phpbb_session::extract_current_page('./');
+		$result = \phpbb\session::extract_current_page('./');

 		$label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
 		$this->assertEquals($expected, $result['query_string'], $label);
--- a/tests/security/hash_test.php
+++ b/tests/security/hash_test.php
@@ -17,5 +17,13 @@ class phpbb_security_hash_test extends phpbb_test_case
 		$this->assertTrue(phpbb_check_hash('test', '$P$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
 		$this->assertFalse(phpbb_check_hash('foo', '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
 	}
+
+	public function test_check_hash_with_large_input()
+	{
+		// 16 MB password, should be rejected quite fast
+		$start_time = time();
+		$this->assertFalse(phpbb_check_hash(str_repeat('a', 1024 * 1024 * 16), '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
+		$this->assertLessThanOrEqual(5, time() - $start_time);
+	}
 }