1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00

Merge branch 'ticket/security-203' into ticket/security-203-rhea

This commit is contained in:
Marc Alexander
2016-12-28 22:53:59 +01:00
4 changed files with 201 additions and 41 deletions

View File

@@ -51,8 +51,8 @@ class version_helper_remote_test extends \phpbb_test_case
public function provider_get_versions()
{
return array(
array('', false),
array('foobar', false),
array('', false, '', 'VERSIONCHECK_FAIL'),
array('foobar', false, '', 'VERSIONCHECK_FAIL'),
array('{
"stable": {
"1.0": {
@@ -93,7 +93,7 @@ class version_helper_remote_test extends \phpbb_test_case
"security": false
}
}
}', false),
}', false, '', 'VERSIONCHECK_FAIL'),
array('{
"stable": {
"1.0": {
@@ -104,26 +104,7 @@ class version_helper_remote_test extends \phpbb_test_case
"security": "<script>alert(\'foo\');</script>"
}
}
}', true, array (
'stable' => array (
'1.0' => array (
'current' => '1.0.1&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'download' => 'https://www.phpbb.com/customise/db/download/104136&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'eol' => '&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'security' => '&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
),
),
'unstable' => array (
'1.0' => array (
'current' => '1.0.1&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'download' => 'https://www.phpbb.com/customise/db/download/104136&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'eol' => '&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'security' => '&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
),
),
)),
}', false, null, 'VERSIONCHECK_INVALID_VERSION'),
array('{
"unstable": {
"1.0": {
@@ -134,25 +115,87 @@ class version_helper_remote_test extends \phpbb_test_case
"security": "<script>alert(\'foo\');</script>"
}
}
}', false, null, 'VERSIONCHECK_INVALID_VERSION'),
array('{
"unstable": {
"1.0<script>alert(\'foo\');</script>": {
"current": "1.0.1",
"download": "https://www.phpbb.com/customise/db/download/104136",
"announcement": "https://www.phpbb.com/customise/db/extension/boardrules/",
"eol": "",
"security": ""
}
}
}', false, array('stable' => array(), 'unstable' => array()), 'VERSIONCHECK_INVALID_VERSION'),
array('{
"\"\n<script>alert(\'foo\');</script>\n": "test",
"stable": {
"1.0": {
"current": "1.0.1",
"download": "https://www.phpbb.com/customise/db/download/104136",
"announcement": "https://www.phpbb.com/customise/db/extension/boardrules/",
"eol": null,
"security": false
}
}
}', true, array (
'unstable' => array (
'stable' => array (
'1.0' => array (
'current' => '1.0.1&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'download' => 'https://www.phpbb.com/customise/db/download/104136&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'eol' => '&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'security' => '&lt;script&gt;alert(\'foo\');&lt;/script&gt;',
'current' => '1.0.1',
'download' => 'https://www.phpbb.com/customise/db/download/104136',
'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/',
'eol' => NULL,
'security' => false,
),
),
'unstable' => array (
'1.0' => array (
'current' => '1.0.1',
'download' => 'https://www.phpbb.com/customise/db/download/104136',
'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/',
'eol' => NULL,
'security' => false,
),
),
'stable' => array(),
)),
array('{
"unstable": {
"1.0": {
"current": "1.0.1",
"download": "https://www.phpbb.com/customise/db/download/104136",
"announcement": "https://www.phpbb.com/customise/db/extension/boardrules/",
"eol": null,
"security": false,
"foobar": "<script>alert(\'test\');<script>"
}
}
}', true, array('stable' => array(), 'unstable' => array('1.0' => array(
'current' => '1.0.1',
'download' => 'https://www.phpbb.com/customise/db/download/104136',
'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/',
'security' => false,
))), 'VERSIONCHECK_INVALID_ENTRY'),
array('{
"unstable": {
"1.0": {
"current<script>alert(\'foo\');</script>": "1.0.1",
"download2": "https://www.phpbb.com/customise/db/download/104136",
"bannouncement": "https://www.phpbb.com/customise/db/extension/boardrules/",
"eol": null,
"security": false,
"foobar": "<script>alert(\'test\');<script>"
}
}
}', true, array('stable' => array(), 'unstable' => array('1.0' => array(
'security' => false,
))), 'VERSIONCHECK_INVALID_ENTRY'),
);
}
/**
* @dataProvider provider_get_versions
*/
public function test_get_versions($input, $valid_data, $expected_return = '')
public function test_get_versions($input, $valid_data, $expected_return = '', $expected_exception = '')
{
$this->file_downloader->set($input);
@@ -161,7 +204,7 @@ class version_helper_remote_test extends \phpbb_test_case
try {
$return = $this->version_helper->get_versions();
} catch (\phpbb\exception\runtime_exception $e) {
$this->assertEquals((string)$e->getMessage(), 'VERSIONCHECK_FAIL');
$this->assertEquals((string)$e->getMessage(), $expected_exception);
}
}
else