mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

[ticket/13280] Make the tests failing

Browse Source 
PHPBB3-13280
This commit is contained in:
Tristan Darricau
2014-11-12 12:16:36 +01:00
parent 6d533d2f86
commit f142ed28e4
4 changed files with 78 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
tests/security/extract_current_page_test.php
View File

@@ -1,15 +1,15 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
require_once dirname(__FILE__) . '/base.php';
@@ -20,33 +20,25 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
public function security_variables()
{
return array(
array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
array('mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
array('mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
array('mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
);
}
/**
* @dataProvider security_variables
*/
public function test_query_string_php_self($url, $query_string, $expected)
* @dataProvider security_variables
*/
public function test_query_string_php_self($query_string, $expected)
{
global $symfony_request, $request;
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
$request,
));
$symfony_request->expects($this->any())
->method('getScriptName')
->will($this->returnValue($url));
$symfony_request->expects($this->any())
->method('getQueryString')
->will($this->returnValue($query_string));
$symfony_request->expects($this->any())
->method('getBasePath')
->will($this->returnValue($server['REQUEST_URI']));
$symfony_request->expects($this->any())
->method('getPathInfo')
->will($this->returnValue('/'));
$this->server['REQUEST_URI'] = '';
$this->server['QUERY_STRING'] = $query_string;
$request = new phpbb_mock_request(array(), array(), array(), $this->server);
$symfony_request = new \phpbb\symfony_request($request);
$result = \phpbb\session::extract_current_page('./');
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
@@ -54,27 +46,16 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
}
/**
* @dataProvider security_variables
*/
public function test_query_string_request_uri($url, $query_string, $expected)
* @dataProvider security_variables
*/
public function test_query_string_request_uri($query_string, $expected)
{
global $symfony_request, $request;
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
$request,
));
$symfony_request->expects($this->any())
->method('getScriptName')
->will($this->returnValue($url));
$symfony_request->expects($this->any())
->method('getQueryString')
->will($this->returnValue($query_string));
$symfony_request->expects($this->any())
->method('getBasePath')
->will($this->returnValue($server['REQUEST_URI']));
$symfony_request->expects($this->any())
->method('getPathInfo')
->will($this->returnValue('/'));
$this->server['QUERY_STRING'] = $query_string;
$request = new phpbb_mock_request(array(), array(), array(), $this->server);
$symfony_request = new \phpbb\symfony_request($request);
$result = \phpbb\session::extract_current_page('./');