mirror of
https://github.com/phpbb/phpbb.git
synced 2025-02-23 19:45:10 +01:00
6d533d2f86
This reverts commit a1b58d05d158ff7afd789c1b27821e17198f8d58, reversing changes made to 0e772afb9db640e54e84cfccaddcf74f3edbb3fb. PHPBB3-13280
85 lines
2.7 KiB
PHP
85 lines
2.7 KiB
PHP
<?php
|
|
/**
|
|
*
|
|
* This file is part of the phpBB Forum Software package.
|
|
*
|
|
* @copyright (c) phpBB Limited <https://www.phpbb.com>
|
|
* @license GNU General Public License, version 2 (GPL-2.0)
|
|
*
|
|
* For full copyright and license information, please see
|
|
* the docs/CREDITS.txt file.
|
|
*
|
|
*/
|
|
|
|
require_once dirname(__FILE__) . '/base.php';
|
|
|
|
require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
|
|
|
|
class phpbb_security_extract_current_page_test extends phpbb_security_test_base
|
|
{
|
|
public function security_variables()
|
|
{
|
|
return array(
|
|
array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
|
|
array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @dataProvider security_variables
|
|
*/
|
|
public function test_query_string_php_self($url, $query_string, $expected)
|
|
{
|
|
global $symfony_request, $request;
|
|
|
|
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
|
|
$request,
|
|
));
|
|
$symfony_request->expects($this->any())
|
|
->method('getScriptName')
|
|
->will($this->returnValue($url));
|
|
$symfony_request->expects($this->any())
|
|
->method('getQueryString')
|
|
->will($this->returnValue($query_string));
|
|
$symfony_request->expects($this->any())
|
|
->method('getBasePath')
|
|
->will($this->returnValue($server['REQUEST_URI']));
|
|
$symfony_request->expects($this->any())
|
|
->method('getPathInfo')
|
|
->will($this->returnValue('/'));
|
|
$result = \phpbb\session::extract_current_page('./');
|
|
|
|
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
|
|
$this->assertEquals($expected, $result['query_string'], $label);
|
|
}
|
|
|
|
/**
|
|
* @dataProvider security_variables
|
|
*/
|
|
public function test_query_string_request_uri($url, $query_string, $expected)
|
|
{
|
|
global $symfony_request, $request;
|
|
|
|
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
|
|
$request,
|
|
));
|
|
$symfony_request->expects($this->any())
|
|
->method('getScriptName')
|
|
->will($this->returnValue($url));
|
|
$symfony_request->expects($this->any())
|
|
->method('getQueryString')
|
|
->will($this->returnValue($query_string));
|
|
$symfony_request->expects($this->any())
|
|
->method('getBasePath')
|
|
->will($this->returnValue($server['REQUEST_URI']));
|
|
$symfony_request->expects($this->any())
|
|
->method('getPathInfo')
|
|
->will($this->returnValue('/'));
|
|
|
|
$result = \phpbb\session::extract_current_page('./');
|
|
|
|
$label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
|
|
$this->assertEquals($expected, $result['query_string'], $label);
|
|
}
|
|
}
|