diff options
| author |   Igor Wiedler <igor@wiedler.ch> | 2011-07-13 19:20:16 +0200 |
|---|---|---|
| committer | Igor Wiedler <igor@wiedler.ch> | 2011-07-15 22:34:24 +0200 |
| commit | 0bf6966c5228d446c4f0d3862619db0f619c7369 (patch) | |
| tree | 3f8adfb570262a9296e7a4fdb191804bfde7a4c0 /tests | |
| parent | Merge branch 'develop-olympus' into develop (diff) | |
| download | phpbb-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.gz phpbb-0bf6966c5228d446c4f0d3862619db0f619c7369.tar.bz2 phpbb-0bf6966c5228d446c4f0d3862619db0f619c7369.zip | |
[feature/request-class] Add server(), header() and is_ajax() to request
Extend the request class with helpers for reading server vars (server())
and HTTP request headers (header()). Refactor the existing code base
to make use of these helpers, make $_SERVER a deactivated super global.
Also introduce an is_ajax() method, which checks the X-Requested-With
header for the value 'XMLHttpRequest', which is sent by JavaScript
libraries, such as jQuery.
PHPBB3-9716
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/bbcode/url_bbcode_test.php | 4 | ||||
| -rw-r--r-- | tests/download/http_byte_range_test.php | 12 | ||||
| -rw-r--r-- | tests/mock/request.php | 35 | ||||
| -rw-r--r-- | tests/request/request_test.php | 15 | ||||
| -rw-r--r-- | tests/request/type_cast_helper_test.php | 10 | ||||
| -rw-r--r-- | tests/security/base.php | 36 | ||||
| -rw-r--r-- | tests/security/extract_current_page_test.php | 16 |
7 files changed, 100 insertions, 28 deletions
diff --git a/tests/bbcode/url_bbcode_test.php b/tests/bbcode/url_bbcode_test.php index cd85dbd0d9..68c97ede50 100644 --- a/tests/bbcode/url_bbcode_test.php +++ b/tests/bbcode/url_bbcode_test.php @@ -12,6 +12,7 @@ require_once dirname(__FILE__) . '/../../phpBB/includes/functions_content.php'; require_once dirname(__FILE__) . '/../../phpBB/includes/bbcode.php'; require_once dirname(__FILE__) . '/../../phpBB/includes/message_parser.php'; require_once dirname(__FILE__) . '/../mock_user.php'; +require_once dirname(__FILE__) . '/../mock/request.php'; class phpbb_url_bbcode_test extends phpbb_test_case { @@ -51,8 +52,9 @@ class phpbb_url_bbcode_test extends phpbb_test_case */ public function test_url($description, $message, $expected) { - global $user; + global $user, $request; $user = new phpbb_mock_user; + $request = new phpbb_mock_request; $bbcode = new bbcode_firstpass(); $bbcode->message = $message; diff --git a/tests/download/http_byte_range_test.php b/tests/download/http_byte_range_test.php index ba2caee192..36cbcab0b0 100644 --- a/tests/download/http_byte_range_test.php +++ b/tests/download/http_byte_range_test.php @@ -8,23 +8,27 @@ */ require_once dirname(__FILE__) . '/../../phpBB/includes/functions_download.php'; +require_once dirname(__FILE__) . '/../mock/request.php'; class phpbb_download_http_byte_range_test extends phpbb_test_case { public function test_find_range_request() { // Missing 'bytes=' prefix - $_SERVER['HTTP_RANGE'] = 'bztes='; + $GLOBALS['request'] = new phpbb_mock_request(); + $GLOBALS['request']->set_header('Range', 'bztes='); $this->assertEquals(false, phpbb_find_range_request()); - unset($_SERVER['HTTP_RANGE']); + unset($GLOBALS['request']); + $GLOBALS['request'] = new phpbb_mock_request(); $_ENV['HTTP_RANGE'] = 'bztes='; $this->assertEquals(false, phpbb_find_range_request()); unset($_ENV['HTTP_RANGE']); - $_SERVER['HTTP_RANGE'] = 'bytes=0-0,123-125'; + $GLOBALS['request'] = new phpbb_mock_request(); + $GLOBALS['request']->set_header('Range', 'bytes=0-0,123-125'); $this->assertEquals(array('0-0', '123-125'), phpbb_find_range_request()); - unset($_SERVER['HTTP_RANGE']); + unset($GLOBALS['request']); } /** diff --git a/tests/mock/request.php b/tests/mock/request.php index da4015e78b..63f3f820ba 100644 --- a/tests/mock/request.php +++ b/tests/mock/request.php @@ -11,12 +11,13 @@ class phpbb_mock_request implements phpbb_request_interface { protected $data; - public function __construct($get = array(), $post = array(), $cookie = array(), $request = false) + public function __construct($get = array(), $post = array(), $cookie = array(), $server = array(), $request = false) { $this->data[phpbb_request_interface::GET] = $get; $this->data[phpbb_request_interface::POST] = $post; $this->data[phpbb_request_interface::COOKIE] = $cookie; $this->data[phpbb_request_interface::REQUEST] = ($request === false) ? $post + $get : $request; + $this->data[phpbb_request_interface::SERVER] = $server; } public function overwrite($var_name, $value, $super_global = phpbb_request_interface::REQUEST) @@ -24,11 +25,23 @@ class phpbb_mock_request implements phpbb_request_interface $this->data[$super_global][$var_name] = $value; } - public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST) + public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST, $html_encode = true) { return isset($this->data[$super_global][$var_name]) ? $this->data[$super_global][$var_name] : $default; } + public function server($var_name, $default = '', $html_encode = false) + { + $super_global = phpbb_request_interface::SERVER; + return isset($this->data[$super_global][$var_name]) ? $this->data[$super_global][$var_name] : $default; + } + + public function header($header_name, $default = '', $html_encode = false) + { + $var_name = 'HTTP_'.str_replace('-', '_', strtoupper($header_name)); + return $this->server($var_name, $default, $html_encode); + } + public function is_set_post($name) { return $this->is_set($name, phpbb_request_interface::POST); @@ -39,8 +52,26 @@ class phpbb_mock_request implements phpbb_request_interface return isset($this->data[$super_global][$var]); } + public function is_ajax() + { + return false; + } + public function variable_names($super_global = phpbb_request_interface::REQUEST) { return array_keys($this->data[$super_global]); } + + /* custom methods */ + + public function set_header($header_name, $value) + { + $var_name = 'HTTP_'.str_replace('-', '_', strtoupper($header_name)); + $this->data[phpbb_request_interface::SERVER][$var_name] = $value; + } + + public function merge($super_global = phpbb_request_interface::REQUEST, $values) + { + $this->data[$super_global] = array_merge($this->data[$super_global], $values); + } } diff --git a/tests/request/request_test.php b/tests/request/request_test.php index 203c9fd880..9999e88121 100644 --- a/tests/request/request_test.php +++ b/tests/request/request_test.php @@ -23,7 +23,6 @@ class phpbb_request_test extends phpbb_test_case $_GET['unset'] = ''; $this->type_cast_helper = $this->getMock('phpbb_request_type_cast_helper_interface'); - $this->request = new phpbb_request($this->type_cast_helper); } @@ -60,6 +59,20 @@ class phpbb_request_test extends phpbb_test_case $this->assertFalse($this->request->is_set_post('unset')); } + public function test_is_ajax_without_ajax() + { + $this->assertFalse($this->request->is_ajax()); + } + + public function test_is_ajax_with_ajax() + { + $this->request->enable_super_globals(); + $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; + $this->request = new phpbb_request($this->type_cast_helper); + + $this->assertTrue($this->request->is_ajax()); + } + public function test_variable_names() { $expected = array('test', 'unset'); diff --git a/tests/request/type_cast_helper_test.php b/tests/request/type_cast_helper_test.php index 06cf2e1bf6..0103c51561 100644 --- a/tests/request/type_cast_helper_test.php +++ b/tests/request/type_cast_helper_test.php @@ -48,4 +48,14 @@ class phpbb_type_cast_helper_test extends phpbb_test_case $this->assertEquals($expected, $data); } + + public function test_simple_set_var_without_html_encoding() + { + $data = 'eviL<3'; + $expected = 'eviL<3'; + + $this->type_cast_helper->recursive_set_var($data, '', true, false); + + $this->assertEquals($expected, $data); + } } diff --git a/tests/security/base.php b/tests/security/base.php index db9c884cf4..4b259a2aac 100644 --- a/tests/security/base.php +++ b/tests/security/base.php @@ -7,6 +7,8 @@ * */ +require_once dirname(__FILE__) . '/../mock/request.php'; + abstract class phpbb_security_test_base extends phpbb_test_case { /** @@ -14,20 +16,20 @@ abstract class phpbb_security_test_base extends phpbb_test_case */ protected function setUp() { - global $user, $phpbb_root_path; + global $user, $phpbb_root_path, $request; // Put this into a global function being run by every test to init a proper user session - $_SERVER['HTTP_HOST'] = 'localhost'; - $_SERVER['SERVER_NAME'] = 'localhost'; - $_SERVER['SERVER_ADDR'] = '127.0.0.1'; - $_SERVER['SERVER_PORT'] = 80; - $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; - $_SERVER['QUERY_STRING'] = ''; - $_SERVER['REQUEST_URI'] = '/tests/'; - $_SERVER['SCRIPT_NAME'] = '/tests/index.php'; - $_SERVER['PHP_SELF'] = '/tests/index.php'; - $_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; - $_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; + $server['HTTP_HOST'] = 'localhost'; + $server['SERVER_NAME'] = 'localhost'; + $server['SERVER_ADDR'] = '127.0.0.1'; + $server['SERVER_PORT'] = 80; + $server['REMOTE_ADDR'] = '127.0.0.1'; + $server['QUERY_STRING'] = ''; + $server['REQUEST_URI'] = '/tests/'; + $server['SCRIPT_NAME'] = '/tests/index.php'; + $server['PHP_SELF'] = '/tests/index.php'; + $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; + $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; /* [HTTP_ACCEPT_ENCODING] => gzip,deflate @@ -36,13 +38,15 @@ abstract class phpbb_security_test_base extends phpbb_test_case [SCRIPT_FILENAME] => /var/www/tests/index.php */ + $request = new phpbb_mock_request(array(), array(), array(), $server); + // Set no user and trick a bit to circumvent errors $user = new user(); $user->lang = true; - $user->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; - $user->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; - $user->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; - $user->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + $user->browser = $server['HTTP_USER_AGENT']; + $user->referer = ''; + $user->forwarded_for = ''; + $user->host = $server['HTTP_HOST']; $user->page = session::extract_current_page($phpbb_root_path); } diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 71c7a3a397..34c7b52f49 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -27,8 +27,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_php_self($url, $query_string, $expected) { - $_SERVER['PHP_SELF'] = $url; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; + + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); $result = session::extract_current_page('./'); @@ -41,8 +45,12 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base */ public function test_query_string_request_uri($url, $query_string, $expected) { - $_SERVER['REQUEST_URI'] = $url . '?' . $query_string; - $_SERVER['QUERY_STRING'] = $query_string; + global $request; + + $request->merge(phpbb_request_interface::SERVER, array( + 'PHP_SELF' => $url, + 'QUERY_STRING' => $query_string, + )); $result = session::extract_current_page('./'); |