mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-08 04:18:52 +00:00
[ticket/13280] Properly format the current page and add sanitizer to tests
PHPBB3-13280
This commit is contained in:
Marc Alexander
parent
0e772afb9d
commit
6cc7da0c9c
2 changed files with 18 additions and 11 deletions
|
|
@ -43,7 +43,7 @@ class session
|
||||||
|
|
||||||
// First of all, get the request uri...
|
// First of all, get the request uri...
|
||||||
$script_name = $symfony_request->getScriptName();
|
$script_name = $symfony_request->getScriptName();
|
||||||
$args = explode('&', $symfony_request->getQueryString());
|
$args = explode('&', $symfony_request->getQueryString());
|
||||||
|
|
||||||
// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
|
// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
|
||||||
if (!$script_name)
|
if (!$script_name)
|
||||||
|
|
@ -61,8 +61,8 @@ class session
|
||||||
|
|
||||||
// Since some browser do not encode correctly we need to do this with some "special" characters...
|
// Since some browser do not encode correctly we need to do this with some "special" characters...
|
||||||
// " -> %22, ' => %27, < -> %3C, > -> %3E
|
// " -> %22, ' => %27, < -> %3C, > -> %3E
|
||||||
$find = array('"', "'", '<', '>');
|
$find = array('"', "'", '<', '>', '"', '<', '>');
|
||||||
$replace = array('%22', '%27', '%3C', '%3E');
|
$replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E');
|
||||||
|
|
||||||
foreach ($args as $key => $argument)
|
foreach ($args as $key => $argument)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -37,16 +37,16 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
|
||||||
));
|
));
|
||||||
$symfony_request->expects($this->any())
|
$symfony_request->expects($this->any())
|
||||||
->method('getScriptName')
|
->method('getScriptName')
|
||||||
->will($this->returnValue($url));
|
->will($this->returnValue($this->sanitizer($url)));
|
||||||
$symfony_request->expects($this->any())
|
$symfony_request->expects($this->any())
|
||||||
->method('getQueryString')
|
->method('getQueryString')
|
||||||
->will($this->returnValue($query_string));
|
->will($this->returnValue($this->sanitizer($query_string)));
|
||||||
$symfony_request->expects($this->any())
|
$symfony_request->expects($this->any())
|
||||||
->method('getBasePath')
|
->method('getBasePath')
|
||||||
->will($this->returnValue($server['REQUEST_URI']));
|
->will($this->returnValue($server['REQUEST_URI']));
|
||||||
$symfony_request->expects($this->any())
|
$symfony_request->expects($this->sanitizer($this->any()))
|
||||||
->method('getPathInfo')
|
->method('getPathInfo')
|
||||||
->will($this->returnValue('/'));
|
->will($this->returnValue($this->sanitizer('/')));
|
||||||
$result = \phpbb\session::extract_current_page('./');
|
$result = \phpbb\session::extract_current_page('./');
|
||||||
|
|
||||||
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
|
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
|
||||||
|
|
@ -65,20 +65,27 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
|
||||||
));
|
));
|
||||||
$symfony_request->expects($this->any())
|
$symfony_request->expects($this->any())
|
||||||
->method('getScriptName')
|
->method('getScriptName')
|
||||||
->will($this->returnValue($url));
|
->will($this->returnValue($this->sanitizer($url)));
|
||||||
$symfony_request->expects($this->any())
|
$symfony_request->expects($this->any())
|
||||||
->method('getQueryString')
|
->method('getQueryString')
|
||||||
->will($this->returnValue($query_string));
|
->will($this->returnValue($this->sanitizer($query_string)));
|
||||||
$symfony_request->expects($this->any())
|
$symfony_request->expects($this->any())
|
||||||
->method('getBasePath')
|
->method('getBasePath')
|
||||||
->will($this->returnValue($server['REQUEST_URI']));
|
->will($this->returnValue($this->sanitizer($server['REQUEST_URI'])));
|
||||||
$symfony_request->expects($this->any())
|
$symfony_request->expects($this->any())
|
||||||
->method('getPathInfo')
|
->method('getPathInfo')
|
||||||
->will($this->returnValue('/'));
|
->will($this->returnValue($this->sanitizer('/')));
|
||||||
|
|
||||||
$result = \phpbb\session::extract_current_page('./');
|
$result = \phpbb\session::extract_current_page('./');
|
||||||
|
|
||||||
$label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
|
$label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
|
||||||
$this->assertEquals($expected, $result['query_string'], $label);
|
$this->assertEquals($expected, $result['query_string'], $label);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function sanitizer($value)
|
||||||
|
{
|
||||||
|
$type_cast_helper = new \phpbb\request\type_cast_helper();
|
||||||
|
$type_cast_helper->set_var($value, $value, gettype($value), true);
|
||||||
|
return $value;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue