Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
75.00% covered (warning)
75.00%
15 / 20
66.67% covered (warning)
66.67%
2 / 3
 CRAP
0.00% covered (danger)
0.00%
0 / 1
phpbb_security_extract_current_page_test
75.00% covered (warning)
75.00%
15 / 20
66.67% covered (warning)
66.67%
2 / 3
 3.14
0.00% covered (danger)
0.00%
0 / 1
 security_variables
0.00% covered (danger)
0.00%
0 / 5
0.00% covered (danger)
0.00%
0 / 1
 2
 test_query_string_php_self
100.00% covered (success)
100.00%
8 / 8
100.00% covered (success)
100.00%
1 / 1
 1
 test_query_string_request_uri
100.00% covered (success)
100.00%
7 / 7
100.00% covered (success)
100.00%
1 / 1
 1
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14require_once __DIR__ . '/base.php';
15
16
17class phpbb_security_extract_current_page_test extends phpbb_security_test_base
18{
19    public static function security_variables()
20    {
21        return array(
22            array('mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
23            array('mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
24            array('mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
25        );
26    }
27
28    /**
29    * @dataProvider security_variables
30    */
31    public function test_query_string_php_self($query_string, $expected)
32    {
33        global $symfony_request, $request;
34
35        $this->server['REQUEST_URI'] = '';
36        $this->server['QUERY_STRING'] = $query_string;
37
38        $request = new phpbb_mock_request(array(), array(), array(), $this->server);
39        $symfony_request = new \phpbb\symfony_request($request);
40
41        $result = \phpbb\session::extract_current_page('./');
42
43        $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
44        $this->assertEquals($expected, $result['query_string'], $label);
45    }
46
47    /**
48    * @dataProvider security_variables
49    */
50    public function test_query_string_request_uri($query_string, $expected)
51    {
52        global $symfony_request, $request;
53
54        $this->server['QUERY_STRING'] = $query_string;
55
56        $request = new phpbb_mock_request(array(), array(), array(), $this->server);
57        $symfony_request = new \phpbb\symfony_request($request);
58
59        $result = \phpbb\session::extract_current_page('./');
60
61        $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
62        $this->assertEquals($expected, $result['query_string'], $label);
63    }
64}