Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
50.00% covered (danger)
50.00%
14 / 28
66.67% covered (warning)
66.67%
2 / 3
 CRAP
0.00% covered (danger)
0.00%
0 / 1
phpbb_session_validate_referrer_test
50.00% covered (danger)
50.00%
14 / 28
66.67% covered (warning)
66.67%
2 / 3
 8.12
0.00% covered (danger)
0.00%
0 / 1
 getDataSet
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
 1
 referrer_inputs
0.00% covered (danger)
0.00%
0 / 14
0.00% covered (danger)
0.00%
0 / 1
 2
 test_referrer_inputs
100.00% covered (success)
100.00%
13 / 13
100.00% covered (success)
100.00%
1 / 1
 3
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14require_once __DIR__ . '/../test_framework/phpbb_session_test_case.php';
15
16class phpbb_session_validate_referrer_test extends phpbb_session_test_case
17{
18    public function getDataSet()
19    {
20        return $this->createXMLDataSet(__DIR__ . '/fixtures/sessions_empty.xml');
21    }
22
23    static function referrer_inputs()
24    {
25        $ex = "example.org";
26        $alt = "example.com";
27        return array(
28            // checkpath   referrer  host    forcevars    port servername   rootpath   pass?
29            // 0 Referrer or host wasn't collected, therefore should validate
30            array(false,  '',  $ex,  false,  80, $ex,  '', true),
31            array(false,  $ex, '',   false,  80, $ex,  '', true),
32            // 2 Referrer doesn't match host or server_name
33            array(false,  $alt, $ex,   false,  80, $ex,  '', false),
34            // 3 Everything should check out
35            array(false,  $ex, $ex,  false,    80, $ex,  '', true),
36            // 4 Check Script Path
37            array(true,  $ex, $ex,  false,    80, $ex,  '', true),
38            array(true,  "$ex/foo", $ex,  false,    80, $ex,  "/foo", true),
39            array(true,  "$ex/bar", $ex,  false,    80, $ex,  "/foo", false),
40            // 7 Port (This is not checked unless path is checked)
41            array(true,  "$ex:80/foo", "$ex:80",  false, 80, "$ex:80",  "/foo", true),
42            array(true,  "$ex:80/bar", "$ex:80",  false, 80, "$ex:80",  "/foo", false),
43            array(true,  "$ex:79/foo", "$ex:81",  false, 81, "$ex:81",  "/foo", false),
44        );
45    }
46
47    /** @dataProvider referrer_inputs */
48    function test_referrer_inputs(
49        $check_script_path,
50        $referrer,
51        $host,
52        $force_server_vars,
53        $server_port,
54        $server_name,
55        $root_script_path,
56        $pass_or_fail
57    )
58    {
59        // Referrer needs http:// because it's going to get stripped in function.
60        $referrer = $referrer ? 'http://' . $referrer : '';
61        $this->assertEquals(
62            $pass_or_fail,
63            $this->session_facade->validate_referer(
64                $check_script_path,
65                $referrer,
66                $host,
67                $force_server_vars,
68                $server_port,
69                $server_name,
70                $root_script_path
71            ),
72            "referrer should" . ($pass_or_fail ? '' : "n't") . " be validated");
73    }
74}