diff options
| author | Andrey Andreev <narf@devilix.net> | 2016-12-14 17:41:52 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2016-12-14 17:41:52 +0100 |
| commit | 9f20c8011a80d74edb740081cd96388bb6a967e6 (patch) | |
| tree | 281a63537895b7a92b15762815a0776310e67ab6 /tests/codeigniter/core | |
| parent | dcd6f5153b7e7e6d798d5a77af65b7460f152e5c (diff) | |
Move csrf_verify() call out of CI_Input
Diffstat (limited to 'tests/codeigniter/core')
| -rw-r--r-- | tests/codeigniter/core/Input_test.php | 40 | ||||
| -rw-r--r-- | tests/codeigniter/core/Security_test.php | 5 |
2 files changed, 25 insertions, 20 deletions
diff --git a/tests/codeigniter/core/Input_test.php b/tests/codeigniter/core/Input_test.php index 78b659691..e068a84be 100644 --- a/tests/codeigniter/core/Input_test.php +++ b/tests/codeigniter/core/Input_test.php @@ -12,10 +12,8 @@ class Input_test extends CI_TestCase { $this->ci_set_config('global_xss_filtering', FALSE); $this->ci_set_config('csrf_protection', FALSE); - $security = new Mock_Core_Security(); - - $this->ci_set_config('charset', 'UTF-8'); - $this->input = new Mock_Core_Input($security); + $security = new Mock_Core_Security('UTF-8'); + $this->input = new CI_Input($security); } // -------------------------------------------------------------------- @@ -120,14 +118,17 @@ class Input_test extends CI_TestCase { public function test_fetch_from_array() { + $reflection = new ReflectionMethod($this->input, '_fetch_from_array'); + $reflection->setAccessible(TRUE); + $data = array( 'foo' => 'bar', 'harm' => 'Hello, i try to <script>alert(\'Hack\');</script> your site', ); - $foo = $this->input->fetch_from_array($data, 'foo'); - $harm = $this->input->fetch_from_array($data, 'harm'); - $harmless = $this->input->fetch_from_array($data, 'harm', TRUE); + $foo = $reflection->invokeArgs($this->input, [&$data, 'foo']); + $harm = $reflection->invokeArgs($this->input, [&$data, 'harm']); + $harmless = $reflection->invokeArgs($this->input, [&$data, 'harm', TRUE]); $this->assertEquals('bar', $foo); $this->assertEquals("Hello, i try to <script>alert('Hack');</script> your site", $harm); @@ -215,57 +216,60 @@ class Input_test extends CI_TestCase { public function test_ip_address() { - $this->input->ip_address = '127.0.0.1'; + $reflection = new ReflectionProperty($this->input, 'ip_address'); + $reflection->setAccessible(TRUE); + + $reflection->setValue($this->input, '127.0.0.1'); $this->assertEquals('127.0.0.1', $this->input->ip_address()); // 127.0.0.1 is set in our Bootstrap file - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->assertEquals('127.0.0.1', $this->input->ip_address()); // Invalid $_SERVER['REMOTE_ADDR'] = 'invalid_ip_address'; - $this->input->ip_address = FALSE; // reset cached value + $reflection->setValue($this->input, FALSE); // reset cached value $this->assertEquals('0.0.0.0', $this->input->ip_address()); $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; // Proxy_ips tests - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', '127.0.0.3, 127.0.0.4, 127.0.0.2'); $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.2'; $this->assertEquals('127.0.0.1', $this->input->ip_address()); // Invalid spoof - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', 'invalid_ip_address'); $_SERVER['HTTP_CLIENT_IP'] = 'invalid_ip_address'; $this->assertEquals('127.0.0.1', $this->input->ip_address()); - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', 'http://foo/bar/baz, 127.0.0.1/1'); $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.1'; $this->assertEquals('127.0.0.1', $this->input->ip_address()); - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', 'http://foo/bar/baz, 127.0.0.2'); $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.2'; $_SERVER['REMOTE_ADDR'] = '127.0.0.2'; $this->assertEquals('127.0.0.2', $this->input->ip_address()); - //IPv6 - $this->input->ip_address = FALSE; + // IPv6 + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329/1, FE80:0000:0000:0000:0202:B3FF:FE1E:8300/2'); $_SERVER['HTTP_CLIENT_IP'] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8300'; $_SERVER['REMOTE_ADDR'] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329'; $this->assertEquals('FE80:0000:0000:0000:0202:B3FF:FE1E:8300', $this->input->ip_address()); - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', '0::/32'); $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.7'; $_SERVER['REMOTE_ADDR'] = '0000:0000:0000:0000:0000:0000:0000:0001'; $this->assertEquals('127.0.0.7', $this->input->ip_address()); - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; // back to reality } diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index cbf0285ec..2e1127f87 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -12,7 +12,8 @@ class Security_test extends CI_TestCase { $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); $this->ci_set_config('csrf_cookie_name', 'ci_csrf_cookie'); - $this->security = new Mock_Core_Security(); + $_SERVER['REQUEST_METHOD'] = 'GET'; + $this->security = new Mock_Core_Security('UTF-8'); } // -------------------------------------------------------------------- @@ -341,7 +342,7 @@ class Security_test extends CI_TestCase { // leave csrf_cookie_name as blank to test _csrf_set_hash function $this->ci_set_config('csrf_cookie_name', ''); - $this->security = new Mock_Core_Security(); + $this->security = new Mock_Core_Security('UTF-8'); $this->assertNotEmpty($this->security->get_csrf_hash()); } |