From 9f20c8011a80d74edb740081cd96388bb6a967e6 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 14 Dec 2016 18:41:52 +0200 Subject: Move csrf_verify() call out of CI_Input --- tests/codeigniter/core/Input_test.php | 40 ++++++++++++++++++-------------- tests/codeigniter/core/Security_test.php | 5 ++-- 2 files changed, 25 insertions(+), 20 deletions(-) (limited to 'tests/codeigniter/core') diff --git a/tests/codeigniter/core/Input_test.php b/tests/codeigniter/core/Input_test.php index 78b659691..e068a84be 100644 --- a/tests/codeigniter/core/Input_test.php +++ b/tests/codeigniter/core/Input_test.php @@ -12,10 +12,8 @@ class Input_test extends CI_TestCase { $this->ci_set_config('global_xss_filtering', FALSE); $this->ci_set_config('csrf_protection', FALSE); - $security = new Mock_Core_Security(); - - $this->ci_set_config('charset', 'UTF-8'); - $this->input = new Mock_Core_Input($security); + $security = new Mock_Core_Security('UTF-8'); + $this->input = new CI_Input($security); } // -------------------------------------------------------------------- @@ -120,14 +118,17 @@ class Input_test extends CI_TestCase { public function test_fetch_from_array() { + $reflection = new ReflectionMethod($this->input, '_fetch_from_array'); + $reflection->setAccessible(TRUE); + $data = array( 'foo' => 'bar', 'harm' => 'Hello, i try to your site', ); - $foo = $this->input->fetch_from_array($data, 'foo'); - $harm = $this->input->fetch_from_array($data, 'harm'); - $harmless = $this->input->fetch_from_array($data, 'harm', TRUE); + $foo = $reflection->invokeArgs($this->input, [&$data, 'foo']); + $harm = $reflection->invokeArgs($this->input, [&$data, 'harm']); + $harmless = $reflection->invokeArgs($this->input, [&$data, 'harm', TRUE]); $this->assertEquals('bar', $foo); $this->assertEquals("Hello, i try to your site", $harm); @@ -215,57 +216,60 @@ class Input_test extends CI_TestCase { public function test_ip_address() { - $this->input->ip_address = '127.0.0.1'; + $reflection = new ReflectionProperty($this->input, 'ip_address'); + $reflection->setAccessible(TRUE); + + $reflection->setValue($this->input, '127.0.0.1'); $this->assertEquals('127.0.0.1', $this->input->ip_address()); // 127.0.0.1 is set in our Bootstrap file - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->assertEquals('127.0.0.1', $this->input->ip_address()); // Invalid $_SERVER['REMOTE_ADDR'] = 'invalid_ip_address'; - $this->input->ip_address = FALSE; // reset cached value + $reflection->setValue($this->input, FALSE); // reset cached value $this->assertEquals('0.0.0.0', $this->input->ip_address()); $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; // Proxy_ips tests - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', '127.0.0.3, 127.0.0.4, 127.0.0.2'); $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.2'; $this->assertEquals('127.0.0.1', $this->input->ip_address()); // Invalid spoof - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', 'invalid_ip_address'); $_SERVER['HTTP_CLIENT_IP'] = 'invalid_ip_address'; $this->assertEquals('127.0.0.1', $this->input->ip_address()); - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', 'http://foo/bar/baz, 127.0.0.1/1'); $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.1'; $this->assertEquals('127.0.0.1', $this->input->ip_address()); - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', 'http://foo/bar/baz, 127.0.0.2'); $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.2'; $_SERVER['REMOTE_ADDR'] = '127.0.0.2'; $this->assertEquals('127.0.0.2', $this->input->ip_address()); - //IPv6 - $this->input->ip_address = FALSE; + // IPv6 + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329/1, FE80:0000:0000:0000:0202:B3FF:FE1E:8300/2'); $_SERVER['HTTP_CLIENT_IP'] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8300'; $_SERVER['REMOTE_ADDR'] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329'; $this->assertEquals('FE80:0000:0000:0000:0202:B3FF:FE1E:8300', $this->input->ip_address()); - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $this->ci_set_config('proxy_ips', '0::/32'); $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.7'; $_SERVER['REMOTE_ADDR'] = '0000:0000:0000:0000:0000:0000:0000:0001'; $this->assertEquals('127.0.0.7', $this->input->ip_address()); - $this->input->ip_address = FALSE; + $reflection->setValue($this->input, FALSE); $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; // back to reality } diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index cbf0285ec..2e1127f87 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -12,7 +12,8 @@ class Security_test extends CI_TestCase { $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); $this->ci_set_config('csrf_cookie_name', 'ci_csrf_cookie'); - $this->security = new Mock_Core_Security(); + $_SERVER['REQUEST_METHOD'] = 'GET'; + $this->security = new Mock_Core_Security('UTF-8'); } // -------------------------------------------------------------------- @@ -341,7 +342,7 @@ class Security_test extends CI_TestCase { // leave csrf_cookie_name as blank to test _csrf_set_hash function $this->ci_set_config('csrf_cookie_name', ''); - $this->security = new Mock_Core_Security(); + $this->security = new Mock_Core_Security('UTF-8'); $this->assertNotEmpty($this->security->get_csrf_hash()); } -- cgit v1.2.3-24-g4f1b