ci_set_config('csrf_protection', TRUE); $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); $this->ci_set_config('csrf_cookie_name', 'ci_csrf_cookie'); $this->security = new Mock_Core_Security(); } // -------------------------------------------------------------------- public function test_csrf_verify() { $_SERVER['REQUEST_METHOD'] = 'GET'; $this->assertInstanceOf('CI_Security', $this->security->csrf_verify()); } // -------------------------------------------------------------------- public function test_csrf_verify_invalid() { // Without issuing $_POST[csrf_token_name], this request will triggering CSRF error $_SERVER['REQUEST_METHOD'] = 'POST'; $this->setExpectedException('RuntimeException', 'CI Error: The action you have requested is not allowed'); $this->security->csrf_verify(); } // -------------------------------------------------------------------- public function test_csrf_verify_valid() { $_SERVER['REQUEST_METHOD'] = 'POST'; $_POST[$this->security->csrf_token_name] = $this->security->csrf_hash; $this->assertInstanceOf('CI_Security', $this->security->csrf_verify()); } // -------------------------------------------------------------------- public function test_get_csrf_hash() { $this->assertEquals($this->security->csrf_hash, $this->security->get_csrf_hash()); } // -------------------------------------------------------------------- public function test_get_csrf_token_name() { $this->assertEquals('ci_csrf_token', $this->security->get_csrf_token_name()); } // -------------------------------------------------------------------- public function test_xss_clean() { $harm_string = "Hello, i try to your site"; $harmless_string = $this->security->xss_clean($harm_string); $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string); } public function test_xss_clean_entity_double_encoded() { $input = 'Clickhere'; $this->assertEquals('Clickhere', $this->security->xss_clean($input)); } // -------------------------------------------------------------------- public function test_xss_hash() { $this->assertEmpty($this->security->xss_hash); // Perform hash $this->security->xss_hash(); $this->assertTrue(preg_match('#^[0-9a-f]{32}$#iS', $this->security->xss_hash) === 1); } // -------------------------------------------------------------------- public function test_entity_decode() { $encoded = '<div>Hello <b>Booya</b></div>'; $decoded = $this->security->entity_decode($encoded); $this->assertEquals('

Hello Booya

', $decoded); // Issue #3057 (https://github.com/bcit-ci/CodeIgniter/issues/3057) $this->assertEquals( '&foo should not include a semicolon', $this->security->entity_decode('&foo should not include a semicolon') ); } // -------------------------------------------------------------------- public function test_sanitize_filename() { $filename = './'; $safe_filename = $this->security->sanitize_filename($filename); $this->assertEquals('foo', $safe_filename); } }