6 * @copyright (c) 2008 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
11 define('IN_PHPBB', true);
13 require_once 'PHPUnit/Framework.php';
14 require_once 'PHPUnit/Extensions/OutputTestCase.php';
16 define('PHPBB_ROOT_PATH', './../phpBB/');
17 define('PHP_EXT', 'php');
19 require_once '../phpBB/includes/functions.php';
20 require_once '../phpBB/includes/session.php';
22 class phpbb_security_redirect_test
extends PHPUnit_Extensions_OutputTestCase
24 protected $error_triggered = false;
26 public static function provider()
28 // array(Input -> redirect(), expected triggered error (else false), expected returned result url (else false))
30 array('data://x', false, 'http://localhost/phpBB'),
31 array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'),
32 array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false),
33 array('javascript:test', false, 'http://localhost/phpBB/../tests/javascript:test'),
34 array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false),
39 * Own error handler to catch trigger_error() calls within phpBB
41 public function own_error_handler($errno, $errstr, $errfile, $errline)
44 $this->error_triggered
= true;
48 * @dataProvider provider
50 public function test_redirect($test, $expected_error, $expected_result)
54 set_error_handler(array($this, 'own_error_handler'));
55 $result = redirect($test, true);
57 // If we expect no error and a returned result, we set the output string to be expected and check if an error was triggered (then fail instantly)
58 if ($expected_error === false)
60 $this->expectOutputString($expected_result);
63 if ($this->error_triggered
)
68 // If we expect an error, we set the expected output string to the error and check if there was an error triggered.
71 $this->expectOutputString($expected_error);
73 if (!$this->error_triggered
)
78 $this->error_triggered
= false;
81 restore_error_handler();