2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Tests for PhpMyAdmin\Core class
6 * @package PhpMyAdmin-test
8 declare(strict_types
=1);
10 namespace PhpMyAdmin\Tests
;
12 use PhpMyAdmin\Config
;
14 use PhpMyAdmin\Sanitize
;
15 use PhpMyAdmin\Tests\PmaTestCase
;
19 * Tests for PhpMyAdmin\Core class
21 * @package PhpMyAdmin-test
23 class CoreTest
extends PmaTestCase
25 protected $goto_whitelist = [
36 'server_variables.php',
39 'transformation_overview.php',
40 'transformation_wrapper.php',
45 * Setup for test cases
49 protected function setUp(): void
51 $GLOBALS['server'] = 0;
53 $GLOBALS['table'] = '';
54 $GLOBALS['PMA_PHP_SELF'] = 'http://example.net/';
58 * Test for Core::arrayRead
62 public function testArrayRead()
91 Core
::arrayRead('int', $arr),
96 Core
::arrayRead('str', $arr),
101 Core
::arrayRead('arr/0', $arr),
106 Core
::arrayRead('arr/1', $arr),
111 Core
::arrayRead('arr/2', $arr),
116 Core
::arrayRead('sarr/arr1/0', $arr),
117 $arr['sarr']['arr1'][0]
121 Core
::arrayRead('sarr/arr1/1', $arr),
122 $arr['sarr']['arr1'][1]
126 Core
::arrayRead('sarr/arr1/2', $arr),
127 $arr['sarr']['arr1'][2]
131 Core
::arrayRead('sarr/0/0', $arr),
136 Core
::arrayRead('sarr/0/1', $arr),
141 Core
::arrayRead('sarr/0/1/2', $arr),
142 $arr['sarr'][0][1][2]
146 Core
::arrayRead('sarr/not_exiting/1', $arr),
151 Core
::arrayRead('sarr/not_exiting/1', $arr, 0),
156 Core
::arrayRead('sarr/not_exiting/1', $arr, 'default_val'),
162 * Test for Core::arrayWrite
166 public function testArrayWrite()
194 Core
::arrayWrite('int', $arr, 5);
195 $this->assertEquals($arr['int'], 5);
197 Core
::arrayWrite('str', $arr, '_str');
198 $this->assertEquals($arr['str'], '_str');
200 Core
::arrayWrite('arr/0', $arr, 'val_arr_0');
201 $this->assertEquals($arr['arr'][0], 'val_arr_0');
203 Core
::arrayWrite('arr/1', $arr, 'val_arr_1');
204 $this->assertEquals($arr['arr'][1], 'val_arr_1');
206 Core
::arrayWrite('arr/2', $arr, 'val_arr_2');
207 $this->assertEquals($arr['arr'][2], 'val_arr_2');
209 Core
::arrayWrite('sarr/arr1/0', $arr, 'val_sarr_arr_0');
210 $this->assertEquals($arr['sarr']['arr1'][0], 'val_sarr_arr_0');
212 Core
::arrayWrite('sarr/arr1/1', $arr, 'val_sarr_arr_1');
213 $this->assertEquals($arr['sarr']['arr1'][1], 'val_sarr_arr_1');
215 Core
::arrayWrite('sarr/arr1/2', $arr, 'val_sarr_arr_2');
216 $this->assertEquals($arr['sarr']['arr1'][2], 'val_sarr_arr_2');
218 Core
::arrayWrite('sarr/0/0', $arr, 5);
219 $this->assertEquals($arr['sarr'][0][0], 5);
221 Core
::arrayWrite('sarr/0/1/0', $arr, 'e');
222 $this->assertEquals($arr['sarr'][0][1][0], 'e');
224 Core
::arrayWrite('sarr/not_existing/1', $arr, 'some_val');
225 $this->assertEquals($arr['sarr']['not_existing'][1], 'some_val');
227 Core
::arrayWrite('sarr/0/2', $arr, null);
228 $this->assertNull($arr['sarr'][0][2]);
232 * Test for Core::arrayRemove
236 public function testArrayRemove()
264 Core
::arrayRemove('int', $arr);
265 $this->assertArrayNotHasKey('int', $arr);
267 Core
::arrayRemove('str', $arr);
268 $this->assertArrayNotHasKey('str', $arr);
270 Core
::arrayRemove('arr/0', $arr);
271 $this->assertArrayNotHasKey(0, $arr['arr']);
273 Core
::arrayRemove('arr/1', $arr);
274 $this->assertArrayNotHasKey(1, $arr['arr']);
276 Core
::arrayRemove('arr/2', $arr);
277 $this->assertArrayNotHasKey('arr', $arr);
280 Core
::arrayRemove('sarr/not_existing/1', $arr);
281 $this->assertEquals($tmp_arr, $arr);
283 Core
::arrayRemove('sarr/arr1/0', $arr);
284 $this->assertArrayNotHasKey(0, $arr['sarr']['arr1']);
286 Core
::arrayRemove('sarr/arr1/1', $arr);
287 $this->assertArrayNotHasKey(1, $arr['sarr']['arr1']);
289 Core
::arrayRemove('sarr/arr1/2', $arr);
290 $this->assertArrayNotHasKey('arr1', $arr['sarr']);
292 Core
::arrayRemove('sarr/0/0', $arr);
293 $this->assertArrayNotHasKey(0, $arr['sarr'][0]);
295 Core
::arrayRemove('sarr/0/1/0', $arr);
296 $this->assertArrayNotHasKey(0, $arr['sarr'][0][1]);
298 Core
::arrayRemove('sarr/0/1/1', $arr);
299 $this->assertArrayNotHasKey(1, $arr['sarr'][0][1]);
301 Core
::arrayRemove('sarr/0/1/2', $arr);
302 $this->assertArrayNotHasKey(1, $arr['sarr'][0]);
304 Core
::arrayRemove('sarr/0/2', $arr);
306 $this->assertEmpty($arr);
310 * Test for Core::checkPageValidity
312 * @param string $page Page
313 * @param array|null $whiteList White list
314 * @param boolean $include whether the page is going to be included
315 * @param int $expected Expected value
319 * @dataProvider providerTestGotoNowhere
321 public function testGotoNowhere($page, $whiteList, $include, $expected): void
323 $this->assertSame($expected, Core
::checkPageValidity($page, $whiteList, $include));
327 * Data provider for testGotoNowhere
331 public function providerTestGotoNowhere()
360 $this->goto_whitelist
,
366 $this->goto_whitelist
,
372 $this->goto_whitelist
,
378 $this->goto_whitelist
,
383 'index.php?sql.php&test=true',
384 $this->goto_whitelist
,
389 'index.php?sql.php&test=true',
390 $this->goto_whitelist
,
395 'index.php%3Fsql.php%26test%3Dtrue',
396 $this->goto_whitelist
,
401 'index.php%3Fsql.php%26test%3Dtrue',
402 $this->goto_whitelist
,
410 * Test for Core::cleanupPathInfo
412 * @param string $php_self The PHP_SELF value
413 * @param string $request The REQUEST_URI value
414 * @param string $path_info The PATH_INFO value
415 * @param string $expected Expected result
419 * @dataProvider providerTestPathInfo
421 public function testPathInfo($php_self, $request, $path_info, $expected): void
423 $_SERVER['PHP_SELF'] = $php_self;
424 $_SERVER['REQUEST_URI'] = $request;
425 $_SERVER['PATH_INFO'] = $path_info;
426 Core
::cleanupPathInfo();
429 $GLOBALS['PMA_PHP_SELF']
434 * Data provider for Core::cleanupPathInfo tests
438 public function providerTestPathInfo()
442 '/phpmyadmin/index.php/; cookieinj=value/',
443 '/phpmyadmin/index.php/;%20cookieinj=value///',
444 '/; cookieinj=value/',
445 '/phpmyadmin/index.php',
449 '/phpmyadmin/index.php/;%20cookieinj=value///',
450 '/; cookieinj=value/',
451 '/phpmyadmin/index.php',
455 '//example.com/../phpmyadmin/index.php',
457 '/phpmyadmin/index.php',
461 '//example.com/../../.././phpmyadmin/index.php',
463 '/phpmyadmin/index.php',
467 '/page.php/malicouspathinfo?malicouspathinfo',
472 '/phpmyadmin/./index.php',
473 '/phpmyadmin/./index.php',
475 '/phpmyadmin/index.php',
478 '/phpmyadmin/index.php',
479 '/phpmyadmin/index.php',
481 '/phpmyadmin/index.php',
485 '/phpmyadmin/index.php',
487 '/phpmyadmin/index.php',
493 * Test for Core::fatalError
497 public function testFatalErrorMessage()
499 $this->expectOutputRegex("/FatalError!/");
500 Core
::fatalError("FatalError!");
504 * Test for Core::fatalError
508 public function testFatalErrorMessageWithArgs()
510 $message = "Fatal error #%d in file %s.";
516 $this->expectOutputRegex("/Fatal error #1 in file error_file.php./");
517 Core
::fatalError($message, $params);
519 $message = "Fatal error in file %s.";
520 $params = 'error_file.php';
522 $this->expectOutputRegex("/Fatal error in file error_file.php./");
523 Core
::fatalError($message, $params);
527 * Test for Core::getRealSize
529 * @param string $size Size
530 * @param int $expected Expected value
534 * @dataProvider providerTestGetRealSize
536 public function testGetRealSize($size, $expected): void
538 $this->assertEquals($expected, Core
::getRealSize($size));
542 * Data provider for testGetRealSize
546 public function providerTestGetRealSize()
567 12 * 1024 * 1024 * 1024,
575 8 * 1000 * 1024 * 1024,
579 8 * 1024 * 1024 * 1024,
585 * Test for Core::getPHPDocLink
589 public function testGetPHPDocLink()
591 $lang = _pgettext('PHP documentation language', 'en');
593 Core
::getPHPDocLink('function'),
594 './url.php?url=https%3A%2F%2Fsecure.php.net%2Fmanual%2F'
595 . $lang . '%2Ffunction'
600 * Test for Core::linkURL
602 * @param string $link URL where to go
603 * @param string $url Expected value
607 * @dataProvider providerTestLinkURL
609 public function testLinkURL($link, $url): void
611 $this->assertEquals(Core
::linkURL($link), $url);
615 * Data provider for testLinkURL
619 public function providerTestLinkURL()
623 'https://wiki.phpmyadmin.net',
624 './url.php?url=https%3A%2F%2Fwiki.phpmyadmin.net',
627 'https://wiki.phpmyadmin.net',
628 './url.php?url=https%3A%2F%2Fwiki.phpmyadmin.net',
631 'wiki.phpmyadmin.net',
632 'wiki.phpmyadmin.net',
635 'index.php?db=phpmyadmin',
636 'index.php?db=phpmyadmin',
642 * Test for Core::sendHeaderLocation
646 public function testSendHeaderLocationWithoutSidWithIis()
648 $GLOBALS['server'] = 0;
649 $GLOBALS['PMA_Config'] = new Config();
650 $GLOBALS['PMA_Config']->enableBc();
651 $GLOBALS['PMA_Config']->set('PMA_IS_IIS', true);
653 $testUri = 'https://example.com/test.php';
655 $this->mockResponse('Location: ' . $testUri);
656 Core
::sendHeaderLocation($testUri); // sets $GLOBALS['header']
660 $this->mockResponse('Refresh: 0; ' . $testUri);
661 Core
::sendHeaderLocation($testUri, true); // sets $GLOBALS['header']
665 * Test for Core::sendHeaderLocation
669 public function testSendHeaderLocationWithoutSidWithoutIis()
671 $GLOBALS['server'] = 0;
672 $GLOBALS['PMA_Config'] = new Config();
673 $GLOBALS['PMA_Config']->enableBc();
674 $GLOBALS['PMA_Config']->set('PMA_IS_IIS', null);
676 $testUri = 'https://example.com/test.php';
678 $this->mockResponse('Location: ' . $testUri);
679 Core
::sendHeaderLocation($testUri); // sets $GLOBALS['header']
683 * Test for Core::sendHeaderLocation
687 public function testSendHeaderLocationIisLongUri()
689 $GLOBALS['server'] = 0;
690 $GLOBALS['PMA_Config'] = new Config();
691 $GLOBALS['PMA_Config']->enableBc();
692 $GLOBALS['PMA_Config']->set('PMA_IS_IIS', true);
695 $testUri = 'https://example.com/test.php?testlonguri=over600chars&test=test'
696 . '&test=test&test=test&test=test&test=test&test=test&test=test'
697 . '&test=test&test=test&test=test&test=test&test=test&test=test'
698 . '&test=test&test=test&test=test&test=test&test=test&test=test'
699 . '&test=test&test=test&test=test&test=test&test=test&test=test'
700 . '&test=test&test=test&test=test&test=test&test=test&test=test'
701 . '&test=test&test=test&test=test&test=test&test=test&test=test'
702 . '&test=test&test=test&test=test&test=test&test=test&test=test'
703 . '&test=test&test=test&test=test&test=test&test=test&test=test'
704 . '&test=test&test=test&test=test&test=test&test=test&test=test'
705 . '&test=test&test=test';
706 $testUri_html = htmlspecialchars($testUri);
707 $testUri_js = Sanitize
::escapeJsString($testUri);
709 $header = "<html>\n<head>\n <title>- - -</title>"
710 . "\n <meta http-equiv=\"expires\" content=\"0\">"
711 . "\n <meta http-equiv=\"Pragma\" content=\"no-cache\">"
712 . "\n <meta http-equiv=\"Cache-Control\" content=\"no-cache\">"
713 . "\n <meta http-equiv=\"Refresh\" content=\"0;url=" . $testUri_html . "\">"
714 . "\n <script type=\"text/javascript\">\n //<![CDATA["
715 . "\n setTimeout(function() { window.location = decodeURI('" . $testUri_js . "'); }, 2000);"
716 . "\n //]]>\n </script>\n</head>"
717 . "\n<body>\n<script type=\"text/javascript\">\n //<![CDATA["
718 . "\n document.write('<p><a href=\"" . $testUri_html . "\">" . __('Go') . "</a></p>');"
719 . "\n //]]>\n</script>\n</body>\n</html>\n";
721 $this->expectOutputString($header);
723 $this->mockResponse();
725 Core
::sendHeaderLocation($testUri);
729 * Test for Core::ifSetOr
733 public function testVarSet()
737 $out = Core
::ifSetOr($in, $default);
738 $this->assertEquals($in, $out);
742 * Test for Core::ifSetOr
746 public function testVarSetWrongType()
750 $out = Core
::ifSetOr($in, $default, 'boolean');
751 $this->assertEquals($out, $default);
755 * Test for Core::ifSetOr
759 public function testVarNotSet()
763 $out = Core
::ifSetOr($in, $default);
764 $this->assertEquals($out, $default);
768 * Test for Core::ifSetOr
772 public function testVarNotSetNoDefault()
775 $out = Core
::ifSetOr($in);
776 $this->assertNull($out);
780 * Test for unserializing
782 * @param string $url URL to test
783 * @param mixed $expected Expected result
787 * @dataProvider provideTestIsAllowedDomain
789 public function testIsAllowedDomain($url, $expected): void
791 $_SERVER['SERVER_NAME'] = 'server.local';
794 Core
::isAllowedDomain($url)
803 public function provideTestIsAllowedDomain()
807 'https://www.phpmyadmin.net/',
811 'http://duckduckgo.com\\@github.com',
815 'https://github.com/',
819 'https://github.com:123/',
823 'https://user:pass@github.com:123/',
827 'https://user:pass@github.com/',
831 'https://server.local/',
842 * Test for Core::isValid
844 * @param mixed $var Variable to check
845 * @param mixed $type Type
846 * @param mixed $compare Compared value
850 * @dataProvider providerTestNoVarType
852 public function testNoVarType($var, $type, $compare): void
854 $this->assertTrue(Core
::isValid($var, $type, $compare));
858 * Data provider for testNoVarType
862 public static function providerTestNoVarType()
933 * Test for Core::isValid
937 public function testVarNotSetAfterTest()
940 $this->assertFalse(isset($var));
944 * Test for Core::isValid
948 public function testNotSet()
950 $this->assertFalse(Core
::isValid($var));
954 * Test for Core::isValid
958 public function testEmptyString()
961 $this->assertFalse(Core
::isValid($var));
965 * Test for Core::isValid
969 public function testNotEmptyString()
972 $this->assertTrue(Core
::isValid($var));
976 * Test for Core::isValid
980 public function testZero()
983 $this->assertTrue(Core
::isValid($var));
984 $this->assertTrue(Core
::isValid($var, 'int'));
988 * Test for Core::isValid
992 public function testNullFail()
995 $this->assertFalse(Core
::isValid($var));
998 $this->assertFalse(Core
::isValid($var, 'null'));
1002 * Test for Core::isValid
1006 public function testNotSetArray()
1008 /** @var $array undefined array */
1009 $this->assertFalse(Core
::isValid($array['x']));
1013 * Test for Core::isValid
1017 public function testScalarString()
1020 $this->assertTrue(Core
::isValid($var, 'len'));
1021 $this->assertTrue(Core
::isValid($var, 'scalar'));
1022 $this->assertTrue(Core
::isValid($var));
1026 * Test for Core::isValid
1030 public function testScalarInt()
1033 $this->assertTrue(Core
::isValid($var, 'int'));
1034 $this->assertTrue(Core
::isValid($var, 'scalar'));
1038 * Test for Core::isValid
1042 public function testScalarFloat()
1045 $this->assertTrue(Core
::isValid($var, 'float'));
1046 $this->assertTrue(Core
::isValid($var, 'double'));
1047 $this->assertTrue(Core
::isValid($var, 'scalar'));
1051 * Test for Core::isValid
1055 public function testScalarBool()
1058 $this->assertTrue(Core
::isValid($var, 'scalar'));
1059 $this->assertTrue(Core
::isValid($var, 'bool'));
1060 $this->assertTrue(Core
::isValid($var, 'boolean'));
1064 * Test for Core::isValid
1068 public function testNotScalarArray()
1071 $this->assertFalse(Core
::isValid($var, 'scalar'));
1075 * Test for Core::isValid
1079 public function testNotScalarNull()
1082 $this->assertFalse(Core
::isValid($var, 'scalar'));
1086 * Test for Core::isValid
1090 public function testNumericInt()
1093 $this->assertTrue(Core
::isValid($var, 'numeric'));
1097 * Test for Core::isValid
1101 public function testNumericFloat()
1104 $this->assertTrue(Core
::isValid($var, 'numeric'));
1108 * Test for Core::isValid
1112 public function testNumericZero()
1115 $this->assertTrue(Core
::isValid($var, 'numeric'));
1119 * Test for Core::isValid
1123 public function testNumericString()
1126 $this->assertTrue(Core
::isValid($var, 'numeric'));
1130 * Test for Core::isValid
1134 public function testValueInArray()
1137 $this->assertTrue(Core
::isValid($var, ['a', 'b']));
1141 * Test for Core::isValid
1145 public function testValueNotInArray()
1148 $this->assertFalse(Core
::isValid($var, ['a', 'b']));
1152 * Test for Core::isValid
1156 public function testNumericIdentical()
1160 $this->assertTrue(Core
::isValid($var, 'identic', $compare));
1164 $this->assertFalse(Core
::isValid($var, 'identic', $compare));
1168 $this->assertFalse(Core
::isValid($var, 'identic', $compare));
1173 * Test for Core::isValid
1175 * @param mixed $var Variable
1176 * @param mixed $compare Compare
1180 * @dataProvider provideTestSimilarType
1182 public function testSimilarType($var, $compare): void
1184 $this->assertTrue(Core
::isValid($var, 'similar', $compare));
1185 $this->assertTrue(Core
::isValid($var, 'equal', $compare));
1186 $this->assertTrue(Core
::isValid($compare, 'similar', $var));
1187 $this->assertTrue(Core
::isValid($compare, 'equal', $var));
1191 * Data provider for testSimilarType
1195 public function provideTestSimilarType()
1245 * Test for Core::isValid
1249 public function testOtherTypes()
1251 $var = new CoreTest();
1252 $this->assertFalse(Core
::isValid($var, 'class'));
1256 * Test for unserializing
1258 * @param string $data Serialized data
1259 * @param mixed $expected Expected result
1263 * @dataProvider provideTestSafeUnserialize
1265 public function testSafeUnserialize($data, $expected): void
1267 $this->assertEquals(
1269 Core
::safeUnserialize($data)
1274 * Test data provider
1278 public function provideTestSafeUnserialize()
1294 'O:1:"a":1:{s:5:"value";s:3:"100";}',
1298 'O:8:"stdClass":1:{s:5:"field";O:8:"stdClass":0:{}}',
1302 'a:2:{i:0;s:90:"1234567890;a345678901234567890123456789012345678901234567890123456789012345678901234567890";i:1;O:8:"stdClass":0:{}}',
1306 serialize([1, 2, 3]),
1314 serialize('string""'),
1318 serialize(['foo' => 'bar']),
1322 serialize(['1', new stdClass(), '2']),
1329 * Test for MySQL host sanitizing
1331 * @param string $host Test host name
1332 * @param string $expected Expected result
1336 * @dataProvider provideTestSanitizeMySQLHost
1338 public function testSanitizeMySQLHost($host, $expected): void
1340 $this->assertEquals(
1342 Core
::sanitizeMySQLHost($host)
1347 * Test data provider
1351 public function provideTestSanitizeMySQLHost()
1374 * Test for replacing dots.
1378 public function testReplaceDots()
1380 $this->assertEquals(
1381 Core
::securePath('../../../etc/passwd'),
1384 $this->assertEquals(
1385 Core
::securePath('/var/www/../phpmyadmin'),
1386 '/var/www/./phpmyadmin'
1388 $this->assertEquals(
1389 Core
::securePath('./path/with..dots/../../file..php'),
1390 './path/with.dots/././file.php'
1395 * Test for Core::warnMissingExtension
1399 public function testMissingExtensionFatal()
1402 $warn = 'The <a href="' . Core
::getPHPDocLink('book.' . $ext . '.php')
1403 . '" target="Documentation"><em>' . $ext
1404 . '</em></a> extension is missing. Please check your PHP configuration.';
1406 $this->expectOutputRegex('@' . preg_quote($warn, '@') . '@');
1408 Core
::warnMissingExtension($ext, true);
1412 * Test for Core::warnMissingExtension
1416 public function testMissingExtensionFatalWithExtra()
1419 $extra = 'Appended Extra String';
1421 $warn = 'The <a href="' . Core
::getPHPDocLink('book.' . $ext . '.php')
1422 . '" target="Documentation"><em>' . $ext
1423 . '</em></a> extension is missing. Please check your PHP configuration.'
1427 Core
::warnMissingExtension($ext, true, $extra);
1428 $printed = ob_get_contents();
1431 $this->assertGreaterThan(0, mb_strpos($printed, $warn));
1435 * Test for Core::signSqlQuery
1439 public function testSignSqlQuery()
1441 $_SESSION[' HMAC_secret '] = hash('sha1', 'test');
1442 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1443 $signature = Core
::signSqlQuery($sqlQuery);
1444 $hmac = '33371e8680a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3a4ffe2';
1445 $this->assertSame($hmac, $signature, 'The signature must match the computed one');
1449 * Test for Core::checkSqlQuerySignature
1453 public function testCheckSqlQuerySignature()
1455 $_SESSION[' HMAC_secret '] = hash('sha1', 'test');
1456 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1457 $hmac = '33371e8680a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3a4ffe2';
1458 $this->assertTrue(Core
::checkSqlQuerySignature($sqlQuery, $hmac));
1462 * Test for Core::checkSqlQuerySignature
1466 public function testCheckSqlQuerySignatureFails()
1468 $_SESSION[' HMAC_secret '] = hash('sha1', '132654987gguieunofz');
1469 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1470 $hmac = '33371e8680a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3a4ffe2';
1471 $this->assertFalse(Core
::checkSqlQuerySignature($sqlQuery, $hmac));
1475 * Test for Core::checkSqlQuerySignature
1479 public function testCheckSqlQuerySignatureFailsBadHash()
1481 $_SESSION[' HMAC_secret '] = hash('sha1', 'test');
1482 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1483 $hmac = '3333333380a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3eeeeee';
1484 $this->assertFalse(Core
::checkSqlQuerySignature($sqlQuery, $hmac));
1488 * Test for Core::checkSqlQuerySignature
1492 public function testCheckSqlQuerySignatureFailsNoSession()
1494 $_SESSION[' HMAC_secret '] = 'empty';
1495 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1496 $hmac = '3333333380a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3eeeeee';
1497 $this->assertFalse(Core
::checkSqlQuerySignature($sqlQuery, $hmac));
1501 * Test for Core::checkSqlQuerySignature
1505 public function testCheckSqlQuerySignatureFailsFromAnotherSession()
1507 $_SESSION[' HMAC_secret '] = hash('sha1', 'firstSession');
1508 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1509 $hmac = Core
::signSqlQuery($sqlQuery);
1510 $this->assertTrue(Core
::checkSqlQuerySignature($sqlQuery, $hmac));
1511 $_SESSION[' HMAC_secret '] = hash('sha1', 'secondSession');
1512 // Try to use the token (hmac) from the previous session
1513 $this->assertFalse(Core
::checkSqlQuerySignature($sqlQuery, $hmac));
1517 * Test for Core::checkSqlQuerySignature
1521 public function testCheckSqlQuerySignatureFailsBlowfishSecretChanged()
1523 $GLOBALS['cfg']['blowfish_secret'] = '';
1524 $_SESSION[' HMAC_secret '] = hash('sha1', 'firstSession');
1525 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1526 $hmac = Core
::signSqlQuery($sqlQuery);
1527 $this->assertTrue(Core
::checkSqlQuerySignature($sqlQuery, $hmac));
1528 $GLOBALS['cfg']['blowfish_secret'] = '32154987zd';
1529 // Try to use the previous HMAC signature
1530 $this->assertFalse(Core
::checkSqlQuerySignature($sqlQuery, $hmac));
1532 $GLOBALS['cfg']['blowfish_secret'] = '32154987zd';
1533 // Generate the HMAC signature to check that it works
1534 $hmac = Core
::signSqlQuery($sqlQuery);
1535 // Must work now, (good secret and blowfish_secret)
1536 $this->assertTrue(Core
::checkSqlQuerySignature($sqlQuery, $hmac));