search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Translated using Weblate (Czech)
[phpmyadmin.git] / test / classes / CoreTest.php
blob8eecd7902200809871434d14c6c500d7fd5305e3
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Tests for PhpMyAdmin\Core class
5 *
6 * @package PhpMyAdmin-test
7 */
8 declare(strict_types=1);
9
10 namespace PhpMyAdmin\Tests;
11
12 use PhpMyAdmin\Config;
13 use PhpMyAdmin\Core;
14 use PhpMyAdmin\Sanitize;
15 use PhpMyAdmin\Tests\PmaTestCase;
16 use stdClass;
17
18 /**
19 * Tests for PhpMyAdmin\Core class
20 *
21 * @package PhpMyAdmin-test
22 */
23 class CoreTest extends PmaTestCase
24 {
25 protected $goto_whitelist = [
26 'db_datadict.php',
27 'db_sql.php',
28 'db_export.php',
29 'db_search.php',
30 'export.php',
31 'import.php',
32 'index.php',
33 'pdf_pages.php',
34 'pdf_schema.php',
35 'server_binlog.php',
36 'server_variables.php',
37 'sql.php',
38 'tbl_select.php',
39 'transformation_overview.php',
40 'transformation_wrapper.php',
41 'user_password.php',
42 ];
43
44 /**
45 * Setup for test cases
46 *
47 * @return void
48 */
49 protected function setUp(): void
50 {
51 $GLOBALS['server'] = 0;
52 $GLOBALS['db'] = '';
53 $GLOBALS['table'] = '';
54 $GLOBALS['PMA_PHP_SELF'] = 'http://example.net/';
55 }
56
57 /**
58 * Test for Core::arrayRead
59 *
60 * @return void
61 */
62 public function testArrayRead()
63 {
64 $arr = [
65 "int" => 1,
66 "str" => "str_val",
67 "arr" => [
68 'val1',
69 'val2',
70 'val3',
71 ],
72 "sarr" => [
73 'arr1' => [
74 1,
75 2,
76 3,
77 ],
78 [
79 3,
80 [
81 'a',
82 'b',
83 'c',
84 ],
85 4,
86 ],
87 ],
88 ];
89
90 $this->assertEquals(
91 Core::arrayRead('int', $arr),
92 $arr['int']
93 );
94
95 $this->assertEquals(
96 Core::arrayRead('str', $arr),
97 $arr['str']
98 );
99
100 $this->assertEquals(
101 Core::arrayRead('arr/0', $arr),
102 $arr['arr'][0]
103 );
104
105 $this->assertEquals(
106 Core::arrayRead('arr/1', $arr),
107 $arr['arr'][1]
108 );
109
110 $this->assertEquals(
111 Core::arrayRead('arr/2', $arr),
112 $arr['arr'][2]
113 );
114
115 $this->assertEquals(
116 Core::arrayRead('sarr/arr1/0', $arr),
117 $arr['sarr']['arr1'][0]
118 );
119
120 $this->assertEquals(
121 Core::arrayRead('sarr/arr1/1', $arr),
122 $arr['sarr']['arr1'][1]
123 );
124
125 $this->assertEquals(
126 Core::arrayRead('sarr/arr1/2', $arr),
127 $arr['sarr']['arr1'][2]
128 );
129
130 $this->assertEquals(
131 Core::arrayRead('sarr/0/0', $arr),
132 $arr['sarr'][0][0]
133 );
134
135 $this->assertEquals(
136 Core::arrayRead('sarr/0/1', $arr),
137 $arr['sarr'][0][1]
138 );
139
140 $this->assertEquals(
141 Core::arrayRead('sarr/0/1/2', $arr),
142 $arr['sarr'][0][1][2]
143 );
144
145 $this->assertEquals(
146 Core::arrayRead('sarr/not_exiting/1', $arr),
147 null
148 );
149
150 $this->assertEquals(
151 Core::arrayRead('sarr/not_exiting/1', $arr, 0),
152 0
153 );
154
155 $this->assertEquals(
156 Core::arrayRead('sarr/not_exiting/1', $arr, 'default_val'),
157 'default_val'
158 );
159 }
160
161 /**
162 * Test for Core::arrayWrite
163 *
164 * @return void
165 */
166 public function testArrayWrite()
167 {
168 $arr = [
169 "int" => 1,
170 "str" => "str_val",
171 "arr" => [
172 'val1',
173 'val2',
174 'val3',
175 ],
176 "sarr" => [
177 'arr1' => [
178 1,
179 2,
180 3,
181 ],
182 [
183 3,
184 [
185 'a',
186 'b',
187 'c',
188 ],
189 4,
190 ],
191 ],
192 ];
193
194 Core::arrayWrite('int', $arr, 5);
195 $this->assertEquals($arr['int'], 5);
196
197 Core::arrayWrite('str', $arr, '_str');
198 $this->assertEquals($arr['str'], '_str');
199
200 Core::arrayWrite('arr/0', $arr, 'val_arr_0');
201 $this->assertEquals($arr['arr'][0], 'val_arr_0');
202
203 Core::arrayWrite('arr/1', $arr, 'val_arr_1');
204 $this->assertEquals($arr['arr'][1], 'val_arr_1');
205
206 Core::arrayWrite('arr/2', $arr, 'val_arr_2');
207 $this->assertEquals($arr['arr'][2], 'val_arr_2');
208
209 Core::arrayWrite('sarr/arr1/0', $arr, 'val_sarr_arr_0');
210 $this->assertEquals($arr['sarr']['arr1'][0], 'val_sarr_arr_0');
211
212 Core::arrayWrite('sarr/arr1/1', $arr, 'val_sarr_arr_1');
213 $this->assertEquals($arr['sarr']['arr1'][1], 'val_sarr_arr_1');
214
215 Core::arrayWrite('sarr/arr1/2', $arr, 'val_sarr_arr_2');
216 $this->assertEquals($arr['sarr']['arr1'][2], 'val_sarr_arr_2');
217
218 Core::arrayWrite('sarr/0/0', $arr, 5);
219 $this->assertEquals($arr['sarr'][0][0], 5);
220
221 Core::arrayWrite('sarr/0/1/0', $arr, 'e');
222 $this->assertEquals($arr['sarr'][0][1][0], 'e');
223
224 Core::arrayWrite('sarr/not_existing/1', $arr, 'some_val');
225 $this->assertEquals($arr['sarr']['not_existing'][1], 'some_val');
226
227 Core::arrayWrite('sarr/0/2', $arr, null);
228 $this->assertNull($arr['sarr'][0][2]);
229 }
230
231 /**
232 * Test for Core::arrayRemove
233 *
234 * @return void
235 */
236 public function testArrayRemove()
237 {
238 $arr = [
239 "int" => 1,
240 "str" => "str_val",
241 "arr" => [
242 'val1',
243 'val2',
244 'val3',
245 ],
246 "sarr" => [
247 'arr1' => [
248 1,
249 2,
250 3,
251 ],
252 [
253 3,
254 [
255 'a',
256 'b',
257 'c',
258 ],
259 4,
260 ],
261 ],
262 ];
263
264 Core::arrayRemove('int', $arr);
265 $this->assertArrayNotHasKey('int', $arr);
266
267 Core::arrayRemove('str', $arr);
268 $this->assertArrayNotHasKey('str', $arr);
269
270 Core::arrayRemove('arr/0', $arr);
271 $this->assertArrayNotHasKey(0, $arr['arr']);
272
273 Core::arrayRemove('arr/1', $arr);
274 $this->assertArrayNotHasKey(1, $arr['arr']);
275
276 Core::arrayRemove('arr/2', $arr);
277 $this->assertArrayNotHasKey('arr', $arr);
278
279 $tmp_arr = $arr;
280 Core::arrayRemove('sarr/not_existing/1', $arr);
281 $this->assertEquals($tmp_arr, $arr);
282
283 Core::arrayRemove('sarr/arr1/0', $arr);
284 $this->assertArrayNotHasKey(0, $arr['sarr']['arr1']);
285
286 Core::arrayRemove('sarr/arr1/1', $arr);
287 $this->assertArrayNotHasKey(1, $arr['sarr']['arr1']);
288
289 Core::arrayRemove('sarr/arr1/2', $arr);
290 $this->assertArrayNotHasKey('arr1', $arr['sarr']);
291
292 Core::arrayRemove('sarr/0/0', $arr);
293 $this->assertArrayNotHasKey(0, $arr['sarr'][0]);
294
295 Core::arrayRemove('sarr/0/1/0', $arr);
296 $this->assertArrayNotHasKey(0, $arr['sarr'][0][1]);
297
298 Core::arrayRemove('sarr/0/1/1', $arr);
299 $this->assertArrayNotHasKey(1, $arr['sarr'][0][1]);
300
301 Core::arrayRemove('sarr/0/1/2', $arr);
302 $this->assertArrayNotHasKey(1, $arr['sarr'][0]);
303
304 Core::arrayRemove('sarr/0/2', $arr);
305
306 $this->assertEmpty($arr);
307 }
308
309 /**
310 * Test for Core::checkPageValidity
311 *
312 * @param string $page Page
313 * @param array|null $whiteList White list
314 * @param boolean $include whether the page is going to be included
315 * @param int $expected Expected value
316 *
317 * @return void
318 *
319 * @dataProvider providerTestGotoNowhere
320 */
321 public function testGotoNowhere($page, $whiteList, $include, $expected): void
322 {
323 $this->assertSame($expected, Core::checkPageValidity($page, $whiteList, $include));
324 }
325
326 /**
327 * Data provider for testGotoNowhere
328 *
329 * @return array
330 */
331 public function providerTestGotoNowhere()
332 {
333 return [
334 [
335 null,
336 [],
337 false,
338 false,
339 ],
340 [
341 null,
342 [],
343 true,
344 false,
345 ],
346 [
347 'export.php',
348 [],
349 false,
350 true,
351 ],
352 [
353 'export.php',
354 [],
355 true,
356 true,
357 ],
358 [
359 'export.php',
360 $this->goto_whitelist,
361 false,
362 true,
363 ],
364 [
365 'export.php',
366 $this->goto_whitelist,
367 true,
368 true,
369 ],
370 [
371 'shell.php',
372 $this->goto_whitelist,
373 false,
374 false,
375 ],
376 [
377 'shell.php',
378 $this->goto_whitelist,
379 true,
380 false,
381 ],
382 [
383 'index.php?sql.php&test=true',
384 $this->goto_whitelist,
385 false,
386 true,
387 ],
388 [
389 'index.php?sql.php&test=true',
390 $this->goto_whitelist,
391 true,
392 false,
393 ],
394 [
395 'index.php%3Fsql.php%26test%3Dtrue',
396 $this->goto_whitelist,
397 false,
398 true,
399 ],
400 [
401 'index.php%3Fsql.php%26test%3Dtrue',
402 $this->goto_whitelist,
403 true,
404 false,
405 ],
406 ];
407 }
408
409 /**
410 * Test for Core::cleanupPathInfo
411 *
412 * @param string $php_self The PHP_SELF value
413 * @param string $request The REQUEST_URI value
414 * @param string $path_info The PATH_INFO value
415 * @param string $expected Expected result
416 *
417 * @return void
418 *
419 * @dataProvider providerTestPathInfo
420 */
421 public function testPathInfo($php_self, $request, $path_info, $expected): void
422 {
423 $_SERVER['PHP_SELF'] = $php_self;
424 $_SERVER['REQUEST_URI'] = $request;
425 $_SERVER['PATH_INFO'] = $path_info;
426 Core::cleanupPathInfo();
427 $this->assertEquals(
428 $expected,
429 $GLOBALS['PMA_PHP_SELF']
430 );
431 }
432
433 /**
434 * Data provider for Core::cleanupPathInfo tests
435 *
436 * @return array
437 */
438 public function providerTestPathInfo()
439 {
440 return [
441 [
442 '/phpmyadmin/index.php/; cookieinj=value/',
443 '/phpmyadmin/index.php/;%20cookieinj=value///',
444 '/; cookieinj=value/',
445 '/phpmyadmin/index.php',
446 ],
447 [
448 '',
449 '/phpmyadmin/index.php/;%20cookieinj=value///',
450 '/; cookieinj=value/',
451 '/phpmyadmin/index.php',
452 ],
453 [
454 '',
455 '//example.com/../phpmyadmin/index.php',
456 '',
457 '/phpmyadmin/index.php',
458 ],
459 [
460 '',
461 '//example.com/../../.././phpmyadmin/index.php',
462 '',
463 '/phpmyadmin/index.php',
464 ],
465 [
466 '',
467 '/page.php/malicouspathinfo?malicouspathinfo',
468 'malicouspathinfo',
469 '/page.php',
470 ],
471 [
472 '/phpmyadmin/./index.php',
473 '/phpmyadmin/./index.php',
474 '',
475 '/phpmyadmin/index.php',
476 ],
477 [
478 '/phpmyadmin/index.php',
479 '/phpmyadmin/index.php',
480 '',
481 '/phpmyadmin/index.php',
482 ],
483 [
484 '',
485 '/phpmyadmin/index.php',
486 '',
487 '/phpmyadmin/index.php',
488 ],
489 ];
490 }
491
492 /**
493 * Test for Core::fatalError
494 *
495 * @return void
496 */
497 public function testFatalErrorMessage()
498 {
499 $this->expectOutputRegex("/FatalError!/");
500 Core::fatalError("FatalError!");
501 }
502
503 /**
504 * Test for Core::fatalError
505 *
506 * @return void
507 */
508 public function testFatalErrorMessageWithArgs()
509 {
510 $message = "Fatal error #%d in file %s.";
511 $params = [
512 1,
513 'error_file.php',
514 ];
515
516 $this->expectOutputRegex("/Fatal error #1 in file error_file.php./");
517 Core::fatalError($message, $params);
518
519 $message = "Fatal error in file %s.";
520 $params = 'error_file.php';
521
522 $this->expectOutputRegex("/Fatal error in file error_file.php./");
523 Core::fatalError($message, $params);
524 }
525
526 /**
527 * Test for Core::getRealSize
528 *
529 * @param string $size Size
530 * @param int $expected Expected value
531 *
532 * @return void
533 *
534 * @dataProvider providerTestGetRealSize
535 */
536 public function testGetRealSize($size, $expected): void
537 {
538 $this->assertEquals($expected, Core::getRealSize($size));
539 }
540
541 /**
542 * Data provider for testGetRealSize
543 *
544 * @return array
545 */
546 public function providerTestGetRealSize()
547 {
548 return [
549 [
550 '0',
551 0,
552 ],
553 [
554 '1kb',
555 1024,
556 ],
557 [
558 '1024k',
559 1024 * 1024,
560 ],
561 [
562 '8m',
563 8 * 1024 * 1024,
564 ],
565 [
566 '12gb',
567 12 * 1024 * 1024 * 1024,
568 ],
569 [
570 '1024',
571 1024,
572 ],
573 [
574 '8000m',
575 8 * 1000 * 1024 * 1024,
576 ],
577 [
578 '8G',
579 8 * 1024 * 1024 * 1024,
580 ],
581 ];
582 }
583
584 /**
585 * Test for Core::getPHPDocLink
586 *
587 * @return void
588 */
589 public function testGetPHPDocLink()
590 {
591 $lang = _pgettext('PHP documentation language', 'en');
592 $this->assertEquals(
593 Core::getPHPDocLink('function'),
594 './url.php?url=https%3A%2F%2Fsecure.php.net%2Fmanual%2F'
595 . $lang . '%2Ffunction'
596 );
597 }
598
599 /**
600 * Test for Core::linkURL
601 *
602 * @param string $link URL where to go
603 * @param string $url Expected value
604 *
605 * @return void
606 *
607 * @dataProvider providerTestLinkURL
608 */
609 public function testLinkURL($link, $url): void
610 {
611 $this->assertEquals(Core::linkURL($link), $url);
612 }
613
614 /**
615 * Data provider for testLinkURL
616 *
617 * @return array
618 */
619 public function providerTestLinkURL()
620 {
621 return [
622 [
623 'https://wiki.phpmyadmin.net',
624 './url.php?url=https%3A%2F%2Fwiki.phpmyadmin.net',
625 ],
626 [
627 'https://wiki.phpmyadmin.net',
628 './url.php?url=https%3A%2F%2Fwiki.phpmyadmin.net',
629 ],
630 [
631 'wiki.phpmyadmin.net',
632 'wiki.phpmyadmin.net',
633 ],
634 [
635 'index.php?db=phpmyadmin',
636 'index.php?db=phpmyadmin',
637 ],
638 ];
639 }
640
641 /**
642 * Test for Core::sendHeaderLocation
643 *
644 * @return void
645 */
646 public function testSendHeaderLocationWithoutSidWithIis()
647 {
648 $GLOBALS['server'] = 0;
649 $GLOBALS['PMA_Config'] = new Config();
650 $GLOBALS['PMA_Config']->enableBc();
651 $GLOBALS['PMA_Config']->set('PMA_IS_IIS', true);
652
653 $testUri = 'https://example.com/test.php';
654
655 $this->mockResponse('Location: ' . $testUri);
656 Core::sendHeaderLocation($testUri); // sets $GLOBALS['header']
657
658 $this->tearDown();
659
660 $this->mockResponse('Refresh: 0; ' . $testUri);
661 Core::sendHeaderLocation($testUri, true); // sets $GLOBALS['header']
662 }
663
664 /**
665 * Test for Core::sendHeaderLocation
666 *
667 * @return void
668 */
669 public function testSendHeaderLocationWithoutSidWithoutIis()
670 {
671 $GLOBALS['server'] = 0;
672 $GLOBALS['PMA_Config'] = new Config();
673 $GLOBALS['PMA_Config']->enableBc();
674 $GLOBALS['PMA_Config']->set('PMA_IS_IIS', null);
675
676 $testUri = 'https://example.com/test.php';
677
678 $this->mockResponse('Location: ' . $testUri);
679 Core::sendHeaderLocation($testUri); // sets $GLOBALS['header']
680 }
681
682 /**
683 * Test for Core::sendHeaderLocation
684 *
685 * @return void
686 */
687 public function testSendHeaderLocationIisLongUri()
688 {
689 $GLOBALS['server'] = 0;
690 $GLOBALS['PMA_Config'] = new Config();
691 $GLOBALS['PMA_Config']->enableBc();
692 $GLOBALS['PMA_Config']->set('PMA_IS_IIS', true);
693
694 // over 600 chars
695 $testUri = 'https://example.com/test.php?testlonguri=over600chars&test=test'
696 . '&test=test&test=test&test=test&test=test&test=test&test=test'
697 . '&test=test&test=test&test=test&test=test&test=test&test=test'
698 . '&test=test&test=test&test=test&test=test&test=test&test=test'
699 . '&test=test&test=test&test=test&test=test&test=test&test=test'
700 . '&test=test&test=test&test=test&test=test&test=test&test=test'
701 . '&test=test&test=test&test=test&test=test&test=test&test=test'
702 . '&test=test&test=test&test=test&test=test&test=test&test=test'
703 . '&test=test&test=test&test=test&test=test&test=test&test=test'
704 . '&test=test&test=test&test=test&test=test&test=test&test=test'
705 . '&test=test&test=test';
706 $testUri_html = htmlspecialchars($testUri);
707 $testUri_js = Sanitize::escapeJsString($testUri);
708
709 $header = "<html>\n<head>\n <title>- - -</title>"
710 . "\n <meta http-equiv=\"expires\" content=\"0\">"
711 . "\n <meta http-equiv=\"Pragma\" content=\"no-cache\">"
712 . "\n <meta http-equiv=\"Cache-Control\" content=\"no-cache\">"
713 . "\n <meta http-equiv=\"Refresh\" content=\"0;url=" . $testUri_html . "\">"
714 . "\n <script type=\"text/javascript\">\n //<![CDATA["
715 . "\n setTimeout(function() { window.location = decodeURI('" . $testUri_js . "'); }, 2000);"
716 . "\n //]]>\n </script>\n</head>"
717 . "\n<body>\n<script type=\"text/javascript\">\n //<![CDATA["
718 . "\n document.write('<p><a href=\"" . $testUri_html . "\">" . __('Go') . "</a></p>');"
719 . "\n //]]>\n</script>\n</body>\n</html>\n";
720
721 $this->expectOutputString($header);
722
723 $this->mockResponse();
724
725 Core::sendHeaderLocation($testUri);
726 }
727
728 /**
729 * Test for Core::ifSetOr
730 *
731 * @return void
732 */
733 public function testVarSet()
734 {
735 $default = 'foo';
736 $in = 'bar';
737 $out = Core::ifSetOr($in, $default);
738 $this->assertEquals($in, $out);
739 }
740
741 /**
742 * Test for Core::ifSetOr
743 *
744 * @return void
745 */
746 public function testVarSetWrongType()
747 {
748 $default = 'foo';
749 $in = 'bar';
750 $out = Core::ifSetOr($in, $default, 'boolean');
751 $this->assertEquals($out, $default);
752 }
753
754 /**
755 * Test for Core::ifSetOr
756 *
757 * @return void
758 */
759 public function testVarNotSet()
760 {
761 $default = 'foo';
762 // $in is not set!
763 $out = Core::ifSetOr($in, $default);
764 $this->assertEquals($out, $default);
765 }
766
767 /**
768 * Test for Core::ifSetOr
769 *
770 * @return void
771 */
772 public function testVarNotSetNoDefault()
773 {
774 // $in is not set!
775 $out = Core::ifSetOr($in);
776 $this->assertNull($out);
777 }
778
779 /**
780 * Test for unserializing
781 *
782 * @param string $url URL to test
783 * @param mixed $expected Expected result
784 *
785 * @return void
786 *
787 * @dataProvider provideTestIsAllowedDomain
788 */
789 public function testIsAllowedDomain($url, $expected): void
790 {
791 $_SERVER['SERVER_NAME'] = 'server.local';
792 $this->assertEquals(
793 $expected,
794 Core::isAllowedDomain($url)
795 );
796 }
797
798 /**
799 * Test data provider
800 *
801 * @return array
802 */
803 public function provideTestIsAllowedDomain()
804 {
805 return [
806 [
807 'https://www.phpmyadmin.net/',
808 true,
809 ],
810 [
811 'http://duckduckgo.com\\@github.com',
812 false,
813 ],
814 [
815 'https://github.com/',
816 true,
817 ],
818 [
819 'https://github.com:123/',
820 false,
821 ],
822 [
823 'https://user:pass@github.com:123/',
824 false,
825 ],
826 [
827 'https://user:pass@github.com/',
828 false,
829 ],
830 [
831 'https://server.local/',
832 true,
833 ],
834 [
835 './relative/',
836 false,
837 ],
838 ];
839 }
840
841 /**
842 * Test for Core::isValid
843 *
844 * @param mixed $var Variable to check
845 * @param mixed $type Type
846 * @param mixed $compare Compared value
847 *
848 * @return void
849 *
850 * @dataProvider providerTestNoVarType
851 */
852 public function testNoVarType($var, $type, $compare): void
853 {
854 $this->assertTrue(Core::isValid($var, $type, $compare));
855 }
856
857 /**
858 * Data provider for testNoVarType
859 *
860 * @return array
861 */
862 public static function providerTestNoVarType()
863 {
864 return [
865 [
866 0,
867 false,
868 0,
869 ],
870 [
871 0,
872 false,
873 1,
874 ],
875 [
876 1,
877 false,
878 null,
879 ],
880 [
881 1.1,
882 false,
883 null,
884 ],
885 [
886 '',
887 false,
888 null,
889 ],
890 [
891 ' ',
892 false,
893 null,
894 ],
895 [
896 '0',
897 false,
898 null,
899 ],
900 [
901 'string',
902 false,
903 null,
904 ],
905 [
906 [],
907 false,
908 null,
909 ],
910 [
911 [
912 1,
913 2,
914 3,
915 ],
916 false,
917 null,
918 ],
919 [
920 true,
921 false,
922 null,
923 ],
924 [
925 false,
926 false,
927 null,
928 ],
929 ];
930 }
931
932 /**
933 * Test for Core::isValid
934 *
935 * @return void
936 */
937 public function testVarNotSetAfterTest()
938 {
939 Core::isValid($var);
940 $this->assertFalse(isset($var));
941 }
942
943 /**
944 * Test for Core::isValid
945 *
946 * @return void
947 */
948 public function testNotSet()
949 {
950 $this->assertFalse(Core::isValid($var));
951 }
952
953 /**
954 * Test for Core::isValid
955 *
956 * @return void
957 */
958 public function testEmptyString()
959 {
960 $var = '';
961 $this->assertFalse(Core::isValid($var));
962 }
963
964 /**
965 * Test for Core::isValid
966 *
967 * @return void
968 */
969 public function testNotEmptyString()
970 {
971 $var = '0';
972 $this->assertTrue(Core::isValid($var));
973 }
974
975 /**
976 * Test for Core::isValid
977 *
978 * @return void
979 */
980 public function testZero()
981 {
982 $var = 0;
983 $this->assertTrue(Core::isValid($var));
984 $this->assertTrue(Core::isValid($var, 'int'));
985 }
986
987 /**
988 * Test for Core::isValid
989 *
990 * @return void
991 */
992 public function testNullFail()
993 {
994 $var = null;
995 $this->assertFalse(Core::isValid($var));
996
997 $var = 'null_text';
998 $this->assertFalse(Core::isValid($var, 'null'));
999 }
1000
1001 /**
1002 * Test for Core::isValid
1003 *
1004 * @return void
1005 */
1006 public function testNotSetArray()
1007 {
1008 /** @var $array undefined array */
1009 $this->assertFalse(Core::isValid($array['x']));
1010 }
1011
1012 /**
1013 * Test for Core::isValid
1014 *
1015 * @return void
1016 */
1017 public function testScalarString()
1018 {
1019 $var = 'string';
1020 $this->assertTrue(Core::isValid($var, 'len'));
1021 $this->assertTrue(Core::isValid($var, 'scalar'));
1022 $this->assertTrue(Core::isValid($var));
1023 }
1024
1025 /**
1026 * Test for Core::isValid
1027 *
1028 * @return void
1029 */
1030 public function testScalarInt()
1031 {
1032 $var = 1;
1033 $this->assertTrue(Core::isValid($var, 'int'));
1034 $this->assertTrue(Core::isValid($var, 'scalar'));
1035 }
1036
1037 /**
1038 * Test for Core::isValid
1039 *
1040 * @return void
1041 */
1042 public function testScalarFloat()
1043 {
1044 $var = 1.1;
1045 $this->assertTrue(Core::isValid($var, 'float'));
1046 $this->assertTrue(Core::isValid($var, 'double'));
1047 $this->assertTrue(Core::isValid($var, 'scalar'));
1048 }
1049
1050 /**
1051 * Test for Core::isValid
1052 *
1053 * @return void
1054 */
1055 public function testScalarBool()
1056 {
1057 $var = true;
1058 $this->assertTrue(Core::isValid($var, 'scalar'));
1059 $this->assertTrue(Core::isValid($var, 'bool'));
1060 $this->assertTrue(Core::isValid($var, 'boolean'));
1061 }
1062
1063 /**
1064 * Test for Core::isValid
1065 *
1066 * @return void
1067 */
1068 public function testNotScalarArray()
1069 {
1070 $var = ['test'];
1071 $this->assertFalse(Core::isValid($var, 'scalar'));
1072 }
1073
1074 /**
1075 * Test for Core::isValid
1076 *
1077 * @return void
1078 */
1079 public function testNotScalarNull()
1080 {
1081 $var = null;
1082 $this->assertFalse(Core::isValid($var, 'scalar'));
1083 }
1084
1085 /**
1086 * Test for Core::isValid
1087 *
1088 * @return void
1089 */
1090 public function testNumericInt()
1091 {
1092 $var = 1;
1093 $this->assertTrue(Core::isValid($var, 'numeric'));
1094 }
1095
1096 /**
1097 * Test for Core::isValid
1098 *
1099 * @return void
1100 */
1101 public function testNumericFloat()
1102 {
1103 $var = 1.1;
1104 $this->assertTrue(Core::isValid($var, 'numeric'));
1105 }
1106
1107 /**
1108 * Test for Core::isValid
1109 *
1110 * @return void
1111 */
1112 public function testNumericZero()
1113 {
1114 $var = 0;
1115 $this->assertTrue(Core::isValid($var, 'numeric'));
1116 }
1117
1118 /**
1119 * Test for Core::isValid
1120 *
1121 * @return void
1122 */
1123 public function testNumericString()
1124 {
1125 $var = '+0.1';
1126 $this->assertTrue(Core::isValid($var, 'numeric'));
1127 }
1128
1129 /**
1130 * Test for Core::isValid
1131 *
1132 * @return void
1133 */
1134 public function testValueInArray()
1135 {
1136 $var = 'a';
1137 $this->assertTrue(Core::isValid($var, ['a', 'b']));
1138 }
1139
1140 /**
1141 * Test for Core::isValid
1142 *
1143 * @return void
1144 */
1145 public function testValueNotInArray()
1146 {
1147 $var = 'c';
1148 $this->assertFalse(Core::isValid($var, ['a', 'b']));
1149 }
1150
1151 /**
1152 * Test for Core::isValid
1153 *
1154 * @return void
1155 */
1156 public function testNumericIdentical()
1157 {
1158 $var = 1;
1159 $compare = 1;
1160 $this->assertTrue(Core::isValid($var, 'identic', $compare));
1161
1162 $var = 1;
1163 $compare += 2;
1164 $this->assertFalse(Core::isValid($var, 'identic', $compare));
1165
1166 $var = 1;
1167 $compare = '1';
1168 $this->assertFalse(Core::isValid($var, 'identic', $compare));
1169 }
1170
1171
1172 /**
1173 * Test for Core::isValid
1174 *
1175 * @param mixed $var Variable
1176 * @param mixed $compare Compare
1177 *
1178 * @return void
1179 *
1180 * @dataProvider provideTestSimilarType
1181 */
1182 public function testSimilarType($var, $compare): void
1183 {
1184 $this->assertTrue(Core::isValid($var, 'similar', $compare));
1185 $this->assertTrue(Core::isValid($var, 'equal', $compare));
1186 $this->assertTrue(Core::isValid($compare, 'similar', $var));
1187 $this->assertTrue(Core::isValid($compare, 'equal', $var));
1188 }
1189
1190 /**
1191 * Data provider for testSimilarType
1192 *
1193 * @return array
1194 */
1195 public function provideTestSimilarType()
1196 {
1197 return [
1198 [
1199 1,
1200 1,
1201 ],
1202 [
1203 1.5,
1204 1.5,
1205 ],
1206 [
1207 true,
1208 true,
1209 ],
1210 [
1211 'string',
1212 "string",
1213 ],
1214 [
1215 [
1216 1,
1217 2,
1218 3.4,
1219 ],
1220 [
1221 1,
1222 2,
1223 3.4,
1224 ],
1225 ],
1226 [
1227 [
1228 1,
1229 '2',
1230 '3.4',
1231 5,
1232 'text',
1233 ],
1234 [
1235 '1',
1236 '2',
1237 3.4,
1238 '5',
1239 ],
1240 ],
1241 ];
1242 }
1243
1244 /**
1245 * Test for Core::isValid
1246 *
1247 * @return void
1248 */
1249 public function testOtherTypes()
1250 {
1251 $var = new CoreTest();
1252 $this->assertFalse(Core::isValid($var, 'class'));
1253 }
1254
1255 /**
1256 * Test for unserializing
1257 *
1258 * @param string $data Serialized data
1259 * @param mixed $expected Expected result
1260 *
1261 * @return void
1262 *
1263 * @dataProvider provideTestSafeUnserialize
1264 */
1265 public function testSafeUnserialize($data, $expected): void
1266 {
1267 $this->assertEquals(
1268 $expected,
1269 Core::safeUnserialize($data)
1270 );
1271 }
1272
1273 /**
1274 * Test data provider
1275 *
1276 * @return array
1277 */
1278 public function provideTestSafeUnserialize()
1279 {
1280 return [
1281 [
1282 's:6:"foobar";',
1283 'foobar',
1284 ],
1285 [
1286 'foobar',
1287 null,
1288 ],
1289 [
1290 'b:0;',
1291 false,
1292 ],
1293 [
1294 'O:1:"a":1:{s:5:"value";s:3:"100";}',
1295 null,
1296 ],
1297 [
1298 'O:8:"stdClass":1:{s:5:"field";O:8:"stdClass":0:{}}',
1299 null,
1300 ],
1301 [
1302 'a:2:{i:0;s:90:"1234567890;a345678901234567890123456789012345678901234567890123456789012345678901234567890";i:1;O:8:"stdClass":0:{}}',
1303 null,
1304 ],
1305 [
1306 serialize([1, 2, 3]),
1307 [
1308 1,
1309 2,
1310 3,
1311 ],
1312 ],
1313 [
1314 serialize('string""'),
1315 'string""',
1316 ],
1317 [
1318 serialize(['foo' => 'bar']),
1319 ['foo' => 'bar'],
1320 ],
1321 [
1322 serialize(['1', new stdClass(), '2']),
1323 null,
1324 ],
1325 ];
1326 }
1327
1328 /**
1329 * Test for MySQL host sanitizing
1330 *
1331 * @param string $host Test host name
1332 * @param string $expected Expected result
1333 *
1334 * @return void
1335 *
1336 * @dataProvider provideTestSanitizeMySQLHost
1337 */
1338 public function testSanitizeMySQLHost($host, $expected): void
1339 {
1340 $this->assertEquals(
1341 $expected,
1342 Core::sanitizeMySQLHost($host)
1343 );
1344 }
1345
1346 /**
1347 * Test data provider
1348 *
1349 * @return array
1350 */
1351 public function provideTestSanitizeMySQLHost()
1352 {
1353 return [
1354 [
1355 'p:foo.bar',
1356 'foo.bar',
1357 ],
1358 [
1359 'p:p:foo.bar',
1360 'foo.bar',
1361 ],
1362 [
1363 'bar.baz',
1364 'bar.baz',
1365 ],
1366 [
1367 'P:example.com',
1368 'example.com',
1369 ],
1370 ];
1371 }
1372
1373 /**
1374 * Test for replacing dots.
1375 *
1376 * @return void
1377 */
1378 public function testReplaceDots()
1379 {
1380 $this->assertEquals(
1381 Core::securePath('../../../etc/passwd'),
1382 './././etc/passwd'
1383 );
1384 $this->assertEquals(
1385 Core::securePath('/var/www/../phpmyadmin'),
1386 '/var/www/./phpmyadmin'
1387 );
1388 $this->assertEquals(
1389 Core::securePath('./path/with..dots/../../file..php'),
1390 './path/with.dots/././file.php'
1391 );
1392 }
1393
1394 /**
1395 * Test for Core::warnMissingExtension
1396 *
1397 * @return void
1398 */
1399 public function testMissingExtensionFatal()
1400 {
1401 $ext = 'php_ext';
1402 $warn = 'The <a href="' . Core::getPHPDocLink('book.' . $ext . '.php')
1403 . '" target="Documentation"><em>' . $ext
1404 . '</em></a> extension is missing. Please check your PHP configuration.';
1405
1406 $this->expectOutputRegex('@' . preg_quote($warn, '@') . '@');
1407
1408 Core::warnMissingExtension($ext, true);
1409 }
1410
1411 /**
1412 * Test for Core::warnMissingExtension
1413 *
1414 * @return void
1415 */
1416 public function testMissingExtensionFatalWithExtra()
1417 {
1418 $ext = 'php_ext';
1419 $extra = 'Appended Extra String';
1420
1421 $warn = 'The <a href="' . Core::getPHPDocLink('book.' . $ext . '.php')
1422 . '" target="Documentation"><em>' . $ext
1423 . '</em></a> extension is missing. Please check your PHP configuration.'
1424 . ' ' . $extra;
1425
1426 ob_start();
1427 Core::warnMissingExtension($ext, true, $extra);
1428 $printed = ob_get_contents();
1429 ob_end_clean();
1430
1431 $this->assertGreaterThan(0, mb_strpos($printed, $warn));
1432 }
1433
1434 /**
1435 * Test for Core::signSqlQuery
1436 *
1437 * @return void
1438 */
1439 public function testSignSqlQuery()
1440 {
1441 $_SESSION[' HMAC_secret '] = hash('sha1', 'test');
1442 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1443 $signature = Core::signSqlQuery($sqlQuery);
1444 $hmac = '33371e8680a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3a4ffe2';
1445 $this->assertSame($hmac, $signature, 'The signature must match the computed one');
1446 }
1447
1448 /**
1449 * Test for Core::checkSqlQuerySignature
1450 *
1451 * @return void
1452 */
1453 public function testCheckSqlQuerySignature()
1454 {
1455 $_SESSION[' HMAC_secret '] = hash('sha1', 'test');
1456 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1457 $hmac = '33371e8680a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3a4ffe2';
1458 $this->assertTrue(Core::checkSqlQuerySignature($sqlQuery, $hmac));
1459 }
1460
1461 /**
1462 * Test for Core::checkSqlQuerySignature
1463 *
1464 * @return void
1465 */
1466 public function testCheckSqlQuerySignatureFails()
1467 {
1468 $_SESSION[' HMAC_secret '] = hash('sha1', '132654987gguieunofz');
1469 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1470 $hmac = '33371e8680a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3a4ffe2';
1471 $this->assertFalse(Core::checkSqlQuerySignature($sqlQuery, $hmac));
1472 }
1473
1474 /**
1475 * Test for Core::checkSqlQuerySignature
1476 *
1477 * @return void
1478 */
1479 public function testCheckSqlQuerySignatureFailsBadHash()
1480 {
1481 $_SESSION[' HMAC_secret '] = hash('sha1', 'test');
1482 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1483 $hmac = '3333333380a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3eeeeee';
1484 $this->assertFalse(Core::checkSqlQuerySignature($sqlQuery, $hmac));
1485 }
1486
1487 /**
1488 * Test for Core::checkSqlQuerySignature
1489 *
1490 * @return void
1491 */
1492 public function testCheckSqlQuerySignatureFailsNoSession()
1493 {
1494 $_SESSION[' HMAC_secret '] = 'empty';
1495 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1496 $hmac = '3333333380a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3eeeeee';
1497 $this->assertFalse(Core::checkSqlQuerySignature($sqlQuery, $hmac));
1498 }
1499
1500 /**
1501 * Test for Core::checkSqlQuerySignature
1502 *
1503 * @return void
1504 */
1505 public function testCheckSqlQuerySignatureFailsFromAnotherSession()
1506 {
1507 $_SESSION[' HMAC_secret '] = hash('sha1', 'firstSession');
1508 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1509 $hmac = Core::signSqlQuery($sqlQuery);
1510 $this->assertTrue(Core::checkSqlQuerySignature($sqlQuery, $hmac));
1511 $_SESSION[' HMAC_secret '] = hash('sha1', 'secondSession');
1512 // Try to use the token (hmac) from the previous session
1513 $this->assertFalse(Core::checkSqlQuerySignature($sqlQuery, $hmac));
1514 }
1515
1516 /**
1517 * Test for Core::checkSqlQuerySignature
1518 *
1519 * @return void
1520 */
1521 public function testCheckSqlQuerySignatureFailsBlowfishSecretChanged()
1522 {
1523 $GLOBALS['cfg']['blowfish_secret'] = '';
1524 $_SESSION[' HMAC_secret '] = hash('sha1', 'firstSession');
1525 $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
1526 $hmac = Core::signSqlQuery($sqlQuery);
1527 $this->assertTrue(Core::checkSqlQuerySignature($sqlQuery, $hmac));
1528 $GLOBALS['cfg']['blowfish_secret'] = '32154987zd';
1529 // Try to use the previous HMAC signature
1530 $this->assertFalse(Core::checkSqlQuerySignature($sqlQuery, $hmac));
1531
1532 $GLOBALS['cfg']['blowfish_secret'] = '32154987zd';
1533 // Generate the HMAC signature to check that it works
1534 $hmac = Core::signSqlQuery($sqlQuery);
1535 // Must work now, (good secret and blowfish_secret)
1536 $this->assertTrue(Core::checkSqlQuerySignature($sqlQuery, $hmac));
1537 }
1538 }
phpMyAdmin