update core to 7.36
This commit is contained in:
Bachir Soussi Chiadmi
@@ -93,6 +93,11 @@ class BootstrapIPAddressTestCase extends DrupalWebTestCase {
|
||||
$this->assertFalse(drupal_valid_http_host('security\\.drupal.org:80'), 'HTTP_HOST with \\ is invalid');
|
||||
$this->assertFalse(drupal_valid_http_host('security<.drupal.org:80'), 'HTTP_HOST with < is invalid');
|
||||
$this->assertFalse(drupal_valid_http_host('security..drupal.org:80'), 'HTTP_HOST with .. is invalid');
|
||||
// Verifies that host names are shorter than 1000 characters.
|
||||
$this->assertFalse(drupal_valid_http_host(str_repeat('x', 1001)), 'HTTP_HOST with more than 1000 characters is invalid.');
|
||||
$this->assertFalse(drupal_valid_http_host(str_repeat('.', 101)), 'HTTP_HOST with more than 100 subdomains is invalid.');
|
||||
$this->assertFalse(drupal_valid_http_host(str_repeat(':', 101)), 'HTTP_HOST with more than 100 portseparators is invalid.');
|
||||
|
||||
// IPv6 loopback address
|
||||
$this->assertTrue(drupal_valid_http_host('[::1]:80'), 'HTTP_HOST containing IPv6 loopback is valid');
|
||||
}
|
||||
@@ -139,7 +144,7 @@ class BootstrapPageCacheTestCase extends DrupalWebTestCase {
|
||||
$this->assertResponse(200, 'Conditional request without If-None-Match returned 200 OK.');
|
||||
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
|
||||
|
||||
$this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC1123, strtotime($last_modified) + 1), 'If-None-Match: ' . $etag));
|
||||
$this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC7231, strtotime($last_modified) + 1), 'If-None-Match: ' . $etag));
|
||||
$this->assertResponse(200, 'Conditional request with new a If-Modified-Since date newer than Last-Modified returned 200 OK.');
|
||||
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
|
||||
|
||||
@@ -148,6 +153,8 @@ class BootstrapPageCacheTestCase extends DrupalWebTestCase {
|
||||
$this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified, 'If-None-Match: ' . $etag));
|
||||
$this->assertResponse(200, 'Conditional request returned 200 OK for authenticated user.');
|
||||
$this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Absense of Page was not cached.');
|
||||
$this->assertFalse($this->drupalGetHeader('ETag'), 'ETag HTTP headers are not present for logged in users.');
|
||||
$this->assertFalse($this->drupalGetHeader('Last-Modified'), 'Last-Modified HTTP headers are not present for logged in users.');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -281,6 +288,35 @@ class BootstrapVariableTestCase extends DrupalWebTestCase {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests the auto-loading behavior of the code registry.
|
||||
*/
|
||||
class BootstrapAutoloadTestCase extends DrupalWebTestCase {
|
||||
|
||||
public static function getInfo() {
|
||||
return array(
|
||||
'name' => 'Code registry',
|
||||
'description' => 'Test that the code registry functions correctly.',
|
||||
'group' => 'Bootstrap',
|
||||
);
|
||||
}
|
||||
|
||||
function setUp() {
|
||||
parent::setUp('drupal_autoload_test');
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests that autoloader name matching is not case sensitive.
|
||||
*/
|
||||
function testAutoloadCase() {
|
||||
// Test interface autoloader.
|
||||
$this->assertTrue(drupal_autoload_interface('drupalautoloadtestinterface'), 'drupal_autoload_interface() recognizes <em>DrupalAutoloadTestInterface</em> in lower case.');
|
||||
// Test class autoloader.
|
||||
$this->assertTrue(drupal_autoload_class('drupalautoloadtestclass'), 'drupal_autoload_class() recognizes <em>DrupalAutoloadTestClass</em> in lower case.');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Test hook_boot() and hook_exit().
|
||||
*/
|
||||
@@ -541,3 +577,85 @@ class BootstrapOverrideServerVariablesTestCase extends DrupalUnitTestCase {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests for $_GET['destination'] and $_REQUEST['destination'] validation.
|
||||
*/
|
||||
class BootstrapDestinationTestCase extends DrupalWebTestCase {
|
||||
|
||||
public static function getInfo() {
|
||||
return array(
|
||||
'name' => 'URL destination validation',
|
||||
'description' => 'Test that $_GET[\'destination\'] and $_REQUEST[\'destination\'] cannot contain external URLs.',
|
||||
'group' => 'Bootstrap',
|
||||
);
|
||||
}
|
||||
|
||||
function setUp() {
|
||||
parent::setUp('system_test');
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests that $_GET/$_REQUEST['destination'] only contain internal URLs.
|
||||
*
|
||||
* @see _drupal_bootstrap_variables()
|
||||
* @see system_test_get_destination()
|
||||
* @see system_test_request_destination()
|
||||
*/
|
||||
public function testDestination() {
|
||||
$test_cases = array(
|
||||
array(
|
||||
'input' => 'node',
|
||||
'output' => 'node',
|
||||
'message' => "Standard internal example node path is present in the 'destination' parameter.",
|
||||
),
|
||||
array(
|
||||
'input' => '/example.com',
|
||||
'output' => '/example.com',
|
||||
'message' => 'Internal path with one leading slash is allowed.',
|
||||
),
|
||||
array(
|
||||
'input' => '//example.com/test',
|
||||
'output' => '',
|
||||
'message' => 'External URL without scheme is not allowed.',
|
||||
),
|
||||
array(
|
||||
'input' => 'example:test',
|
||||
'output' => 'example:test',
|
||||
'message' => 'Internal URL using a colon is allowed.',
|
||||
),
|
||||
array(
|
||||
'input' => 'http://example.com',
|
||||
'output' => '',
|
||||
'message' => 'External URL is not allowed.',
|
||||
),
|
||||
array(
|
||||
'input' => 'javascript:alert(0)',
|
||||
'output' => 'javascript:alert(0)',
|
||||
'message' => 'Javascript URL is allowed because it is treated as an internal URL.',
|
||||
),
|
||||
);
|
||||
foreach ($test_cases as $test_case) {
|
||||
// Test $_GET['destination'].
|
||||
$this->drupalGet('system-test/get-destination', array('query' => array('destination' => $test_case['input'])));
|
||||
$this->assertIdentical($test_case['output'], $this->drupalGetContent(), $test_case['message']);
|
||||
// Test $_REQUEST['destination']. There's no form to submit to, so
|
||||
// drupalPost() won't work here; this just tests a direct $_POST request
|
||||
// instead.
|
||||
$curl_parameters = array(
|
||||
CURLOPT_URL => $this->getAbsoluteUrl('system-test/request-destination'),
|
||||
CURLOPT_POST => TRUE,
|
||||
CURLOPT_POSTFIELDS => 'destination=' . urlencode($test_case['input']),
|
||||
CURLOPT_HTTPHEADER => array(),
|
||||
);
|
||||
$post_output = $this->curlExec($curl_parameters);
|
||||
$this->assertIdentical($test_case['output'], $post_output, $test_case['message']);
|
||||
}
|
||||
|
||||
// Make sure that 404 pages do not populate $_GET['destination'] with
|
||||
// external URLs.
|
||||
variable_set('site_404', 'system-test/get-destination');
|
||||
$this->drupalGet('http://example.com', array('external' => FALSE));
|
||||
$this->assertIdentical('', $this->drupalGetContent(), 'External URL is not allowed on 404 pages.');
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user