Home Explore Help
Sign In
bachir
/
edlp_d8
1
0
Fork 0
Files Issues 8 Pull Requests 0 Wiki
Tree: fc8365264d
Branches Tags
edlp_d8
/
core
/
tests
/
Drupal
/
KernelTests
/
Core
/
Routing
/
ExceptionHandlingTest.php

ExceptionHandlingTest.php 7.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202 
  1. <?php
    2. 

  2. 

  3. namespace Drupal\KernelTests\Core\Routing;
    4. 

  4. 

  5. use Drupal\Component\Utility\Html;
    6. 

  6. use Drupal\KernelTests\KernelTestBase;
    7. 

  7. use Symfony\Component\HttpFoundation\Request;
    8. 

  8. use Symfony\Component\HttpFoundation\Response;
    9. 

  9. 

  10. /**
    11. 

  11.  * Tests the exception handling for various cases.
    12. 

  12.  *
    13. 

  13.  * @group Routing
    14. 

  14.  */
    15. 

  15. class ExceptionHandlingTest extends KernelTestBase {
    16. 

  16. 

  17.   /**
    18. 

  18.    * {@inheritdoc}
    19. 

  19.    */
    20. 

  20.   public static $modules = ['system', 'router_test'];
    21. 

  21. 

  22.   /**
    23. 

  23.    * {@inheritdoc}
    24. 

  24.    */
    25. 

  25.   protected function setUp() {
    26. 

  26.     parent::setUp();
    27. 

  27. 

  28.     $this->installEntitySchema('date_format');
    29. 

  29.   }
    30. 

  30. 

  31.   /**
    32. 

  32.    * Tests on a route with a non-supported HTTP method.
    33. 

  33.    */
    34. 

  34.   public function test405() {
    35. 

  35.     $request = Request::create('/router_test/test15', 'PATCH');
    36. 

  36. 

  37.     /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
    38. 

  38.     $kernel = \Drupal::getContainer()->get('http_kernel');
    39. 

  39.     $response = $kernel->handle($request);
    40. 

  40. 

  41.     $this->assertEqual(Response::HTTP_METHOD_NOT_ALLOWED, $response->getStatusCode());
    42. 

  42.   }
    43. 

  43. 

  44.   /**
    45. 

  45.    * Tests the exception handling for json and 403 status code.
    46. 

  46.    */
    47. 

  47.   public function testJson403() {
    48. 

  48.     $request = Request::create('/router_test/test15');
    49. 

  49.     $request->query->set('_format', 'json');
    50. 

  50.     $request->setRequestFormat('json');
    51. 

  51. 

  52.     /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
    53. 

  53.     $kernel = \Drupal::getContainer()->get('http_kernel');
    54. 

  54.     $response = $kernel->handle($request);
    55. 

  55. 

  56.     $this->assertEqual($response->getStatusCode(), Response::HTTP_FORBIDDEN);
    57. 

  57.     $this->assertEqual($response->headers->get('Content-type'), 'application/json');
    58. 

  58.     $this->assertEqual('{"message":""}', $response->getContent());
    59. 

  59.   }
    60. 

  60. 

  61.   /**
    62. 

  62.    * Tests the exception handling for json and 404 status code.
    63. 

  63.    */
    64. 

  64.   public function testJson404() {
    65. 

  65.     $request = Request::create('/not-found');
    66. 

  66.     $request->query->set('_format', 'json');
    67. 

  67.     $request->setRequestFormat('json');
    68. 

  68. 

  69.     /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
    70. 

  70.     $kernel = \Drupal::getContainer()->get('http_kernel');
    71. 

  71.     $response = $kernel->handle($request);
    72. 

  72. 

  73.     $this->assertEqual($response->getStatusCode(), Response::HTTP_NOT_FOUND);
    74. 

  74.     $this->assertEqual($response->headers->get('Content-type'), 'application/json');
    75. 

  75.     $this->assertEqual('{"message":"No route found for \\u0022GET \\/not-found\\u0022"}', $response->getContent());
    76. 

  76.   }
    77. 

  77. 

  78.   /**
    79. 

  79.    * Tests the exception handling for HTML and 403 status code.
    80. 

  80.    */
    81. 

  81.   public function testHtml403() {
    82. 

  82.     $request = Request::create('/router_test/test15');
    83. 

  83.     $request->setFormat('html', ['text/html']);
    84. 

  84. 

  85.     /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
    86. 

  86.     $kernel = \Drupal::getContainer()->get('http_kernel');
    87. 

  87.     $response = $kernel->handle($request)->prepare($request);
    88. 

  88. 

  89.     $this->assertEqual($response->getStatusCode(), Response::HTTP_FORBIDDEN);
    90. 

  90.     $this->assertEqual($response->headers->get('Content-type'), 'text/html; charset=UTF-8');
    91. 

  91.   }
    92. 

  92. 

  93.   /**
    94. 

  94.    * Tests the exception handling for HTML and 404 status code.
    95. 

  95.    */
    96. 

  96.   public function testHtml404() {
    97. 

  97.     $request = Request::create('/not-found');
    98. 

  98.     $request->setFormat('html', ['text/html']);
    99. 

  99. 

  100.     /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
    101. 

  101.     $kernel = \Drupal::getContainer()->get('http_kernel');
    102. 

  102.     $response = $kernel->handle($request)->prepare($request);
    103. 

  103. 

  104.     $this->assertEqual($response->getStatusCode(), Response::HTTP_NOT_FOUND);
    105. 

  105.     $this->assertEqual($response->headers->get('Content-type'), 'text/html; charset=UTF-8');
    106. 

  106.   }
    107. 

  107. 

  108.   /**
    109. 

  109.    * Tests that the exception response is executed in the original context.
    110. 

  110.    */
    111. 

  111.   public function testExceptionResponseGeneratedForOriginalRequest() {
    112. 

  112.     // Test with 404 path pointing to a route that uses '_controller'.
    113. 

  113.     $response = $this->doTest404Route('/router_test/test25');
    114. 

  114.     $this->assertTrue(strpos($response->getContent(), '/not-found') !== FALSE);
    115. 

  115. 

  116.     // Test with 404 path pointing to a route that uses '_form'.
    117. 

  117.     $response = $this->doTest404Route('/router_test/test26');
    118. 

  118.     $this->assertTrue(strpos($response->getContent(), '<form class="system-logging-settings"') !== FALSE);
    119. 

  119. 

  120.     // Test with 404 path pointing to a route that uses '_entity_form'.
    121. 

  121.     $response = $this->doTest404Route('/router_test/test27');
    122. 

  122.     $this->assertTrue(strpos($response->getContent(), '<form class="date-format-add-form date-format-form"') !== FALSE);
    123. 

  123.   }
    124. 

  124. 

  125.   /**
    126. 

  126.    * Sets the given path to use as the 404 page and triggers a 404.
    127. 

  127.    *
    128. 

  128.    * @param string $path
    129. 

  129.    * @return \Drupal\Core\Render\HtmlResponse
    130. 

  130.    *
    131. 

  131.    * @see \Drupal\system\Tests\Routing\ExceptionHandlingTest::testExceptionResponseGeneratedForOriginalRequest()
    132. 

  132.    */
    133. 

  133.   protected function doTest404Route($path) {
    134. 

  134.     $this->config('system.site')->set('page.404', $path)->save();
    135. 

  135. 

  136.     $request = Request::create('/not-found');
    137. 

  137.     $request->setFormat('html', ['text/html']);
    138. 

  138. 

  139.     /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
    140. 

  140.     $kernel = \Drupal::getContainer()->get('http_kernel');
    141. 

  141.     return $kernel->handle($request)->prepare($request);
    142. 

  142.   }
    143. 

  143. 

  144.   /**
    145. 

  145.    * Tests if exception backtraces are properly escaped when output to HTML.
    146. 

  146.    */
    147. 

  147.   public function testBacktraceEscaping() {
    148. 

  148.     // Enable verbose error logging.
    149. 

  149.     $this->config('system.logging')->set('error_level', ERROR_REPORTING_DISPLAY_VERBOSE)->save();
    150. 

  150. 

  151.     $request = Request::create('/router_test/test17');
    152. 

  152.     $request->setFormat('html', ['text/html']);
    153. 

  153. 

  154.     /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
    155. 

  155.     $kernel = \Drupal::getContainer()->get('http_kernel');
    156. 

  156.     $response = $kernel->handle($request)->prepare($request);
    157. 

  157.     $this->assertEqual($response->getStatusCode(), Response::HTTP_INTERNAL_SERVER_ERROR);
    158. 

  158.     $this->assertEqual($response->headers->get('Content-type'), 'text/plain; charset=UTF-8');
    159. 

  159. 

  160.     // Test both that the backtrace is properly escaped, and that the unescaped
    161. 

  161.     // string is not output at all.
    162. 

  162.     $this->assertTrue(strpos($response->getContent(), Html::escape('<script>alert(\'xss\')</script>')) !== FALSE);
    163. 

  163.     $this->assertTrue(strpos($response->getContent(), '<script>alert(\'xss\')</script>') === FALSE);
    164. 

  164.   }
    165. 

  165. 

  166.   /**
    167. 

  167.    * Tests exception message escaping.
    168. 

  168.    */
    169. 

  169.   public function testExceptionEscaping() {
    170. 

  170.     // Enable verbose error logging.
    171. 

  171.     $this->config('system.logging')->set('error_level', ERROR_REPORTING_DISPLAY_VERBOSE)->save();
    172. 

  172. 

  173.     // Using SafeMarkup::format().
    174. 

  174.     $request = Request::create('/router_test/test24');
    175. 

  175.     $request->setFormat('html', ['text/html']);
    176. 

  176. 

  177.     /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
    178. 

  178.     $kernel = \Drupal::getContainer()->get('http_kernel');
    179. 

  179.     $response = $kernel->handle($request)->prepare($request);
    180. 

  180.     $this->assertEqual($response->getStatusCode(), Response::HTTP_INTERNAL_SERVER_ERROR);
    181. 

  181.     $this->assertEqual($response->headers->get('Content-type'), 'text/plain; charset=UTF-8');
    182. 

  182. 

  183.     // Test message is properly escaped, and that the unescaped string is not
    184. 

  184.     // output at all.
    185. 

  185.     $this->setRawContent($response->getContent());
    186. 

  186.     $this->assertRaw(Html::escape('Escaped content: <p> <br> <h3>'));
    187. 

  187.     $this->assertNoRaw('<p> <br> <h3>');
    188. 

  188. 

  189.     $string = '<script>alert(123);</script>';
    190. 

  190.     $request = Request::create('/router_test/test2?_format=json' . urlencode($string), 'GET');
    191. 

  191. 

  192.     $kernel = \Drupal::getContainer()->get('http_kernel');
    193. 

  193.     $response = $kernel->handle($request)->prepare($request);
    194. 

  194.     // As the Content-type is text/plain the fact that the raw string is
    195. 

  195.     // contained in the output would not matter, but because it is output by the
    196. 

  196.     // final exception subscriber, it is printed as partial HTML, and hence
    197. 

  197.     // escaped.
    198. 

  198.     $this->assertEqual($response->headers->get('Content-type'), 'text/plain; charset=UTF-8');
    199. 

  199.     $this->assertStringStartsWith('The website encountered an unexpected error. Please try again later.</br></br><em class="placeholder">Symfony\Component\HttpKernel\Exception\NotAcceptableHttpException</em>: Not acceptable format: json&lt;script&gt;alert(123);&lt;/script&gt; in <em class="placeholder">', $response->getContent());
    200. 

  200.   }
    201. 

  201. 

  202. }
    203.