diff options
| author | Dries Buytaert <dries@buytaert.net> | 2008-11-02 10:56:35 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2008-11-02 10:56:35 +0000 |
| commit | 72e81af12dc8fa3b28551a3af281ce67b638f5b6 (patch) | |
| tree | cf8ba775f900319080f004a01382820a5db8b2a8 /modules/simpletest | |
| parent | 05420fde76b402a8c29e159d3fe78a142341f6d1 (diff) | |
| download | brdo-72e81af12dc8fa3b28551a3af281ce67b638f5b6.tar.gz brdo-72e81af12dc8fa3b28551a3af281ce67b638f5b6.tar.bz2 | |
- Patch #324875 by pwolanin, Damien Tournoud, goba: improved conf_path() header injection checking.
Diffstat (limited to 'modules/simpletest')
| -rw-r--r-- | modules/simpletest/tests/bootstrap.test | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/modules/simpletest/tests/bootstrap.test b/modules/simpletest/tests/bootstrap.test index 8be13aaeb..638d6b89f 100644 --- a/modules/simpletest/tests/bootstrap.test +++ b/modules/simpletest/tests/bootstrap.test @@ -8,8 +8,8 @@ class BootstrapIPAddressTestCase extends DrupalWebTestCase { */ function getInfo() { return array( - 'name' => t('IP address test'), - 'description' => t('Get the IP address from the current visitor from the server variables.'), + 'name' => t('IP address and HTTP_HOST test'), + 'description' => t('Get the IP address from the current visitor from the server variables, check hostname validation.'), 'group' => t('Bootstrap') ); } @@ -42,9 +42,9 @@ class BootstrapIPAddressTestCase extends DrupalWebTestCase { } /** - * testIPAddress + * test IP Address and hostname */ - function testIPAddress() { + function testIPAddressHost() { // Test the normal IP address. $this->assertTrue( ip_address(true) == $this->remote_ip, @@ -80,6 +80,16 @@ class BootstrapIPAddressTestCase extends DrupalWebTestCase { ip_address(true) == $this->cluster_ip, t('Cluster environment got cluster client IP') ); + $_SERVER['HTTP_HOST'] = 'security/.drupal.org:80'; + $this->assertFalse(drupal_valid_http_host(), t('HTTP_HOST with / is invalid')); + $_SERVER['HTTP_HOST'] = 'security\\.drupal.org:80'; + $this->assertFalse(drupal_valid_http_host(), t('HTTP_HOST with \\ is invalid')); + $_SERVER['HTTP_HOST'] = 'security<.drupal.org:80'; + $this->assertFalse(drupal_valid_http_host(), t('HTTP_HOST with < is invalid')); + $_SERVER['HTTP_HOST'] = 'security..drupal.org:80'; + $this->assertFalse(drupal_valid_http_host(), t('HTTP_HOST with .. is invalid')); + $_SERVER['HTTP_HOST'] = '[::1]:80'; // IPv6 loopback address + $this->assertTrue(drupal_valid_http_host(), t('HTTP_HOST containing IPv6 loopback is valid')); } } |