diff options
author | David Rothstein <drothstein@gmail.com> | 2013-11-20 15:45:59 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2013-11-20 15:45:59 -0500 |
commit | 782d1155c62c0a879bf587c7e40c3a13bcf6879c (patch) | |
tree | 380060c81a7ebd76870cfd7fb566933b3a7c6efd /modules/simpletest | |
parent | bf704d6ffe55d66a440a55a9d43e8846d46d2440 (diff) | |
download | brdo-782d1155c62c0a879bf587c7e40c3a13bcf6879c.tar.gz brdo-782d1155c62c0a879bf587c7e40c3a13bcf6879c.tar.bz2 |
Drupal 7.24
Diffstat (limited to 'modules/simpletest')
-rw-r--r-- | modules/simpletest/tests/file.test | 2 | ||||
-rw-r--r-- | modules/simpletest/tests/form.test | 20 |
2 files changed, 21 insertions, 1 deletions
diff --git a/modules/simpletest/tests/file.test b/modules/simpletest/tests/file.test index 0f2cdb64b..7802be3f2 100644 --- a/modules/simpletest/tests/file.test +++ b/modules/simpletest/tests/file.test @@ -952,7 +952,7 @@ class FileDirectoryTest extends FileTestCase { $this->assertTrue(is_file(file_default_scheme() . '://.htaccess'), 'Successfully re-created the .htaccess file in the files directory.', 'File'); // Verify contents of .htaccess file. $file = file_get_contents(file_default_scheme() . '://.htaccess'); - $this->assertEqual($file, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks", 'The .htaccess file contains the proper content.', 'File'); + $this->assertEqual($file, file_htaccess_lines(FALSE), 'The .htaccess file contains the proper content.', 'File'); } /** diff --git a/modules/simpletest/tests/form.test b/modules/simpletest/tests/form.test index a1506ccdc..8b63be4fc 100644 --- a/modules/simpletest/tests/form.test +++ b/modules/simpletest/tests/form.test @@ -82,6 +82,10 @@ class FormsTestCase extends DrupalWebTestCase { $form_state['input'][$element] = $empty; $form_state['input']['form_id'] = $form_id; $form_state['method'] = 'post'; + + // The form token CSRF protection should not interfere with this test, + // so we bypass it by marking this test form as programmed. + $form_state['programmed'] = TRUE; drupal_prepare_form($form_id, $form, $form_state); drupal_process_form($form_id, $form, $form_state); $errors = form_get_errors(); @@ -614,6 +618,18 @@ class FormValidationTestCase extends DrupalWebTestCase { $this->drupalPost(NULL, array(), 'Save'); $this->assertNoFieldByName('name', 'Form element was hidden.'); $this->assertText('Name value: element_validate_access', 'Value for inaccessible form element exists.'); + + // Verify that #validate handlers don't run if the CSRF token is invalid. + $this->drupalLogin($this->drupalCreateUser()); + $this->drupalGet('form-test/validate'); + $edit = array( + 'name' => 'validate', + 'form_token' => 'invalid token' + ); + $this->drupalPost(NULL, $edit, 'Save'); + $this->assertNoFieldByName('name', '#value changed by #validate', 'Form element #value was not altered.'); + $this->assertNoText('Name value: value changed by form_set_value() in #validate', 'Form element value in $form_state was not altered.'); + $this->assertText('The form has become outdated. Copy any unsaved work in the form below'); } /** @@ -941,6 +957,10 @@ class FormsElementsTableSelectFunctionalTest extends DrupalWebTestCase { $form_state['input'] = $edit; $form_state['input']['form_id'] = $form_id; + // The form token CSRF protection should not interfere with this test, + // so we bypass it by marking this test form as programmed. + $form_state['programmed'] = TRUE; + drupal_prepare_form($form_id, $form, $form_state); drupal_process_form($form_id, $form, $form_state); |