summaryrefslogtreecommitdiff
path: root/modules/simpletest/tests
diff options
context:
space:
mode:
Diffstat (limited to 'modules/simpletest/tests')
-rw-r--r--modules/simpletest/tests/form.test13
-rw-r--r--modules/simpletest/tests/form_test.module37
2 files changed, 50 insertions, 0 deletions
diff --git a/modules/simpletest/tests/form.test b/modules/simpletest/tests/form.test
index 2cba9863a..fb46d94e5 100644
--- a/modules/simpletest/tests/form.test
+++ b/modules/simpletest/tests/form.test
@@ -207,6 +207,19 @@ class FormsTestCase extends DrupalWebTestCase {
}
}
}
+
+ /**
+ * Test Form API protections against input forgery.
+ *
+ * @see _form_test_input_forgery()
+ */
+ function testInputForgery() {
+ $this->drupalGet('form-test/input-forgery');
+ $checkbox = $this->xpath('//input[@name="checkboxes[two]"]');
+ $checkbox[0]['value'] = 'FORGERY';
+ $this->drupalPost(NULL, array('checkboxes[one]' => TRUE, 'checkboxes[two]' => TRUE), t('Submit'));
+ $this->assertText('An illegal choice has been detected.', t('Input forgery was detected.'));
+ }
}
/**
diff --git a/modules/simpletest/tests/form_test.module b/modules/simpletest/tests/form_test.module
index 94d10faee..6a1cb3258 100644
--- a/modules/simpletest/tests/form_test.module
+++ b/modules/simpletest/tests/form_test.module
@@ -101,6 +101,14 @@ function form_test_menu() {
'type' => MENU_CALLBACK,
);
+ $items['form-test/input-forgery'] = array(
+ 'title' => t('Form test'),
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('_form_test_input_forgery'),
+ 'access callback' => TRUE,
+ 'type' => MENU_CALLBACK,
+ );
+
$items['form-test/form-rebuild-preserve-values'] = array(
'title' => 'Form values preservation during rebuild test',
'page callback' => 'drupal_get_form',
@@ -861,6 +869,35 @@ function _form_test_disabled_elements_submit($form, &$form_state) {
}
/**
+ * Build a form to test input forgery of enabled elements.
+ */
+function _form_test_input_forgery($form, &$form_state) {
+ // For testing that a user can't submit a value not matching one of the
+ // allowed options.
+ $form['checkboxes'] = array(
+ '#type' => 'checkboxes',
+ '#options' => array(
+ 'one' => 'One',
+ 'two' => 'Two',
+ ),
+ );
+
+ $form['submit'] = array(
+ '#type' => 'submit',
+ '#value' => t('Submit'),
+ );
+ return $form;
+}
+
+/**
+ * Return the form values via JSON.
+ */
+function _form_test_input_forgery_submit($form, &$form_state) {
+ drupal_json_output($form_state['values']);
+ exit();
+}
+
+/**
* Form builder for testing preservation of values during a rebuild.
*/
function form_test_form_rebuild_preserve_values_form($form, &$form_state) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 20:09:48 +0000