agaric/d7_to_d10_migration
10
0
Fork 0
mirror of https://github.com/tag1consulting/d7_to_d10_migration.git synced 2024-09-20 03:56:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
d7_to_d10_migration/drupal7/web/modules/simpletest/tests/bootstrap.test

966 lines
46 KiB
Text
Raw Normal View History

Initial commit
2024-07-23 03:38:34 +00:00
<?php
class BootstrapIPAddressTestCase extends DrupalWebTestCase {
protected $oldserver;
protected $remote_ip;
protected $proxy_ip;
protected $proxy2_ip;
protected $forwarded_ip;
protected $cluster_ip;
protected $untrusted_ip;
public static function getInfo() {
return array(
'name' => 'IP address and HTTP_HOST test',
'description' => 'Get the IP address from the current visitor from the server variables, check hostname validation.',
'group' => 'Bootstrap'
);
}
function setUp() {
$this->oldserver = $_SERVER;
$this->remote_ip = '127.0.0.1';
$this->proxy_ip = '127.0.0.2';
$this->proxy2_ip = '127.0.0.3';
$this->forwarded_ip = '127.0.0.4';
$this->cluster_ip = '127.0.0.5';
$this->untrusted_ip = '0.0.0.0';
drupal_static_reset('ip_address');
$_SERVER['REMOTE_ADDR'] = $this->remote_ip;
unset($_SERVER['HTTP_X_FORWARDED_FOR']);
unset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']);
parent::setUp();
}
function tearDown() {
$_SERVER = $this->oldserver;
drupal_static_reset('ip_address');
parent::tearDown();
}
/**
* test IP Address and hostname
*/
function testIPAddressHost() {
// Test the normal IP address.
$this->assertTrue(
ip_address() == $this->remote_ip,
'Got remote IP address.'
);
// Proxy forwarding on but no proxy addresses defined.
variable_set('reverse_proxy', 1);
$this->assertTrue(
ip_address() == $this->remote_ip,
'Proxy forwarding without trusted proxies got remote IP address.'
);
// Proxy forwarding on and proxy address not trusted.
variable_set('reverse_proxy_addresses', array($this->proxy_ip, $this->proxy2_ip));
drupal_static_reset('ip_address');
$_SERVER['REMOTE_ADDR'] = $this->untrusted_ip;
$this->assertTrue(
ip_address() == $this->untrusted_ip,
'Proxy forwarding with untrusted proxy got remote IP address.'
);
// Proxy forwarding on and proxy address trusted.
$_SERVER['REMOTE_ADDR'] = $this->proxy_ip;
$_SERVER['HTTP_X_FORWARDED_FOR'] = $this->forwarded_ip;
drupal_static_reset('ip_address');
$this->assertTrue(
ip_address() == $this->forwarded_ip,
'Proxy forwarding with trusted proxy got forwarded IP address.'
);
// Proxy forwarding on and proxy address trusted and visiting from proxy.
$_SERVER['REMOTE_ADDR'] = $this->proxy_ip;
$_SERVER['HTTP_X_FORWARDED_FOR'] = $this->proxy_ip;
drupal_static_reset('ip_address');
$this->assertTrue(
ip_address() == $this->proxy_ip,
'Visiting from trusted proxy got proxy IP address.'
);
// Multi-tier architecture with comma separated values in header.
$_SERVER['REMOTE_ADDR'] = $this->proxy_ip;
$_SERVER['HTTP_X_FORWARDED_FOR'] = implode(', ', array($this->untrusted_ip, $this->forwarded_ip, $this->proxy2_ip));
drupal_static_reset('ip_address');
$this->assertTrue(
ip_address() == $this->forwarded_ip,
'Proxy forwarding with trusted 2-tier proxy got forwarded IP address.'
);
// Custom client-IP header.
variable_set('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP');
$_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = $this->cluster_ip;
drupal_static_reset('ip_address');
$this->assertTrue(
ip_address() == $this->cluster_ip,
'Cluster environment got cluster client IP.'
);
// Verifies that drupal_valid_http_host() prevents invalid characters.
$this->assertFalse(drupal_valid_http_host('security/.drupal.org:80'), 'HTTP_HOST with / is invalid');
$this->assertFalse(drupal_valid_http_host('security\\.drupal.org:80'), 'HTTP_HOST with \\ is invalid');
$this->assertFalse(drupal_valid_http_host('security<.drupal.org:80'), 'HTTP_HOST with &lt; is invalid');
$this->assertFalse(drupal_valid_http_host('security..drupal.org:80'), 'HTTP_HOST with .. is invalid');
// Verifies that host names are shorter than 1000 characters.
$this->assertFalse(drupal_valid_http_host(str_repeat('x', 1001)), 'HTTP_HOST with more than 1000 characters is invalid.');
$this->assertFalse(drupal_valid_http_host(str_repeat('.', 101)), 'HTTP_HOST with more than 100 subdomains is invalid.');
$this->assertFalse(drupal_valid_http_host(str_repeat(':', 101)), 'HTTP_HOST with more than 100 portseparators is invalid.');
// IPv6 loopback address
$this->assertTrue(drupal_valid_http_host('[::1]:80'), 'HTTP_HOST containing IPv6 loopback is valid');
}
}
class BootstrapPageCacheTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'Page cache test',
'description' => 'Enable the page cache and test it with various HTTP requests.',
'group' => 'Bootstrap'
);
}
function setUp() {
parent::setUp('system_test');
}
/**
* Test support for requests containing If-Modified-Since and If-None-Match headers.
*/
function testConditionalRequests() {
variable_set('cache', 1);
// Fill the cache.
$this->drupalGet('');
$this->drupalHead('');
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
$etag = $this->drupalGetHeader('ETag');
$last_modified = $this->drupalGetHeader('Last-Modified');
$this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified, 'If-None-Match: ' . $etag));
$this->assertResponse(304, 'Conditional request returned 304 Not Modified.');
$this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC822, strtotime($last_modified)), 'If-None-Match: ' . $etag));
$this->assertResponse(304, 'Conditional request with obsolete If-Modified-Since date returned 304 Not Modified.');
$this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC850, strtotime($last_modified)), 'If-None-Match: ' . $etag));
$this->assertResponse(304, 'Conditional request with obsolete If-Modified-Since date returned 304 Not Modified.');
$this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified));
$this->assertResponse(200, 'Conditional request without If-None-Match returned 200 OK.');
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
$this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC7231, strtotime($last_modified) + 1), 'If-None-Match: ' . $etag));
$this->assertResponse(200, 'Conditional request with new a If-Modified-Since date newer than Last-Modified returned 200 OK.');
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
$user = $this->drupalCreateUser();
$this->drupalLogin($user);
$this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified, 'If-None-Match: ' . $etag));
$this->assertResponse(200, 'Conditional request returned 200 OK for authenticated user.');
$this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Absence of Page was not cached.');
$this->assertFalse($this->drupalGetHeader('ETag'), 'ETag HTTP headers are not present for logged in users.');
$this->assertFalse($this->drupalGetHeader('Last-Modified'), 'Last-Modified HTTP headers are not present for logged in users.');
}
/**
* Test cache headers.
*/
function testPageCache() {
variable_set('cache', 1);
// Fill the cache.
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar')));
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'MISS', 'Page was not cached.');
$this->assertEqual($this->drupalGetHeader('Vary'), 'Cookie,Accept-Encoding', 'Vary header was sent.');
$this->assertEqual($this->drupalGetHeader('Cache-Control'), 'public, max-age=0', 'Cache-Control header was sent.');
$this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
$this->assertEqual($this->drupalGetHeader('Foo'), 'bar', 'Custom header was sent.');
// Check cache.
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar')));
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
$this->assertEqual($this->drupalGetHeader('Vary'), 'Cookie,Accept-Encoding', 'Vary: Cookie header was sent.');
$this->assertEqual($this->drupalGetHeader('Cache-Control'), 'public, max-age=0', 'Cache-Control header was sent.');
$this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
$this->assertEqual($this->drupalGetHeader('Foo'), 'bar', 'Custom header was sent.');
$this->assertEqual($this->drupalGetHeader('X-Content-Type-Options'), 'nosniff', 'X-Content-Type-Options header was sent.');
// Check replacing default headers.
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Expires', 'value' => 'Fri, 19 Nov 2008 05:00:00 GMT')));
$this->assertEqual($this->drupalGetHeader('Expires'), 'Fri, 19 Nov 2008 05:00:00 GMT', 'Default header was replaced.');
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Vary', 'value' => 'User-Agent')));
$this->assertEqual($this->drupalGetHeader('Vary'), 'User-Agent,Accept-Encoding', 'Default header was replaced.');
// Check that authenticated users bypass the cache.
$user = $this->drupalCreateUser();
$this->drupalLogin($user);
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar')));
$this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Caching was bypassed.');
$this->assertTrue(strpos($this->drupalGetHeader('Vary'), 'Cookie') === FALSE, 'Vary: Cookie header was not sent.');
$this->assertEqual($this->drupalGetHeader('Cache-Control'), 'no-cache, must-revalidate', 'Cache-Control header was sent.');
$this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
$this->assertEqual($this->drupalGetHeader('Foo'), 'bar', 'Custom header was sent.');
}
/**
* Test page compression.
*
* The test should pass even if zlib.output_compression is enabled in php.ini,
* .htaccess or similar, or if compression is done outside PHP, e.g. by the
* mod_deflate Apache module.
*/
function testPageCompression() {
variable_set('cache', 1);
// Fill the cache and verify that output is compressed.
$this->drupalGet('', array(), array('Accept-Encoding: gzip,deflate'));
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'MISS', 'Page was not cached.');
$this->drupalSetContent(gzinflate(substr($this->drupalGetContent(), 10, -8)));
$this->assertRaw('</html>', 'Page was gzip compressed.');
// Verify that cached output is compressed.
$this->drupalGet('', array(), array('Accept-Encoding: gzip,deflate'));
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
$this->assertEqual($this->drupalGetHeader('Content-Encoding'), 'gzip', 'A Content-Encoding header was sent.');
$this->drupalSetContent(gzinflate(substr($this->drupalGetContent(), 10, -8)));
$this->assertRaw('</html>', 'Page was gzip compressed.');
// Verify that a client without compression support gets an uncompressed page.
$this->drupalGet('');
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
$this->assertFalse($this->drupalGetHeader('Content-Encoding'), 'A Content-Encoding header was not sent.');
$this->assertTitle(t('Welcome to @site-name | @site-name', array('@site-name' => variable_get('site_name', 'Drupal'))), 'Site title matches.');
$this->assertRaw('</html>', 'Page was not compressed.');
// Verify that an empty page doesn't throw an error when being decompressed.
$this->drupalGet('system-test/empty-page');
// Disable compression mode.
variable_set('page_compression', FALSE);
// Verify if cached page is still available for a client with compression support.
$this->drupalGet('', array(), array('Accept-Encoding: gzip,deflate'));
$this->drupalSetContent(gzinflate(substr($this->drupalGetContent(), 10, -8)));
$this->assertRaw('</html>', 'Page was delivered after compression mode is changed (compression support enabled).');
// Verify if cached page is still available for a client without compression support.
$this->drupalGet('');
$this->assertRaw('</html>', 'Page was delivered after compression mode is changed (compression support disabled).');
}
/**
* Test page cache headers.
*/
function testPageCacheHeaders() {
variable_set('cache', 1);
// First request should store a response in the page cache.
$this->drupalGet('system-test/page-cache-headers');
// The test callback should remove the query string leaving the same path
// as the previous request, which we'll try to retrieve from cache_page.
$this->drupalGet('system-test/page-cache-headers', array('query' => array('return_headers' => 'TRUE')));
$headers = json_decode($this->drupalGetHeader('Page-Cache-Headers'), TRUE);
if (is_null($headers)) {
$this->fail('No headers were retrieved from the page cache.');
}
else {
$this->assertEqual($headers['X-Content-Type-Options'], 'nosniff', 'X-Content-Type-Options header retrieved from response in the page cache.');
}
}
}
class BootstrapVariableTestCase extends DrupalWebTestCase {
function setUp() {
parent::setUp('system_test');
}
public static function getInfo() {
return array(
'name' => 'Variable test',
'description' => 'Make sure the variable system functions correctly.',
'group' => 'Bootstrap'
);
}
/**
* testVariable
*/
function testVariable() {
// Setting and retrieving values.
$variable = $this->randomName();
variable_set('simpletest_bootstrap_variable_test', $variable);
$this->assertIdentical($variable, variable_get('simpletest_bootstrap_variable_test'), 'Setting and retrieving values');
// Make sure the variable persists across multiple requests.
$this->drupalGet('system-test/variable-get');
$this->assertText($variable, 'Variable persists across multiple requests');
// Deleting variables.
$default_value = $this->randomName();
variable_del('simpletest_bootstrap_variable_test');
$variable = variable_get('simpletest_bootstrap_variable_test', $default_value);
$this->assertIdentical($variable, $default_value, 'Deleting variables');
}
/**
* Makes sure that the default variable parameter is passed through okay.
*/
function testVariableDefaults() {
// Tests passing nothing through to the default.
$this->assertIdentical(NULL, variable_get('simpletest_bootstrap_variable_test'), 'Variables are correctly defaulting to NULL.');
// Tests passing 5 to the default parameter.
$this->assertIdentical(5, variable_get('simpletest_bootstrap_variable_test', 5), 'The default variable parameter is passed through correctly.');
}
}
/**
* Tests the auto-loading behavior of the code registry.
*/
class BootstrapAutoloadTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'Code registry',
'description' => 'Test that the code registry functions correctly.',
'group' => 'Bootstrap',
);
}
function setUp() {
parent::setUp('drupal_autoload_test');
}
/**
* Tests that autoloader name matching is not case sensitive.
*/
function testAutoloadCase() {
// Test interface autoloader.
$this->assertTrue(drupal_autoload_interface('drupalautoloadtestinterface'), 'drupal_autoload_interface() recognizes <em>DrupalAutoloadTestInterface</em> in lower case.');
// Test class autoloader.
$this->assertTrue(drupal_autoload_class('drupalautoloadtestclass'), 'drupal_autoload_class() recognizes <em>DrupalAutoloadTestClass</em> in lower case.');
// Test trait autoloader.
if (version_compare(PHP_VERSION, '5.4') >= 0) {
$this->assertTrue(drupal_autoload_trait('drupalautoloadtesttrait'), 'drupal_autoload_trait() recognizes <em>DrupalAutoloadTestTrait</em> in lower case.');
}
}
}
/**
* Test hook_boot() and hook_exit().
*/
class HookBootExitTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'Boot and exit hook invocation',
'description' => 'Test that hook_boot() and hook_exit() are called correctly.',
'group' => 'Bootstrap',
);
}
function setUp() {
parent::setUp('system_test', 'dblog');
}
/**
* Test calling of hook_boot() and hook_exit().
*/
function testHookBootExit() {
// Test with cache disabled. Boot and exit should always fire.
variable_set('cache', 0);
$this->drupalGet('');
$calls = 1;
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot called with disabled cache.'));
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit called with disabled cache.'));
// Test with normal cache. Boot and exit should be called.
variable_set('cache', 1);
$this->drupalGet('');
$calls++;
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot called with normal cache.'));
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit called with normal cache.'));
// Boot and exit should not fire since the page is cached.
variable_set('page_cache_invoke_hooks', FALSE);
$this->assertTrue(cache_get(url('', array('absolute' => TRUE)), 'cache_page'), t('Page has been cached.'));
$this->drupalGet('');
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot not called with aggressive cache and a cached page.'));
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit not called with aggressive cache and a cached page.'));
// Test with page cache cleared, boot and exit should be called.
$this->assertTrue(db_delete('cache_page')->execute(), t('Page cache cleared.'));
$this->drupalGet('');
$calls++;
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot called with aggressive cache and no cached page.'));
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit called with aggressive cache and no cached page.'));
}
}
/**
* Test drupal_get_filename()'s availability.
*/
class BootstrapGetFilenameTestCase extends DrupalUnitTestCase {
public static function getInfo() {
return array(
'name' => 'Get filename test (without the system table)',
'description' => 'Test that drupal_get_filename() works correctly when the database is not available.',
'group' => 'Bootstrap',
);
}
/**
* The last file-related error message triggered by the filename test.
*
* Used by BootstrapGetFilenameTestCase::testDrupalGetFilename().
*/
protected $getFilenameTestTriggeredError;
/**
* Test that drupal_get_filename() works correctly when the file is not found in the database.
*/
function testDrupalGetFilename() {
// Reset the static cache so we can test the "db is not active" code of
// drupal_get_filename().
drupal_static_reset('drupal_get_filename');
// Retrieving the location of a module.
$this->assertIdentical(drupal_get_filename('module', 'php'), 'modules/php/php.module', t('Retrieve module location.'));
// Retrieving the location of a theme.
$this->assertIdentical(drupal_get_filename('theme', 'stark'), 'themes/stark/stark.info', t('Retrieve theme location.'));
// Retrieving the location of a theme engine.
$this->assertIdentical(drupal_get_filename('theme_engine', 'phptemplate'), 'themes/engines/phptemplate/phptemplate.engine', t('Retrieve theme engine location.'));
// Retrieving the location of a profile. Profiles are a special case with
// a fixed location and naming.
$this->assertIdentical(drupal_get_filename('profile', 'standard'), 'profiles/standard/standard.profile', t('Retrieve install profile location.'));
// When a file is not found in the database cache, drupal_get_filename()
// searches several locations on the filesystem, including the DRUPAL_ROOT
// directory. We use the '.script' extension below because this is a
// non-existent filetype that will definitely not exist in the database.
// Since there is already a scripts directory, drupal_get_filename() will
// automatically check there for 'script' files, just as it does for (e.g.)
// 'module' files in modules.
$this->assertIdentical(drupal_get_filename('script', 'test'), 'scripts/test.script', t('Retrieve test script location.'));
// When searching for a module that does not exist, drupal_get_filename()
// should return NULL and trigger an appropriate error message.
$this->getFilenameTestTriggeredError = NULL;
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
$non_existing_module = $this->randomName();
$this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that does not exist returns NULL.');
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) === 0, 'Searching for an item that does not exist triggers the correct error.');
restore_error_handler();
// Check that the result is stored in the file system scan cache.
$file_scans = _drupal_file_scan_cache();
$this->assertIdentical($file_scans['module'][$non_existing_module], FALSE, 'Searching for a module that does not exist creates a record in the missing and moved files static variable.');
// Performing the search again in the same request still should not find
// the file, but the error message should not be repeated (therefore we do
// not override the error handler here).
$this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that does not exist returns NULL during the second search.');
}
/**
* Skips handling of "file not found" errors.
*/
public function fileNotFoundErrorHandler($error_level, $message, $filename, $line) {
// Skip error handling if this is a "file not found" error.
if (strpos($message, 'is missing from the file system:') !== FALSE || strpos($message, 'has moved within the file system:') !== FALSE) {
$this->getFilenameTestTriggeredError = $message;
return;
}
_drupal_error_handler($error_level, $message, $filename, $line);
}
}
/**
* Test drupal_get_filename() in the context of a full Drupal installation.
*/
class BootstrapGetFilenameWebTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'Get filename test (full installation)',
'description' => 'Test that drupal_get_filename() works correctly in the context of a full Drupal installation.',
'group' => 'Bootstrap',
);
}
function setUp() {
parent::setUp('system_test');
}
/**
* The last file-related error message triggered by the filename test.
*
* Used by BootstrapGetFilenameWebTestCase::testDrupalGetFilename().
*/
protected $getFilenameTestTriggeredError;
/**
* Test that drupal_get_filename() works correctly with a full Drupal site.
*/
function testDrupalGetFilename() {
// Search for a module that exists in the file system and the {system}
// table and make sure that it is found.
$this->assertIdentical(drupal_get_filename('module', 'node'), 'modules/node/node.module', 'Module found at expected location.');
// Search for a module that does not exist in either the file system or the
// {system} table. Make sure that an appropriate error is triggered and
// that the module winds up in the static and persistent cache.
$this->getFilenameTestTriggeredError = NULL;
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
$non_existing_module = $this->randomName();
$this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that does not exist returns NULL.');
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) === 0, 'Searching for a module that does not exist triggers the correct error.');
restore_error_handler();
$file_scans = _drupal_file_scan_cache();
$this->assertIdentical($file_scans['module'][$non_existing_module], FALSE, 'Searching for a module that does not exist creates a record in the missing and moved files static variable.');
drupal_file_scan_write_cache();
$cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap');
$this->assertIdentical($cache->data['module'][$non_existing_module], FALSE, 'Searching for a module that does not exist creates a record in the missing and moved files persistent cache.');
// Simulate moving a module to a location that does not match the location
// in the {system} table and perform similar tests as above.
db_update('system')
->fields(array('filename' => 'modules/simpletest/tests/fake_location/module_test.module'))
->condition('name', 'module_test')
->condition('type', 'module')
->execute();
$this->getFilenameTestTriggeredError = NULL;
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
$this->assertIdentical(drupal_get_filename('module', 'module_test'), 'modules/simpletest/tests/module_test.module', 'Searching for a module that has moved finds the module at its new location.');
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module has moved within the file system: %name', array('%name' => 'module_test'))) === 0, 'Searching for a module that has moved triggers the correct error.');
restore_error_handler();
$file_scans = _drupal_file_scan_cache();
$this->assertIdentical($file_scans['module']['module_test'], 'modules/simpletest/tests/module_test.module', 'Searching for a module that has moved creates a record in the missing and moved files static variable.');
drupal_file_scan_write_cache();
$cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap');
$this->assertIdentical($cache->data['module']['module_test'], 'modules/simpletest/tests/module_test.module', 'Searching for a module that has moved creates a record in the missing and moved files persistent cache.');
// Simulate a module that exists in the {system} table but does not exist
// in the file system and perform similar tests as above.
$non_existing_module = $this->randomName();
db_update('system')
->fields(array('name' => $non_existing_module))
->condition('name', 'module_test')
->condition('type', 'module')
->execute();
$this->getFilenameTestTriggeredError = NULL;
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
$this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that exists in the system table but not in the file system returns NULL.');
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) === 0, 'Searching for a module that exists in the system table but not in the file system triggers the correct error.');
restore_error_handler();
$file_scans = _drupal_file_scan_cache();
$this->assertIdentical($file_scans['module'][$non_existing_module], FALSE, 'Searching for a module that exists in the system table but not in the file system creates a record in the missing and moved files static variable.');
drupal_file_scan_write_cache();
$cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap');
$this->assertIdentical($cache->data['module'][$non_existing_module], FALSE, 'Searching for a module that exists in the system table but not in the file system creates a record in the missing and moved files persistent cache.');
// Simulate a module that exists in the file system but not in the {system}
// table and perform similar tests as above.
db_delete('system')
->condition('name', 'common_test')
->condition('type', 'module')
->execute();
system_list_reset();
$this->getFilenameTestTriggeredError = NULL;
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
$this->assertIdentical(drupal_get_filename('module', 'common_test'), 'modules/simpletest/tests/common_test.module', 'Searching for a module that does not exist in the system table finds the module at its actual location.');
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module has moved within the file system: %name', array('%name' => 'common_test'))) === 0, 'Searching for a module that does not exist in the system table triggers the correct error.');
restore_error_handler();
$file_scans = _drupal_file_scan_cache();
$this->assertIdentical($file_scans['module']['common_test'], 'modules/simpletest/tests/common_test.module', 'Searching for a module that does not exist in the system table creates a record in the missing and moved files static variable.');
drupal_file_scan_write_cache();
$cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap');
$this->assertIdentical($cache->data['module']['common_test'], 'modules/simpletest/tests/common_test.module', 'Searching for a module that does not exist in the system table creates a record in the missing and moved files persistent cache.');
}
/**
* Skips handling of "file not found" errors.
*/
public function fileNotFoundErrorHandler($error_level, $message, $filename, $line) {
// Skip error handling if this is a "file not found" error.
if (strpos($message, 'is missing from the file system:') !== FALSE || strpos($message, 'has moved within the file system:') !== FALSE) {
$this->getFilenameTestTriggeredError = $message;
return;
}
_drupal_error_handler($error_level, $message, $filename, $line);
}
/**
* Test that watchdog messages about missing files are correctly recorded.
*/
public function testWatchdog() {
// Search for a module that does not exist in either the file system or the
// {system} table. Make sure that an appropriate warning is recorded in the
// logs.
$non_existing_module = $this->randomName();
$query_parameters = array(
':type' => 'php',
':severity' => WATCHDOG_WARNING,
);
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND severity = :severity', $query_parameters)->fetchField(), 0, 'No warning message appears in the logs before searching for a module that does not exist.');
// Trigger the drupal_get_filename() call. This must be done via a request
// to a separate URL since the watchdog() will happen in a shutdown
// function, and so that SimpleTest can be told to ignore (and not fail as
// a result of) the expected PHP warnings generated during this process.
variable_set('system_test_drupal_get_filename_test_module_name', $non_existing_module);
$this->drupalGet('system-test/drupal-get-filename');
$message_variables = db_query('SELECT variables FROM {watchdog} WHERE type = :type AND severity = :severity', $query_parameters)->fetchCol();
$this->assertEqual(count($message_variables), 1, 'A single warning message appears in the logs after searching for a module that does not exist.');
$variables = reset($message_variables);
$variables = unserialize($variables);
$this->assertTrue(isset($variables['!message']) && strpos($variables['!message'], format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) !== FALSE, 'The warning message that appears in the logs after searching for a module that does not exist contains the expected text.');
}
/**
* Test that drupal_get_filename() does not break recursive rebuilds.
*/
public function testRecursiveRebuilds() {
// Ensure that the drupal_get_filename() call due to a missing module does
// not break the data returned by an attempted recursive rebuild. The code
// path which is tested is as follows:
// - Call drupal_get_schema().
// - Within a hook_schema() implementation, trigger a drupal_get_filename()
// search for a nonexistent module.
// - In the watchdog() call that results from that, trigger
// drupal_get_schema() again.
// Without some kind of recursion protection, this could cause the second
// drupal_get_schema() call to return incomplete results. This test ensures
// that does not happen.
$non_existing_module = $this->randomName();
variable_set('system_test_drupal_get_filename_test_module_name', $non_existing_module);
$this->drupalGet('system-test/drupal-get-filename-with-schema-rebuild');
$original_drupal_get_schema_tables = variable_get('system_test_drupal_get_filename_with_schema_rebuild_original_tables');
$final_drupal_get_schema_tables = variable_get('system_test_drupal_get_filename_with_schema_rebuild_final_tables');
$this->assertTrue(!empty($original_drupal_get_schema_tables));
$this->assertTrue(!empty($final_drupal_get_schema_tables));
$this->assertEqual($original_drupal_get_schema_tables, $final_drupal_get_schema_tables);
}
}
class BootstrapTimerTestCase extends DrupalUnitTestCase {
public static function getInfo() {
return array(
'name' => 'Timer test',
'description' => 'Test that timer_read() works both when a timer is running and when a timer is stopped.',
'group' => 'Bootstrap',
);
}
/**
* Test timer_read() to ensure it properly accumulates time when the timer
* started and stopped multiple times.
* @return
*/
function testTimer() {
timer_start('test');
sleep(1);
$this->assertTrue(timer_read('test') >= 1000, 'Timer measured 1 second of sleeping while running.');
sleep(1);
timer_stop('test');
$this->assertTrue(timer_read('test') >= 2000, 'Timer measured 2 seconds of sleeping after being stopped.');
timer_start('test');
sleep(1);
$this->assertTrue(timer_read('test') >= 3000, 'Timer measured 3 seconds of sleeping after being restarted.');
sleep(1);
$timer = timer_stop('test');
$this->assertTrue(timer_read('test') >= 4000, 'Timer measured 4 seconds of sleeping after being stopped for a second time.');
$this->assertEqual($timer['count'], 2, 'Timer counted 2 instances of being started.');
}
}
/**
* Test that resetting static variables works.
*/
class BootstrapResettableStaticTestCase extends DrupalUnitTestCase {
public static function getInfo() {
return array(
'name' => 'Resettable static variables test',
'description' => 'Test that drupal_static() and drupal_static_reset() work.',
'group' => 'Bootstrap',
);
}
/**
* Test that a variable reference returned by drupal_static() gets reset when
* drupal_static_reset() is called.
*/
function testDrupalStatic() {
$name = __CLASS__ . '_' . __METHOD__;
$var = &drupal_static($name, 'foo');
$this->assertEqual($var, 'foo', 'Variable returned by drupal_static() was set to its default.');
// Call the specific reset and the global reset each twice to ensure that
// multiple resets can be issued without odd side effects.
$var = 'bar';
drupal_static_reset($name);
$this->assertEqual($var, 'foo', 'Variable was reset after first invocation of name-specific reset.');
$var = 'bar';
drupal_static_reset($name);
$this->assertEqual($var, 'foo', 'Variable was reset after second invocation of name-specific reset.');
$var = 'bar';
drupal_static_reset();
$this->assertEqual($var, 'foo', 'Variable was reset after first invocation of global reset.');
$var = 'bar';
drupal_static_reset();
$this->assertEqual($var, 'foo', 'Variable was reset after second invocation of global reset.');
}
}
/**
* Test miscellaneous functions in bootstrap.inc.
*/
class BootstrapMiscTestCase extends DrupalUnitTestCase {
public static function getInfo() {
return array(
'name' => 'Miscellaneous bootstrap unit tests',
'description' => 'Test miscellaneous functions in bootstrap.inc.',
'group' => 'Bootstrap',
);
}
/**
* Test miscellaneous functions in bootstrap.inc.
*/
function testMisc() {
// Test drupal_array_merge_deep().
$link_options_1 = array('fragment' => 'x', 'attributes' => array('title' => 'X', 'class' => array('a', 'b')), 'language' => 'en');
$link_options_2 = array('fragment' => 'y', 'attributes' => array('title' => 'Y', 'class' => array('c', 'd')), 'html' => TRUE);
$expected = array('fragment' => 'y', 'attributes' => array('title' => 'Y', 'class' => array('a', 'b', 'c', 'd')), 'language' => 'en', 'html' => TRUE);
$this->assertIdentical(drupal_array_merge_deep($link_options_1, $link_options_2), $expected, 'drupal_array_merge_deep() returned a properly merged array.');
}
/**
* Tests that the drupal_check_memory_limit() function works as expected.
*/
function testCheckMemoryLimit() {
// Test that a very reasonable amount of memory is available.
$this->assertTrue(drupal_check_memory_limit('30MB'), '30MB of memory tested available.');
// Test an unlimited memory limit.
// The function should always return true if the memory limit is set to -1.
$this->assertTrue(drupal_check_memory_limit('9999999999YB', -1), 'drupal_check_memory_limit() returns TRUE when a limit of -1 (none) is supplied');
// Test that even though we have 30MB of memory available - the function
// returns FALSE when given an upper limit for how much memory can be used.
$this->assertFalse(drupal_check_memory_limit('30MB', '16MB'), 'drupal_check_memory_limit() returns FALSE with a 16MB upper limit on a 30MB requirement.');
// Test that an equal amount of memory to the amount requested returns TRUE.
$this->assertTrue(drupal_check_memory_limit('30MB', '30MB'), 'drupal_check_memory_limit() returns TRUE when requesting 30MB on a 30MB requirement.');
}
}
/**
* Tests for overriding server variables via the API.
*/
class BootstrapOverrideServerVariablesTestCase extends DrupalUnitTestCase {
public static function getInfo() {
return array(
'name' => 'Overriding server variables',
'description' => 'Test that drupal_override_server_variables() works correctly.',
'group' => 'Bootstrap',
);
}
/**
* Test providing a direct URL to to drupal_override_server_variables().
*/
function testDrupalOverrideServerVariablesProvidedURL() {
$tests = array(
'http://example.com' => array(
'HTTP_HOST' => 'example.com',
'SCRIPT_NAME' => isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : NULL,
),
'http://example.com/index.php' => array(
'HTTP_HOST' => 'example.com',
'SCRIPT_NAME' => '/index.php',
),
'http://example.com/subdirectory/index.php' => array(
'HTTP_HOST' => 'example.com',
'SCRIPT_NAME' => '/subdirectory/index.php',
),
);
foreach ($tests as $url => $expected_server_values) {
// Remember the original value of $_SERVER, since the function call below
// will modify it.
$original_server = $_SERVER;
// Call drupal_override_server_variables() and ensure that all expected
// $_SERVER variables were modified correctly.
drupal_override_server_variables(array('url' => $url));
foreach ($expected_server_values as $key => $value) {
$this->assertIdentical($_SERVER[$key], $value);
}
// Restore the original value of $_SERVER.
$_SERVER = $original_server;
}
}
}
/**
* Tests for $_GET['destination'] and $_REQUEST['destination'] validation.
*/
class BootstrapDestinationTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'URL destination validation',
'description' => 'Test that $_GET[\'destination\'] and $_REQUEST[\'destination\'] cannot contain external URLs.',
'group' => 'Bootstrap',
);
}
function setUp() {
parent::setUp('system_test');
}
/**
* Tests that $_GET/$_REQUEST['destination'] only contain internal URLs.
*
* @see _drupal_bootstrap_variables()
* @see system_test_get_destination()
* @see system_test_request_destination()
*/
public function testDestination() {
$test_cases = array(
array(
'input' => 'node',
'output' => 'node',
'message' => "Standard internal example node path is present in the 'destination' parameter.",
),
array(
'input' => '/example.com',
'output' => '/example.com',
'message' => 'Internal path with one leading slash is allowed.',
),
array(
'input' => '//example.com/test',
'output' => '',
'message' => 'External URL without scheme is not allowed.',
),
array(
'input' => 'example:test',
'output' => 'example:test',
'message' => 'Internal URL using a colon is allowed.',
),
array(
'input' => 'http://example.com',
'output' => '',
'message' => 'External URL is not allowed.',
),
array(
'input' => 'javascript:alert(0)',
'output' => 'javascript:alert(0)',
'message' => 'Javascript URL is allowed because it is treated as an internal URL.',
),
);
foreach ($test_cases as $test_case) {
// Test $_GET['destination'].
$this->drupalGet('system-test/get-destination', array('query' => array('destination' => $test_case['input'])));
$this->assertIdentical($test_case['output'], $this->drupalGetContent(), $test_case['message']);
// Test $_REQUEST['destination']. There's no form to submit to, so
// drupalPost() won't work here; this just tests a direct $_POST request
// instead.
$curl_parameters = array(
CURLOPT_URL => $this->getAbsoluteUrl('system-test/request-destination'),
CURLOPT_POST => TRUE,
CURLOPT_POSTFIELDS => 'destination=' . urlencode($test_case['input']),
CURLOPT_HTTPHEADER => array(),
);
$post_output = $this->curlExec($curl_parameters);
$this->assertIdentical($test_case['output'], $post_output, $test_case['message']);
}
// Make sure that 404 pages do not populate $_GET['destination'] with
// external URLs.
variable_set('site_404', 'system-test/get-destination');
$this->drupalGet('http://example.com', array('external' => FALSE));
$this->assertIdentical('', $this->drupalGetContent(), 'External URL is not allowed on 404 pages.');
}
}
/**
* Tests DrupalCacheArray functionality.
*/
class BootstrapDrupalCacheArrayTestCase extends DrupalWebTestCase {
public static function getInfo() {
return array(
'name' => 'DrupalCacheArray tests',
'description' => 'Test DrupalCacheArray functionality.',
'group' => 'Bootstrap',
);
}
/**
* Simulate unsafe deserialization of payload prepared by the phpggc project.
*
* @see https://github.com/ambionics/phpggc/pull/28
*/
public function testGadgetChainDrupal7RCE1() {
// phpggc -s Drupal7/RCE1 phpinfo 2
$payload = 'O:11:"SchemaCache":4:{s:6:"%00*%00cid"%3Bs:14:"form_DrupalRCE"%3Bs:6:"%00*%00bin"%3Bs:10:"cache_form"%3Bs:16:"%00*%00keysToPersist"%3Ba:3:{s:8:"#form_id"%3Bb:1%3Bs:8:"#process"%3Bb:1%3Bs:9:"#attached"%3Bb:1%3B}s:10:"%00*%00storage"%3Ba:3:{s:8:"#form_id"%3Bs:9:"DrupalRCE"%3Bs:8:"#process"%3Ba:1:{i:0%3Bs:23:"drupal_process_attached"%3B}s:9:"#attached"%3Ba:1:{s:7:"phpinfo"%3Ba:1:{i:0%3Ba:1:{i:0%3Bs:1:"2"%3B}}}}}';
$object = unserialize(urldecode($payload));
// The object then needs to be destructed.
unset($object);
// If the exploit was successful, there should now be a row in cache_form.
$payload2 = db_query_range('SELECT data FROM {cache_form} WHERE cid LIKE :cid', 0, 1, array(':cid' => 'form_DrupalRCE'))->fetchField();
$this->assertFalse(is_string($payload2) && (strpos($payload2, 'phpinfo') !== FALSE), 'Second stage payload was not written to cache_form.');
// The final exploit is executed via the ajax system, but is not a
// sufficiently valid ajax form submission to use drupalPost for testing.
$headers = array(
'Content-Type: application/x-www-form-urlencoded',
);
$curl_options = array(
CURLOPT_URL => url('system/ajax', array('absolute' => TRUE)),
CURLOPT_POST => TRUE,
CURLOPT_POSTFIELDS => 'form_build_id=DrupalRCE',
CURLOPT_HTTPHEADER => $headers,
);
// The second stage payload causes several PHP warnings / notices if it is
// there in cache_form.
$content = $this->curlExec($curl_options);
$this->assertFalse((strpos($content, 'Rasmus Lerdorf') !== FALSE), 'Remote Code Execution was not successful.');
// Now opt-out of the cache_form protection.
variable_set('drupal_cache_array_persist_cache_form', TRUE);
$object = unserialize(urldecode($payload));
// The object then needs to be destructed.
unset($object);
// If the exploit was successful, there should now be a row in cache_form.
$payload2 = db_query_range('SELECT data FROM {cache_form} WHERE cid LIKE :cid', 0, 1, array(':cid' => 'form_DrupalRCE'))->fetchField();
$this->assertTrue(is_string($payload2) && (strpos($payload2, 'phpinfo') !== FALSE), 'DrupalCacheArray persisted data to cache_form.');
}
}
Reference in a new issue Copy permalink