<?php class BootstrapIPAddressTestCase extends DrupalWebTestCase { protected $oldserver; protected $remote_ip; protected $proxy_ip; protected $proxy2_ip; protected $forwarded_ip; protected $cluster_ip; protected $untrusted_ip; public static function getInfo() { return array( 'name' => 'IP address and HTTP_HOST test', 'description' => 'Get the IP address from the current visitor from the server variables, check hostname validation.', 'group' => 'Bootstrap' ); } function setUp() { $this->oldserver = $_SERVER; $this->remote_ip = '127.0.0.1'; $this->proxy_ip = '127.0.0.2'; $this->proxy2_ip = '127.0.0.3'; $this->forwarded_ip = '127.0.0.4'; $this->cluster_ip = '127.0.0.5'; $this->untrusted_ip = '0.0.0.0'; drupal_static_reset('ip_address'); $_SERVER['REMOTE_ADDR'] = $this->remote_ip; unset($_SERVER['HTTP_X_FORWARDED_FOR']); unset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']); parent::setUp(); } function tearDown() { $_SERVER = $this->oldserver; drupal_static_reset('ip_address'); parent::tearDown(); } /** * test IP Address and hostname */ function testIPAddressHost() { // Test the normal IP address. $this->assertTrue( ip_address() == $this->remote_ip, 'Got remote IP address.' ); // Proxy forwarding on but no proxy addresses defined. variable_set('reverse_proxy', 1); $this->assertTrue( ip_address() == $this->remote_ip, 'Proxy forwarding without trusted proxies got remote IP address.' ); // Proxy forwarding on and proxy address not trusted. variable_set('reverse_proxy_addresses', array($this->proxy_ip, $this->proxy2_ip)); drupal_static_reset('ip_address'); $_SERVER['REMOTE_ADDR'] = $this->untrusted_ip; $this->assertTrue( ip_address() == $this->untrusted_ip, 'Proxy forwarding with untrusted proxy got remote IP address.' ); // Proxy forwarding on and proxy address trusted. $_SERVER['REMOTE_ADDR'] = $this->proxy_ip; $_SERVER['HTTP_X_FORWARDED_FOR'] = $this->forwarded_ip; drupal_static_reset('ip_address'); $this->assertTrue( ip_address() == $this->forwarded_ip, 'Proxy forwarding with trusted proxy got forwarded IP address.' ); // Proxy forwarding on and proxy address trusted and visiting from proxy. $_SERVER['REMOTE_ADDR'] = $this->proxy_ip; $_SERVER['HTTP_X_FORWARDED_FOR'] = $this->proxy_ip; drupal_static_reset('ip_address'); $this->assertTrue( ip_address() == $this->proxy_ip, 'Visiting from trusted proxy got proxy IP address.' ); // Multi-tier architecture with comma separated values in header. $_SERVER['REMOTE_ADDR'] = $this->proxy_ip; $_SERVER['HTTP_X_FORWARDED_FOR'] = implode(', ', array($this->untrusted_ip, $this->forwarded_ip, $this->proxy2_ip)); drupal_static_reset('ip_address'); $this->assertTrue( ip_address() == $this->forwarded_ip, 'Proxy forwarding with trusted 2-tier proxy got forwarded IP address.' ); // Custom client-IP header. variable_set('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP'); $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = $this->cluster_ip; drupal_static_reset('ip_address'); $this->assertTrue( ip_address() == $this->cluster_ip, 'Cluster environment got cluster client IP.' ); // Verifies that drupal_valid_http_host() prevents invalid characters. $this->assertFalse(drupal_valid_http_host('security/.drupal.org:80'), 'HTTP_HOST with / is invalid'); $this->assertFalse(drupal_valid_http_host('security\\.drupal.org:80'), 'HTTP_HOST with \\ is invalid'); $this->assertFalse(drupal_valid_http_host('security<.drupal.org:80'), 'HTTP_HOST with < is invalid'); $this->assertFalse(drupal_valid_http_host('security..drupal.org:80'), 'HTTP_HOST with .. is invalid'); // Verifies that host names are shorter than 1000 characters. $this->assertFalse(drupal_valid_http_host(str_repeat('x', 1001)), 'HTTP_HOST with more than 1000 characters is invalid.'); $this->assertFalse(drupal_valid_http_host(str_repeat('.', 101)), 'HTTP_HOST with more than 100 subdomains is invalid.'); $this->assertFalse(drupal_valid_http_host(str_repeat(':', 101)), 'HTTP_HOST with more than 100 portseparators is invalid.'); // IPv6 loopback address $this->assertTrue(drupal_valid_http_host('[::1]:80'), 'HTTP_HOST containing IPv6 loopback is valid'); } } class BootstrapPageCacheTestCase extends DrupalWebTestCase { public static function getInfo() { return array( 'name' => 'Page cache test', 'description' => 'Enable the page cache and test it with various HTTP requests.', 'group' => 'Bootstrap' ); } function setUp() { parent::setUp('system_test'); } /** * Test support for requests containing If-Modified-Since and If-None-Match headers. */ function testConditionalRequests() { variable_set('cache', 1); // Fill the cache. $this->drupalGet(''); $this->drupalHead(''); $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.'); $etag = $this->drupalGetHeader('ETag'); $last_modified = $this->drupalGetHeader('Last-Modified'); $this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified, 'If-None-Match: ' . $etag)); $this->assertResponse(304, 'Conditional request returned 304 Not Modified.'); $this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC822, strtotime($last_modified)), 'If-None-Match: ' . $etag)); $this->assertResponse(304, 'Conditional request with obsolete If-Modified-Since date returned 304 Not Modified.'); $this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC850, strtotime($last_modified)), 'If-None-Match: ' . $etag)); $this->assertResponse(304, 'Conditional request with obsolete If-Modified-Since date returned 304 Not Modified.'); $this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified)); $this->assertResponse(200, 'Conditional request without If-None-Match returned 200 OK.'); $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.'); $this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC7231, strtotime($last_modified) + 1), 'If-None-Match: ' . $etag)); $this->assertResponse(200, 'Conditional request with new a If-Modified-Since date newer than Last-Modified returned 200 OK.'); $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.'); $user = $this->drupalCreateUser(); $this->drupalLogin($user); $this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified, 'If-None-Match: ' . $etag)); $this->assertResponse(200, 'Conditional request returned 200 OK for authenticated user.'); $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Absence of Page was not cached.'); $this->assertFalse($this->drupalGetHeader('ETag'), 'ETag HTTP headers are not present for logged in users.'); $this->assertFalse($this->drupalGetHeader('Last-Modified'), 'Last-Modified HTTP headers are not present for logged in users.'); } /** * Test cache headers. */ function testPageCache() { variable_set('cache', 1); // Fill the cache. $this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar'))); $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'MISS', 'Page was not cached.'); $this->assertEqual($this->drupalGetHeader('Vary'), 'Cookie,Accept-Encoding', 'Vary header was sent.'); $this->assertEqual($this->drupalGetHeader('Cache-Control'), 'public, max-age=0', 'Cache-Control header was sent.'); $this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.'); $this->assertEqual($this->drupalGetHeader('Foo'), 'bar', 'Custom header was sent.'); // Check cache. $this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar'))); $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.'); $this->assertEqual($this->drupalGetHeader('Vary'), 'Cookie,Accept-Encoding', 'Vary: Cookie header was sent.'); $this->assertEqual($this->drupalGetHeader('Cache-Control'), 'public, max-age=0', 'Cache-Control header was sent.'); $this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.'); $this->assertEqual($this->drupalGetHeader('Foo'), 'bar', 'Custom header was sent.'); $this->assertEqual($this->drupalGetHeader('X-Content-Type-Options'), 'nosniff', 'X-Content-Type-Options header was sent.'); // Check replacing default headers. $this->drupalGet('system-test/set-header', array('query' => array('name' => 'Expires', 'value' => 'Fri, 19 Nov 2008 05:00:00 GMT'))); $this->assertEqual($this->drupalGetHeader('Expires'), 'Fri, 19 Nov 2008 05:00:00 GMT', 'Default header was replaced.'); $this->drupalGet('system-test/set-header', array('query' => array('name' => 'Vary', 'value' => 'User-Agent'))); $this->assertEqual($this->drupalGetHeader('Vary'), 'User-Agent,Accept-Encoding', 'Default header was replaced.'); // Check that authenticated users bypass the cache. $user = $this->drupalCreateUser(); $this->drupalLogin($user); $this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar'))); $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Caching was bypassed.'); $this->assertTrue(strpos($this->drupalGetHeader('Vary'), 'Cookie') === FALSE, 'Vary: Cookie header was not sent.'); $this->assertEqual($this->drupalGetHeader('Cache-Control'), 'no-cache, must-revalidate', 'Cache-Control header was sent.'); $this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.'); $this->assertEqual($this->drupalGetHeader('Foo'), 'bar', 'Custom header was sent.'); } /** * Test page compression. * * The test should pass even if zlib.output_compression is enabled in php.ini, * .htaccess or similar, or if compression is done outside PHP, e.g. by the * mod_deflate Apache module. */ function testPageCompression() { variable_set('cache', 1); // Fill the cache and verify that output is compressed. $this->drupalGet('', array(), array('Accept-Encoding: gzip,deflate')); $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'MISS', 'Page was not cached.'); $this->drupalSetContent(gzinflate(substr($this->drupalGetContent(), 10, -8))); $this->assertRaw('</html>', 'Page was gzip compressed.'); // Verify that cached output is compressed. $this->drupalGet('', array(), array('Accept-Encoding: gzip,deflate')); $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.'); $this->assertEqual($this->drupalGetHeader('Content-Encoding'), 'gzip', 'A Content-Encoding header was sent.'); $this->drupalSetContent(gzinflate(substr($this->drupalGetContent(), 10, -8))); $this->assertRaw('</html>', 'Page was gzip compressed.'); // Verify that a client without compression support gets an uncompressed page. $this->drupalGet(''); $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.'); $this->assertFalse($this->drupalGetHeader('Content-Encoding'), 'A Content-Encoding header was not sent.'); $this->assertTitle(t('Welcome to @site-name | @site-name', array('@site-name' => variable_get('site_name', 'Drupal'))), 'Site title matches.'); $this->assertRaw('</html>', 'Page was not compressed.'); // Verify that an empty page doesn't throw an error when being decompressed. $this->drupalGet('system-test/empty-page'); // Disable compression mode. variable_set('page_compression', FALSE); // Verify if cached page is still available for a client with compression support. $this->drupalGet('', array(), array('Accept-Encoding: gzip,deflate')); $this->drupalSetContent(gzinflate(substr($this->drupalGetContent(), 10, -8))); $this->assertRaw('</html>', 'Page was delivered after compression mode is changed (compression support enabled).'); // Verify if cached page is still available for a client without compression support. $this->drupalGet(''); $this->assertRaw('</html>', 'Page was delivered after compression mode is changed (compression support disabled).'); } /** * Test page cache headers. */ function testPageCacheHeaders() { variable_set('cache', 1); // First request should store a response in the page cache. $this->drupalGet('system-test/page-cache-headers'); // The test callback should remove the query string leaving the same path // as the previous request, which we'll try to retrieve from cache_page. $this->drupalGet('system-test/page-cache-headers', array('query' => array('return_headers' => 'TRUE'))); $headers = json_decode($this->drupalGetHeader('Page-Cache-Headers'), TRUE); if (is_null($headers)) { $this->fail('No headers were retrieved from the page cache.'); } else { $this->assertEqual($headers['X-Content-Type-Options'], 'nosniff', 'X-Content-Type-Options header retrieved from response in the page cache.'); } } } class BootstrapVariableTestCase extends DrupalWebTestCase { function setUp() { parent::setUp('system_test'); } public static function getInfo() { return array( 'name' => 'Variable test', 'description' => 'Make sure the variable system functions correctly.', 'group' => 'Bootstrap' ); } /** * testVariable */ function testVariable() { // Setting and retrieving values. $variable = $this->randomName(); variable_set('simpletest_bootstrap_variable_test', $variable); $this->assertIdentical($variable, variable_get('simpletest_bootstrap_variable_test'), 'Setting and retrieving values'); // Make sure the variable persists across multiple requests. $this->drupalGet('system-test/variable-get'); $this->assertText($variable, 'Variable persists across multiple requests'); // Deleting variables. $default_value = $this->randomName(); variable_del('simpletest_bootstrap_variable_test'); $variable = variable_get('simpletest_bootstrap_variable_test', $default_value); $this->assertIdentical($variable, $default_value, 'Deleting variables'); } /** * Makes sure that the default variable parameter is passed through okay. */ function testVariableDefaults() { // Tests passing nothing through to the default. $this->assertIdentical(NULL, variable_get('simpletest_bootstrap_variable_test'), 'Variables are correctly defaulting to NULL.'); // Tests passing 5 to the default parameter. $this->assertIdentical(5, variable_get('simpletest_bootstrap_variable_test', 5), 'The default variable parameter is passed through correctly.'); } } /** * Tests the auto-loading behavior of the code registry. */ class BootstrapAutoloadTestCase extends DrupalWebTestCase { public static function getInfo() { return array( 'name' => 'Code registry', 'description' => 'Test that the code registry functions correctly.', 'group' => 'Bootstrap', ); } function setUp() { parent::setUp('drupal_autoload_test'); } /** * Tests that autoloader name matching is not case sensitive. */ function testAutoloadCase() { // Test interface autoloader. $this->assertTrue(drupal_autoload_interface('drupalautoloadtestinterface'), 'drupal_autoload_interface() recognizes <em>DrupalAutoloadTestInterface</em> in lower case.'); // Test class autoloader. $this->assertTrue(drupal_autoload_class('drupalautoloadtestclass'), 'drupal_autoload_class() recognizes <em>DrupalAutoloadTestClass</em> in lower case.'); // Test trait autoloader. if (version_compare(PHP_VERSION, '5.4') >= 0) { $this->assertTrue(drupal_autoload_trait('drupalautoloadtesttrait'), 'drupal_autoload_trait() recognizes <em>DrupalAutoloadTestTrait</em> in lower case.'); } } } /** * Test hook_boot() and hook_exit(). */ class HookBootExitTestCase extends DrupalWebTestCase { public static function getInfo() { return array( 'name' => 'Boot and exit hook invocation', 'description' => 'Test that hook_boot() and hook_exit() are called correctly.', 'group' => 'Bootstrap', ); } function setUp() { parent::setUp('system_test', 'dblog'); } /** * Test calling of hook_boot() and hook_exit(). */ function testHookBootExit() { // Test with cache disabled. Boot and exit should always fire. variable_set('cache', 0); $this->drupalGet(''); $calls = 1; $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot called with disabled cache.')); $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit called with disabled cache.')); // Test with normal cache. Boot and exit should be called. variable_set('cache', 1); $this->drupalGet(''); $calls++; $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot called with normal cache.')); $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit called with normal cache.')); // Boot and exit should not fire since the page is cached. variable_set('page_cache_invoke_hooks', FALSE); $this->assertTrue(cache_get(url('', array('absolute' => TRUE)), 'cache_page'), t('Page has been cached.')); $this->drupalGet(''); $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot not called with aggressive cache and a cached page.')); $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit not called with aggressive cache and a cached page.')); // Test with page cache cleared, boot and exit should be called. $this->assertTrue(db_delete('cache_page')->execute(), t('Page cache cleared.')); $this->drupalGet(''); $calls++; $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot called with aggressive cache and no cached page.')); $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit called with aggressive cache and no cached page.')); } } /** * Test drupal_get_filename()'s availability. */ class BootstrapGetFilenameTestCase extends DrupalUnitTestCase { public static function getInfo() { return array( 'name' => 'Get filename test (without the system table)', 'description' => 'Test that drupal_get_filename() works correctly when the database is not available.', 'group' => 'Bootstrap', ); } /** * The last file-related error message triggered by the filename test. * * Used by BootstrapGetFilenameTestCase::testDrupalGetFilename(). */ protected $getFilenameTestTriggeredError; /** * Test that drupal_get_filename() works correctly when the file is not found in the database. */ function testDrupalGetFilename() { // Reset the static cache so we can test the "db is not active" code of // drupal_get_filename(). drupal_static_reset('drupal_get_filename'); // Retrieving the location of a module. $this->assertIdentical(drupal_get_filename('module', 'php'), 'modules/php/php.module', t('Retrieve module location.')); // Retrieving the location of a theme. $this->assertIdentical(drupal_get_filename('theme', 'stark'), 'themes/stark/stark.info', t('Retrieve theme location.')); // Retrieving the location of a theme engine. $this->assertIdentical(drupal_get_filename('theme_engine', 'phptemplate'), 'themes/engines/phptemplate/phptemplate.engine', t('Retrieve theme engine location.')); // Retrieving the location of a profile. Profiles are a special case with // a fixed location and naming. $this->assertIdentical(drupal_get_filename('profile', 'standard'), 'profiles/standard/standard.profile', t('Retrieve install profile location.')); // When a file is not found in the database cache, drupal_get_filename() // searches several locations on the filesystem, including the DRUPAL_ROOT // directory. We use the '.script' extension below because this is a // non-existent filetype that will definitely not exist in the database. // Since there is already a scripts directory, drupal_get_filename() will // automatically check there for 'script' files, just as it does for (e.g.) // 'module' files in modules. $this->assertIdentical(drupal_get_filename('script', 'test'), 'scripts/test.script', t('Retrieve test script location.')); // When searching for a module that does not exist, drupal_get_filename() // should return NULL and trigger an appropriate error message. $this->getFilenameTestTriggeredError = NULL; set_error_handler(array($this, 'fileNotFoundErrorHandler')); $non_existing_module = $this->randomName(); $this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that does not exist returns NULL.'); $this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) === 0, 'Searching for an item that does not exist triggers the correct error.'); restore_error_handler(); // Check that the result is stored in the file system scan cache. $file_scans = _drupal_file_scan_cache(); $this->assertIdentical($file_scans['module'][$non_existing_module], FALSE, 'Searching for a module that does not exist creates a record in the missing and moved files static variable.'); // Performing the search again in the same request still should not find // the file, but the error message should not be repeated (therefore we do // not override the error handler here). $this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that does not exist returns NULL during the second search.'); } /** * Skips handling of "file not found" errors. */ public function fileNotFoundErrorHandler($error_level, $message, $filename, $line) { // Skip error handling if this is a "file not found" error. if (strpos($message, 'is missing from the file system:') !== FALSE || strpos($message, 'has moved within the file system:') !== FALSE) { $this->getFilenameTestTriggeredError = $message; return; } _drupal_error_handler($error_level, $message, $filename, $line); } } /** * Test drupal_get_filename() in the context of a full Drupal installation. */ class BootstrapGetFilenameWebTestCase extends DrupalWebTestCase { public static function getInfo() { return array( 'name' => 'Get filename test (full installation)', 'description' => 'Test that drupal_get_filename() works correctly in the context of a full Drupal installation.', 'group' => 'Bootstrap', ); } function setUp() { parent::setUp('system_test'); } /** * The last file-related error message triggered by the filename test. * * Used by BootstrapGetFilenameWebTestCase::testDrupalGetFilename(). */ protected $getFilenameTestTriggeredError; /** * Test that drupal_get_filename() works correctly with a full Drupal site. */ function testDrupalGetFilename() { // Search for a module that exists in the file system and the {system} // table and make sure that it is found. $this->assertIdentical(drupal_get_filename('module', 'node'), 'modules/node/node.module', 'Module found at expected location.'); // Search for a module that does not exist in either the file system or the // {system} table. Make sure that an appropriate error is triggered and // that the module winds up in the static and persistent cache. $this->getFilenameTestTriggeredError = NULL; set_error_handler(array($this, 'fileNotFoundErrorHandler')); $non_existing_module = $this->randomName(); $this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that does not exist returns NULL.'); $this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) === 0, 'Searching for a module that does not exist triggers the correct error.'); restore_error_handler(); $file_scans = _drupal_file_scan_cache(); $this->assertIdentical($file_scans['module'][$non_existing_module], FALSE, 'Searching for a module that does not exist creates a record in the missing and moved files static variable.'); drupal_file_scan_write_cache(); $cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap'); $this->assertIdentical($cache->data['module'][$non_existing_module], FALSE, 'Searching for a module that does not exist creates a record in the missing and moved files persistent cache.'); // Simulate moving a module to a location that does not match the location // in the {system} table and perform similar tests as above. db_update('system') ->fields(array('filename' => 'modules/simpletest/tests/fake_location/module_test.module')) ->condition('name', 'module_test') ->condition('type', 'module') ->execute(); $this->getFilenameTestTriggeredError = NULL; set_error_handler(array($this, 'fileNotFoundErrorHandler')); $this->assertIdentical(drupal_get_filename('module', 'module_test'), 'modules/simpletest/tests/module_test.module', 'Searching for a module that has moved finds the module at its new location.'); $this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module has moved within the file system: %name', array('%name' => 'module_test'))) === 0, 'Searching for a module that has moved triggers the correct error.'); restore_error_handler(); $file_scans = _drupal_file_scan_cache(); $this->assertIdentical($file_scans['module']['module_test'], 'modules/simpletest/tests/module_test.module', 'Searching for a module that has moved creates a record in the missing and moved files static variable.'); drupal_file_scan_write_cache(); $cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap'); $this->assertIdentical($cache->data['module']['module_test'], 'modules/simpletest/tests/module_test.module', 'Searching for a module that has moved creates a record in the missing and moved files persistent cache.'); // Simulate a module that exists in the {system} table but does not exist // in the file system and perform similar tests as above. $non_existing_module = $this->randomName(); db_update('system') ->fields(array('name' => $non_existing_module)) ->condition('name', 'module_test') ->condition('type', 'module') ->execute(); $this->getFilenameTestTriggeredError = NULL; set_error_handler(array($this, 'fileNotFoundErrorHandler')); $this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that exists in the system table but not in the file system returns NULL.'); $this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) === 0, 'Searching for a module that exists in the system table but not in the file system triggers the correct error.'); restore_error_handler(); $file_scans = _drupal_file_scan_cache(); $this->assertIdentical($file_scans['module'][$non_existing_module], FALSE, 'Searching for a module that exists in the system table but not in the file system creates a record in the missing and moved files static variable.'); drupal_file_scan_write_cache(); $cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap'); $this->assertIdentical($cache->data['module'][$non_existing_module], FALSE, 'Searching for a module that exists in the system table but not in the file system creates a record in the missing and moved files persistent cache.'); // Simulate a module that exists in the file system but not in the {system} // table and perform similar tests as above. db_delete('system') ->condition('name', 'common_test') ->condition('type', 'module') ->execute(); system_list_reset(); $this->getFilenameTestTriggeredError = NULL; set_error_handler(array($this, 'fileNotFoundErrorHandler')); $this->assertIdentical(drupal_get_filename('module', 'common_test'), 'modules/simpletest/tests/common_test.module', 'Searching for a module that does not exist in the system table finds the module at its actual location.'); $this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module has moved within the file system: %name', array('%name' => 'common_test'))) === 0, 'Searching for a module that does not exist in the system table triggers the correct error.'); restore_error_handler(); $file_scans = _drupal_file_scan_cache(); $this->assertIdentical($file_scans['module']['common_test'], 'modules/simpletest/tests/common_test.module', 'Searching for a module that does not exist in the system table creates a record in the missing and moved files static variable.'); drupal_file_scan_write_cache(); $cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap'); $this->assertIdentical($cache->data['module']['common_test'], 'modules/simpletest/tests/common_test.module', 'Searching for a module that does not exist in the system table creates a record in the missing and moved files persistent cache.'); } /** * Skips handling of "file not found" errors. */ public function fileNotFoundErrorHandler($error_level, $message, $filename, $line) { // Skip error handling if this is a "file not found" error. if (strpos($message, 'is missing from the file system:') !== FALSE || strpos($message, 'has moved within the file system:') !== FALSE) { $this->getFilenameTestTriggeredError = $message; return; } _drupal_error_handler($error_level, $message, $filename, $line); } /** * Test that watchdog messages about missing files are correctly recorded. */ public function testWatchdog() { // Search for a module that does not exist in either the file system or the // {system} table. Make sure that an appropriate warning is recorded in the // logs. $non_existing_module = $this->randomName(); $query_parameters = array( ':type' => 'php', ':severity' => WATCHDOG_WARNING, ); $this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND severity = :severity', $query_parameters)->fetchField(), 0, 'No warning message appears in the logs before searching for a module that does not exist.'); // Trigger the drupal_get_filename() call. This must be done via a request // to a separate URL since the watchdog() will happen in a shutdown // function, and so that SimpleTest can be told to ignore (and not fail as // a result of) the expected PHP warnings generated during this process. variable_set('system_test_drupal_get_filename_test_module_name', $non_existing_module); $this->drupalGet('system-test/drupal-get-filename'); $message_variables = db_query('SELECT variables FROM {watchdog} WHERE type = :type AND severity = :severity', $query_parameters)->fetchCol(); $this->assertEqual(count($message_variables), 1, 'A single warning message appears in the logs after searching for a module that does not exist.'); $variables = reset($message_variables); $variables = unserialize($variables); $this->assertTrue(isset($variables['!message']) && strpos($variables['!message'], format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) !== FALSE, 'The warning message that appears in the logs after searching for a module that does not exist contains the expected text.'); } /** * Test that drupal_get_filename() does not break recursive rebuilds. */ public function testRecursiveRebuilds() { // Ensure that the drupal_get_filename() call due to a missing module does // not break the data returned by an attempted recursive rebuild. The code // path which is tested is as follows: // - Call drupal_get_schema(). // - Within a hook_schema() implementation, trigger a drupal_get_filename() // search for a nonexistent module. // - In the watchdog() call that results from that, trigger // drupal_get_schema() again. // Without some kind of recursion protection, this could cause the second // drupal_get_schema() call to return incomplete results. This test ensures // that does not happen. $non_existing_module = $this->randomName(); variable_set('system_test_drupal_get_filename_test_module_name', $non_existing_module); $this->drupalGet('system-test/drupal-get-filename-with-schema-rebuild'); $original_drupal_get_schema_tables = variable_get('system_test_drupal_get_filename_with_schema_rebuild_original_tables'); $final_drupal_get_schema_tables = variable_get('system_test_drupal_get_filename_with_schema_rebuild_final_tables'); $this->assertTrue(!empty($original_drupal_get_schema_tables)); $this->assertTrue(!empty($final_drupal_get_schema_tables)); $this->assertEqual($original_drupal_get_schema_tables, $final_drupal_get_schema_tables); } } class BootstrapTimerTestCase extends DrupalUnitTestCase { public static function getInfo() { return array( 'name' => 'Timer test', 'description' => 'Test that timer_read() works both when a timer is running and when a timer is stopped.', 'group' => 'Bootstrap', ); } /** * Test timer_read() to ensure it properly accumulates time when the timer * started and stopped multiple times. * @return */ function testTimer() { timer_start('test'); sleep(1); $this->assertTrue(timer_read('test') >= 1000, 'Timer measured 1 second of sleeping while running.'); sleep(1); timer_stop('test'); $this->assertTrue(timer_read('test') >= 2000, 'Timer measured 2 seconds of sleeping after being stopped.'); timer_start('test'); sleep(1); $this->assertTrue(timer_read('test') >= 3000, 'Timer measured 3 seconds of sleeping after being restarted.'); sleep(1); $timer = timer_stop('test'); $this->assertTrue(timer_read('test') >= 4000, 'Timer measured 4 seconds of sleeping after being stopped for a second time.'); $this->assertEqual($timer['count'], 2, 'Timer counted 2 instances of being started.'); } } /** * Test that resetting static variables works. */ class BootstrapResettableStaticTestCase extends DrupalUnitTestCase { public static function getInfo() { return array( 'name' => 'Resettable static variables test', 'description' => 'Test that drupal_static() and drupal_static_reset() work.', 'group' => 'Bootstrap', ); } /** * Test that a variable reference returned by drupal_static() gets reset when * drupal_static_reset() is called. */ function testDrupalStatic() { $name = __CLASS__ . '_' . __METHOD__; $var = &drupal_static($name, 'foo'); $this->assertEqual($var, 'foo', 'Variable returned by drupal_static() was set to its default.'); // Call the specific reset and the global reset each twice to ensure that // multiple resets can be issued without odd side effects. $var = 'bar'; drupal_static_reset($name); $this->assertEqual($var, 'foo', 'Variable was reset after first invocation of name-specific reset.'); $var = 'bar'; drupal_static_reset($name); $this->assertEqual($var, 'foo', 'Variable was reset after second invocation of name-specific reset.'); $var = 'bar'; drupal_static_reset(); $this->assertEqual($var, 'foo', 'Variable was reset after first invocation of global reset.'); $var = 'bar'; drupal_static_reset(); $this->assertEqual($var, 'foo', 'Variable was reset after second invocation of global reset.'); } } /** * Test miscellaneous functions in bootstrap.inc. */ class BootstrapMiscTestCase extends DrupalUnitTestCase { public static function getInfo() { return array( 'name' => 'Miscellaneous bootstrap unit tests', 'description' => 'Test miscellaneous functions in bootstrap.inc.', 'group' => 'Bootstrap', ); } /** * Test miscellaneous functions in bootstrap.inc. */ function testMisc() { // Test drupal_array_merge_deep(). $link_options_1 = array('fragment' => 'x', 'attributes' => array('title' => 'X', 'class' => array('a', 'b')), 'language' => 'en'); $link_options_2 = array('fragment' => 'y', 'attributes' => array('title' => 'Y', 'class' => array('c', 'd')), 'html' => TRUE); $expected = array('fragment' => 'y', 'attributes' => array('title' => 'Y', 'class' => array('a', 'b', 'c', 'd')), 'language' => 'en', 'html' => TRUE); $this->assertIdentical(drupal_array_merge_deep($link_options_1, $link_options_2), $expected, 'drupal_array_merge_deep() returned a properly merged array.'); } /** * Tests that the drupal_check_memory_limit() function works as expected. */ function testCheckMemoryLimit() { // Test that a very reasonable amount of memory is available. $this->assertTrue(drupal_check_memory_limit('30MB'), '30MB of memory tested available.'); // Test an unlimited memory limit. // The function should always return true if the memory limit is set to -1. $this->assertTrue(drupal_check_memory_limit('9999999999YB', -1), 'drupal_check_memory_limit() returns TRUE when a limit of -1 (none) is supplied'); // Test that even though we have 30MB of memory available - the function // returns FALSE when given an upper limit for how much memory can be used. $this->assertFalse(drupal_check_memory_limit('30MB', '16MB'), 'drupal_check_memory_limit() returns FALSE with a 16MB upper limit on a 30MB requirement.'); // Test that an equal amount of memory to the amount requested returns TRUE. $this->assertTrue(drupal_check_memory_limit('30MB', '30MB'), 'drupal_check_memory_limit() returns TRUE when requesting 30MB on a 30MB requirement.'); } } /** * Tests for overriding server variables via the API. */ class BootstrapOverrideServerVariablesTestCase extends DrupalUnitTestCase { public static function getInfo() { return array( 'name' => 'Overriding server variables', 'description' => 'Test that drupal_override_server_variables() works correctly.', 'group' => 'Bootstrap', ); } /** * Test providing a direct URL to to drupal_override_server_variables(). */ function testDrupalOverrideServerVariablesProvidedURL() { $tests = array( 'http://example.com' => array( 'HTTP_HOST' => 'example.com', 'SCRIPT_NAME' => isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : NULL, ), 'http://example.com/index.php' => array( 'HTTP_HOST' => 'example.com', 'SCRIPT_NAME' => '/index.php', ), 'http://example.com/subdirectory/index.php' => array( 'HTTP_HOST' => 'example.com', 'SCRIPT_NAME' => '/subdirectory/index.php', ), ); foreach ($tests as $url => $expected_server_values) { // Remember the original value of $_SERVER, since the function call below // will modify it. $original_server = $_SERVER; // Call drupal_override_server_variables() and ensure that all expected // $_SERVER variables were modified correctly. drupal_override_server_variables(array('url' => $url)); foreach ($expected_server_values as $key => $value) { $this->assertIdentical($_SERVER[$key], $value); } // Restore the original value of $_SERVER. $_SERVER = $original_server; } } } /** * Tests for $_GET['destination'] and $_REQUEST['destination'] validation. */ class BootstrapDestinationTestCase extends DrupalWebTestCase { public static function getInfo() { return array( 'name' => 'URL destination validation', 'description' => 'Test that $_GET[\'destination\'] and $_REQUEST[\'destination\'] cannot contain external URLs.', 'group' => 'Bootstrap', ); } function setUp() { parent::setUp('system_test'); } /** * Tests that $_GET/$_REQUEST['destination'] only contain internal URLs. * * @see _drupal_bootstrap_variables() * @see system_test_get_destination() * @see system_test_request_destination() */ public function testDestination() { $test_cases = array( array( 'input' => 'node', 'output' => 'node', 'message' => "Standard internal example node path is present in the 'destination' parameter.", ), array( 'input' => '/example.com', 'output' => '/example.com', 'message' => 'Internal path with one leading slash is allowed.', ), array( 'input' => '//example.com/test', 'output' => '', 'message' => 'External URL without scheme is not allowed.', ), array( 'input' => 'example:test', 'output' => 'example:test', 'message' => 'Internal URL using a colon is allowed.', ), array( 'input' => 'http://example.com', 'output' => '', 'message' => 'External URL is not allowed.', ), array( 'input' => 'javascript:alert(0)', 'output' => 'javascript:alert(0)', 'message' => 'Javascript URL is allowed because it is treated as an internal URL.', ), ); foreach ($test_cases as $test_case) { // Test $_GET['destination']. $this->drupalGet('system-test/get-destination', array('query' => array('destination' => $test_case['input']))); $this->assertIdentical($test_case['output'], $this->drupalGetContent(), $test_case['message']); // Test $_REQUEST['destination']. There's no form to submit to, so // drupalPost() won't work here; this just tests a direct $_POST request // instead. $curl_parameters = array( CURLOPT_URL => $this->getAbsoluteUrl('system-test/request-destination'), CURLOPT_POST => TRUE, CURLOPT_POSTFIELDS => 'destination=' . urlencode($test_case['input']), CURLOPT_HTTPHEADER => array(), ); $post_output = $this->curlExec($curl_parameters); $this->assertIdentical($test_case['output'], $post_output, $test_case['message']); } // Make sure that 404 pages do not populate $_GET['destination'] with // external URLs. variable_set('site_404', 'system-test/get-destination'); $this->drupalGet('http://example.com', array('external' => FALSE)); $this->assertIdentical('', $this->drupalGetContent(), 'External URL is not allowed on 404 pages.'); } } /** * Tests DrupalCacheArray functionality. */ class BootstrapDrupalCacheArrayTestCase extends DrupalWebTestCase { public static function getInfo() { return array( 'name' => 'DrupalCacheArray tests', 'description' => 'Test DrupalCacheArray functionality.', 'group' => 'Bootstrap', ); } /** * Simulate unsafe deserialization of payload prepared by the phpggc project. * * @see https://github.com/ambionics/phpggc/pull/28 */ public function testGadgetChainDrupal7RCE1() { // phpggc -s Drupal7/RCE1 phpinfo 2 $payload = 'O:11:"SchemaCache":4:{s:6:"%00*%00cid"%3Bs:14:"form_DrupalRCE"%3Bs:6:"%00*%00bin"%3Bs:10:"cache_form"%3Bs:16:"%00*%00keysToPersist"%3Ba:3:{s:8:"#form_id"%3Bb:1%3Bs:8:"#process"%3Bb:1%3Bs:9:"#attached"%3Bb:1%3B}s:10:"%00*%00storage"%3Ba:3:{s:8:"#form_id"%3Bs:9:"DrupalRCE"%3Bs:8:"#process"%3Ba:1:{i:0%3Bs:23:"drupal_process_attached"%3B}s:9:"#attached"%3Ba:1:{s:7:"phpinfo"%3Ba:1:{i:0%3Ba:1:{i:0%3Bs:1:"2"%3B}}}}}'; $object = unserialize(urldecode($payload)); // The object then needs to be destructed. unset($object); // If the exploit was successful, there should now be a row in cache_form. $payload2 = db_query_range('SELECT data FROM {cache_form} WHERE cid LIKE :cid', 0, 1, array(':cid' => 'form_DrupalRCE'))->fetchField(); $this->assertFalse(is_string($payload2) && (strpos($payload2, 'phpinfo') !== FALSE), 'Second stage payload was not written to cache_form.'); // The final exploit is executed via the ajax system, but is not a // sufficiently valid ajax form submission to use drupalPost for testing. $headers = array( 'Content-Type: application/x-www-form-urlencoded', ); $curl_options = array( CURLOPT_URL => url('system/ajax', array('absolute' => TRUE)), CURLOPT_POST => TRUE, CURLOPT_POSTFIELDS => 'form_build_id=DrupalRCE', CURLOPT_HTTPHEADER => $headers, ); // The second stage payload causes several PHP warnings / notices if it is // there in cache_form. $content = $this->curlExec($curl_options); $this->assertFalse((strpos($content, 'Rasmus Lerdorf') !== FALSE), 'Remote Code Execution was not successful.'); // Now opt-out of the cache_form protection. variable_set('drupal_cache_array_persist_cache_form', TRUE); $object = unserialize(urldecode($payload)); // The object then needs to be destructed. unset($object); // If the exploit was successful, there should now be a row in cache_form. $payload2 = db_query_range('SELECT data FROM {cache_form} WHERE cid LIKE :cid', 0, 1, array(':cid' => 'form_DrupalRCE'))->fetchField(); $this->assertTrue(is_string($payload2) && (strpos($payload2, 'phpinfo') !== FALSE), 'DrupalCacheArray persisted data to cache_form.'); } }