mirror of
https://github.com/tag1consulting/d7_to_d10_migration.git
synced 2025-01-13 15:34:35 +00:00
965 lines
46 KiB
Text
965 lines
46 KiB
Text
<?php
|
|
|
|
class BootstrapIPAddressTestCase extends DrupalWebTestCase {
|
|
protected $oldserver;
|
|
protected $remote_ip;
|
|
protected $proxy_ip;
|
|
protected $proxy2_ip;
|
|
protected $forwarded_ip;
|
|
protected $cluster_ip;
|
|
protected $untrusted_ip;
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'IP address and HTTP_HOST test',
|
|
'description' => 'Get the IP address from the current visitor from the server variables, check hostname validation.',
|
|
'group' => 'Bootstrap'
|
|
);
|
|
}
|
|
|
|
function setUp() {
|
|
$this->oldserver = $_SERVER;
|
|
|
|
$this->remote_ip = '127.0.0.1';
|
|
$this->proxy_ip = '127.0.0.2';
|
|
$this->proxy2_ip = '127.0.0.3';
|
|
$this->forwarded_ip = '127.0.0.4';
|
|
$this->cluster_ip = '127.0.0.5';
|
|
$this->untrusted_ip = '0.0.0.0';
|
|
|
|
drupal_static_reset('ip_address');
|
|
|
|
$_SERVER['REMOTE_ADDR'] = $this->remote_ip;
|
|
unset($_SERVER['HTTP_X_FORWARDED_FOR']);
|
|
unset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']);
|
|
|
|
parent::setUp();
|
|
}
|
|
|
|
function tearDown() {
|
|
$_SERVER = $this->oldserver;
|
|
drupal_static_reset('ip_address');
|
|
parent::tearDown();
|
|
}
|
|
|
|
/**
|
|
* test IP Address and hostname
|
|
*/
|
|
function testIPAddressHost() {
|
|
// Test the normal IP address.
|
|
$this->assertTrue(
|
|
ip_address() == $this->remote_ip,
|
|
'Got remote IP address.'
|
|
);
|
|
|
|
// Proxy forwarding on but no proxy addresses defined.
|
|
variable_set('reverse_proxy', 1);
|
|
$this->assertTrue(
|
|
ip_address() == $this->remote_ip,
|
|
'Proxy forwarding without trusted proxies got remote IP address.'
|
|
);
|
|
|
|
// Proxy forwarding on and proxy address not trusted.
|
|
variable_set('reverse_proxy_addresses', array($this->proxy_ip, $this->proxy2_ip));
|
|
drupal_static_reset('ip_address');
|
|
$_SERVER['REMOTE_ADDR'] = $this->untrusted_ip;
|
|
$this->assertTrue(
|
|
ip_address() == $this->untrusted_ip,
|
|
'Proxy forwarding with untrusted proxy got remote IP address.'
|
|
);
|
|
|
|
// Proxy forwarding on and proxy address trusted.
|
|
$_SERVER['REMOTE_ADDR'] = $this->proxy_ip;
|
|
$_SERVER['HTTP_X_FORWARDED_FOR'] = $this->forwarded_ip;
|
|
drupal_static_reset('ip_address');
|
|
$this->assertTrue(
|
|
ip_address() == $this->forwarded_ip,
|
|
'Proxy forwarding with trusted proxy got forwarded IP address.'
|
|
);
|
|
|
|
// Proxy forwarding on and proxy address trusted and visiting from proxy.
|
|
$_SERVER['REMOTE_ADDR'] = $this->proxy_ip;
|
|
$_SERVER['HTTP_X_FORWARDED_FOR'] = $this->proxy_ip;
|
|
drupal_static_reset('ip_address');
|
|
$this->assertTrue(
|
|
ip_address() == $this->proxy_ip,
|
|
'Visiting from trusted proxy got proxy IP address.'
|
|
);
|
|
|
|
// Multi-tier architecture with comma separated values in header.
|
|
$_SERVER['REMOTE_ADDR'] = $this->proxy_ip;
|
|
$_SERVER['HTTP_X_FORWARDED_FOR'] = implode(', ', array($this->untrusted_ip, $this->forwarded_ip, $this->proxy2_ip));
|
|
drupal_static_reset('ip_address');
|
|
$this->assertTrue(
|
|
ip_address() == $this->forwarded_ip,
|
|
'Proxy forwarding with trusted 2-tier proxy got forwarded IP address.'
|
|
);
|
|
|
|
// Custom client-IP header.
|
|
variable_set('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP');
|
|
$_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = $this->cluster_ip;
|
|
drupal_static_reset('ip_address');
|
|
$this->assertTrue(
|
|
ip_address() == $this->cluster_ip,
|
|
'Cluster environment got cluster client IP.'
|
|
);
|
|
|
|
// Verifies that drupal_valid_http_host() prevents invalid characters.
|
|
$this->assertFalse(drupal_valid_http_host('security/.drupal.org:80'), 'HTTP_HOST with / is invalid');
|
|
$this->assertFalse(drupal_valid_http_host('security\\.drupal.org:80'), 'HTTP_HOST with \\ is invalid');
|
|
$this->assertFalse(drupal_valid_http_host('security<.drupal.org:80'), 'HTTP_HOST with < is invalid');
|
|
$this->assertFalse(drupal_valid_http_host('security..drupal.org:80'), 'HTTP_HOST with .. is invalid');
|
|
// Verifies that host names are shorter than 1000 characters.
|
|
$this->assertFalse(drupal_valid_http_host(str_repeat('x', 1001)), 'HTTP_HOST with more than 1000 characters is invalid.');
|
|
$this->assertFalse(drupal_valid_http_host(str_repeat('.', 101)), 'HTTP_HOST with more than 100 subdomains is invalid.');
|
|
$this->assertFalse(drupal_valid_http_host(str_repeat(':', 101)), 'HTTP_HOST with more than 100 portseparators is invalid.');
|
|
|
|
// IPv6 loopback address
|
|
$this->assertTrue(drupal_valid_http_host('[::1]:80'), 'HTTP_HOST containing IPv6 loopback is valid');
|
|
}
|
|
}
|
|
|
|
class BootstrapPageCacheTestCase extends DrupalWebTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Page cache test',
|
|
'description' => 'Enable the page cache and test it with various HTTP requests.',
|
|
'group' => 'Bootstrap'
|
|
);
|
|
}
|
|
|
|
function setUp() {
|
|
parent::setUp('system_test');
|
|
}
|
|
|
|
/**
|
|
* Test support for requests containing If-Modified-Since and If-None-Match headers.
|
|
*/
|
|
function testConditionalRequests() {
|
|
variable_set('cache', 1);
|
|
|
|
// Fill the cache.
|
|
$this->drupalGet('');
|
|
|
|
$this->drupalHead('');
|
|
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
|
|
$etag = $this->drupalGetHeader('ETag');
|
|
$last_modified = $this->drupalGetHeader('Last-Modified');
|
|
|
|
$this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified, 'If-None-Match: ' . $etag));
|
|
$this->assertResponse(304, 'Conditional request returned 304 Not Modified.');
|
|
|
|
$this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC822, strtotime($last_modified)), 'If-None-Match: ' . $etag));
|
|
$this->assertResponse(304, 'Conditional request with obsolete If-Modified-Since date returned 304 Not Modified.');
|
|
|
|
$this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC850, strtotime($last_modified)), 'If-None-Match: ' . $etag));
|
|
$this->assertResponse(304, 'Conditional request with obsolete If-Modified-Since date returned 304 Not Modified.');
|
|
|
|
$this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified));
|
|
$this->assertResponse(200, 'Conditional request without If-None-Match returned 200 OK.');
|
|
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
|
|
|
|
$this->drupalGet('', array(), array('If-Modified-Since: ' . gmdate(DATE_RFC7231, strtotime($last_modified) + 1), 'If-None-Match: ' . $etag));
|
|
$this->assertResponse(200, 'Conditional request with new a If-Modified-Since date newer than Last-Modified returned 200 OK.');
|
|
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
|
|
|
|
$user = $this->drupalCreateUser();
|
|
$this->drupalLogin($user);
|
|
$this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified, 'If-None-Match: ' . $etag));
|
|
$this->assertResponse(200, 'Conditional request returned 200 OK for authenticated user.');
|
|
$this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Absence of Page was not cached.');
|
|
$this->assertFalse($this->drupalGetHeader('ETag'), 'ETag HTTP headers are not present for logged in users.');
|
|
$this->assertFalse($this->drupalGetHeader('Last-Modified'), 'Last-Modified HTTP headers are not present for logged in users.');
|
|
}
|
|
|
|
/**
|
|
* Test cache headers.
|
|
*/
|
|
function testPageCache() {
|
|
variable_set('cache', 1);
|
|
|
|
// Fill the cache.
|
|
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar')));
|
|
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'MISS', 'Page was not cached.');
|
|
$this->assertEqual($this->drupalGetHeader('Vary'), 'Cookie,Accept-Encoding', 'Vary header was sent.');
|
|
$this->assertEqual($this->drupalGetHeader('Cache-Control'), 'public, max-age=0', 'Cache-Control header was sent.');
|
|
$this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
|
|
$this->assertEqual($this->drupalGetHeader('Foo'), 'bar', 'Custom header was sent.');
|
|
|
|
// Check cache.
|
|
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar')));
|
|
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
|
|
$this->assertEqual($this->drupalGetHeader('Vary'), 'Cookie,Accept-Encoding', 'Vary: Cookie header was sent.');
|
|
$this->assertEqual($this->drupalGetHeader('Cache-Control'), 'public, max-age=0', 'Cache-Control header was sent.');
|
|
$this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
|
|
$this->assertEqual($this->drupalGetHeader('Foo'), 'bar', 'Custom header was sent.');
|
|
$this->assertEqual($this->drupalGetHeader('X-Content-Type-Options'), 'nosniff', 'X-Content-Type-Options header was sent.');
|
|
|
|
// Check replacing default headers.
|
|
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Expires', 'value' => 'Fri, 19 Nov 2008 05:00:00 GMT')));
|
|
$this->assertEqual($this->drupalGetHeader('Expires'), 'Fri, 19 Nov 2008 05:00:00 GMT', 'Default header was replaced.');
|
|
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Vary', 'value' => 'User-Agent')));
|
|
$this->assertEqual($this->drupalGetHeader('Vary'), 'User-Agent,Accept-Encoding', 'Default header was replaced.');
|
|
|
|
// Check that authenticated users bypass the cache.
|
|
$user = $this->drupalCreateUser();
|
|
$this->drupalLogin($user);
|
|
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar')));
|
|
$this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Caching was bypassed.');
|
|
$this->assertTrue(strpos($this->drupalGetHeader('Vary'), 'Cookie') === FALSE, 'Vary: Cookie header was not sent.');
|
|
$this->assertEqual($this->drupalGetHeader('Cache-Control'), 'no-cache, must-revalidate', 'Cache-Control header was sent.');
|
|
$this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
|
|
$this->assertEqual($this->drupalGetHeader('Foo'), 'bar', 'Custom header was sent.');
|
|
|
|
}
|
|
|
|
/**
|
|
* Test page compression.
|
|
*
|
|
* The test should pass even if zlib.output_compression is enabled in php.ini,
|
|
* .htaccess or similar, or if compression is done outside PHP, e.g. by the
|
|
* mod_deflate Apache module.
|
|
*/
|
|
function testPageCompression() {
|
|
variable_set('cache', 1);
|
|
|
|
// Fill the cache and verify that output is compressed.
|
|
$this->drupalGet('', array(), array('Accept-Encoding: gzip,deflate'));
|
|
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'MISS', 'Page was not cached.');
|
|
$this->drupalSetContent(gzinflate(substr($this->drupalGetContent(), 10, -8)));
|
|
$this->assertRaw('</html>', 'Page was gzip compressed.');
|
|
|
|
// Verify that cached output is compressed.
|
|
$this->drupalGet('', array(), array('Accept-Encoding: gzip,deflate'));
|
|
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
|
|
$this->assertEqual($this->drupalGetHeader('Content-Encoding'), 'gzip', 'A Content-Encoding header was sent.');
|
|
$this->drupalSetContent(gzinflate(substr($this->drupalGetContent(), 10, -8)));
|
|
$this->assertRaw('</html>', 'Page was gzip compressed.');
|
|
|
|
// Verify that a client without compression support gets an uncompressed page.
|
|
$this->drupalGet('');
|
|
$this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
|
|
$this->assertFalse($this->drupalGetHeader('Content-Encoding'), 'A Content-Encoding header was not sent.');
|
|
$this->assertTitle(t('Welcome to @site-name | @site-name', array('@site-name' => variable_get('site_name', 'Drupal'))), 'Site title matches.');
|
|
$this->assertRaw('</html>', 'Page was not compressed.');
|
|
|
|
// Verify that an empty page doesn't throw an error when being decompressed.
|
|
$this->drupalGet('system-test/empty-page');
|
|
|
|
// Disable compression mode.
|
|
variable_set('page_compression', FALSE);
|
|
|
|
// Verify if cached page is still available for a client with compression support.
|
|
$this->drupalGet('', array(), array('Accept-Encoding: gzip,deflate'));
|
|
$this->drupalSetContent(gzinflate(substr($this->drupalGetContent(), 10, -8)));
|
|
$this->assertRaw('</html>', 'Page was delivered after compression mode is changed (compression support enabled).');
|
|
|
|
// Verify if cached page is still available for a client without compression support.
|
|
$this->drupalGet('');
|
|
$this->assertRaw('</html>', 'Page was delivered after compression mode is changed (compression support disabled).');
|
|
}
|
|
|
|
/**
|
|
* Test page cache headers.
|
|
*/
|
|
function testPageCacheHeaders() {
|
|
variable_set('cache', 1);
|
|
// First request should store a response in the page cache.
|
|
$this->drupalGet('system-test/page-cache-headers');
|
|
|
|
// The test callback should remove the query string leaving the same path
|
|
// as the previous request, which we'll try to retrieve from cache_page.
|
|
$this->drupalGet('system-test/page-cache-headers', array('query' => array('return_headers' => 'TRUE')));
|
|
|
|
$headers = json_decode($this->drupalGetHeader('Page-Cache-Headers'), TRUE);
|
|
if (is_null($headers)) {
|
|
$this->fail('No headers were retrieved from the page cache.');
|
|
}
|
|
else {
|
|
$this->assertEqual($headers['X-Content-Type-Options'], 'nosniff', 'X-Content-Type-Options header retrieved from response in the page cache.');
|
|
}
|
|
}
|
|
}
|
|
|
|
class BootstrapVariableTestCase extends DrupalWebTestCase {
|
|
|
|
function setUp() {
|
|
parent::setUp('system_test');
|
|
}
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Variable test',
|
|
'description' => 'Make sure the variable system functions correctly.',
|
|
'group' => 'Bootstrap'
|
|
);
|
|
}
|
|
|
|
/**
|
|
* testVariable
|
|
*/
|
|
function testVariable() {
|
|
// Setting and retrieving values.
|
|
$variable = $this->randomName();
|
|
variable_set('simpletest_bootstrap_variable_test', $variable);
|
|
$this->assertIdentical($variable, variable_get('simpletest_bootstrap_variable_test'), 'Setting and retrieving values');
|
|
|
|
// Make sure the variable persists across multiple requests.
|
|
$this->drupalGet('system-test/variable-get');
|
|
$this->assertText($variable, 'Variable persists across multiple requests');
|
|
|
|
// Deleting variables.
|
|
$default_value = $this->randomName();
|
|
variable_del('simpletest_bootstrap_variable_test');
|
|
$variable = variable_get('simpletest_bootstrap_variable_test', $default_value);
|
|
$this->assertIdentical($variable, $default_value, 'Deleting variables');
|
|
}
|
|
|
|
/**
|
|
* Makes sure that the default variable parameter is passed through okay.
|
|
*/
|
|
function testVariableDefaults() {
|
|
// Tests passing nothing through to the default.
|
|
$this->assertIdentical(NULL, variable_get('simpletest_bootstrap_variable_test'), 'Variables are correctly defaulting to NULL.');
|
|
|
|
// Tests passing 5 to the default parameter.
|
|
$this->assertIdentical(5, variable_get('simpletest_bootstrap_variable_test', 5), 'The default variable parameter is passed through correctly.');
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* Tests the auto-loading behavior of the code registry.
|
|
*/
|
|
class BootstrapAutoloadTestCase extends DrupalWebTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Code registry',
|
|
'description' => 'Test that the code registry functions correctly.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
function setUp() {
|
|
parent::setUp('drupal_autoload_test');
|
|
}
|
|
|
|
/**
|
|
* Tests that autoloader name matching is not case sensitive.
|
|
*/
|
|
function testAutoloadCase() {
|
|
// Test interface autoloader.
|
|
$this->assertTrue(drupal_autoload_interface('drupalautoloadtestinterface'), 'drupal_autoload_interface() recognizes <em>DrupalAutoloadTestInterface</em> in lower case.');
|
|
// Test class autoloader.
|
|
$this->assertTrue(drupal_autoload_class('drupalautoloadtestclass'), 'drupal_autoload_class() recognizes <em>DrupalAutoloadTestClass</em> in lower case.');
|
|
// Test trait autoloader.
|
|
if (version_compare(PHP_VERSION, '5.4') >= 0) {
|
|
$this->assertTrue(drupal_autoload_trait('drupalautoloadtesttrait'), 'drupal_autoload_trait() recognizes <em>DrupalAutoloadTestTrait</em> in lower case.');
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* Test hook_boot() and hook_exit().
|
|
*/
|
|
class HookBootExitTestCase extends DrupalWebTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Boot and exit hook invocation',
|
|
'description' => 'Test that hook_boot() and hook_exit() are called correctly.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
function setUp() {
|
|
parent::setUp('system_test', 'dblog');
|
|
}
|
|
|
|
/**
|
|
* Test calling of hook_boot() and hook_exit().
|
|
*/
|
|
function testHookBootExit() {
|
|
// Test with cache disabled. Boot and exit should always fire.
|
|
variable_set('cache', 0);
|
|
$this->drupalGet('');
|
|
$calls = 1;
|
|
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot called with disabled cache.'));
|
|
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit called with disabled cache.'));
|
|
|
|
// Test with normal cache. Boot and exit should be called.
|
|
variable_set('cache', 1);
|
|
$this->drupalGet('');
|
|
$calls++;
|
|
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot called with normal cache.'));
|
|
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit called with normal cache.'));
|
|
|
|
// Boot and exit should not fire since the page is cached.
|
|
variable_set('page_cache_invoke_hooks', FALSE);
|
|
$this->assertTrue(cache_get(url('', array('absolute' => TRUE)), 'cache_page'), t('Page has been cached.'));
|
|
$this->drupalGet('');
|
|
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot not called with aggressive cache and a cached page.'));
|
|
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit not called with aggressive cache and a cached page.'));
|
|
|
|
// Test with page cache cleared, boot and exit should be called.
|
|
$this->assertTrue(db_delete('cache_page')->execute(), t('Page cache cleared.'));
|
|
$this->drupalGet('');
|
|
$calls++;
|
|
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_boot'))->fetchField(), $calls, t('hook_boot called with aggressive cache and no cached page.'));
|
|
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND message = :message', array(':type' => 'system_test', ':message' => 'hook_exit'))->fetchField(), $calls, t('hook_exit called with aggressive cache and no cached page.'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Test drupal_get_filename()'s availability.
|
|
*/
|
|
class BootstrapGetFilenameTestCase extends DrupalUnitTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Get filename test (without the system table)',
|
|
'description' => 'Test that drupal_get_filename() works correctly when the database is not available.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
/**
|
|
* The last file-related error message triggered by the filename test.
|
|
*
|
|
* Used by BootstrapGetFilenameTestCase::testDrupalGetFilename().
|
|
*/
|
|
protected $getFilenameTestTriggeredError;
|
|
|
|
/**
|
|
* Test that drupal_get_filename() works correctly when the file is not found in the database.
|
|
*/
|
|
function testDrupalGetFilename() {
|
|
// Reset the static cache so we can test the "db is not active" code of
|
|
// drupal_get_filename().
|
|
drupal_static_reset('drupal_get_filename');
|
|
|
|
// Retrieving the location of a module.
|
|
$this->assertIdentical(drupal_get_filename('module', 'php'), 'modules/php/php.module', t('Retrieve module location.'));
|
|
|
|
// Retrieving the location of a theme.
|
|
$this->assertIdentical(drupal_get_filename('theme', 'stark'), 'themes/stark/stark.info', t('Retrieve theme location.'));
|
|
|
|
// Retrieving the location of a theme engine.
|
|
$this->assertIdentical(drupal_get_filename('theme_engine', 'phptemplate'), 'themes/engines/phptemplate/phptemplate.engine', t('Retrieve theme engine location.'));
|
|
|
|
// Retrieving the location of a profile. Profiles are a special case with
|
|
// a fixed location and naming.
|
|
$this->assertIdentical(drupal_get_filename('profile', 'standard'), 'profiles/standard/standard.profile', t('Retrieve install profile location.'));
|
|
|
|
// When a file is not found in the database cache, drupal_get_filename()
|
|
// searches several locations on the filesystem, including the DRUPAL_ROOT
|
|
// directory. We use the '.script' extension below because this is a
|
|
// non-existent filetype that will definitely not exist in the database.
|
|
// Since there is already a scripts directory, drupal_get_filename() will
|
|
// automatically check there for 'script' files, just as it does for (e.g.)
|
|
// 'module' files in modules.
|
|
$this->assertIdentical(drupal_get_filename('script', 'test'), 'scripts/test.script', t('Retrieve test script location.'));
|
|
|
|
// When searching for a module that does not exist, drupal_get_filename()
|
|
// should return NULL and trigger an appropriate error message.
|
|
$this->getFilenameTestTriggeredError = NULL;
|
|
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
|
|
$non_existing_module = $this->randomName();
|
|
$this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that does not exist returns NULL.');
|
|
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) === 0, 'Searching for an item that does not exist triggers the correct error.');
|
|
restore_error_handler();
|
|
|
|
// Check that the result is stored in the file system scan cache.
|
|
$file_scans = _drupal_file_scan_cache();
|
|
$this->assertIdentical($file_scans['module'][$non_existing_module], FALSE, 'Searching for a module that does not exist creates a record in the missing and moved files static variable.');
|
|
|
|
// Performing the search again in the same request still should not find
|
|
// the file, but the error message should not be repeated (therefore we do
|
|
// not override the error handler here).
|
|
$this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that does not exist returns NULL during the second search.');
|
|
}
|
|
|
|
/**
|
|
* Skips handling of "file not found" errors.
|
|
*/
|
|
public function fileNotFoundErrorHandler($error_level, $message, $filename, $line) {
|
|
// Skip error handling if this is a "file not found" error.
|
|
if (strpos($message, 'is missing from the file system:') !== FALSE || strpos($message, 'has moved within the file system:') !== FALSE) {
|
|
$this->getFilenameTestTriggeredError = $message;
|
|
return;
|
|
}
|
|
_drupal_error_handler($error_level, $message, $filename, $line);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Test drupal_get_filename() in the context of a full Drupal installation.
|
|
*/
|
|
class BootstrapGetFilenameWebTestCase extends DrupalWebTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Get filename test (full installation)',
|
|
'description' => 'Test that drupal_get_filename() works correctly in the context of a full Drupal installation.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
function setUp() {
|
|
parent::setUp('system_test');
|
|
}
|
|
|
|
/**
|
|
* The last file-related error message triggered by the filename test.
|
|
*
|
|
* Used by BootstrapGetFilenameWebTestCase::testDrupalGetFilename().
|
|
*/
|
|
protected $getFilenameTestTriggeredError;
|
|
|
|
/**
|
|
* Test that drupal_get_filename() works correctly with a full Drupal site.
|
|
*/
|
|
function testDrupalGetFilename() {
|
|
// Search for a module that exists in the file system and the {system}
|
|
// table and make sure that it is found.
|
|
$this->assertIdentical(drupal_get_filename('module', 'node'), 'modules/node/node.module', 'Module found at expected location.');
|
|
|
|
// Search for a module that does not exist in either the file system or the
|
|
// {system} table. Make sure that an appropriate error is triggered and
|
|
// that the module winds up in the static and persistent cache.
|
|
$this->getFilenameTestTriggeredError = NULL;
|
|
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
|
|
$non_existing_module = $this->randomName();
|
|
$this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that does not exist returns NULL.');
|
|
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) === 0, 'Searching for a module that does not exist triggers the correct error.');
|
|
restore_error_handler();
|
|
$file_scans = _drupal_file_scan_cache();
|
|
$this->assertIdentical($file_scans['module'][$non_existing_module], FALSE, 'Searching for a module that does not exist creates a record in the missing and moved files static variable.');
|
|
drupal_file_scan_write_cache();
|
|
$cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap');
|
|
$this->assertIdentical($cache->data['module'][$non_existing_module], FALSE, 'Searching for a module that does not exist creates a record in the missing and moved files persistent cache.');
|
|
|
|
// Simulate moving a module to a location that does not match the location
|
|
// in the {system} table and perform similar tests as above.
|
|
db_update('system')
|
|
->fields(array('filename' => 'modules/simpletest/tests/fake_location/module_test.module'))
|
|
->condition('name', 'module_test')
|
|
->condition('type', 'module')
|
|
->execute();
|
|
$this->getFilenameTestTriggeredError = NULL;
|
|
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
|
|
$this->assertIdentical(drupal_get_filename('module', 'module_test'), 'modules/simpletest/tests/module_test.module', 'Searching for a module that has moved finds the module at its new location.');
|
|
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module has moved within the file system: %name', array('%name' => 'module_test'))) === 0, 'Searching for a module that has moved triggers the correct error.');
|
|
restore_error_handler();
|
|
$file_scans = _drupal_file_scan_cache();
|
|
$this->assertIdentical($file_scans['module']['module_test'], 'modules/simpletest/tests/module_test.module', 'Searching for a module that has moved creates a record in the missing and moved files static variable.');
|
|
drupal_file_scan_write_cache();
|
|
$cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap');
|
|
$this->assertIdentical($cache->data['module']['module_test'], 'modules/simpletest/tests/module_test.module', 'Searching for a module that has moved creates a record in the missing and moved files persistent cache.');
|
|
|
|
// Simulate a module that exists in the {system} table but does not exist
|
|
// in the file system and perform similar tests as above.
|
|
$non_existing_module = $this->randomName();
|
|
db_update('system')
|
|
->fields(array('name' => $non_existing_module))
|
|
->condition('name', 'module_test')
|
|
->condition('type', 'module')
|
|
->execute();
|
|
$this->getFilenameTestTriggeredError = NULL;
|
|
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
|
|
$this->assertNull(drupal_get_filename('module', $non_existing_module), 'Searching for a module that exists in the system table but not in the file system returns NULL.');
|
|
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) === 0, 'Searching for a module that exists in the system table but not in the file system triggers the correct error.');
|
|
restore_error_handler();
|
|
$file_scans = _drupal_file_scan_cache();
|
|
$this->assertIdentical($file_scans['module'][$non_existing_module], FALSE, 'Searching for a module that exists in the system table but not in the file system creates a record in the missing and moved files static variable.');
|
|
drupal_file_scan_write_cache();
|
|
$cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap');
|
|
$this->assertIdentical($cache->data['module'][$non_existing_module], FALSE, 'Searching for a module that exists in the system table but not in the file system creates a record in the missing and moved files persistent cache.');
|
|
|
|
// Simulate a module that exists in the file system but not in the {system}
|
|
// table and perform similar tests as above.
|
|
db_delete('system')
|
|
->condition('name', 'common_test')
|
|
->condition('type', 'module')
|
|
->execute();
|
|
system_list_reset();
|
|
$this->getFilenameTestTriggeredError = NULL;
|
|
set_error_handler(array($this, 'fileNotFoundErrorHandler'));
|
|
$this->assertIdentical(drupal_get_filename('module', 'common_test'), 'modules/simpletest/tests/common_test.module', 'Searching for a module that does not exist in the system table finds the module at its actual location.');
|
|
$this->assertTrue(strpos($this->getFilenameTestTriggeredError, format_string('The following module has moved within the file system: %name', array('%name' => 'common_test'))) === 0, 'Searching for a module that does not exist in the system table triggers the correct error.');
|
|
restore_error_handler();
|
|
$file_scans = _drupal_file_scan_cache();
|
|
$this->assertIdentical($file_scans['module']['common_test'], 'modules/simpletest/tests/common_test.module', 'Searching for a module that does not exist in the system table creates a record in the missing and moved files static variable.');
|
|
drupal_file_scan_write_cache();
|
|
$cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap');
|
|
$this->assertIdentical($cache->data['module']['common_test'], 'modules/simpletest/tests/common_test.module', 'Searching for a module that does not exist in the system table creates a record in the missing and moved files persistent cache.');
|
|
}
|
|
|
|
/**
|
|
* Skips handling of "file not found" errors.
|
|
*/
|
|
public function fileNotFoundErrorHandler($error_level, $message, $filename, $line) {
|
|
// Skip error handling if this is a "file not found" error.
|
|
if (strpos($message, 'is missing from the file system:') !== FALSE || strpos($message, 'has moved within the file system:') !== FALSE) {
|
|
$this->getFilenameTestTriggeredError = $message;
|
|
return;
|
|
}
|
|
_drupal_error_handler($error_level, $message, $filename, $line);
|
|
}
|
|
|
|
/**
|
|
* Test that watchdog messages about missing files are correctly recorded.
|
|
*/
|
|
public function testWatchdog() {
|
|
// Search for a module that does not exist in either the file system or the
|
|
// {system} table. Make sure that an appropriate warning is recorded in the
|
|
// logs.
|
|
$non_existing_module = $this->randomName();
|
|
$query_parameters = array(
|
|
':type' => 'php',
|
|
':severity' => WATCHDOG_WARNING,
|
|
);
|
|
$this->assertEqual(db_query('SELECT COUNT(*) FROM {watchdog} WHERE type = :type AND severity = :severity', $query_parameters)->fetchField(), 0, 'No warning message appears in the logs before searching for a module that does not exist.');
|
|
// Trigger the drupal_get_filename() call. This must be done via a request
|
|
// to a separate URL since the watchdog() will happen in a shutdown
|
|
// function, and so that SimpleTest can be told to ignore (and not fail as
|
|
// a result of) the expected PHP warnings generated during this process.
|
|
variable_set('system_test_drupal_get_filename_test_module_name', $non_existing_module);
|
|
$this->drupalGet('system-test/drupal-get-filename');
|
|
$message_variables = db_query('SELECT variables FROM {watchdog} WHERE type = :type AND severity = :severity', $query_parameters)->fetchCol();
|
|
$this->assertEqual(count($message_variables), 1, 'A single warning message appears in the logs after searching for a module that does not exist.');
|
|
$variables = reset($message_variables);
|
|
$variables = unserialize($variables);
|
|
$this->assertTrue(isset($variables['!message']) && strpos($variables['!message'], format_string('The following module is missing from the file system: %name', array('%name' => $non_existing_module))) !== FALSE, 'The warning message that appears in the logs after searching for a module that does not exist contains the expected text.');
|
|
}
|
|
|
|
/**
|
|
* Test that drupal_get_filename() does not break recursive rebuilds.
|
|
*/
|
|
public function testRecursiveRebuilds() {
|
|
// Ensure that the drupal_get_filename() call due to a missing module does
|
|
// not break the data returned by an attempted recursive rebuild. The code
|
|
// path which is tested is as follows:
|
|
// - Call drupal_get_schema().
|
|
// - Within a hook_schema() implementation, trigger a drupal_get_filename()
|
|
// search for a nonexistent module.
|
|
// - In the watchdog() call that results from that, trigger
|
|
// drupal_get_schema() again.
|
|
// Without some kind of recursion protection, this could cause the second
|
|
// drupal_get_schema() call to return incomplete results. This test ensures
|
|
// that does not happen.
|
|
$non_existing_module = $this->randomName();
|
|
variable_set('system_test_drupal_get_filename_test_module_name', $non_existing_module);
|
|
$this->drupalGet('system-test/drupal-get-filename-with-schema-rebuild');
|
|
$original_drupal_get_schema_tables = variable_get('system_test_drupal_get_filename_with_schema_rebuild_original_tables');
|
|
$final_drupal_get_schema_tables = variable_get('system_test_drupal_get_filename_with_schema_rebuild_final_tables');
|
|
$this->assertTrue(!empty($original_drupal_get_schema_tables));
|
|
$this->assertTrue(!empty($final_drupal_get_schema_tables));
|
|
$this->assertEqual($original_drupal_get_schema_tables, $final_drupal_get_schema_tables);
|
|
}
|
|
}
|
|
|
|
class BootstrapTimerTestCase extends DrupalUnitTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Timer test',
|
|
'description' => 'Test that timer_read() works both when a timer is running and when a timer is stopped.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Test timer_read() to ensure it properly accumulates time when the timer
|
|
* started and stopped multiple times.
|
|
* @return
|
|
*/
|
|
function testTimer() {
|
|
timer_start('test');
|
|
sleep(1);
|
|
$this->assertTrue(timer_read('test') >= 1000, 'Timer measured 1 second of sleeping while running.');
|
|
sleep(1);
|
|
timer_stop('test');
|
|
$this->assertTrue(timer_read('test') >= 2000, 'Timer measured 2 seconds of sleeping after being stopped.');
|
|
timer_start('test');
|
|
sleep(1);
|
|
$this->assertTrue(timer_read('test') >= 3000, 'Timer measured 3 seconds of sleeping after being restarted.');
|
|
sleep(1);
|
|
$timer = timer_stop('test');
|
|
$this->assertTrue(timer_read('test') >= 4000, 'Timer measured 4 seconds of sleeping after being stopped for a second time.');
|
|
$this->assertEqual($timer['count'], 2, 'Timer counted 2 instances of being started.');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Test that resetting static variables works.
|
|
*/
|
|
class BootstrapResettableStaticTestCase extends DrupalUnitTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Resettable static variables test',
|
|
'description' => 'Test that drupal_static() and drupal_static_reset() work.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Test that a variable reference returned by drupal_static() gets reset when
|
|
* drupal_static_reset() is called.
|
|
*/
|
|
function testDrupalStatic() {
|
|
$name = __CLASS__ . '_' . __METHOD__;
|
|
$var = &drupal_static($name, 'foo');
|
|
$this->assertEqual($var, 'foo', 'Variable returned by drupal_static() was set to its default.');
|
|
|
|
// Call the specific reset and the global reset each twice to ensure that
|
|
// multiple resets can be issued without odd side effects.
|
|
$var = 'bar';
|
|
drupal_static_reset($name);
|
|
$this->assertEqual($var, 'foo', 'Variable was reset after first invocation of name-specific reset.');
|
|
$var = 'bar';
|
|
drupal_static_reset($name);
|
|
$this->assertEqual($var, 'foo', 'Variable was reset after second invocation of name-specific reset.');
|
|
$var = 'bar';
|
|
drupal_static_reset();
|
|
$this->assertEqual($var, 'foo', 'Variable was reset after first invocation of global reset.');
|
|
$var = 'bar';
|
|
drupal_static_reset();
|
|
$this->assertEqual($var, 'foo', 'Variable was reset after second invocation of global reset.');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Test miscellaneous functions in bootstrap.inc.
|
|
*/
|
|
class BootstrapMiscTestCase extends DrupalUnitTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Miscellaneous bootstrap unit tests',
|
|
'description' => 'Test miscellaneous functions in bootstrap.inc.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Test miscellaneous functions in bootstrap.inc.
|
|
*/
|
|
function testMisc() {
|
|
// Test drupal_array_merge_deep().
|
|
$link_options_1 = array('fragment' => 'x', 'attributes' => array('title' => 'X', 'class' => array('a', 'b')), 'language' => 'en');
|
|
$link_options_2 = array('fragment' => 'y', 'attributes' => array('title' => 'Y', 'class' => array('c', 'd')), 'html' => TRUE);
|
|
$expected = array('fragment' => 'y', 'attributes' => array('title' => 'Y', 'class' => array('a', 'b', 'c', 'd')), 'language' => 'en', 'html' => TRUE);
|
|
$this->assertIdentical(drupal_array_merge_deep($link_options_1, $link_options_2), $expected, 'drupal_array_merge_deep() returned a properly merged array.');
|
|
}
|
|
|
|
/**
|
|
* Tests that the drupal_check_memory_limit() function works as expected.
|
|
*/
|
|
function testCheckMemoryLimit() {
|
|
// Test that a very reasonable amount of memory is available.
|
|
$this->assertTrue(drupal_check_memory_limit('30MB'), '30MB of memory tested available.');
|
|
|
|
// Test an unlimited memory limit.
|
|
// The function should always return true if the memory limit is set to -1.
|
|
$this->assertTrue(drupal_check_memory_limit('9999999999YB', -1), 'drupal_check_memory_limit() returns TRUE when a limit of -1 (none) is supplied');
|
|
|
|
// Test that even though we have 30MB of memory available - the function
|
|
// returns FALSE when given an upper limit for how much memory can be used.
|
|
$this->assertFalse(drupal_check_memory_limit('30MB', '16MB'), 'drupal_check_memory_limit() returns FALSE with a 16MB upper limit on a 30MB requirement.');
|
|
|
|
// Test that an equal amount of memory to the amount requested returns TRUE.
|
|
$this->assertTrue(drupal_check_memory_limit('30MB', '30MB'), 'drupal_check_memory_limit() returns TRUE when requesting 30MB on a 30MB requirement.');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Tests for overriding server variables via the API.
|
|
*/
|
|
class BootstrapOverrideServerVariablesTestCase extends DrupalUnitTestCase {
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'Overriding server variables',
|
|
'description' => 'Test that drupal_override_server_variables() works correctly.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Test providing a direct URL to to drupal_override_server_variables().
|
|
*/
|
|
function testDrupalOverrideServerVariablesProvidedURL() {
|
|
$tests = array(
|
|
'http://example.com' => array(
|
|
'HTTP_HOST' => 'example.com',
|
|
'SCRIPT_NAME' => isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : NULL,
|
|
),
|
|
'http://example.com/index.php' => array(
|
|
'HTTP_HOST' => 'example.com',
|
|
'SCRIPT_NAME' => '/index.php',
|
|
),
|
|
'http://example.com/subdirectory/index.php' => array(
|
|
'HTTP_HOST' => 'example.com',
|
|
'SCRIPT_NAME' => '/subdirectory/index.php',
|
|
),
|
|
);
|
|
foreach ($tests as $url => $expected_server_values) {
|
|
// Remember the original value of $_SERVER, since the function call below
|
|
// will modify it.
|
|
$original_server = $_SERVER;
|
|
// Call drupal_override_server_variables() and ensure that all expected
|
|
// $_SERVER variables were modified correctly.
|
|
drupal_override_server_variables(array('url' => $url));
|
|
foreach ($expected_server_values as $key => $value) {
|
|
$this->assertIdentical($_SERVER[$key], $value);
|
|
}
|
|
// Restore the original value of $_SERVER.
|
|
$_SERVER = $original_server;
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Tests for $_GET['destination'] and $_REQUEST['destination'] validation.
|
|
*/
|
|
class BootstrapDestinationTestCase extends DrupalWebTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'URL destination validation',
|
|
'description' => 'Test that $_GET[\'destination\'] and $_REQUEST[\'destination\'] cannot contain external URLs.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
function setUp() {
|
|
parent::setUp('system_test');
|
|
}
|
|
|
|
/**
|
|
* Tests that $_GET/$_REQUEST['destination'] only contain internal URLs.
|
|
*
|
|
* @see _drupal_bootstrap_variables()
|
|
* @see system_test_get_destination()
|
|
* @see system_test_request_destination()
|
|
*/
|
|
public function testDestination() {
|
|
$test_cases = array(
|
|
array(
|
|
'input' => 'node',
|
|
'output' => 'node',
|
|
'message' => "Standard internal example node path is present in the 'destination' parameter.",
|
|
),
|
|
array(
|
|
'input' => '/example.com',
|
|
'output' => '/example.com',
|
|
'message' => 'Internal path with one leading slash is allowed.',
|
|
),
|
|
array(
|
|
'input' => '//example.com/test',
|
|
'output' => '',
|
|
'message' => 'External URL without scheme is not allowed.',
|
|
),
|
|
array(
|
|
'input' => 'example:test',
|
|
'output' => 'example:test',
|
|
'message' => 'Internal URL using a colon is allowed.',
|
|
),
|
|
array(
|
|
'input' => 'http://example.com',
|
|
'output' => '',
|
|
'message' => 'External URL is not allowed.',
|
|
),
|
|
array(
|
|
'input' => 'javascript:alert(0)',
|
|
'output' => 'javascript:alert(0)',
|
|
'message' => 'Javascript URL is allowed because it is treated as an internal URL.',
|
|
),
|
|
);
|
|
foreach ($test_cases as $test_case) {
|
|
// Test $_GET['destination'].
|
|
$this->drupalGet('system-test/get-destination', array('query' => array('destination' => $test_case['input'])));
|
|
$this->assertIdentical($test_case['output'], $this->drupalGetContent(), $test_case['message']);
|
|
// Test $_REQUEST['destination']. There's no form to submit to, so
|
|
// drupalPost() won't work here; this just tests a direct $_POST request
|
|
// instead.
|
|
$curl_parameters = array(
|
|
CURLOPT_URL => $this->getAbsoluteUrl('system-test/request-destination'),
|
|
CURLOPT_POST => TRUE,
|
|
CURLOPT_POSTFIELDS => 'destination=' . urlencode($test_case['input']),
|
|
CURLOPT_HTTPHEADER => array(),
|
|
);
|
|
$post_output = $this->curlExec($curl_parameters);
|
|
$this->assertIdentical($test_case['output'], $post_output, $test_case['message']);
|
|
}
|
|
|
|
// Make sure that 404 pages do not populate $_GET['destination'] with
|
|
// external URLs.
|
|
variable_set('site_404', 'system-test/get-destination');
|
|
$this->drupalGet('http://example.com', array('external' => FALSE));
|
|
$this->assertIdentical('', $this->drupalGetContent(), 'External URL is not allowed on 404 pages.');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Tests DrupalCacheArray functionality.
|
|
*/
|
|
class BootstrapDrupalCacheArrayTestCase extends DrupalWebTestCase {
|
|
|
|
public static function getInfo() {
|
|
return array(
|
|
'name' => 'DrupalCacheArray tests',
|
|
'description' => 'Test DrupalCacheArray functionality.',
|
|
'group' => 'Bootstrap',
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Simulate unsafe deserialization of payload prepared by the phpggc project.
|
|
*
|
|
* @see https://github.com/ambionics/phpggc/pull/28
|
|
*/
|
|
public function testGadgetChainDrupal7RCE1() {
|
|
// phpggc -s Drupal7/RCE1 phpinfo 2
|
|
$payload = 'O:11:"SchemaCache":4:{s:6:"%00*%00cid"%3Bs:14:"form_DrupalRCE"%3Bs:6:"%00*%00bin"%3Bs:10:"cache_form"%3Bs:16:"%00*%00keysToPersist"%3Ba:3:{s:8:"#form_id"%3Bb:1%3Bs:8:"#process"%3Bb:1%3Bs:9:"#attached"%3Bb:1%3B}s:10:"%00*%00storage"%3Ba:3:{s:8:"#form_id"%3Bs:9:"DrupalRCE"%3Bs:8:"#process"%3Ba:1:{i:0%3Bs:23:"drupal_process_attached"%3B}s:9:"#attached"%3Ba:1:{s:7:"phpinfo"%3Ba:1:{i:0%3Ba:1:{i:0%3Bs:1:"2"%3B}}}}}';
|
|
$object = unserialize(urldecode($payload));
|
|
|
|
// The object then needs to be destructed.
|
|
unset($object);
|
|
|
|
// If the exploit was successful, there should now be a row in cache_form.
|
|
$payload2 = db_query_range('SELECT data FROM {cache_form} WHERE cid LIKE :cid', 0, 1, array(':cid' => 'form_DrupalRCE'))->fetchField();
|
|
$this->assertFalse(is_string($payload2) && (strpos($payload2, 'phpinfo') !== FALSE), 'Second stage payload was not written to cache_form.');
|
|
|
|
// The final exploit is executed via the ajax system, but is not a
|
|
// sufficiently valid ajax form submission to use drupalPost for testing.
|
|
$headers = array(
|
|
'Content-Type: application/x-www-form-urlencoded',
|
|
);
|
|
$curl_options = array(
|
|
CURLOPT_URL => url('system/ajax', array('absolute' => TRUE)),
|
|
CURLOPT_POST => TRUE,
|
|
CURLOPT_POSTFIELDS => 'form_build_id=DrupalRCE',
|
|
CURLOPT_HTTPHEADER => $headers,
|
|
);
|
|
// The second stage payload causes several PHP warnings / notices if it is
|
|
// there in cache_form.
|
|
$content = $this->curlExec($curl_options);
|
|
$this->assertFalse((strpos($content, 'Rasmus Lerdorf') !== FALSE), 'Remote Code Execution was not successful.');
|
|
|
|
// Now opt-out of the cache_form protection.
|
|
variable_set('drupal_cache_array_persist_cache_form', TRUE);
|
|
$object = unserialize(urldecode($payload));
|
|
|
|
// The object then needs to be destructed.
|
|
unset($object);
|
|
|
|
// If the exploit was successful, there should now be a row in cache_form.
|
|
$payload2 = db_query_range('SELECT data FROM {cache_form} WHERE cid LIKE :cid', 0, 1, array(':cid' => 'form_DrupalRCE'))->fetchField();
|
|
$this->assertTrue(is_string($payload2) && (strpos($payload2, 'phpinfo') !== FALSE), 'DrupalCacheArray persisted data to cache_form.');
|
|
}
|
|
}
|