public function RequestSanitizerTest::testRequestSanitization in Drupal 10
Same name and namespace in other branches
- 8 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testRequestSanitization()
- 9 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testRequestSanitization()
Tests RequestSanitizer class.
@dataProvider providerTestRequestSanitization
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request to sanitize.
array $expected: An array of expected request parameters after sanitization. The possible keys are 'cookies', 'query', 'request' which correspond to the parameter bags names on the request object. These values are also used to test the PHP globals post sanitization.
array|null $expected_errors: An array of expected errors. If set to NULL then error logging is disabled.
array $whitelist: An array of keys to whitelist and not sanitize.
File
- core/
tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php, line 53
Class
- RequestSanitizerTest
- Tests RequestSanitizer class.
Namespace
Drupal\Tests\Core\SecurityCode
public function testRequestSanitization(Request $request, array $expected = [], array $expected_errors = NULL, array $whitelist = []) {
// Set up globals.
$_GET = $request->query
->all();
$_POST = $request->request
->all();
$_COOKIE = $request->cookies
->all();
$_REQUEST = array_merge($request->query
->all(), $request->request
->all());
$request->server
->set('QUERY_STRING', http_build_query($request->query
->all()));
$_SERVER['QUERY_STRING'] = $request->server
->get('QUERY_STRING');
$request = RequestSanitizer::sanitize($request, $whitelist, is_null($expected_errors) ? FALSE : TRUE);
// Normalize the expected data.
$expected += [
'cookies' => [],
'query' => [],
'request' => [],
];
$expected_query_string = http_build_query($expected['query']);
// Test the request.
$this
->assertEquals($expected['cookies'], $request->cookies
->all());
$this
->assertEquals($expected['query'], $request->query
->all());
$this
->assertEquals($expected['request'], $request->request
->all());
$this
->assertTrue($request->attributes
->get(RequestSanitizer::SANITIZED));
// The request object normalizes the request query string.
$this
->assertEquals(Request::normalizeQueryString($expected_query_string), $request
->getQueryString());
// Test PHP globals.
$this
->assertEquals($expected['cookies'], $_COOKIE);
$this
->assertEquals($expected['query'], $_GET);
$this
->assertEquals($expected['request'], $_POST);
$expected_request = array_merge($expected['query'], $expected['request']);
$this
->assertEquals($expected_request, $_REQUEST);
$this
->assertEquals($expected_query_string, $_SERVER['QUERY_STRING']);
// Ensure any expected errors have been triggered.
if (!empty($expected_errors)) {
foreach ($expected_errors as $expected_error) {
$this
->assertError($expected_error, E_USER_NOTICE);
}
}
else {
$this
->assertEquals([], $this->errors);
}
}