You are here

public function RequestSanitizerTest::testRequestSanitization in Drupal 9

Same name and namespace in other branches
  1. 8 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testRequestSanitization()

Tests RequestSanitizer class.

@dataProvider providerTestRequestSanitization

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request to sanitize.

array $expected: An array of expected request parameters after sanitization. The possible keys are 'cookies', 'query', 'request' which correspond to the parameter bags names on the request object. These values are also used to test the PHP globals post sanitization.

array|null $expected_errors: An array of expected errors. If set to NULL then error logging is disabled.

array $whitelist: An array of keys to whitelist and not sanitize.

File

core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php, line 53

Class

RequestSanitizerTest
Tests RequestSanitizer class.

Namespace

Drupal\Tests\Core\Security

Code

public function testRequestSanitization(Request $request, array $expected = [], array $expected_errors = NULL, array $whitelist = []) {

  // Set up globals.
  $_GET = $request->query
    ->all();
  $_POST = $request->request
    ->all();
  $_COOKIE = $request->cookies
    ->all();
  $_REQUEST = array_merge($request->query
    ->all(), $request->request
    ->all());
  $request->server
    ->set('QUERY_STRING', http_build_query($request->query
    ->all()));
  $_SERVER['QUERY_STRING'] = $request->server
    ->get('QUERY_STRING');
  $request = RequestSanitizer::sanitize($request, $whitelist, is_null($expected_errors) ? FALSE : TRUE);

  // Normalize the expected data.
  $expected += [
    'cookies' => [],
    'query' => [],
    'request' => [],
  ];
  $expected_query_string = http_build_query($expected['query']);

  // Test the request.
  $this
    ->assertEquals($expected['cookies'], $request->cookies
    ->all());
  $this
    ->assertEquals($expected['query'], $request->query
    ->all());
  $this
    ->assertEquals($expected['request'], $request->request
    ->all());
  $this
    ->assertTrue($request->attributes
    ->get(RequestSanitizer::SANITIZED));

  // The request object normalizes the request query string.
  $this
    ->assertEquals(Request::normalizeQueryString($expected_query_string), $request
    ->getQueryString());

  // Test PHP globals.
  $this
    ->assertEquals($expected['cookies'], $_COOKIE);
  $this
    ->assertEquals($expected['query'], $_GET);
  $this
    ->assertEquals($expected['request'], $_POST);
  $expected_request = array_merge($expected['query'], $expected['request']);
  $this
    ->assertEquals($expected_request, $_REQUEST);
  $this
    ->assertEquals($expected_query_string, $_SERVER['QUERY_STRING']);

  // Ensure any expected errors have been triggered.
  if (!empty($expected_errors)) {
    foreach ($expected_errors as $expected_error) {
      $this
        ->assertError($expected_error, E_USER_NOTICE);
    }
  }
  else {
    $this
      ->assertEquals([], $this->errors);
  }
}