public function RequestSanitizerTest::testSanitizedDestinationGet in Drupal 9
Same name and namespace in other branches
- 8 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationGet()
Tests unacceptable destinations are removed from GET requests.
@dataProvider providerTestSanitizedDestinations
Parameters
string $destination: The destination string to test.
File
- core/
tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php, line 230
Class
- RequestSanitizerTest
- Tests RequestSanitizer class.
Namespace
Drupal\Tests\Core\SecurityCode
public function testSanitizedDestinationGet($destination) {
// Set up a GET request.
$request = $this
->createRequestForTesting([
'destination' => $destination,
]);
$request = RequestSanitizer::sanitize($request, [], TRUE);
$this
->assertNull($request->request
->get('destination', NULL));
$this
->assertNull($request->query
->get('destination', NULL));
$this
->assertArrayNotHasKey('destination', $_POST);
$this
->assertArrayNotHasKey('destination', $_REQUEST);
$this
->assertArrayNotHasKey('destination', $_GET);
$this
->assertError('Potentially unsafe destination removed from query parameter bag because it points to an external URL.', E_USER_NOTICE);
}