function SecurepagesTest::_testOpenRedirect in Secure Pages 8

Verifies that securepages is not an open redirect.

File

src/Tests/SecurepagesTest.php, line 268

Contains \Drupal\securepages\Tests\SecurepagesTest.

Class

SecurepagesTest

Test Secure Pages redirects.

Namespace

Drupal\securepages\Tests

Code

function _testOpenRedirect() {

  // Short-circuit redirects within the simpletest browser.
  variable_set('simpletest_maximum_redirects', 0);
  variable_set('securepages_switch', TRUE);
  global $base_url, $base_path;
  $secure_base_url = str_replace('http', 'https', $base_url);
  $this
    ->drupalGet($secure_base_url . $base_path . '?q=http://example.com/', array(
    'external' => TRUE,
  ));
  $this
    ->assertResponse(302);
  $this
    ->assertTrue(strstr($this
    ->drupalGetHeader('Location'), $base_url), t('Open redirect test passed.'));
  $this
    ->drupalGet($secure_base_url . $base_path . '?q=' . urlencode('http://example.com/'), array(
    'external' => TRUE,
  ));
  $this
    ->assertResponse(302);
  $this
    ->assertTrue(strstr($this
    ->drupalGetHeader('Location'), $base_url), t('Open redirect test passed.'));

  // Clean up
  variable_del('simpletest_maximum_redirects');
  variable_del('securepages_switch');
}