function drupal_valid_test_ua in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/includes/bootstrap.inc \drupal_valid_test_ua()
Returns the test prefix if this is an internal request from SimpleTest.
Parameters
string $new_prefix: Internal use only. A new prefix to be stored.
Return value
string|FALSE Either the simpletest prefix (the string "simpletest" followed by any number of digits) or FALSE if the user agent does not contain a valid HMAC and timestamp.
16 calls to drupal_valid_test_ua()
- BrowserTestBase::prepareEnvironment in core/
modules/ simpletest/ src/ BrowserTestBase.php - Prepares the current environment for running the test.
- CoreServiceProvider::registerTest in core/
lib/ Drupal/ Core/ CoreServiceProvider.php - Registers services and event subscribers for a site under test.
- DrupalKernel::bootEnvironment in core/
lib/ Drupal/ Core/ DrupalKernel.php - Setup a consistent PHP environment.
- DrupalKernel::findSitePath in core/
lib/ Drupal/ Core/ DrupalKernel.php - Returns the appropriate site directory for a request.
- drupal_generate_test_ua in core/
includes/ bootstrap.inc - Generates a user agent string with a HMAC and timestamp for simpletest.
1 string reference to 'drupal_valid_test_ua'
- DrupalKernelTest.php in core/
tests/ Drupal/ Tests/ Core/ DrupalKernel/ DrupalKernelTest.php - Contains \Drupal\Tests\Core\DrupalKernel\DrupalKernelTest.
File
- core/
includes/ bootstrap.inc, line 603 - Functions that need to be loaded on every Drupal request.
Code
function drupal_valid_test_ua($new_prefix = NULL) {
static $test_prefix;
if (isset($new_prefix)) {
$test_prefix = $new_prefix;
}
if (isset($test_prefix)) {
return $test_prefix;
}
// Unless the below User-Agent and HMAC validation succeeds, we are not in
// a test environment.
$test_prefix = FALSE;
// A valid Simpletest request will contain a hashed and salted authentication
// code. Check if this code is present in a cookie or custom user agent
// string.
$http_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : NULL;
$user_agent = isset($_COOKIE['SIMPLETEST_USER_AGENT']) ? $_COOKIE['SIMPLETEST_USER_AGENT'] : $http_user_agent;
if (isset($user_agent) && preg_match("/^(simpletest\\d+);(.+);(.+);(.+)\$/", $user_agent, $matches)) {
list(, $prefix, $time, $salt, $hmac) = $matches;
$check_string = $prefix . ';' . $time . ';' . $salt;
// Read the hash salt prepared by drupal_generate_test_ua().
// This function is called before settings.php is read and Drupal's error
// handlers are set up. While Drupal's error handling may be properly
// configured on production sites, the server's PHP error_reporting may not.
// Ensure that no information leaks on production sites.
$key_file = DRUPAL_ROOT . '/sites/simpletest/' . substr($prefix, 10) . '/.htkey';
if (!is_readable($key_file)) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
exit;
}
$private_key = file_get_contents($key_file);
// The file properties add more entropy not easily accessible to others.
$key = $private_key . filectime(__FILE__) . fileinode(__FILE__);
$time_diff = REQUEST_TIME - $time;
$test_hmac = Crypt::hmacBase64($check_string, $key);
// Since we are making a local request a 5 second time window is allowed,
// and the HMAC must match.
if ($time_diff >= 0 && $time_diff <= 5 && $hmac === $test_hmac) {
$test_prefix = $prefix;
}
}
return $test_prefix;
}