function RequestSanitizerTest::providerTestRequestSanitization
Same name and namespace in other branches
- 8.9.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestRequestSanitization()
- 10 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestRequestSanitization()
- 11.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestRequestSanitization()
Data provider for testRequestSanitization.
Return value
array
File
-
core/
tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php, line 100
Class
- RequestSanitizerTest
- Tests RequestSanitizer class.
Namespace
Drupal\Tests\Core\SecurityCode
public function providerTestRequestSanitization() {
$tests = [];
$request = new Request([
'q' => 'index.php',
]);
$tests['no sanitization GET'] = [
$request,
[
'query' => [
'q' => 'index.php',
],
],
];
$request = new Request([], [
'field' => 'value',
]);
$tests['no sanitization POST'] = [
$request,
[
'request' => [
'field' => 'value',
],
],
];
$request = new Request([], [], [], [
'key' => 'value',
]);
$tests['no sanitization COOKIE'] = [
$request,
[
'cookies' => [
'key' => 'value',
],
],
];
$request = new Request([
'q' => 'index.php',
], [
'field' => 'value',
], [], [
'key' => 'value',
]);
$tests['no sanitization GET, POST, COOKIE'] = [
$request,
[
'query' => [
'q' => 'index.php',
],
'request' => [
'field' => 'value',
],
'cookies' => [
'key' => 'value',
],
],
];
$request = new Request([
'q' => 'index.php',
]);
$tests['no sanitization GET log'] = [
$request,
[
'query' => [
'q' => 'index.php',
],
],
[],
];
$request = new Request([], [
'field' => 'value',
]);
$tests['no sanitization POST log'] = [
$request,
[
'request' => [
'field' => 'value',
],
],
[],
];
$request = new Request([], [], [], [
'key' => 'value',
]);
$tests['no sanitization COOKIE log'] = [
$request,
[
'cookies' => [
'key' => 'value',
],
],
[],
];
$request = new Request([
'#q' => 'index.php',
]);
$tests['sanitization GET'] = [
$request,
];
$request = new Request([], [
'#field' => 'value',
]);
$tests['sanitization POST'] = [
$request,
];
$request = new Request([], [], [], [
'#key' => 'value',
]);
$tests['sanitization COOKIE'] = [
$request,
];
$request = new Request([
'#q' => 'index.php',
], [
'#field' => 'value',
], [], [
'#key' => 'value',
]);
$tests['sanitization GET, POST, COOKIE'] = [
$request,
];
$request = new Request([
'#q' => 'index.php',
]);
$tests['sanitization GET log'] = [
$request,
[],
[
'Potentially unsafe keys removed from query string parameters (GET): #q',
],
];
$request = new Request([], [
'#field' => 'value',
]);
$tests['sanitization POST log'] = [
$request,
[],
[
'Potentially unsafe keys removed from request body parameters (POST): #field',
],
];
$request = new Request([], [], [], [
'#key' => 'value',
]);
$tests['sanitization COOKIE log'] = [
$request,
[],
[
'Potentially unsafe keys removed from cookie parameters: #key',
],
];
$request = new Request([
'#q' => 'index.php',
], [
'#field' => 'value',
], [], [
'#key' => 'value',
]);
$tests['sanitization GET, POST, COOKIE log'] = [
$request,
[],
[
'Potentially unsafe keys removed from query string parameters (GET): #q',
'Potentially unsafe keys removed from request body parameters (POST): #field',
'Potentially unsafe keys removed from cookie parameters: #key',
],
];
$request = new Request([
'q' => 'index.php',
'foo' => [
'#bar' => 'foo',
],
]);
$tests['recursive sanitization log'] = [
$request,
[
'query' => [
'q' => 'index.php',
'foo' => [],
],
],
[
'Potentially unsafe keys removed from query string parameters (GET): #bar',
],
];
$request = new Request([
'q' => 'index.php',
'foo' => [
'#bar' => 'foo',
],
]);
$tests['recursive no sanitization whitelist'] = [
$request,
[
'query' => [
'q' => 'index.php',
'foo' => [
'#bar' => 'foo',
],
],
],
[],
[
'#bar',
],
];
$request = new Request([], [
'#field' => 'value',
]);
$tests['no sanitization POST whitelist'] = [
$request,
[
'request' => [
'#field' => 'value',
],
],
[],
[
'#field',
],
];
$request = new Request([
'q' => 'index.php',
'foo' => [
'#bar' => 'foo',
'#foo' => 'bar',
],
]);
$tests['recursive multiple sanitization log'] = [
$request,
[
'query' => [
'q' => 'index.php',
'foo' => [],
],
],
[
'Potentially unsafe keys removed from query string parameters (GET): #bar, #foo',
],
];
$request = new Request([
'#q' => 'index.php',
]);
$request->attributes
->set(RequestSanitizer::SANITIZED, TRUE);
$tests['already sanitized request'] = [
$request,
[
'query' => [
'#q' => 'index.php',
],
],
];
$request = new Request([
'destination' => 'whatever?%23test=value',
]);
$tests['destination removal GET'] = [
$request,
];
$request = new Request([], [
'destination' => 'whatever?%23test=value',
]);
$tests['destination removal POST'] = [
$request,
];
$request = new Request([], [], [], [
'destination' => 'whatever?%23test=value',
]);
$tests['destination removal COOKIE'] = [
$request,
];
$request = new Request([
'destination' => 'whatever?%23test=value',
]);
$tests['destination removal GET log'] = [
$request,
[],
[
'Potentially unsafe destination removed from query parameter bag because it contained the following keys: #test',
],
];
$request = new Request([], [
'destination' => 'whatever?%23test=value',
]);
$tests['destination removal POST log'] = [
$request,
[],
[
'Potentially unsafe destination removed from request parameter bag because it contained the following keys: #test',
],
];
$request = new Request([], [], [], [
'destination' => 'whatever?%23test=value',
]);
$tests['destination removal COOKIE log'] = [
$request,
[],
[
'Potentially unsafe destination removed from cookies parameter bag because it contained the following keys: #test',
],
];
$request = new Request([
'destination' => 'whatever?q[%23test]=value',
]);
$tests['destination removal subkey'] = [
$request,
];
$request = new Request([
'destination' => 'whatever?q[%23test]=value',
]);
$tests['destination whitelist'] = [
$request,
[
'query' => [
'destination' => 'whatever?q[%23test]=value',
],
],
[],
[
'#test',
],
];
$request = new Request([
'destination' => "whatever?\x00bar=base&%23test=value",
]);
$tests['destination removal zero byte'] = [
$request,
];
$request = new Request([
'destination' => 'whatever?q=value',
]);
$tests['destination kept'] = [
$request,
[
'query' => [
'destination' => 'whatever?q=value',
],
],
];
$request = new Request([
'destination' => 'whatever',
]);
$tests['destination no query'] = [
$request,
[
'query' => [
'destination' => 'whatever',
],
],
];
return $tests;
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.