function RequestSanitizerTest::testSanitizedDestinationGet

Same name and namespace in other branches
  1. 9 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationGet()
  2. 8.9.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationGet()
  3. 10 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationGet()

Tests unacceptable destinations are removed from GET requests.

@dataProvider providerTestSanitizedDestinations

Parameters

string $destination: The destination string to test.

File

core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php, line 240

Class

RequestSanitizerTest
Tests RequestSanitizer class.

Namespace

Drupal\Tests\Core\Security

Code

public function testSanitizedDestinationGet($destination) : void {
    // Set up a GET request.
    $request = $this->createRequestForTesting([
        'destination' => $destination,
    ]);
    $request = RequestSanitizer::sanitize($request, [], TRUE);
    $this->assertNull($request->request
        ->get('destination', NULL));
    $this->assertNull($request->query
        ->get('destination', NULL));
    $this->assertArrayNotHasKey('destination', $_POST);
    $this->assertArrayNotHasKey('destination', $_REQUEST);
    $this->assertArrayNotHasKey('destination', $_GET);
    $this->assertError('Potentially unsafe destination removed from query parameter bag because it points to an external URL.', E_USER_NOTICE);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.