function RequestSanitizerTest::testSanitizedDestinationPost
Same name in other branches
- 8.9.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationPost()
- 10 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationPost()
- 11.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationPost()
Tests unacceptable destinations are removed from GET requests.
@dataProvider providerTestSanitizedDestinations
Parameters
string $destination: The destination string to test.
File
-
core/
tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php, line 274
Class
- RequestSanitizerTest
- Tests RequestSanitizer class.
Namespace
Drupal\Tests\Core\SecurityCode
public function testSanitizedDestinationPost($destination) {
// Set up a POST request.
$request = $this->createRequestForTesting([], [
'destination' => $destination,
]);
$request = RequestSanitizer::sanitize($request, [], TRUE);
$this->assertNull($request->request
->get('destination', NULL));
$this->assertNull($request->query
->get('destination', NULL));
$this->assertArrayNotHasKey('destination', $_POST);
$this->assertArrayNotHasKey('destination', $_REQUEST);
$this->assertArrayNotHasKey('destination', $_GET);
$this->assertError('Potentially unsafe destination removed from request parameter bag because it points to an external URL.', E_USER_NOTICE);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.