Skip to content

Instantly share code, notes, and snippets.

@voku

voku/BootupTest.php Secret

Created Jan 5, 2020
Embed
What would you like to do?
tests for the open redirect issue (tests/Utf8/BootupTest.php)
<?php
// ...
/**
* @covers Patchwork\Utf8\Bootup::filterRequestUri
*/
public function testFilterRequestUri()
{
// ....
// ---
$_SERVER['REQUEST_URI'] = '//google.com/%c0%af';
$u = Bootup::filterRequestUri(null, false);
static::assertSame('/google.com/%C0%AF', $u);
// ---
$_SERVER['REQUEST_URI'] = '////google.com/%c0%af';
$u = Bootup::filterRequestUri(null, false);
static::assertSame('/google.com/%C0%AF', $u);
// ---
$_SERVER['REQUEST_URI'] = '/%c0%af/google.com/%c0%af';
$u = Bootup::filterRequestUri(null, false);
static::assertSame('/%C0%AF/google.com/%C0%AF', $u);
// ---
$_SERVER['REQUEST_URI'] = '%22http%3a%2f%2f
www.badplace.com%2fnasty.js%22%3e%3c%2fscript%3e&%C0%AF';
$u = Bootup::filterRequestUri(null, false);
static::assertSame('%22http%3a%2f%2f
www.badplace.com%2fnasty.js%22%3e%3c%2fscript%3e&%C0%AF', $u);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment